PC s trvalým přenosem dat z a do sitě

Jirkazjihu · Příspěvekod **Jirkazjihu** » 10 bře 2010 09:01

Dobrý den,
jeden z PC ve firmě začal vykazovat trvalý přenost dat po síti i při jinak zdánlivě nulové aktivitě.
Zkusil jsem:
- odpojit síť
- vyčistit pomocí antimalware "Malwarebytes", SystemMechanic 6, AdAware (našlo se 14 infekcí vč.Rootkitů a Backdoorů)
- odpojit pomocí HiJackThis vše, co se mi nezdálo
- jsou odpojené a nejdou zapnout (resp. zapnou se, po restarutu jsou zase vypnuté) Updaty Windows
- ruční pokus o aktualizaci skončil chbou při instalaci nového MS Update SW
- resetovat (chvíli se zdá vše OK, pak zase naběhne trvalý provoz sítě)
- v PC běží AV ESET
- vzhledem k obsahu PC není tak jednoduché jej vyčistit přeinstalací
Nejsem PC profik, jen se v oboru a programování okrajově pohybuji již 30 let. Prosím tedy o schovívavost v žargonu a mých dotazech. Děkuji

Přikládám log z HJT.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:00:50, on 10.3.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe
C:\Program Files\Sybase\SQL Anywhere 9\win32\dbisqlg.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\SolidWorks Corp\SolidWorks\sldworks.exe
C:\DOCUME~1\admin\LOCALS~1\Temp\SolidWorksLicTemp.0001
C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
D:\scan\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = About:Blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SybaseCentral43] "C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe" -preload
O4 - HKCU\..\Run: [DBISQL9] "C:\Program Files\Sybase\SQL Anywhere 9\win32\dbisqlg.exe" -preload
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O17 - HKLM\System\CCS\Services\Tcpip\..\{D9802396-A944-4F6E-8D78-4CBCA4930961}: NameServer = 194.228.2.1,194.228.2.61
O23 - Service: Služba inteligentního přenosu na pozadí (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: SW Distributed TS Coordinator Service (coordinatorservicehost) - Dassault Systemes

Reklama

Damned · Příspěvekod **Damned** » 10 bře 2010 09:11

Odpoj PC od sítě, respektivě odpoj všechny ostatní, nenakažené. Bude tam ještě minimálně jeden Backdoor.

Spusť HJT (HijackThis), vypni prohlížeče, odpoj se od internetu a fixni (spustit HJT, "Do a system scan only",
zatrhnout políčko před hodnotou, zmáčknout "Fix checked" a poté "Ano"):

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
*****************************************************************************************************************************************
Pokud tam máš MbAm, spusť ho a vlož mi sem z něho log.

Jirkazjihu · Příspěvekod **Jirkazjihu** » 10 bře 2010 11:23

Díky - provedl jsem.
Přikládám nový log z HJT a pod ním MbAm (nelíbil se mu HJT).
(Vypnout vše ostatní ze sítě vzhledem k rozsahu nebylo možné, odpojil jsem tedy jen ten v tuto chvíli léčený.
Mohou se uvedené infekce volně šířit mezi jednotlivými PC nebo musí být prostředníkem společný soubor nebo WWW stránka ?)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:17:34, on 10.3.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe
C:\Program Files\Sybase\SQL Anywhere 9\win32\dbisqlg.exe
C:\totalcmd\TOTALCMD.EXE
D:\scan\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = About:Blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SybaseCentral43] "C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe" -preload
O4 - HKCU\..\Run: [DBISQL9] "C:\Program Files\Sybase\SQL Anywhere 9\win32\dbisqlg.exe" -preload
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O17 - HKLM\System\CCS\Services\Tcpip\..\{D9802396-A944-4F6E-8D78-4CBCA4930961}: NameServer = 194.228.2.1,194.228.2.61
O23 - Service: Služba inteligentního přenosu na pozadí (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: SW Distributed TS Coordinator Service (coordinatorservicehost) - Dassault Systemes SolidWorks Corp. - C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
O23 - Service: Eset HTTP Server (ehttpsrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service (flexnet licensing service) - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingServ

*************************************************************

Malwarebytes' Anti-Malware 1.44
Verze databáze: 3839
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

10.3.2010 11:00:41
mbam-log-2010-03-10 (11-00-41).txt

Typ kontroly: Kompletní kontrola (C:\|D:\|)
Zkontrolované objekty: 210707
Uplynulý čas: 40 minute(s), 54 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 2
Infikované adresáře: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
(Nebyly nalezeny žádné škodlivé položky)

Damned · Příspěvekod **Damned** » 10 bře 2010 13:45

Mám zkušenosti s tím, že při odstraňování se malware přestěhovalo hned vedle.

Takže spusť znovu MbAM a dej Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Konec

Vypni rezidentní štít antiviru (pokud máš tak i antispyware).
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

Jirkazjihu · Příspěvekod **Jirkazjihu** » 10 bře 2010 17:06

Tak jsem zase tady ... dík za dosavadní rady i čas (není to jednoduché, do postiženého PC mohu jen s přestávkami.)
Zdá se, že se situace trochu lepší (nebo šel ten bugs spát...)
Přikládám ty 2 logy a přeju hezký večer.

****************************************************
Malwarebytes' Anti-Malware 1.44
Verze databáze: 3839
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

10.3.2010 15:19:12
mbam-log-2010-03-10 (15-19-12).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 121366
Uplynulý čas: 3 minute(s), 57 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 2
Infikované adresáře: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
(Nebyly nalezeny žádné škodlivé položky)

****************************************************************************
ComboFix 10-03-09.08 - admin 10.03.2010 15:28:51.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1023.470 [GMT 1:00]
Spuštěný z: c:\documents and settings\admin\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\ieuinit.inf

c:\windows\system32\grpconv.exe . . . chybí !!

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-10 do 2010-03-10 )))))))))))))))))))))))))))))))
.

2010-03-09 11:10 . 2010-03-09 11:10 -------- d-----w- c:\program files\Lavasoft
2010-03-09 11:10 . 2010-03-09 11:10 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-03-09 10:16 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-09 10:16 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-09 10:16 . 2010-03-09 10:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-08 15:19 . 2005-09-12 12:20 25264 ----a-w- c:\windows\system32\smrgdf.exe
2010-03-08 15:19 . 2006-12-20 11:39 1212416 ----a-w- c:\windows\system32\Incinerator.dll
2010-03-08 15:19 . 2006-03-28 00:54 41472 ----a-w- c:\windows\system32\iolobtdfg.exe
2010-03-08 15:18 . 2010-03-08 15:18 -------- d-----w- c:\program files\iolo
2010-03-08 15:17 . 2010-03-08 15:17 -------- d-----w- c:\temp\systemmechanic
2010-03-08 15:17 . 2010-03-08 15:17 -------- d-----w- c:\temp\CCleaner
2010-03-05 14:39 . 2010-03-05 14:39 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-03-05 14:28 . 2010-03-05 14:28 -------- d-----w- c:\program files\AGEIA Technologies
2010-02-26 14:51 . 2010-02-26 14:51 -------- d-----w- c:\documents and settings\CURRENT_USER\Data aplikací
2010-02-26 14:51 . 2010-02-26 14:51 -------- d-----w- c:\documents and settings\CURRENT_USER
2010-02-15 06:29 . 2008-09-18 12:52 438272 ----a-w- c:\windows\system32\vp6vfw.dll
2010-02-15 06:29 . 2010-02-15 06:29 -------- d-----w- c:\program files\Moyea
2010-02-15 06:09 . 2010-03-09 08:23 -------- d-----w- c:\program files\Ask.com

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-09 15:11 . 2007-07-16 13:07 5112 ----a-w- c:\windows\GPCIDrv.sys
2010-03-09 15:09 . 2007-07-16 13:07 17962 ----a-w- c:\windows\system32\drivers\GVTDrv.sys
2010-03-08 11:29 . 2009-01-13 13:26 -------- d-----w- c:\program files\Common Files\SolidWorks Shared
2010-03-08 11:16 . 2007-08-20 05:37 -------- d-----w- c:\program files\AutoCAD 2007
2010-03-08 11:02 . 2009-01-13 13:13 -------- d-----w- c:\program files\Common Files\Manažer instalací SolidWorks
2010-03-08 10:55 . 2009-01-13 13:25 -------- d-----w- c:\program files\SolidWorks Corp

********************************************************************

Damned · Příspěvekod **Damned** » 10 bře 2010 17:14

Log není celý. To je vše co vyplivl?

Start-spustit-napiš: notepad a dej OK. Do něho vlož tento celý (bledě zelený) text:

Kód: Vybrat vše

dir \grpconv.exe /a h /s > File.txt

uložho na Plochu s názvem: find.bat (typ souboru- všechny soubory)
Najdi ho na ploše, poklepej na něj a počkej až se okno zavře a objeví se soubor.txt
Vlož sem potom celý text z tohoto souboru.

Jirkazjihu · Příspěvekod **Jirkazjihu** » 12 bře 2010 08:57

DD,
omlouvám se za včerejšek, celý den jsem byl služebně mimo firmu. Dnes mohu pokračovat.
Skutečně jsem do zprávy nepřetáhnul konec Combofix-logu - přikládám znova....
Popsané jsem provedl (zase tak zlý to se mnou není - práce z příkazové řádky, MS-DOS, základní správa PC, programování ve starších jazycích zvládám..., horší jsou sítě a jajich nastavování a chování, tam plavu..) a výsledek přikládám.
(Ve středu jsi měl přeci jenom úspěch - večer se povedlo rozběhnout aktualizace XP a stáhnul se SP3 a 79 dalších záplat - WinSecurCenter před tím hlásil, že jsou zapnuté, ve skutečnosti ale nic nestahoval.)
díky

******************************************
Svazek v jednotce C nemá žádnou jmenovku.
Sériové číslo svazku je F45B-B039.

Výpis adresáře C:\WINDOWS\ServicePackFiles\i386

14.04.2008 04:22 39 424 grpconv.exe
1 souborů, 39 424 bajtů

Výpis adresáře C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68

14.04.2008 04:22 39 424 grpconv.exe
1 souborů, 39 424 bajtů

******************************************
ComboFix 10-03-09.08 - admin 10.03.2010 15:28:51.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1023.470 [GMT 1:00]
Spuštěný z: c:\documents and settings\admin\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\ieuinit.inf

c:\windows\system32\grpconv.exe . . . chybí !!

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-10 do 2010-03-10 )))))))))))))))))))))))))))))))
.

2010-03-09 11:10 . 2010-03-09 11:10 -------- d-----w- c:\program files\Lavasoft
2010-03-09 11:10 . 2010-03-09 11:10 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-03-09 10:16 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-09 10:16 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-09 10:16 . 2010-03-09 10:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-08 15:19 . 2005-09-12 12:20 25264 ----a-w- c:\windows\system32\smrgdf.exe
2010-03-08 15:19 . 2006-12-20 11:39 1212416 ----a-w- c:\windows\system32\Incinerator.dll
2010-03-08 15:19 . 2006-03-28 00:54 41472 ----a-w- c:\windows\system32\iolobtdfg.exe
2010-03-08 15:18 . 2010-03-08 15:18 -------- d-----w- c:\program files\iolo
2010-03-08 15:17 . 2010-03-08 15:17 -------- d-----w- c:\temp\systemmechanic
2010-03-08 15:17 . 2010-03-08 15:17 -------- d-----w- c:\temp\CCleaner
2010-03-05 14:39 . 2010-03-05 14:39 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-03-05 14:28 . 2010-03-05 14:28 -------- d-----w- c:\program files\AGEIA Technologies
2010-02-26 14:51 . 2010-02-26 14:51 -------- d-----w- c:\documents and settings\CURRENT_USER\Data aplikací
2010-02-26 14:51 . 2010-02-26 14:51 -------- d-----w- c:\documents and settings\CURRENT_USER
2010-02-15 06:29 . 2008-09-18 12:52 438272 ----a-w- c:\windows\system32\vp6vfw.dll
2010-02-15 06:29 . 2010-02-15 06:29 -------- d-----w- c:\program files\Moyea
2010-02-15 06:09 . 2010-03-09 08:23 -------- d-----w- c:\program files\Ask.com

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-09 15:11 . 2007-07-16 13:07 5112 ----a-w- c:\windows\GPCIDrv.sys
2010-03-09 15:09 . 2007-07-16 13:07 17962 ----a-w- c:\windows\system32\drivers\GVTDrv.sys
2010-03-08 11:29 . 2009-01-13 13:26 -------- d-----w- c:\program files\Common Files\SolidWorks Shared
2010-03-08 11:16 . 2007-08-20 05:37 -------- d-----w- c:\program files\AutoCAD 2007
2010-03-08 11:02 . 2009-01-13 13:13 -------- d-----w- c:\program files\Common Files\Manažer instalací SolidWorks
2010-03-08 10:55 . 2009-01-13 13:25 -------- d-----w- c:\program files\SolidWorks Corp
2010-03-05 14:54 . 2009-01-13 14:21 -------- d-----w- c:\program files\TECHNIK
2010-02-15 06:19 . 2010-01-11 06:46 -------- d-----w- c:\program files\DVDVideoSoft
2010-02-15 05:53 . 2010-01-15 11:17 -------- d-----w- c:\program files\MP3Resizer
2010-01-22 11:59 . 2010-01-22 11:59 -------- d-----w- c:\program files\Aide PDF to DXF Converter
2010-01-21 08:07 . 2007-09-12 05:43 -------- d-----w- c:\program files\Picasa2
2010-01-20 08:46 . 2007-07-18 04:27 -------- d-----w- c:\program files\Common Files\Autodesk Shared
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SybaseCentral43"="c:\program files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe" [2004-10-13 102400]
"DBISQL9"="c:\program files\Sybase\SQL Anywhere 9\win32\dbisqlg.exe" [2004-10-19 131072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848]
"nwiz"="nwiz.exe" [2006-08-11 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-11 86016]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-10-07 1461080]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0smrgdf c:\program files\iolo\System Mechanic 6\\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKLM\~\startupfolder\c:^documents and settings^all users^nabídka start^programy^po spuštění^místní vyhledávání.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Místní vyhledávání.lnk
backup=c:\windows\pss\Místní vyhledávání.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\soundmaxpnp]
2005-05-18 08:00 925696 ----a-r- c:\program files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\GIGABYTE\\VGA Utility Manager\\G-VGA.exe"=
"c:\\Program Files\\Sybase\\Shared\\Sybase Central 4.3\\win32\\scjview.exe"=
"c:\\Program Files\\Sybase\\SQL Anywhere 9\\win32\\dbisqlg.exe"=
"c:\\Program Files\\FInventory\\FInventory.exe"=

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [1.7.2008 8:04 35168]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [7.10.2009 9:16 472280]
R2 remote solver for flow simulation 2010;Remote Solver for Flow Simulation 2010;c:\program files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe [23.11.2009 19:48 71464]
S1 d40859d9;d40859d9;c:\windows\system32\drivers\d40859d9.sys --> c:\windows\system32\drivers\d40859d9.sys [?]
S2 cpbmvbgtq;cpbmvbgtq;\??\c:\windows\system32\drivers\sjtjhmhodsi.sys --> c:\windows\system32\drivers\sjtjhmhodsi.sys [?]
S3 coordinatorservicehost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [5.1.2010 14:50 87336]
S3 GPCIDrv;GPCIDrv;c:\windows\GPCIDrv.sys [16.7.2007 14:07 5112]
S3 GVTDrv;GVTDrv;c:\windows\system32\drivers\GVTDrv.sys [16.7.2007 14:07 17962]
S3 MA8630C;MA8630C;c:\windows\system32\drivers\MA8630C.sys [18.7.2007 6:08 23248]
S3 MA8630M;MA8630M;c:\windows\system32\drivers\MA8630M.sys [18.7.2007 6:08 25428]
S3 MA8630U;MA8630U;c:\windows\system32\drivers\MA8630U.sys [18.7.2007 6:08 50642]
S4 gupdate1c9e014ecc10dd4;Služba Google Update (gupdate1c9e014ecc10dd4);c:\program files\Google\Update\GoogleUpdate.exe [29.5.2009 5:21 133104]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [23.9.2005 7:01 2799808]
.
Obsah adresáře 'Naplánované úlohy'

2010-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-29 04:21]

2010-03-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-29 04:21]

2010-03-10 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-02-04 15:50]
.
.
------- Doplňkový sken -------
.
uStart Page = About:Blank
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {D9802396-A944-4F6E-8D78-4CBCA4930961} = 194.228.2.1,194.228.2.61
FF - ProfilePath - c:\documents and settings\admin\Data aplikací\Mozilla\Firefox\Profiles\00ie86ms.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - prefs.js: keyword.URL - hxxp://supertoolbar.ask.com/redirect?cl ... e=en_US&q=
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
.
------- Asociace souborů -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-10 15:31
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-117609710-1177238915-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Celkový čas: 2010-03-10 15:33:12
ComboFix-quarantined-files.txt 2010-03-10 14:33

Před spuštěním: Volných bajtů: 51 502 620 672
Po spuštění: Volných bajtů: 51 499 855 872

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 360A74338C97C44B74961E1CA1FEFBAF
*****************************************************

Damned · Příspěvekod **Damned** » 12 bře 2010 09:12

Vždy je to jednodušší kopírovat, než psát.

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:

File::
c:\windows\system32\drivers\d40859d9.sys
c:\windows\system32\drivers\sjtjhmhodsi.sys

FCopy::
C:\WINDOWS\ServicePackFiles\i386\grpconv.exe | C:\windows\system32\grpconv.exe

Driver::
d40859d9;d40859d9
d40859d9
cpbmvbgtq;cpbmvbgtq
cpbmvbgtq

Folder::
c:\program files\Ask.com

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000

Rootkit::
c:\windows\system32\drivers\sjtjhmhodsi.sys

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.

- Automaticky se spustí ComboFix, oprava může trvat i déle než 10 minut. ! Nech ComboFix dokončit svou práci !
- Vlož sem log, který vyběhne v závěru čistícího procesu

Jirkazjihu · Příspěvekod **Jirkazjihu** » 12 bře 2010 12:03

... provedeno.
(před spuštěním jsem odpojil PC od sítě a vypnul AV/FW ochranu)
Zpráva s přímo vloženým logem je nepovoleně dlouhá, log se mi nedaří dát ani jako soubor do přílohy odpovědi ve Fóru - všechny co mě napadly jsou "nepovolené".
Zkusím Ti ho poslat e-mailem.

**************************************************
ComboFix 10-03-09.08 - admin 12.03.2010 11:37:37.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.584 [GMT 1:00]
Spuštěný z: c:\documents and settings\admin\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\admin\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FILE ::
"c:\windows\system32\drivers\d40859d9.sys"
"c:\windows\system32\drivers\sjtjhmhodsi.sys"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Ask.com
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\UpdateTask.exe

.
--------------- FCopy ---------------

c:\windows\ServicePackFiles\i386\grpconv.exe --> c:\windows\system32\grpconv.exe

x
x
x

-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SybaseCentral43"="c:\program files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe" [2004-10-13 102400]
"DBISQL9"="c:\program files\Sybase\SQL Anywhere 9\win32\dbisqlg.exe" [2004-10-19 131072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848]
"nwiz"="nwiz.exe" [2006-08-11 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-11 86016]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-10-07 1461080]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0smrgdf c:\program files\iolo\System Mechanic 6\\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKLM\~\startupfolder\c:^documents and settings^all users^nabídka start^programy^po spuštění^místní vyhledávání.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Místní vyhledávání.lnk
backup=c:\windows\pss\Místní vyhledávání.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\soundmaxpnp]
2005-05-18 08:00 925696 ----a-r- c:\program files\Analog Devices\Core\smax4pnp.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\GIGABYTE\\VGA Utility Manager\\G-VGA.exe"=
"c:\\Program Files\\Sybase\\Shared\\Sybase Central 4.3\\win32\\scjview.exe"=
"c:\\Program Files\\Sybase\\SQL Anywhere 9\\win32\\dbisqlg.exe"=
"c:\\Program Files\\FInventory\\FInventory.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [1.7.2008 8:04 35168]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [7.10.2009 9:16 472280]
R2 remote solver for flow simulation 2010;Remote Solver for Flow Simulation 2010;c:\program files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe [23.11.2009 19:48 71464]
S3 coordinatorservicehost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [5.1.2010 14:50 87336]
S3 GPCIDrv;GPCIDrv;c:\windows\GPCIDrv.sys [16.7.2007 14:07 5112]
S3 GVTDrv;GVTDrv;c:\windows\system32\drivers\GVTDrv.sys [16.7.2007 14:07 17962]
S3 MA8630C;MA8630C;c:\windows\system32\drivers\MA8630C.sys [18.7.2007 6:08 23248]
S3 MA8630M;MA8630M;c:\windows\system32\drivers\MA8630M.sys [18.7.2007 6:08 25428]
S3 MA8630U;MA8630U;c:\windows\system32\drivers\MA8630U.sys [18.7.2007 6:08 50642]
S4 gupdate1c9e014ecc10dd4;Služba Google Update (gupdate1c9e014ecc10dd4);c:\program files\Google\Update\GoogleUpdate.exe [29.5.2009 5:21 133104]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [23.9.2005 7:01 2799808]
.
Obsah adresáře 'Naplánované úlohy'

2010-03-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-29 04:21]

2010-03-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-29 04:21]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {D9802396-A944-4F6E-8D78-4CBCA4930961} = 194.228.2.1,194.228.2.61
FF - ProfilePath - c:\documents and settings\admin\Data aplikací\Mozilla\Firefox\Profiles\00ie86ms.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - prefs.js: keyword.URL - hxxp://supertoolbar.ask.com/redirect?cl ... e=en_US&q=
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-12 11:44
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-117609710-1177238915-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(2528)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2010-03-12 11:48:15 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-03-12 10:48
ComboFix2.txt 2010-03-10 14:33

Před spuštěním: Volných bajtů: 47 696 719 872
Po spuštění: Volných bajtů: 47 574 151 168

- - End Of File - - 1AD5B233AE5CFE545C9DA967305DFFA3

Damned · Příspěvekod **Damned** » 12 bře 2010 12:26

Odinstaluj ComboFix ( nutné ) .
ComboFix se odinstaluje takto:
Start-Spustit a zadej Combofix[mezera]/uninstall

Stáhni si T-Cleaner ( nutné - smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš->spustíš)

(pozn.Pokud máš AVG nebo Aviru, před stažením T-Cleaneru a po dobu čištění deaktivuj AVG i Aviru (i rezidenty), následně T-Cleaner smaž a zapni si AVG, Aviru.)
*****************************************************************************************************************************************
Stáhni si OTL na Plochu.
Ujisti se , že máš zavřena všechna ostatní okna a poklepej na ikonu OTL.Nahoře v okně pod Output klikni na minimal Output.Pod Standard Registry změň na All. Zatrhni LOP Check a Purity Check. File age změň na 14 days. Všechny ostatní nastavení ponech jak jsou. Klikni na Run Scan. Sken může trvat dlouho, až skončí otevřou se dva logy:
OTL.Txt
Extras.Txt
Jsou uloženy ve stejném místě jako OTL. Oba logy sem prosím zkopíruj

Logy OTL můžou být až do čtyřech příspěvků, vlož je tak, je to v topicu přehlednější.

Jirkazjihu · Příspěvekod **Jirkazjihu** » 12 bře 2010 14:18

.... uff ... je to boj
(jen pro info - pužíváme ESET NOD32 AV - je to vidět z logů, ale většina SW ho nezná)

****************************************************************************
OTL logfile created on: 12.3.2010 14:04:13 - Run 1
OTL by OldTimer - Version 3.1.37.0 Folder = C:\Documents and Settings\admin\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1 023,00 Mb Total Physical Memory | 572,00 Mb Available Physical Memory | 56,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 88,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 46,69 Gb Free Space | 62,66% Space Free | Partition Type: NTFS
Drive D: | 74,52 Gb Total Space | 66,08 Gb Free Space | 88,68% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BEJVL
Current User Name: admin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 14 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\admin\Plocha\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe (Mentor Graphics Corporation)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Sybase\SQL Anywhere 9\win32\dbisqlg.exe (iAnywhere Solutions, Inc.)
PRC - C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe ()

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\admin\Plocha\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (flexnet licensing service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (coordinatorservicehost) -- C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe (Dassault Systèmes SolidWorks Corp.)
SRV - (remote solver for flow simulation 2010) -- C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\StandAloneSlv.exe (Mentor Graphics Corporation)
SRV - (ehttpsrv) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET)
SRV - (ekrn) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
SRV - (SolidWorks Licensing Service) -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe (SolidWorks)
SRV - (NetTcpPortSharing) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (aawservice) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SRV - (Autodesk Licensing Service) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
SRV - (msvsmon80) -- C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (GPCIDrv) -- C:\WINDOWS\GPCIDrv.sys ()
DRV - (GVTDrv) -- C:\WINDOWS\system32\drivers\GVTDrv.sys ()
DRV - (epfwtdir) -- C:\WINDOWS\system32\drivers\epfwtdir.sys ()
DRV - (easdrv) -- C:\WINDOWS\system32\drivers\easdrv.sys (ESET)
DRV - (eamon) -- C:\WINDOWS\system32\drivers\eamon.sys (ESET)
DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)
DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (ADIHdAudAddService) -- C:\WINDOWS\system32\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV - (SenFiltService) -- C:\WINDOWS\system32\drivers\senfilt.sys (Sensaura)
DRV - (MA8630U) -- C:\WINDOWS\system32\drivers\MA8630U.sys (Mobile Action Technology Inc.)
DRV - (MA8630M) -- C:\WINDOWS\system32\drivers\MA8630M.sys (Mobile Action Technology Inc.)
DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\Hdaudio.sys (Windows (R) Server 2003 DDK provider)
DRV - (MA8630C) -- C:\WINDOWS\system32\drivers\MA8630C.sys (Mobile Action Technology Inc.)
DRV - (MaRdPnp) -- C:\WINDOWS\system32\drivers\MaRdP2K.sys (Mobile Action Technology Inc.)
DRV - (MaVctrl) -- C:\WINDOWS\system32\drivers\MaVc2K.sys (Mobile Action Technology Inc.)
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://seznam.cz/"
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.4.4.118
FF - prefs.js..extensions.enabledItems: cs@dictionaries.addons.mozilla.org:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6
FF - prefs.js..keyword.URL: "http://supertoolbar.ask.com/redirect?client=ff&src=kw&tb=DVSV5&o=15012&locale=en_US&q="

FF - HKLM\software\mozilla\firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010.03.10 17:17:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009.08.03 13:35:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.03.11 06:28:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.03.11 06:28:32 | 000,000,000 | ---D | M]

[2008.08.26 07:37:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Data aplikací\Mozilla\Extensions
[2008.08.26 07:37:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\admin\Data aplikací\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010.02.15 07:09:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Data aplikací\Mozilla\Firefox\Profiles\00ie86ms.default\extensions
[2008.09.24 13:42:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Data aplikací\Mozilla\Firefox\Profiles\00ie86ms.default\extensions\cs@dictionaries.addons.mozilla.org
[2010.03.04 09:31:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Data aplikací\Mozilla\Firefox\Profiles\00ie86ms.default\extensions\toolbar@ask.com
[2010.03.04 09:31:37 | 000,002,426 | ---- | M] () -- C:\Documents and Settings\admin\Data aplikací\Mozilla\Firefox\Profiles\00ie86ms.default\searchplugins\askcom.xml
[2010.02.15 07:09:33 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.03.11 06:28:32 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009.08.03 13:35:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009.08.26 05:09:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009.10.22 14:17:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009.11.24 07:33:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010.01.16 04:11:42 | 000,023,000 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010.01.16 04:11:42 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009.10.11 04:17:27 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2009.12.09 04:58:24 | 000,274,432 | ---- | M] (Dassault Systèmes SolidWorks Corp.) -- C:\Program Files\Mozilla Firefox\plugins\npEModelPlugin.dll
[2010.01.16 04:11:42 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2007.05.10 21:52:00 | 000,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2010.01.16 01:50:40 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010.01.16 01:50:40 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.01.16 01:50:40 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.01.16 01:50:40 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.01.16 01:50:40 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.01.16 01:50:40 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2010.03.12 11:44:24 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKCU\..\Toolbar\ShellBrowser: (&Adresa) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Odkazy) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Adresa) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O3 - HKCU\..\Toolbar\WebBrowser: (&Odkazy) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKCU..\Run: [DBISQL9] C:\Program Files\Sybase\SQL Anywhere 9\win32\dbisqlg.exe (iAnywhere Solutions, Inc.)
O4 - HKCU..\Run: [SybaseCentral43] C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupda ... 8231923390 (WUWebControl Class)
O16 - DPF: {8ad9c840-044e-11d1-b3e9-00805f499d93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {cafeefac-0016-0000-0017-abcdeffedcba} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {cafeefac-ffff-ffff-ffff-abcdeffedcba} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Proces mezipaměti kategorií součástí - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\admin\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\admin\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.07.16 07:47:28 | 000,000,000 | ---- | M] () - C:\autoexec.001 -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (smrgdf C:\Program Files\iolo\System Mechanic 6\) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010.03.12 14:01:07 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\admin\Plocha\OTL.exe
[2010.03.12 11:37:36 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\grpconv.exe
[2010.03.12 11:37:36 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\grpconv.exe
[2010.03.12 11:09:23 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\admin\Recent
[2010.03.11 06:24:08 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\admin\IECompatCache
[2010.03.11 06:23:29 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\admin\PrivacIE
[2010.03.11 06:22:39 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\admin\IETldCache
[2010.03.11 06:14:38 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010.03.11 06:09:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010.03.11 06:09:20 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2010.03.11 06:09:19 | 001,985,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2010.03.11 06:09:19 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2010.03.11 06:09:17 | 011,070,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2010.03.11 06:08:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2010.03.11 06:07:59 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010.03.10 17:11:17 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
[2010.03.10 17:10:35 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2010.03.10 17:09:39 | 000,455,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2010.03.10 17:08:32 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll
[2010.03.10 17:08:32 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2010.03.10 16:53:26 | 002,191,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntoskrnl.exe
[2010.03.10 16:53:17 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2010.03.10 16:53:14 | 002,147,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2010.03.10 16:53:13 | 002,025,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2010.03.10 16:50:32 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[2010.03.10 16:50:19 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\netapi32.dll
[2010.03.10 16:50:00 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msadce.dll
[2010.03.10 16:49:00 | 000,691,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcomm.dll
[2010.03.10 16:47:33 | 000,272,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2010.03.10 16:47:24 | 000,203,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rmcast.sys
[2010.03.10 16:46:43 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010.03.10 16:44:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010.03.10 16:39:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010.03.10 16:39:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\cs
[2010.03.10 16:38:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2010.03.10 16:32:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2010.03.10 16:27:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2010.03.10 16:20:39 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010.03.10 16:04:37 | 000,025,471 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\watv10nt.sys
[2010.03.10 16:04:37 | 000,022,271 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\watv06nt.sys
[2010.03.10 16:04:37 | 000,011,935 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv11nt.sys
[2010.03.10 16:04:37 | 000,011,871 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv09nt.sys
[2010.03.10 16:04:37 | 000,011,807 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv07nt.sys
[2010.03.10 16:04:37 | 000,011,295 | ---- | C] (Intel(R) Corporation) -- C:\WINDOWS\System32\drivers\wadv08nt.sys
[2010.03.10 16:04:30 | 000,404,990 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slntamr.sys
[2010.03.10 16:04:30 | 000,129,535 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnt7554.sys
[2010.03.10 16:04:30 | 000,095,424 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slnthal.sys
[2010.03.10 16:04:30 | 000,013,240 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\slwdmsup.sys
[2010.03.10 16:04:29 | 000,166,912 | ---- | C] (S3 Graphics, Inc.) -- C:\WINDOWS\System32\drivers\s3gnbm.sys
[2010.03.10 16:04:28 | 000,013,776 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\recagent.sys
[2010.03.10 16:04:27 | 000,180,360 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\ntmtlfax.sys
[2010.03.10 16:04:26 | 001,309,184 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlstrm.sys
[2010.03.10 16:04:26 | 000,452,736 | ---- | C] (Matrox Graphics Inc.) -- C:\WINDOWS\System32\drivers\mtxparhm.sys
[2010.03.10 16:04:26 | 000,126,686 | ---- | C] (Smart Link) -- C:\WINDOWS\System32\drivers\mtlmnt5.sys
[2010.03.10 16:02:34 | 000,701,440 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtag.sys
[2010.03.10 16:02:34 | 000,326,912 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati2mtaa.sys
[2010.03.10 16:02:34 | 000,104,960 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinrvxx.sys
[2010.03.10 16:02:34 | 000,073,216 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atintuxx.sys
[2010.03.10 16:02:34 | 000,063,663 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1rvxx.sys
[2010.03.10 16:02:34 | 000,063,488 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxsxx.sys
[2010.03.10 16:02:34 | 000,057,856 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinbtxx.sys
[2010.03.10 16:02:34 | 000,056,623 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1btxx.sys
[2010.03.10 16:02:34 | 000,052,224 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinraxx.sys
[2010.03.10 16:02:34 | 000,036,463 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1tuxx.sys
[2010.03.10 16:02:34 | 000,034,735 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xsxx.sys
[2010.03.10 16:02:34 | 000,031,744 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinxbxx.sys
[2010.03.10 16:02:34 | 000,030,671 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1raxx.sys
[2010.03.10 16:02:34 | 000,029,455 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1xbxx.sys
[2010.03.10 16:02:34 | 000,028,672 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinsnxx.sys
[2010.03.10 16:02:34 | 000,026,367 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1snxx.sys
[2010.03.10 16:02:34 | 000,021,343 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1ttxx.sys
[2010.03.10 16:02:34 | 000,014,336 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinpdxx.sys
[2010.03.10 16:02:34 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinttxx.sys
[2010.03.10 16:02:34 | 000,013,824 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\atinmdxx.sys
[2010.03.10 16:02:34 | 000,012,047 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1pdxx.sys
[2010.03.10 16:02:34 | 000,011,615 | ---- | C] (ATI Technologies Inc.) -- C:\WINDOWS\System32\drivers\ati1mdxx.sys
[2010.03.10 15:42:10 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010.03.10 15:41:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2010.03.10 15:27:48 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010.03.09 12:10:27 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010.03.09 12:10:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010.03.09 12:04:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Lavasoft
[2010.03.09 11:16:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Data aplikací\Malwarebytes
[2010.03.09 11:16:43 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.03.09 11:16:41 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.03.09 11:16:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
[2010.03.09 11:16:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.03.08 16:35:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010.03.08 16:18:46 | 000,000,000 | ---D | C] -- C:\Program Files\iolo
[2010.03.08 10:57:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Data aplikací\SolidWorks 2010
[2010.03.05 15:52:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\FLEXnet
[2010.03.05 15:39:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2010.03.05 15:28:47 | 000,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies
[2010.03.05 14:28:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Dokumenty\SolidWorks Downloads
[2009.06.30 05:12:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Google
[2009.05.29 05:21:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Google
[2009.01.13 14:30:59 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Data aplikací\Microsoft
[2009.01.13 14:25:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Adobe
[2009.01.13 14:23:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Microsoft
[2008.08.21 10:13:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\ESET
[2007.07.16 07:50:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Microsoft
[2007.07.16 07:47:26 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Data aplikací\Microsoft
[2004.11.24 20:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010.03.12 14:01:17 | 000,004,250 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2010.03.12 13:22:00 | 000,000,940 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.03.12 13:19:55 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\admin\Plocha\OTL.exe
[2010.03.12 13:19:09 | 000,210,432 | ---- | M] () -- C:\Documents and Settings\admin\Plocha\T-Cleaner.exe
[2010.03.12 11:44:39 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.03.12 11:44:33 | 000,081,191 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010.03.12 11:44:24 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.03.12 11:44:16 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.03.12 11:44:13 | 000,000,936 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.03.12 11:44:10 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.03.12 11:44:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.03.12 11:42:47 | 011,010,048 | -H-- | M] () -- C:\Documents and Settings\admin\NTUSER.DAT
[2010.03.12 11:42:44 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\admin\ntuser.ini
[2010.03.12 10:40:56 | 000,000,532 | ---- | M] () -- C:\Documents and Settings\admin\Plocha\Cejka - Laser zak.lnk
[2010.03.12 08:49:45 | 000,007,695 | ---- | M] () -- C:\Documents and Settings\admin\intlname.ols
[2010.03.12 08:44:42 | 000,000,037 | ---- | M] () -- C:\Documents and Settings\admin\Plocha\find.bat
[2010.03.12 06:11:31 | 000,002,429 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\SolidWorks 2010.lnk
[2010.03.11 06:56:38 | 001,151,452 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.03.11 06:56:38 | 000,487,186 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2010.03.11 06:56:38 | 000,469,578 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.03.11 06:56:38 | 000,098,178 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2010.03.11 06:56:38 | 000,079,098 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.03.11 06:31:53 | 000,086,856 | ---- | M] () -- C:\Documents and Settings\admin\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
[2010.03.11 06:28:34 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Mozilla Firefox.lnk
[2010.03.11 06:22:20 | 000,300,440 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.03.10 16:26:42 | 000,250,576 | RHS- | M] () -- C:\ntldr
[2010.03.10 16:26:06 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Google Earth.lnk
[2010.03.10 15:27:52 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010.03.09 16:11:16 | 000,005,112 | ---- | M] () -- C:\WINDOWS\GPCIDrv.sys
[2010.03.09 16:11:16 | 000,000,004 | ---- | M] () -- C:\WINDOWS\System32\GVGenl.ref
[2010.03.09 16:09:46 | 000,017,962 | ---- | M] () -- C:\WINDOWS\System32\drivers\GVTDrv.sys
[2010.03.09 16:09:45 | 000,000,004 | ---- | M] () -- C:\WINDOWS\System32\GVTunner.ref
[2010.03.09 12:46:46 | 000,002,688 | ---- | M] () -- C:\WINDOWS\System32\settings.aaw
[2010.03.09 12:46:46 | 000,000,912 | ---- | M] () -- C:\WINDOWS\System32\history.aaw
[2010.03.09 12:10:32 | 000,000,793 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Ad-Aware.lnk
[2010.03.09 11:16:47 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2010.03.08 16:55:43 | 000,000,593 | ---- | M] () -- C:\WINDOWS\SysMech6.INI
[2010.03.08 16:39:12 | 000,001,709 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.03.08 16:39:12 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010.03.08 16:20:37 | 000,000,406 | ---- | M] () -- C:\WINDOWS\System32\ioloBootDefrag.cfg
[2010.03.08 16:20:04 | 000,000,822 | ---- | M] () -- C:\Documents and Settings\admin\Plocha\System Mechanic 6.lnk
[2010.03.08 12:29:07 | 000,002,765 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Průzkumník SolidWorks 2010.lnk
[2010.03.08 12:29:07 | 000,001,844 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\SolidWorks eDrawings 2010.lnk
[2010.03.08 12:27:26 | 000,002,703 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\PhotoView 360 2010.lnk
[2010.03.08 12:25:13 | 000,002,691 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\DWGeditor 2010.lnk
[2010.03.05 15:30:37 | 000,000,036 | -H-- | M] () -- C:\WINDOWS\System32\Sinre3fi.str
[2010.03.02 12:33:03 | 000,002,561 | ---- | M] () -- C:\Documents and Settings\admin\Plocha\Microsoft Office Word 2003.lnk
[2010.03.02 12:27:44 | 000,002,517 | ---- | M] () -- C:\Documents and Settings\admin\Plocha\Microsoft Office Excel 2003.lnk
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.03.12 13:59:51 | 000,210,432 | ---- | C] () -- C:\Documents and Settings\admin\Plocha\T-Cleaner.exe
[2010.03.12 08:43:32 | 000,000,037 | ---- | C] () -- C:\Documents and Settings\admin\Plocha\find.bat
[2010.03.11 14:44:40 | 000,193,736 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\FontCache3.0.0.0.dat
[2010.03.10 16:26:06 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Google Earth.lnk
[2010.03.10 16:04:27 | 000,067,866 | ---- | C] () -- C:\WINDOWS\System32\drivers\netwlan5.img
[2010.03.10 16:04:13 | 000,129,045 | ---- | C] () -- C:\WINDOWS\System32\drivers\cxthsfs2.cty
[2010.03.10 16:02:34 | 000,064,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmc20.cod
[2010.03.10 15:27:52 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010.03.10 15:27:50 | 000,261,312 | ---- | C] () -- C:\cmldr
[2010.03.09 12:46:46 | 000,002,688 | ---- | C] () -- C:\WINDOWS\System32\settings.aaw
[2010.03.09 12:46:46 | 000,000,912 | ---- | C] () -- C:\WINDOWS\System32\history.aaw
[2010.03.09 12:10:32 | 000,000,793 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Ad-Aware.lnk
[2010.03.09 11:16:47 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2010.03.08 16:24:37 | 000,000,593 | ---- | C] () -- C:\WINDOWS\SysMech6.INI
[2010.03.08 16:20:37 | 000,000,406 | ---- | C] () -- C:\WINDOWS\System32\ioloBootDefrag.cfg
[2010.03.08 16:20:04 | 000,000,822 | ---- | C] () -- C:\Documents and Settings\admin\Plocha\System Mechanic 6.lnk
[2010.03.08 16:19:06 | 000,025,264 | ---- | C] () -- C:\WINDOWS\System32\smrgdf.exe
[2010.03.08 16:19:05 | 001,212,416 | ---- | C] () -- C:\WINDOWS\System32\Incinerator.dll
[2010.03.08 16:19:05 | 000,041,472 | ---- | C] () -- C:\WINDOWS\System32\iolobtdfg.exe
[2010.03.05 15:48:24 | 000,002,765 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Průzkumník SolidWorks 2010.lnk
[2010.03.05 15:47:38 | 000,002,703 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\PhotoView 360 2010.lnk
[2010.03.05 15:45:51 | 000,002,691 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\DWGeditor 2010.lnk
[2010.03.05 15:44:42 | 000,001,844 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\SolidWorks eDrawings 2010.lnk
[2010.03.05 15:39:20 | 000,002,429 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\SolidWorks 2010.lnk
[2009.08.27 08:48:17 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2009.04.10 12:48:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VideoExe.INI
[2009.01.13 14:40:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI
[2008.09.26 05:29:25 | 000,000,107 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008.07.01 08:04:40 | 000,035,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\epfwtdir.sys
[2008.06.09 07:07:17 | 000,000,198 | ---- | C] () -- C:\WINDOWS\PhoneBkExe.INI
[2008.02.22 06:23:06 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2008.02.20 07:20:08 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2007.12.12 12:27:11 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\KOAZJJ_L.DLL
[2007.11.16 12:52:33 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2007.09.10 05:43:57 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\admin\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.08.21 20:46:34 | 000,059,160 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2007.08.03 11:20:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mtstack16.INI
[2007.07.18 06:17:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\FileMgrExe.INI
[2007.07.18 06:17:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EngineExe.INI
[2007.07.18 06:16:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PanelExe.INI
[2007.07.16 14:07:04 | 000,005,112 | ---- | C] () -- C:\WINDOWS\GPCIDrv.sys
[2007.07.16 14:07:00 | 000,017,962 | ---- | C] () -- C:\WINDOWS\System32\drivers\GVTDrv.sys
[2007.07.16 09:06:17 | 000,000,519 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007.07.16 09:01:59 | 000,002,212 | ---- | C] () -- C:\WINDOWS\STHDVD.INI
[2007.07.16 09:01:47 | 000,001,532 | ---- | C] () -- C:\WINDOWS\MENUTHEME.INI
[2007.07.16 09:01:47 | 000,001,266 | ---- | C] () -- C:\WINDOWS\DVDAMP.INI
[2007.07.16 08:57:54 | 000,004,250 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2007.07.16 08:35:47 | 000,018,055 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2007.07.16 08:35:46 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2007.07.16 08:35:41 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2007.02.05 15:49:36 | 000,021,464 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007.02.05 15:49:36 | 000,015,578 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007.02.05 15:49:30 | 000,014,936 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2006.08.11 14:45:20 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006.08.11 14:43:10 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006.08.11 14:43:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006.08.11 14:43:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006.08.11 14:43:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006.08.11 14:43:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006.08.11 14:43:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2004.10.12 07:40:58 | 002,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2004.10.12 07:39:48 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2004.10.12 07:39:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2004.10.09 07:40:16 | 000,454,144 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2004.10.05 09:16:08 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2004.10.03 18:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[2003.04.09 14:38:04 | 000,005,664 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2007.07.18 05:13:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Data aplikací\Autodesk
[2009.01.14 05:56:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Data aplikací\DassaultSystemes
[2010.03.09 11:59:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Data aplikací\Desktopicon
[2009.01.20 09:07:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Data aplikací\DWGeditor
[2009.06.10 10:50:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Data aplikací\EDrawings
[2008.08.04 06:20:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Data aplikací\ICQ Toolbar
[2010.03.05 14:50:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Data aplikací\IM
[2009.01.20 09:08:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Data aplikací\Luxology
[2010.02.15 07:29:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Data aplikací\Moyea
[2009.01.13 15:25:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Data aplikací\TDS
[2009.01.13 14:23:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\admin\Data aplikací\Windows Desktop Search
[2010.01.20 09:46:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Autodesk
[2009.01.14 05:56:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\DassaultSystemes
[2008.07.22 05:30:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ESET
[2008.12.05 08:07:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\FreeRIP
[2007.07.17 10:09:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\WinZip

========== Purity Check ==========

< End of report >
*******************************************************************************************************

Jirkazjihu · Příspěvekod **Jirkazjihu** » 12 bře 2010 14:19

... a zbytek, tedy EXTRAS

*******************************************************************
OTL Extras logfile created on: 12.3.2010 14:04:13 - Run 1
OTL by OldTimer - Version 3.1.37.0 Folder = C:\Documents and Settings\admin\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1 023,00 Mb Total Physical Memory | 572,00 Mb Available Physical Memory | 56,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 88,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 46,69 Gb Free Space | 62,66% Space Free | Partition Type: NTFS
Drive D: | 74,52 Gb Total Space | 66,08 Gb Free Space | 88,68% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BEJVL
Current User Name: admin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 14 Days
Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [addtoplaylistvlc] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [playwithvlc] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\GIGABYTE\VGA Utility Manager\G-VGA.exe" = C:\Program Files\GIGABYTE\VGA Utility Manager\G-VGA.exe:*:Enabled:Menu -- ()
"C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe" = C:\Program Files\Sybase\Shared\Sybase Central 4.3\win32\scjview.exe:*:Enabled:Sybase Central -- ()
"C:\Program Files\Sybase\SQL Anywhere 9\win32\dbisqlg.exe" = C:\Program Files\Sybase\SQL Anywhere 9\win32\dbisqlg.exe:*:Enabled:Adaptive Server Anywhere ISQL -- (iAnywhere Solutions, Inc.)
"C:\Program Files\FInventory\FInventory.exe" = C:\Program Files\FInventory\FInventory.exe:*:Enabled:FInventory -- ()
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{15041b8b-ac63-41df-91d2-2118ce39e8d9}" = SolidWorks Flow Simulation 2010 SP02
"{26a24ae4-039d-4ca4-87b4-2f83216013ff}" = Java(TM) 6 Update 17
"{2d8d14cc-5b31-44b9-87fc-bec3d8affd1d}" = SolidWorks Explorer 2010 SP02
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{31fea631-b78a-4695-859e-d33cd5cf4be4}" = ESET NOD32 Antivirus
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A32D38C-6014-4174-B336-E264E9081EB5}" = WinStrom
"{546c143e-68dc-314d-97bc-1e454e3ba429}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - CSY
"{56dcd20a-e558-4396-af59-14d15aa737bb}" = DWGeditor
"{5783F2D7-5001-0405-0002-0060B0CE6BBA}" = AutoCAD 2007 - Český
"{5F739F79-450F-458C-BB8A-05AFA8A81E7E}" = GIGABYTE VGA Utility Manager
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{736d2dad-3d87-4caa-8646-83d238ad68e0}" = PhotoView 360
"{76D6189D-0003-1300-0001-DFC2EE337EAC}" = Autodesk Inventor View 2009
"{86d4b82a-abed-442a-be86-96357b70f4fe}" = Ask Toolbar
"{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
"{90AF0405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{91130405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{9a25302d-30c0-39d9-bd6f-21e6ec160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{a2c9cd1b-2551-3aed-b244-6698fb929fa6}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - CSY
"{a3051cd0-2f64-3813-a88d-b8dccde8f8c7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{a777cb31-a5ec-4e32-a462-2e24f45d4d4f}_is1" = Moyea FLV to Video Converter Pro 2 version: 2.0.17.0
"{a786161e-959c-4b4b-aa6d-7424c13cccf2}" = SolidWorks eDrawings 2010
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1029-7B44-A81200000003}" = Adobe Reader 8 - Czech
"{af2066f6-7c57-46a1-a306-077ebbfc7b2b}" = SolidWorks 2010 SP02
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{c09fb3cd-3d0c-3f2d-899a-6a1d67f2073f}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{ce2cdd62-0124-36ca-84d3-9f4dcf5c5bd9}" = Microsoft .NET Framework 3.5 SP1
"{D2B0FD55-03C2-4B7F-A67F-C042C260371F}" = SQL Anywhere Studio 9, Documentation
"{D481EA96-2313-4A7C-98EE-710D1AF884AC}" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"{dd73ca82-ea82-38aa-863d-9a24a018dc96}" = Microsoft .NET Framework 3.5 Language Pack SP1 - csy
"{ded53b0b-b67c-4244-ae6a-d6fd3c28d1ef}" = Ad-Aware
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F653AB56-DB37-415B-8DDD-EF5BC1982150}" = SQL Anywhere Studio 9, Software
"{FC6C3002-E4FC-4B23-AB40-539E67DB8BC8}" = Nokia 6230i USB-Handset Manager
"adobe flash player activex" = Adobe Flash Player 10 ActiveX
"adobe flash player plugin" = Adobe Flash Player 10 Plugin
"aide pdf to dxf converter_is1" = Aide PDF to DXF Converter 9.6
"Autodesk DWF Viewer" = Autodesk DWF Viewer
"Autodesk Inventor View 2009" = Autodesk Inventor View 2009
"Borland Database Engine" = Borland Database Engine
"CCleaner" = CCleaner (remove only)
"CDex" = CDex extraction audio
"FastStone Image Viewer" = FastStone Image Viewer 3.2
"Friendly Network Inventory" = Friendly Network Inventory
"hijackthis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"Lexikon technických materiálů 2.1" = Lexikon technických materiálů 2.1
"malwarebytes' anti-malware_is1" = Malwarebytes' Anti-Malware
"microsoft .net framework 3.5 language pack sp1 - csy" = Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY
"microsoft .net framework 3.5 sp1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual Studio 2005 Tools for Applications - ENU" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa2" = Picasa 2
"solidworks installation manager 20100-40200-1100-200" = SolidWorks 2010 SP02
"SthSDVD" = Hero DVD Player
"system mechanic 6_is1" = iolo technologies' System Mechanic 6
"tds-technik pro solidworks_is1" = TDS-TECHNIK 15.1 (včetně aktualizace) pro SolidWorks
"Totalcmd" = Total Commander (Remove or Repair)
"vlc media player" = VLC media player 1.0.3
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WinStrom" = WinStrom
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XP Codec Pack" = XP Codec Pack
"xp-AntiSpy" = xp-AntiSpy 3.94
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"xpsepsclp" = XML Paper Specification Shared Components Language Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9.3.2010 22:22:05 | Computer Name = BEJVL | Source = Google Update | ID = 20
Description =

Error - 9.3.2010 23:22:05 | Computer Name = BEJVL | Source = Google Update | ID = 20
Description =

Error - 10.3.2010 0:22:05 | Computer Name = BEJVL | Source = Google Update | ID = 20
Description =

Error - 10.3.2010 0:50:18 | Computer Name = BEJVL | Source = SecurityCenter | ID = 1802
Description = Službě Centrum zabezpečení systému Windows se nepodařilo vytvořit
dotazy na události na službu WMI v zájmu sledování antivirového programu a brány
firewall třetí strany.

Error - 10.3.2010 0:53:34 | Computer Name = BEJVL | Source = Google Update | ID = 20
Description =

Error - 10.3.2010 5:56:38 | Computer Name = BEJVL | Source = Google Update | ID = 20
Description =

Error - 10.3.2010 6:02:37 | Computer Name = BEJVL | Source = SecurityCenter | ID = 1802
Description = Službě Centrum zabezpečení systému Windows se nepodařilo vytvořit
dotazy na události na službu WMI v zájmu sledování antivirového programu a brány
firewall třetí strany.

Error - 10.3.2010 6:02:46 | Computer Name = BEJVL | Source = Google Update | ID = 20
Description =

Error - 10.3.2010 6:09:25 | Computer Name = BEJVL | Source = Google Update | ID = 20
Description =

Error - 10.3.2010 6:34:57 | Computer Name = BEJVL | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 10.3.2010 6:22:01 | Computer Name = BEJVL | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %2 při pokusu o spuštění služby BITS s
argumenty za účelem spuštění serveru: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 10.3.2010 6:22:01 | Computer Name = BEJVL | Source = Service Control Manager | ID = 7000
Description = Služba Služba inteligentního přenosu na pozadí neuspěla při spuštění
v důsledku následující chyby: %%2

Error - 10.3.2010 6:22:01 | Computer Name = BEJVL | Source = Service Control Manager | ID = 7000
Description = Služba Služba inteligentního přenosu na pozadí neuspěla při spuštění
v důsledku následující chyby: %%2

Error - 10.3.2010 6:25:07 | Computer Name = BEJVL | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %2 při pokusu o spuštění služby BITS s
argumenty za účelem spuštění serveru: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 10.3.2010 6:25:07 | Computer Name = BEJVL | Source = Service Control Manager | ID = 7000
Description = Služba Služba inteligentního přenosu na pozadí neuspěla při spuštění
v důsledku následující chyby: %%2

Error - 10.3.2010 6:28:17 | Computer Name = BEJVL | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %2 při pokusu o spuštění služby BITS s
argumenty za účelem spuštění serveru: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 10.3.2010 6:28:18 | Computer Name = BEJVL | Source = Service Control Manager | ID = 7000
Description = Služba Služba inteligentního přenosu na pozadí neuspěla při spuštění
v důsledku následující chyby: %%2

Error - 10.3.2010 6:30:31 | Computer Name = BEJVL | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %2 při pokusu o spuštění služby BITS s
argumenty za účelem spuštění serveru: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 10.3.2010 6:30:31 | Computer Name = BEJVL | Source = Service Control Manager | ID = 7000
Description = Služba Služba inteligentního přenosu na pozadí neuspěla při spuštění
v důsledku následující chyby: %%2

Error - 10.3.2010 11:44:41 | Computer Name = BEJVL | Source = Service Control Manager | ID = 7028
Description = Klíč registru BITS odmítl přístup k programům účtu SYSTEM. Správce
služeb proto převzal vlastnictví tohoto klíče.

< End of report >
*************************************************************

PC s trvalým přenosem dat z a do sitě Vyřešeno

PC s trvalým přenosem dat z a do sitě

Re: PC s trvalým přenosem dat z a do sitě

Re: PC s trvalým přenosem dat z a do sitě

Re: PC s trvalým přenosem dat z a do sitě

Re: PC s trvalým přenosem dat z a do sitě

Re: PC s trvalým přenosem dat z a do sitě

Re: PC s trvalým přenosem dat z a do sitě

Re: PC s trvalým přenosem dat z a do sitě

Re: PC s trvalým přenosem dat z a do sitě

Re: PC s trvalým přenosem dat z a do sitě

Re: PC s trvalým přenosem dat z a do sitě

Re: PC s trvalým přenosem dat z a do sitě

Kdo je online