Avast detekoval Rootkit a Trojana

Zpráva

Kovas · #1 Příspěvek od **Kovas** » 21 úno 2012 10:12

Prosím o kontrolu.
Počítač sa mi značne spomalil. Naplánoval som test Avastom po reštarte PC. Avast detekoval rootkit Win32:Rootkit-gen(Rtk) a trojana MSIL:Crypt-EJ(Trj).
Boli uložené do truhly a následne som oba vymazal. Potom som spustil CCleaner a následne som PC otestoval systémom F-Secure Rescue CD 3. Systém si pred spustením riadne stiahol aktualizácie a vykonal test PC. Nenašiel pri teste už žiadne výrusy. PC sa už po teste Avastom zrýchlil. Teraz to vyzerá dobre, nemrzne ani nespomaľuje. Počítač v rodine využíva každý, takže či a kedy mohlo dôjsť k nákaze, môžem len predpokladať.

LOG z RSIT :

Logfile of random's system information tool 1.08 (written by random/random)
Run by Kováčik at 2012-02-21 09:58:02
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 19 GB (42%) free of 45 GB
Total RAM: 1023 MB (67% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:58:37, on 21.2.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\oodtray.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\Ask.com\Updater\Updater.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\oodag.exe
D:\Programy\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
D:\Instal\RSIT\RSIT.exe
C:\Program Files\trend micro\Kováčik.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil11e_Plugin.exe -update plugin
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs:
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AshampooDefragService - Unknown owner - D:\Programy\Ashampoo Magic Defrag\bin\aDefragService.exe (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MagicTuneEngine - Samsung Electronics, Inc. - (no file)
O23 - Service: Machine Debug Manager (MDM) - Samsung Electronics, Inc. - (no file)
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: XIII Century Drivers Auto Removal (pr2aqn8b) (pr2aqn8b) - Cenega Czech - C:\WINDOWS\system32\pr2aqn8b.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - D:\Programy\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 5913 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
C:\WINDOWS\tasks\Úklid 1 kliknutím.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}]
Canon Easy-WebPrint EX BHO - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2009-11-25 202080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-04-17 323904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2011-08-23 1515688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-11-03 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-11-03 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - Canon Easy-WebPrint EX - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2009-11-25 1496408]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2011-08-23 1515688]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"OODefragTray"=C:\WINDOWS\system32\oodtray.exe [2009-02-25 2553088]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2011-11-28 3744552]
""= []
"ApnUpdater"=C:\Program Files\Ask.com\Updater\Updater.exe [2011-08-23 887976]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"=C:\WINDOWS\system32\Macromed\Flash\FlashUtil11e_Plugin.exe [2011-12-15 247968]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
D:\Programy\Eraser\eraser.exe [2007-12-23 916240]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Ralink Wireless Utility.lnk - C:\Program Files\RALINK\Common\RaUI.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"D:\Stano\Torent\uTorrent\utorrent.exe"="D:\Stano\Torent\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"D:\Game\Return to Castle Wolfenstein\WolfMP.exe"="D:\Game\Return to Castle Wolfenstein\WolfMP.exe:*:Enabled:WolfMP"
"D:\Game\Call of Duty 2\CoD2MP_s.exe"="D:\Game\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"D:\Game\Call of duty\CoDMP.exe"="D:\Game\Call of duty\CoDMP.exe:*:Disabled:CoDMP"
"D:\Game\Age of Empire\Age Of Empire 2\empires2.exe"="D:\Game\Age of Empire\Age Of Empire 2\empires2.exe:*:Disabled:Age of Empires II"
"D:\Game\Mooha Assault\MOHAA.EXE"="D:\Game\Mooha Assault\MOHAA.EXE:*:Disabled:Medal of Honor Allied Assault"
"D:\Game\Medal of honor\MOHAA.exe"="D:\Game\Medal of honor\MOHAA.exe:*:Disabled:Medal of Honor Allied Assault"
"D:\Game\Mooha Assault\moh_spearhead_server.exe"="D:\Game\Mooha Assault\moh_spearhead_server.exe:*:Disabled:Medal of Honor Allied Assault(tm) Spearhead"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MagicTune Premium\MagicTune.exe"="C:\Program Files\MagicTune Premium\MagicTune.exe:*:Disabled:MagicTune"
"D:\Game\XIII CENTURY\engine.exe"="D:\Game\XIII CENTURY\engine.exe:*:Disabled:engine"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"D:\Game\SNIPER\Sniper Elite\SniperElite.exe"="D:\Game\SNIPER\Sniper Elite\SniperElite.exe:*:Enabled:SniperElite"
"D:\Game\Blitzkrieg\Bin\Game.exe"="D:\Game\Blitzkrieg\Bin\Game.exe:*:Enabled:Game"
"D:\Game\airborne\EMPIRESX.EXE"="D:\Game\airborne\EMPIRESX.EXE:*:Enabled:Age of Empires, the Rise of Rome"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\Program Files\MSN Messenger\msncall.exe"="C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2012-02-16 20:21:04 ----HDC---- C:\WINDOWS\$NtUninstallKB2660465$
2012-01-31 20:34:35 ----HDC---- C:\WINDOWS\$NtUninstallKB2585542$

======List of files/folders modified in the last 1 months======

2012-02-21 09:58:08 ----D---- C:\Program Files\trend micro
2012-02-21 09:58:07 ----D---- C:\WINDOWS\Prefetch
2012-02-21 09:17:27 ----D---- C:\WINDOWS\Temp
2012-02-21 09:09:43 ----D---- C:\WINDOWS\system32
2012-02-21 08:29:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-02-20 22:37:04 ----A---- C:\WINDOWS\VPlayer.INI
2012-02-20 22:04:14 ----A---- C:\WINDOWS\NeroDigital.ini
2012-02-20 14:29:37 ----D---- C:\WINDOWS
2012-02-20 14:29:28 ----HD---- C:\WINDOWS\inf
2012-02-20 14:29:24 ----D---- C:\WINDOWS\system32\CatRoot2
2012-02-20 09:33:07 ----A---- C:\AILog.txt
2012-02-20 06:35:38 ----D---- C:\WINDOWS\Debug
2012-02-20 06:32:53 ----D---- C:\Program Files\SeaMonkey
2012-02-19 21:01:59 ----D---- C:\Documents and Settings\Kováčik\Data aplikací\uTorrent
2012-02-18 20:04:50 ----A---- C:\WINDOWS\win.ini
2012-02-16 21:15:24 ----RSD---- C:\WINDOWS\assembly
2012-02-16 21:08:32 ----D---- C:\WINDOWS\Microsoft.NET
2012-02-16 20:21:07 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-02-16 20:20:02 ----D---- C:\Program Files\Internet Explorer
2012-02-16 20:19:37 ----D---- C:\WINDOWS\ie8updates
2012-02-16 20:17:40 ----HD---- C:\WINDOWS\$hf_mig$
2012-02-15 22:22:29 ----SHD---- C:\WINDOWS\Installer
2012-02-15 22:22:29 ----D---- C:\Config.Msi
2012-02-15 22:22:01 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-02-15 22:21:18 ----D---- C:\WINDOWS\WinSxS
2012-02-15 22:13:44 ----A---- C:\WINDOWS\system32\MRT.exe
2012-02-10 11:08:09 ----A---- C:\WINDOWS\hpqcopy.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 imagedrv;imagedrv; C:\WINDOWS\System32\Drivers\imagedrv.sys [2004-03-02 5504]
R0 imagesrv;imagesrv; C:\WINDOWS\system32\DRIVERS\imagesrv.sys [2004-03-02 125184]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI VIA; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 pe3aqn8b;XIII Century Environment Driver (pe3aqn8b); C:\WINDOWS\system32\drivers\pe3aqn8b.sys [2008-02-11 64632]
R0 ps7aqn8b;XIII Century Synchronization Driver (ps7aqn8b); C:\WINDOWS\system32\drivers\ps7aqn8b.sys [2008-02-11 68736]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2006-08-25 36528]
R0 Vax347b;Vax347b; C:\WINDOWS\system32\DRIVERS\Vax347b.sys [2005-04-25 159616]
R0 Vax347s;Vax347s; C:\WINDOWS\System32\Drivers\Vax347s.sys [2004-04-30 5248]
R0 viaagp;Filtr VIA sběrnice AGP ; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2011-11-28 30808]
R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2009-12-25 82380]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2011-11-28 34392]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2011-11-28 435032]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2011-11-28 314456]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2011-11-28 52952]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 NCPro;NCPro; C:\WINDOWS\system32\drivers\MTictwl.sys [2008-01-17 13184]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2008-12-14 20747]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2011-11-28 20568]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2011-11-28 111320]
R2 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2006-12-26 15440]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-08-17 701440]
R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2006-12-26 34760]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 RT73;RT73 USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\rt73.sys [2006-03-08 255232]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 VIAudio;VIA AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\viaudio.sys [2003-10-20 73856]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2002-06-20 10144]
R3 WmXlCore;Logitech WingMan Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2002-06-20 39776]
S0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-12-06 691696]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 61883;61883 Unit Device; C:\WINDOWS\system32\DRIVERS\61883.sys [2008-04-13 48128]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter; \??\C:\WINDOWS\system32\drivers\NSDriver.sys []
S3 Ad-Watch Real-Time Scanner;AW Real-Time Scanner; \??\C:\WINDOWS\system32\drivers\AWRTPD.sys []
S3 Avc;AVC Device; C:\WINDOWS\system32\DRIVERS\avc.sys [2008-04-13 38912]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys [2003-08-20 740992]
S3 MagicTune;MagicTune; C:\WINDOWS\system32\drivers\MTiCtwl.sys [2008-01-17 13184]
S3 MSDV;Microsoft DV Camera and VCR; C:\WINDOWS\system32\DRIVERS\msdv.sys [2008-04-13 51200]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WmFilter;Logitech WingMan HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2002-06-20 20128]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2002-06-20 5728]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-11-28 44768]
R2 IJPLMSVC;Canon Inkjet Printer/Scanner/Fax Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2009-02-10 116104]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-11-03 153376]
R2 O&O Defrag;O&O Defrag; C:\WINDOWS\system32\oodag.exe [2009-02-25 1352960]
R2 StarWindService;StarWind iSCSI Service; D:\Programy\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe [2005-04-02 217600]
R2 UMWdf;Sada ovladačů pro uživatelský režim systému Windows; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S2 AshampooDefragService;AshampooDefragService; D:\Programy\Ashampoo Magic Defrag\bin\aDefragService.exe []
S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2003-06-03 282624]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2003-06-05 114688]
S2 pr2aqn8b;XIII Century Drivers Auto Removal (pr2aqn8b); C:\WINDOWS\system32\pr2aqn8b.exe [2008-02-11 411000]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2010-02-08 360192]
S4 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service; C:\WINDOWS\System32\TUProgSt.exe [2010-02-08 603904]

-----------------EOF-----------------

#2 Příspěvek od **vyosek** » 21 úno 2012 12:30

Zdravim a pekny den preji

Stahnete aswMBR http://public.avast.com/%7Egmerek/aswMBR.exe a ulozte jej na plochu.

Utilitu spustte a prikazte ji, at skenuje - klik na Scan
Kliknutim na Save log ulozte log aswMBR na plochu
Obsah logu aswMBR mi sem vlozte

Kovas · #3 Příspěvek od **Kovas** » 21 úno 2012 14:05

Pekný deň aj Vám.

Prikladám log z aswMBR :

aswMBR version 0.9.9.1618 Copyright(c) 2011 AVAST Software
Run date: 2012-02-21 13:46:34
-----------------------------
13:46:34.675 OS Version: Windows 5.1.2600 Service Pack 3
13:46:34.675 Number of processors: 1 586 0x209
13:46:34.675 ComputerName: KOV UserName:
13:46:35.706 Initialize success
13:46:35.947 AVAST engine defs: 12022100
13:46:53.582 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
13:46:53.582 Disk 0 Vendor: Hitachi_HDT725032VLAT80 V54OA42A Size: 305245MB BusType: 3
13:46:53.582 Device \Driver\atapi -> DriverStartIo f7291864
13:46:53.592 Device \Driver\atapi -> MajorFunction 86f52928
13:46:53.602 Disk 0 MBR read successfully
13:46:53.602 Disk 0 MBR scan
13:46:53.602 Disk 0 Windows XP default MBR code
13:46:53.602 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 45002 MB offset 63
13:46:53.602 Disk 0 Partition - 00 0F Extended LBA 260240 MB offset 92164905
13:46:53.622 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 260240 MB offset 92164968
13:46:53.622 Disk 0 scanning sectors +625137345
13:46:53.682 Disk 0 scanning C:\WINDOWS\system32\drivers
13:47:05.389 Service scanning
13:47:20.881 Modules scanning
13:47:28.252 Disk 0 trace - called modules:
13:47:28.272 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86f52928]<<
13:47:28.272 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87343ab8]
13:47:28.272 3 CLASSPNP.SYS[f750efd7] -> nt!IofCallDriver -> \Device\0000006e[0x873ce3b8]
13:47:28.282 5 ACPI.sys[f743e620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x87366d98]
13:47:28.282 \Driver\atapi[0x8734e880] -> IRP_MJ_CREATE -> 0x86f52928
13:47:28.642 AVAST engine scan C:\WINDOWS
13:47:35.532 AVAST engine scan C:\WINDOWS\system32
13:50:52.836 AVAST engine scan C:\WINDOWS\system32\drivers
13:51:11.683 AVAST engine scan C:\Documents and Settings\Kováčik
13:52:42.884 AVAST engine scan C:\Documents and Settings\All Users
13:53:47.137 Scan finished successfully
14:03:18.398 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Kováčik\Plocha\MBR.dat"
14:03:18.398 The log file has been saved successfully to "C:\Documents and Settings\Kováčik\Plocha\aswMBR.txt"

#4 Příspěvek od **vyosek** » 21 úno 2012 15:06

Kde Avast detekoval rootkit a trojana

Stahnete MBRScan http://eric71.geekstogo.com/tools/MbrScan.exe

Ulozte nejlepe na plochu
Pokud pouzivate Win Vista ci W7, kliknete na MBRScan pravym a dejte Run As Administrator ci Spustit jako spravce
Kliknete na Report
Po chvilce se objevi log do souboru MBRScan.txt, ten sem vlozte

Kovas · #5 Příspěvek od **Kovas** » 22 úno 2012 16:12

Pekné odpoludnie,

Avast ich detekoval v zbalenom rar-súbore. Mylsím si, že tam asi bola hudba. Ja som to po ukončení kontroly Avastom zmazal aj z truhly.

Tu je log MBRScan

Kód: Vybrat vše

MBRScan v1.1.1

OS             : Windows XP Home Service Pack 3 (32 bit)
PROCESSOR      : x86 Family 15 Model 2 Stepping 9, GenuineIntel
BOOT           : Normal Boot
DATE           : 2012/02/22 (ISO 8601) at 16:09:21
________________________________________________________________________________

DISK           : Device\Harddisk0\DR0 __Hitachi HDT725032VLAT80 (V54OA42A)
BUS_TYPE       : (0x03)  P-ATA
USE_PIO        : YES
MAX_TRANSFER   : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________

Device\Harddisk0\DR0	298.1 Go  [Fixed] ==> XP MBR Code

MBR_MD5   : 3C3D707A65C7D7DAAF4E6159BD8419A2
MBR_SHA1  : CCF7B3EF5C634DCA9F0B3F71D7904AD7663242CF

Device\Harddisk0\Partition1	43.95 Go  	0x07 NTFS / HPFS __ BOOTABLE __
Device\Harddisk0\Partition2	254.1 Go  	0x07 NTFS / HPFS
________________________________________________________________________________

############################### Additional scan ################################

DRIVER  : C:\WINDOWS\System32\Drivers\dump_atapi.sys => Invisible on the disk
ADDRESS : 0xB2403000
SIZE    : 96.0 Ko

DRIVER  : C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS => Invisible on the disk
ADDRESS : 0xF79FE000
SIZE    : 8.0 Ko

SystemStartOptions : NOEXECUTE=OPTIN  FASTDETECT

________________________________________________________________________________

_______MBR   \Device\Harddisk0\DR0  

0x00000000   33 C0 8E D0 BC 00 7C FB 50 07 50 1F FC BE 1B 7C   3À.Ð¼.|ûP.P.ü¾.|
0x00000010   BF 1B 06 50 57 B9 E5 01 F3 A4 CB BD BE 07 B1 04   ¿..PW¹å.ó¤Ë½¾.±.
0x00000020   38 6E 00 7C 09 75 13 83 C5 10 E2 F4 CD 18 8B F5   8n.|.u..Å.âôÍ..õ
0x00000030   83 C6 10 49 74 19 38 2C 74 F6 A0 B5 07 B4 07 8B   .Æ.It.8,tö.µ.´..
0x00000040   F0 AC 3C 00 74 FC BB 07 00 B4 0E CD 10 EB F2 88   ð¬<.tü»..´.Í.ëò.
0x00000050   4E 10 E8 46 00 73 2A FE 46 10 80 7E 04 0B 74 0B   N.èF.s*þF..~..t.
0x00000060   80 7E 04 0C 74 05 A0 B6 07 75 D2 80 46 02 06 83   .~..t..¶.uÒ.F...
0x00000070   46 08 06 83 56 0A 00 E8 21 00 73 05 A0 B6 07 EB   F...V..è!.s..¶.ë
0x00000080   BC 81 3E FE 7D 55 AA 74 0B 80 7E 10 00 74 C8 A0   ¼.>þ}Uªt..~..tÈ.
0x00000090   B7 07 EB A9 8B FC 1E 57 8B F5 CB BF 05 00 8A 56   ·.ë©.ü.W.õË¿...V
0x000000A0   00 B4 08 CD 13 72 23 8A C1 24 3F 98 8A DE 8A FC   .´.Í.r#.Á$?..Þ.ü
0x000000B0   43 F7 E3 8B D1 86 D6 B1 06 D2 EE 42 F7 E2 39 56   C÷ã.Ñ.Ö±.ÒîB÷â9V
0x000000C0   0A 77 23 72 05 39 46 08 73 1C B8 01 02 BB 00 7C   .w#r.9F.s.¸..».|
0x000000D0   8B 4E 02 8B 56 00 CD 13 73 51 4F 74 4E 32 E4 8A   .N..V.Í.sQOtN2ä.
0x000000E0   56 00 CD 13 EB E4 8A 56 00 60 BB AA 55 B4 41 CD   V.Í.ëä.V.`»ªU´AÍ
0x000000F0   13 72 36 81 FB 55 AA 75 30 F6 C1 01 74 2B 61 60   .r6.ûUªu0öÁ.t+a`
0x00000100   6A 00 6A 00 FF 76 0A FF 76 08 6A 00 68 00 7C 6A   j.j..v..v.j.h.|j
0x00000110   01 6A 10 B4 42 8B F4 CD 13 61 61 73 0E 4F 74 0B   .j.´B.ôÍ.aas.Ot.
0x00000120   32 E4 8A 56 00 CD 13 EB D6 61 F9 C3 4E 65 70 6C   2ä.V.Í.ëÖaùÃNepl
0x00000130   61 74 6E A0 20 74 61 62 75 6C 6B 61 20 6F 64 64   atn. tabulka odd
0x00000140   A1 6C 85 00 43 68 79 62 61 20 70 FD 69 20 6E 61   ¡l..Chyba pýi na
0x00000150   9F A1 74 A0 6E A1 20 6F 70 65 72 61 9F 6E A1 68   .¡t.n¡ opera.n¡h
0x00000160   6F 20 73 79 73 74 82 6D 75 00 4F 70 65 72 61 9F   o syst.mu.Opera.
0x00000170   6E A1 20 73 79 73 74 82 6D 20 6E 65 6E 61 6C 65   n¡ syst.m nenale
0x00000180   7A 65 6E 00 00 00 00 00 00 00 00 00 00 00 00 00   zen.............
0x00000190   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001A0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001B0   00 00 00 00 00 2C 44 6A CF DA CF DA 00 00 80 01   .....,DjÏÚÏÚ....
0x000001C0   01 00 07 FE FF FF 3F 00 00 00 EA 52 7E 05 00 00   ...þ..?...êR~...
0x000001D0   C1 FF 0F FE FF FF 29 53 7E 05 98 83 C4 1F 00 00   Á..þ..)S~...Ä...
0x000001E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA   ..............Uª

#6 Příspěvek od **vyosek** » 22 úno 2012 19:08

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

Kovas · #7 Příspěvek od **Kovas** » 22 úno 2012 22:37

Prikladám log z ComboFix-u :

ComboFix 12-02-22.01 - Administrator . 02. 2012 22:05:09.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.1023.666 [GMT 1:00]
Spuštěný z: c:\documents and settings\KovßŔik\Plocha\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\iun6002.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\regedit.com
c:\windows\system32\_000021_.tmp.dll
c:\windows\system32\_000022_.tmp.dll
c:\windows\system32\_000023_.tmp.dll
c:\windows\system32\_000024_.tmp.dll
c:\windows\system32\SET63.tmp
c:\windows\system32\taskmgr.com
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-01-22 do 2012-02-22 )))))))))))))))))))))))))))))))
.
.
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-21 12:42 . 2011-05-19 06:04 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-12 17:20 . 2004-08-17 13:44 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:42 . 2004-08-17 13:49 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-17 19:42 . 2004-08-17 13:49 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:42 . 2004-08-17 13:49 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-16 12:23 . 2004-08-17 13:44 385024 ----a-w- c:\windows\system32\html.iec
2011-11-28 18:01 . 2010-10-10 13:42 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 18:01 . 2010-10-10 13:42 199816 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-28 17:53 . 2011-05-18 05:44 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53 . 2010-10-10 13:42 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:52 . 2010-10-10 13:42 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2010-10-10 13:42 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2010-10-10 13:42 111320 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-11-28 17:51 . 2010-10-10 13:42 105176 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-11-28 17:51 . 2010-10-10 13:42 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-28 17:48 . 2010-10-10 13:42 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-11-25 21:57 . 2004-08-17 13:49 293376 ----a-w- c:\windows\system32\winsrv.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-08-23 20:20 1515688 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-08-23 1515688]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2009-02-25 2553088]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-08-23 887976]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-17 44544]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe [2008-12-14 593920]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
2007-12-22 23:03 916240 ----a-w- d:\programy\Eraser\Eraser.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe"
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
"HPDJ Taskbar Utility"=c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"Share-to-Web Namespace Daemon"=c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
"CloneCDTray"="d:\programy\CloneCD\CloneCDTray.exe" /s
"ATIPTA"=c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
"CleanDiskAutoRun"=d:\programy\cleandiskse\cleandisk.exe
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"RemoteControl"="d:\programy\Power DVD 6\PDVDServ.exe"
"CanonMyPrinter"=c:\program files\Canon\MyPrinter\BJMyPrt.exe /logon
"CanonSolutionMenu"=c:\program files\Canon\SolutionMenu\CNSLMAIN.exe /logon
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"d:\\Stano\\Torent\\uTorrent\\utorrent.exe"=
"d:\\Game\\Return to Castle Wolfenstein\\WolfMP.exe"=
"d:\\Game\\Call of Duty 2\\CoD2MP_s.exe"=
"d:\\Game\\Call of duty\\CoDMP.exe"=
"d:\\Game\\Age of Empire\\Age Of Empire 2\\empires2.exe"=
"d:\\Game\\Mooha Assault\\MOHAA.EXE"=
"d:\\Game\\Medal of honor\\MOHAA.exe"=
"d:\\Game\\Mooha Assault\\moh_spearhead_server.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MagicTune Premium\\MagicTune.exe"=
"d:\\Game\\XIII CENTURY\\engine.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"d:\\Game\\SNIPER\\Sniper Elite\\SniperElite.exe"=
"d:\\Game\\Blitzkrieg\\Bin\\Game.exe"=
"d:\\Game\\airborne\\EMPIRESX.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 pe3aqn8b;XIII Century Environment Driver (pe3aqn8b);c:\windows\system32\drivers\pe3aqn8b.sys [11. 2. 2008 18:35 64632]
R0 ps7aqn8b;XIII Century Synchronization Driver (ps7aqn8b);c:\windows\system32\drivers\ps7aqn8b.sys [11. 2. 2008 18:35 68736]
R0 Vax347b;Vax347b;c:\windows\system32\drivers\Vax347b.sys [7. 2. 2010 12:31 159616]
R0 Vax347s;Vax347s;c:\windows\system32\drivers\Vax347s.sys [7. 2. 2010 12:31 5248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [18. 5. 2011 6:44 435032]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10. 10. 2010 14:42 314456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10. 10. 2010 14:42 20568]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [13. 5. 2007 11:57 691696]
S2 pr2aqn8b;XIII Century Drivers Auto Removal (pr2aqn8b);c:\windows\system32\pr2aqn8b.exe svc --> c:\windows\system32\pr2aqn8b.exe svc [?]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'
.
2012-02-22 c:\windows\Tasks\1-Click Maintenance.job
- d:\programy\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 20:36]
.
2012-02-22 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2011-08-23 20:20]
.
2012-02-22 c:\windows\Tasks\Úklid 1 kliknutím.job
- d:\programy\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 20:36]
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-22 22:18
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="028A31B0783276A75B614B3D2D445449D4AA63D5FBEC9E2FBA8E54FD14503AA0C05918B0DF3CA5F676862636E27CF8819BDCA819F236457B359AF821BC62B794FEAAF1E112CA998628738E5C97A08F3AFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3D5D575E7D6A3B9808A2D97226D213B5554C2EFB02FC9CA14E189FAE4AAA067FAC630CC7E039F78D1CE918EDA689476BF8623CD0306FBF5A0E3D96C86656BC804432BE4BB1324706CF9D35A63DC64CFB7AA8DA92413BDC13FCC9FE93650104A75F8F75ACA9832298733DC4D8EB30E76DDC39DC63704B52D3A2C4E505031242E2580E99D227321AB6558A2803518973D8FB20BCF83D40E1780B287FA7422842718BB5B341CBF7A0A542B6633C53C7AAA8B5DE169B6BEA2FB048E01F18E692B1E85C01F409FEC28F000C6D9E2A95172F1AED6A2B2A0555C4016D52408A7A5623312FDE2FD169B4A0340B47248A865484418EAB609455BA10BF94D17FC44BAA8E09EEB258D6FA21730219D5662D52931305007F3E60EB8A639A59A82021E87E4B7F88538D6764130B00151D76F6EE9A272035B6F1A69DE6F18FDC17860D296F1B79EC8B0C679C48CF19E1168E5E9164F19F9F174B1681A8577344CCBE8C25D41DB0131AB7CD5D328C8965AA0A71B59E8668B659416D755B0FED37F0F4B3B934DAB1733396A424F570E48ABCE7D09B2C5EB1772BEC83993EFB79629DFBAE884DBBDB8CFCD30DB46C0F0F401FCB2EC423558461AC0943CF446368F760C7BA760E11665F933E39932460C1791BFED4F94F2C3F77F2F627C2956D5C2A3BF4AA2D9C8B5872844AF00CDEBE8CAC6B6D2044AE0896C0073C40DC0EA84E34A4BFE39851C18ECD538C8FAB11EBD0D34026FE75F26F104B6681B64FBC860951860B616BB72E3A81F6400345E408C2EE3EDDF61F04CF08A38115C10DE5DBACC1BEDCB19911AEE09D5B46D06E381DEDFE7D6B2018FA7AAAE0BD65AFCF00622ECA20DDF6DCD18659385E1F8E811C14AE8B89CAA67C27A1FB977489E092B637D336EEDB67B1235DD1EA53F3681D553F371F639C4B2B0C60D3E472B8C916695CB94E66C94D5ADFBACAD2028D1C225F4F0F487C2561C65E315CE7F751F5DE2D36CFE4B53E06DA998E1992A45C7FB766DD0D9ABFCA51B709741345BB530134C710DACFFB71057D162B664E6AF27748CB65E0AB091A99272CEF4CA3E4E21E23361571E5D142504F4CC72DB1F686810026458C95A5C4460698CA2E2F91CA107AA5577E84C0B102A0687CC0695FF4AA543D40E4785C9C7F86D4123417D2F6B14F7CCDC30C45E6C7074B494427B13B177811FE1476E4197CA09B362B8F2DF7EE79514FD361D2ABE5DA0B91B0A06A7CFE68D00C17B669D7080FDC0BB850"
.
Celkový čas: 2012-02-22 22:23:57
ComboFix-quarantined-files.txt 2012-02-22 21:23
.
Před spuštěním: Volných bajtů: 19 520 319 488
Po spuštění: Volných bajtů: 19 607 031 808
.
- - End Of File - - A23C010D4B68FA2E690B61BC2B4925E3

#8 Příspěvek od **vyosek** » 23 úno 2012 10:50

Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
Zaskrtnete okenko Pro vsechny uzivatele
Zaskrtnete okenko Kontrola na havet "LOP"
Zaskrtnete okenko Kontrola na havet "Purity"
Stari souboru zmente z 30 dnu na 7 dnu
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

Kód: Vybrat vše

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
atapi.sys
autochk.exe
cdrom.sys
explorer.exe
hal.dll
scecli.dll
svchost.exe
tcpip.sys
userinit.exe
winlogon.exe
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c

%PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5
%PROGRAMFILES%\Internet Explorer\iexplore.exe /md5
%PROGRAMFILES%\Opera\opera.exe /md5
%PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5

type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5 

*crack* /s
*keygen* /s
*loader* /s

Kliknete na tlacitko Prohledat
Po dokonceni skenu (cca 10 az 15 min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte

Kovas · #9 Příspěvek od **Kovas** » 23 úno 2012 11:14

Dobrý deň,

mám jednu otázočku. Potom čo bol spustení Combofix sa mi po štarte Windows na systémovej lište neobjaví ikonka Avastu. V správcovi úloh v procesoch síce beží AvastSvc.exe, ale Avast nie je medzi programami po spustení. Je len medzi službami, kde je oddfajknutý. Taktiež keď napríklad chcem Avastom otestovať nejaký súbor (pravým tlačítkom myši) sa mi objaví chybové hlásenie, že Proces uživateěského rozhrania programu avast (AvastUI.exe) momentálne nebeží. Pred začatím testu prosím spustite túto aplikáciu. Nie je to nejaký problém? Urobím teraz test, ako ste mi odporučil.

Kovas · #10 Příspěvek od **Kovas** » 23 úno 2012 11:52

Log OTL.txt :

OTL logfile created on: 23. 2. 2012 11:21:15 - Run 1
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Documents and Settings\Kováčik\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d. M. yyyy

1023,49 Mb Total Physical Memory | 700,16 Mb Available Physical Memory | 68,41% Memory free
2,41 Gb Paging File | 2,22 Gb Available in Paging File | 92,39% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 43,95 Gb Total Space | 18,23 Gb Free Space | 41,49% Space Free | Partition Type: NTFS
Drive D: | 254,14 Gb Total Space | 100,49 Gb Free Space | 39,54% Space Free | Partition Type: NTFS

Computer Name: KOV | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - [2012.02.23 11:15:42 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Kováčik\Plocha\OTL.exe
PRC - [2011.11.28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011.08.23 21:20:18 | 000,887,976 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2009.02.25 21:59:06 | 001,352,960 | ---- | M] (O&O Software GmbH) -- C:\WINDOWS\system32\oodag.exe
PRC - [2009.02.25 21:58:04 | 002,553,088 | ---- | M] (O&O Software GmbH) -- C:\WINDOWS\system32\oodtray.exe
PRC - [2009.02.10 17:01:49 | 000,116,104 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2008.04.14 04:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.03.15 09:30:24 | 000,593,920 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files\RALINK\Common\RaUI.exe
PRC - [2005.04.02 01:51:48 | 000,217,600 | ---- | M] (Rocket Division Software) -- D:\Programy\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

========== Modules (No Company Name) ==========

MOD - [2012.02.23 08:07:44 | 001,714,688 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\12022300\algo.dll
MOD - [2009.02.10 17:01:49 | 000,116,104 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (MDM)
SRV - File not found [Auto | Stopped] -- -- (MagicTuneEngine)
SRV - File not found [Auto | Stopped] -- -- (AshampooDefragService)
SRV - [2011.11.28 19:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010.02.08 10:48:34 | 000,603,904 | ---- | M] (TuneUp Software) [Disabled | Stopped] -- C:\WINDOWS\system32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
SRV - [2010.02.08 10:48:31 | 000,360,192 | ---- | M] (TuneUp Software) [Disabled | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2009.02.25 21:59:06 | 001,352,960 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\WINDOWS\system32\oodag.exe -- (O&O Defrag)
SRV - [2009.02.10 17:01:49 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2008.12.11 13:31:36 | 000,027,904 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2008.02.11 18:36:31 | 000,411,000 | ---- | M] (Cenega Czech) [Auto | Stopped] -- C:\WINDOWS\System32\pr2aqn8b.exe -- (pr2aqn8b) XIII Century Drivers Auto Removal (pr2aqn8b)
SRV - [2005.04.02 01:51:48 | 000,217,600 | ---- | M] (Rocket Division Software) [Auto | Running] -- D:\Programy\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -- (StarWindService)

========== Driver Services (SafeList) ==========

DRV - [2011.11.28 18:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011.11.28 18:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011.11.28 18:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011.11.28 18:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011.11.28 18:52:02 | 000,111,320 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011.11.28 18:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011.11.28 18:48:49 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009.12.25 12:04:32 | 000,082,380 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2009.12.06 11:29:21 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008.04.13 19:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008.02.11 18:35:59 | 000,064,632 | ---- | M] (Cenega Czech) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pe3aqn8b.sys -- (pe3aqn8b) XIII Century Environment Driver (pe3aqn8b)
DRV - [2008.02.11 18:35:23 | 000,068,736 | ---- | M] (Cenega Czech) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\ps7aqn8b.sys -- (ps7aqn8b) XIII Century Synchronization Driver (ps7aqn8b)
DRV - [2008.01.17 15:45:56 | 000,013,184 | ---- | M] (Samsung Electronics, Inc. ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\MTictwl.sys -- (NCPro)
DRV - [2008.01.17 15:45:56 | 000,013,184 | ---- | M] (Samsung Electronics, Inc. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MTiCtwl.sys -- (MagicTune)
DRV - [2006.12.26 13:54:35 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2006.03.08 17:28:00 | 000,255,232 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2005.04.25 10:43:58 | 000,159,616 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Vax347b.sys -- (Vax347b)
DRV - [2004.08.17 14:43:40 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004.08.03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004.04.30 09:33:00 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\Vax347s.sys -- (Vax347s)
DRV - [2004.03.02 15:37:50 | 000,125,184 | ---- | M] (Ahead Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\imagesrv.sys -- (imagesrv)
DRV - [2004.03.02 15:37:48 | 000,005,504 | ---- | M] (Ahead Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\imagedrv.sys -- (imagedrv)
DRV - [2003.10.20 10:39:56 | 000,073,856 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\viaudio.sys -- (VIAudio) VIA AC'97 Audio Controller (WDM)
DRV - [2002.06.20 18:45:42 | 000,020,128 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2002.06.20 18:45:40 | 000,010,144 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2002.06.20 18:45:36 | 000,005,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2002.06.20 18:45:34 | 000,039,776 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-220523388-839522115-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-220523388-839522115-1343024091-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\WINDOWS\system32\C2MP\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.05.06 11:48:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 1.1.7\Extensions\\Components: C:\Program Files\mozilla.org\SeaMonkey\Components [2008.01.13 13:41:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 1.1.7\Extensions\\Plugins: C:\Program Files\mozilla.org\SeaMonkey\Plugins [2011.01.25 17:43:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.7.2\extensions\\Components: C:\Program Files\SeaMonkey\components [2012.02.20 06:32:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.7.2\extensions\\Plugins: C:\Program Files\SeaMonkey\plugins [2011.07.28 14:35:48 | 000,000,000 | ---D | M]

[2012.02.22 22:28:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Extensions
[2012.02.22 22:28:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\SeaMonkey\Profiles\39jyzeu1.default\extensions
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\DATA APLIKACĂ\MOZILLA\SEAMONKEY\PROFILES\39JYZEU1.DEFAULT\EXTENSIONS\{59C81DF5-4B7A-477B-912D-4E0FDF64E5F2}.XPI
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\DATA APLIKACĂ\MOZILLA\SEAMONKEY\PROFILES\39JYZEU1.DEFAULT\EXTENSIONS\{F13B157F-B174-47E7-A34D-4815DDFDFEB8}.XPI
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\DATA APLIKACĂ\MOZILLA\SEAMONKEY\PROFILES\39JYZEU1.DEFAULT\EXTENSIONS\INSPECTOR@MOZILLA.ORG.XPI
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\DATA APLIKACĂ\MOZILLA\SEAMONKEY\PROFILES\39JYZEU1.DEFAULT\EXTENSIONS\LANGPACK-CS@CHATZILLA.MOZILLA.ORG.XPI

O1 HOSTS File: ([2012.02.22 22:17:53 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-220523388-839522115-1343024091-1003\..\Toolbar\WebBrowser: (no name) - {4C4E7CDB-5BFC-4D74-83E2-8AE659B7EDA2} - No CLSID value found.
O3 - HKU\S-1-5-21-220523388-839522115-1343024091-1003\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKU\S-1-5-21-220523388-839522115-1343024091-1003\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe (O&O Software GmbH)
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe (Ralink Technology, Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-220523388-839522115-1343024091-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-220523388-839522115-1343024091-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-220523388-839522115-1343024091-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-220523388-839522115-1343024091-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-220523388-839522115-1343024091-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-220523388-839522115-1343024091-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-220523388-839522115-1343024091-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-220523388-839522115-1343024091-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 217.119.113.244 172.18.100.15
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E6EDF622-BD0C-474C-8FE9-79AA6D613E45}: DhcpNameServer = 217.119.113.244 172.18.100.15
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Nebe.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Nebe.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.12.09 10:44:41 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (OODBS)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm ()
Drivers32: msacm.divxa32 - C:\WINDOWS\System32\DivXa32.acm (Packed With Joy !)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.vorbis - C:\WINDOWS\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.divx - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.ffds - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: vidc.vp60 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.vp61 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.vp62 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 7 Days ==========

[2012.02.23 11:14:07 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012.02.22 22:24:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Data aplikací\Identities
[2012.02.22 22:02:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012.02.22 22:02:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012.02.22 22:02:42 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012.02.22 22:02:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012.02.22 22:02:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.02.22 22:02:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Dokumenty\Obrázky
[2012.02.22 22:02:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Nabídka Start\Programy\Nástroje pro správu
[2012.02.22 22:02:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Dokumenty\Hudba
[2012.02.22 22:02:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Dokumenty\Filmy
[2012.02.22 22:02:09 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Dokumenty
[2012.02.22 22:02:09 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Okolní síť
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 7 Days ==========

[2012.02.23 11:23:50 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2012.02.23 11:02:01 | 000,000,238 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012.02.23 11:01:12 | 000,000,480 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2012.02.23 11:01:12 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Úklid 1 kliknutím.job
[2012.02.23 11:01:10 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.02.23 10:59:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.02.23 10:59:55 | 1073,274,880 | -HS- | M] () -- C:\hiberfil.sys
[2012.02.23 10:59:53 | 001,307,550 | ---- | M] () -- C:\WINDOWS\System32\oodbs.lor
[2012.02.23 10:58:52 | 000,000,282 | -HS- | M] () -- C:\boot.ini
[2012.02.23 10:39:34 | 000,002,553 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012.02.22 22:17:53 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012.02.22 08:49:26 | 000,435,832 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.02.22 08:49:26 | 000,432,364 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2012.02.22 08:49:26 | 000,079,332 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2012.02.22 08:49:26 | 000,068,728 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.02.21 13:42:57 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012.02.20 22:37:04 | 000,001,731 | ---- | M] () -- C:\WINDOWS\VPlayer.INI
[2012.02.20 22:04:14 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012.02.20 06:35:05 | 000,000,562 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\CCleaner.lnk
[2012.02.16 20:24:17 | 000,352,976 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.02.23 11:23:50 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2012.02.22 22:24:42 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Administrator\Nabídka Start\Programy\Internet Explorer.lnk
[2012.02.22 22:24:29 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Administrator\Nabídka Start\Programy\Outlook Express.lnk
[2012.02.22 22:02:42 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012.02.22 22:02:42 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012.02.22 22:02:42 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012.02.22 22:02:42 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012.02.22 22:02:42 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011.07.12 08:15:07 | 000,001,634 | ---- | C] () -- C:\WINDOWS\System32\.ini

========== LOP Check ==========

[2008.03.08 16:57:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Složka odesílání Share-to-Web
[2010.10.10 14:42:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
[2010.04.10 13:15:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\CanonBJ
[2010.04.10 13:43:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\CanonIJEGV
[2010.04.10 16:30:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\CanonIJEPPEX
[2010.04.10 13:33:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\CanonIJMyPrinter
[2011.11.18 20:35:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\CanonIJPLM
[2010.04.10 13:42:23 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\CanonIJSolutionMenu
[2009.12.06 11:28:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
[2010.02.05 11:20:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\KASTNER software
[2008.12.25 21:20:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\MicroWorld
[2008.01.06 17:20:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\MSScanAppDataDir
[2008.09.24 19:04:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\PC Drivers HeadQuarters
[2008.09.15 16:26:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TuneUp Software
[2010.02.08 10:44:52 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Data aplikací\{55A29068-F2CE-456C-9148-C869879E2357}
[2011.03.02 22:35:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}
[2011.07.28 00:32:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kováčik\Data aplikací\archsoft
[2010.04.10 14:00:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kováčik\Data aplikací\Canon Easy-WebPrint EX
[2010.04.10 13:34:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kováčik\Data aplikací\CD-LabelPrint
[2011.07.13 13:00:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kováčik\Data aplikací\DAEMON Tools Lite
[2009.08.29 22:13:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kováčik\Data aplikací\DIMAGE
[2011.01.25 17:43:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kováčik\Data aplikací\Foxit
[2010.10.28 23:54:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kováčik\Data aplikací\GHISLER
[2011.02.18 09:58:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kováčik\Data aplikací\Kastner software
[2007.04.08 19:36:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kováčik\Data aplikací\Složka odesílání Share-to-Web
[2011.02.27 21:19:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kováčik\Data aplikací\Thinstall
[2011.05.06 11:48:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kováčik\Data aplikací\Thunderbird
[2008.09.15 16:27:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kováčik\Data aplikací\TuneUp Software
[2012.02.19 21:01:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kováčik\Data aplikací\uTorrent
[2012.02.23 11:01:12 | 000,000,480 | ---- | M] () -- C:\WINDOWS\Tasks\1-Click Maintenance.job
[2012.02.23 11:02:01 | 000,000,238 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2012.02.23 11:01:12 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Úklid 1 kliknutím.job

========== Purity Check ==========

========== Custom Scans ==========

< >

< >

< MD5 for: ATAPI.SYS >
[2004.08.17 14:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009.12.20 17:05:13 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009.12.20 17:05:13 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2008.04.14 04:22:10 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\cmdcons\autochk.exe
[2008.04.14 04:22:10 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\ServicePackFiles\i386\autochk.exe
[2008.04.14 04:22:10 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\system32\autochk.exe
[2004.08.17 14:49:22 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=CEA8636EC12F062C1ED8A7CB4E75324F -- C:\WINDOWS\$NtServicePackUninstall$\autochk.exe

< MD5 for: CDROM.SYS >
[2004.08.17 14:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2009.12.20 17:05:13 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2009.12.20 17:05:13 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008.04.13 19:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008.04.13 19:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2004.08.03 21:59:54 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys

< MD5 for: EXPLORER.EXE >
[2008.04.14 04:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008.04.14 04:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 04:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004.08.17 14:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004.08.17 14:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[2007.06.13 14:11:59 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=9B32416BD5988C97B6397CE0B02CAF97 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe

< MD5 for: HAL.DLL >
[2004.08.17 14:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2009.12.20 17:05:13 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2009.12.20 17:05:13 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll
[2004.08.03 21:59:08 | 000,081,280 | ---- | M] (Microsoft Corporation) MD5=4AF58CA3425F28FC5E3DB47DC122F722 -- C:\WINDOWS\$NtServicePackUninstall$\hal.dll
[2008.04.13 19:31:32 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll
[2008.04.13 19:31:27 | 000,081,152 | ---- | M] (Microsoft Corporation) MD5=C4BA879B581BE34536FE01F79AC28631 -- C:\WINDOWS\system32\HAL.DLL

< MD5 for: SCECLI.DLL >
[2004.08.17 14:49:18 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008.04.14 04:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008.04.14 04:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 04:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SVCHOST.EXE >
[2008.04.14 04:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008.04.14 04:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008.04.14 04:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe
[2004.08.17 14:49:28 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: TCPIP.SYS >
[2006.04.20 12:51:50 | 000,359,808 | ---- | M] (Microsoft Corporation) MD5=1DBF125862891817F374F407626967F4 -- C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
[2008.06.20 11:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2007.10.30 17:53:32 | 000,360,832 | ---- | M] (Microsoft Corporation) MD5=64798ECFA43D78C7178375FCDD16D8C8 -- C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[2008.06.20 11:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[2007.10.30 18:20:55 | 000,360,064 | ---- | M] (Microsoft Corporation) MD5=90CAFF4B094573449A0872A0F919B178 -- C:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys
[2008.04.13 20:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\ERDNT\cache\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2004.08.03 22:14:42 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.06.20 12:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[2008.06.20 12:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[2006.04.20 13:18:35 | 000,360,576 | ---- | M] (Microsoft Corporation) MD5=B2220C618B42A2212A59D91EBD6FC4B4 -- C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[2004.08.03 22:14:42 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=C81D6A930A7805F6DAA0C7902B99037E -- C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.04.14 04:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008.04.14 04:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 04:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe
[2004.08.17 14:49:28 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004.08.17 14:49:28 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 04:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008.04.14 04:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 04:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe

< >

< %systemroot%*.* /U /s >
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[18 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[1 C:\WINDOWS\inf\*.tmp files -> C:\WINDOWS\inf\*.tmp -> ]
[22 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]
[1 C:\WINDOWS\Installer\{CC6B1BB4-4E06-4A5B-A166-B371B551324B}\*.tmp files -> C:\WINDOWS\Installer\{CC6B1BB4-4E06-4A5B-A166-B371B551324B}\*.tmp -> ]
[1 C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\*.tmp files -> C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\*.tmp -> ]
[3 C:\WINDOWS\system32\wbem\*.tmp files -> C:\WINDOWS\system32\wbem\*.tmp -> ]
[1 C:\WINDOWS\twain_32\*.tmp files -> C:\WINDOWS\twain_32\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

Invalid Environment Variable: APPDATA

Invalid Environment Variable: APPDATA

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job >
[2012.02.23 11:01:12 | 000,000,480 | ---- | M] () -- C:\WINDOWS\Tasks\1-Click Maintenance.job
[2012.02.23 11:02:01 | 000,000,238 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[2012.02.23 11:01:12 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Úklid 1 kliknutím.job

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009.12.09 11:22:26 | 002,977,792 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2009.12.07 22:57:42 | 000,262,144 | ---- | M] () -- C:\WINDOWS\System32\config\security.sav
[2009.12.09 11:22:26 | 028,049,408 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2009.12.09 11:22:26 | 009,699,328 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2012.02.23 10:39:34 | 000,002,553 | ---- | M] () -- C:\WINDOWS\system32\CONFIG.NT
[2012.02.21 13:42:57 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
[2012.02.23 10:59:53 | 001,307,550 | ---- | M] () -- C:\WINDOWS\system32\oodbs.lor
[2012.02.22 08:49:26 | 000,079,332 | ---- | M] () -- C:\WINDOWS\system32\perfc005.dat
[2012.02.22 08:49:26 | 000,068,728 | ---- | M] () -- C:\WINDOWS\system32\perfc009.dat
[2012.02.22 08:49:26 | 000,432,364 | ---- | M] () -- C:\WINDOWS\system32\perfh005.dat
[2012.02.22 08:49:26 | 000,435,832 | ---- | M] () -- C:\WINDOWS\system32\perfh009.dat
[2012.02.22 08:49:26 | 001,029,932 | ---- | M] () -- C:\WINDOWS\system32\PerfStringBackup.INI
[2012.02.23 11:01:10 | 000,002,206 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl

< %SYSTEMDRIVE%\*.exe >

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
No captured output from command...

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
No captured output from command...

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
No captured output from command...

< >

< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >

< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2009.03.08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation) MD5=B60DDDD2D63CE41CB8C487FCFBB6419E -- C:\Program Files\Internet Explorer\iexplore.exe

< %PROGRAMFILES%\Opera\opera.exe /md5 >

< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >

< >

< type c:\boot.ini >> test.txt /c >
No captured output from command...

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2012.02.23 11:23:50 | 000,000,512 | ---- | M] () MD5=3C3D707A65C7D7DAAF4E6159BD8419A2 -- C:\PhysicalMBR.bin

< >

< *crack* /s >
[2008.05.07 17:33:37 | 000,033,794 | ---- | M] () -- \Documents and Settings\Kováčik\Data aplikací\uTorrent\Adobe Photoshop CS3 Extended - FULL CRACKED [MUST HAVE!].torrent
[2007.12.25 22:50:38 | 000,017,550 | ---- | M] () -- \Documents and Settings\Kováčik\Data aplikací\uTorrent\Age Of Empires 3 full DVD +crack + serial.iso.1.torrent
[2007.12.25 22:48:59 | 000,017,550 | ---- | M] () -- \Documents and Settings\Kováčik\Data aplikací\uTorrent\Age Of Empires 3 full DVD +crack + serial.iso.torrent
[2007.11.10 19:43:57 | 000,004,800 | ---- | M] () -- \Documents and Settings\Kováčik\Data aplikací\uTorrent\Medal of Honor Airborne-HATRED Crack+Keygen.exe.torrent
[2008.09.15 13:45:01 | 000,001,076 | ---- | M] () -- \Documents and Settings\Kováčik\Data aplikací\uTorrent\Plato DVD Ripper Pro v6.66.5 + Crack [App][Ingles][www.zonatorrent.com].rar.torrent
[2008.09.15 13:43:44 | 000,005,065 | ---- | M] () -- \Documents and Settings\Kováčik\Data aplikací\uTorrent\Plato.DVD.Ripper.Pro.v6.66.5.WinALL.Cracked-TUkEY.rar.torrent

< *keygen* /s >
[2008.04.13 13:26:22 | 000,060,689 | ---- | M] () -- \Documents and Settings\Kováčik\Data aplikací\uTorrent\Corel Paint Shop Pro Photo X2 v12.0 Incl Keygen.torrent
[2007.11.10 19:43:57 | 000,004,800 | ---- | M] () -- \Documents and Settings\Kováčik\Data aplikací\uTorrent\Medal of Honor Airborne-HATRED Crack+Keygen.exe.torrent

< *loader* /s >
[2009.11.03 09:44:22 | 000,000,330 | ---- | M] () -- \Documents and Settings\Kováčik\Nabídka Start\Programy\JDownloader\JDownloader Support.lnk
[2009.11.03 09:44:22 | 000,000,676 | ---- | M] () -- \Documents and Settings\Kováčik\Nabídka Start\Programy\JDownloader\JDownloader.lnk
[2009.11.03 09:44:27 | 000,000,670 | ---- | M] () -- \Documents and Settings\Kováčik\Nabídka Start\Programy\JDownloader\Uninstall JDownloader.lnk
[2009.11.03 09:44:22 | 000,000,620 | ---- | M] () -- \Documents and Settings\Kováčik\Plocha\JDownloader.lnk
[2001.01.16 05:55:36 | 000,053,248 | ---- | M] () -- \Program Files\Common Files\Microsoft Shared\VS7DEBUG\COLOADER.DLL
[2001.01.16 03:22:34 | 000,002,560 | ---- | M] () -- \Program Files\Common Files\Microsoft Shared\VS7DEBUG\COLOADER.TLB
[2007.11.28 12:14:00 | 000,002,910 | ---- | M] () -- \Program Files\mozilla.org\SeaMonkey\components\uriloader.xpt
[2004.08.17 14:49:06 | 000,035,840 | ---- | M] () -- \WINDOWS\$NtServicePackUninstall$\dmloader.dll
[2012.02.23 10:12:02 | 000,016,378 | ---- | M] () -- \WINDOWS\Prefetch\JDOWNLOADER.EXE-35B4CF9D.pf
[2008.04.14 04:21:39 | 000,035,840 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\dmloader.dll
[2008.04.13 19:31:47 | 000,230,912 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\osloader.exe
[2008.04.13 19:31:48 | 000,278,528 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\osloader.ntd
[2008.04.14 04:21:39 | 000,035,840 | ---- | M] () -- \WINDOWS\system32\dmloader.dll
[2007.04.30 14:43:12 | 000,009,622 | ---- | M] () -- \WINDOWS\system32\Macromed\Shockwave 10\shockwave_Projector_Loader.dcr

< End of report >

Kovas · #11 Příspěvek od **Kovas** » 23 úno 2012 11:54

Log Extras.txt :

OTL Extras logfile created on: 23. 2. 2012 11:21:15 - Run 1
OTL by OldTimer - Version 3.2.33.2 Folder = C:\Documents and Settings\Kováčik\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d. M. yyyy

1023,49 Mb Total Physical Memory | 700,16 Mb Available Physical Memory | 68,41% Memory free
2,41 Gb Paging File | 2,22 Gb Available in Paging File | 92,39% Paging File free
Paging file location(s): c:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 43,95 Gb Total Space | 18,23 Gb Free Space | 41,49% Space Free | Partition Type: NTFS
Drive D: | 254,14 Gb Total Space | 100,49 Gb Free Space | 39,54% Space Free | Partition Type: NTFS

Computer Name: KOV | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = MozillaHTML] -- C:\Program Files\mozilla.org\SeaMonkey\seamonkey.exe (mozilla.org)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-220523388-839522115-1343024091-1003\SOFTWARE\Classes\<extension>]
.html [@ = SeaMonkeyHTML] -- C:\Program Files\SeaMonkey\seamonkey.exe (mozilla.org)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
https [open] -- C:\PROGRA~1\MOZILLA.ORG\SEAMON~1\SEAMON~1.EXE -osint -url "%1" (mozilla.org)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "D:\Programy\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "D:\Programy\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "D:\Programy\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Stano\Torent\uTorrent\utorrent.exe" = D:\Stano\Torent\uTorrent\utorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"D:\Game\Return to Castle Wolfenstein\WolfMP.exe" = D:\Game\Return to Castle Wolfenstein\WolfMP.exe:*:Enabled:WolfMP -- ()
"D:\Game\Call of Duty 2\CoD2MP_s.exe" = D:\Game\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s -- ()
"D:\Game\Call of duty\CoDMP.exe" = D:\Game\Call of duty\CoDMP.exe:*:Disabled:CoDMP -- ()
"D:\Game\Age of Empire\Age Of Empire 2\empires2.exe" = D:\Game\Age of Empire\Age Of Empire 2\empires2.exe:*:Disabled:Age of Empires II -- (Microsoft Corporation)
"D:\Game\Mooha Assault\MOHAA.EXE" = D:\Game\Mooha Assault\MOHAA.EXE:*:Disabled:Medal of Honor Allied Assault -- (Electronic Arts Inc.)
"D:\Game\Medal of honor\MOHAA.exe" = D:\Game\Medal of honor\MOHAA.exe:*:Disabled:Medal of Honor Allied Assault -- (Electronic Arts Inc.)
"D:\Game\Mooha Assault\moh_spearhead_server.exe" = D:\Game\Mooha Assault\moh_spearhead_server.exe:*:Disabled:Medal of Honor Allied Assault(tm) Spearhead -- (Electronic Arts Inc.)
"C:\Program Files\MagicTune Premium\MagicTune.exe" = C:\Program Files\MagicTune Premium\MagicTune.exe:*:Disabled:MagicTune -- (SEC)
"D:\Game\XIII CENTURY\engine.exe" = D:\Game\XIII CENTURY\engine.exe:*:Disabled:engine -- ()
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"D:\Game\SNIPER\Sniper Elite\SniperElite.exe" = D:\Game\SNIPER\Sniper Elite\SniperElite.exe:*:Enabled:SniperElite -- ()
"D:\Game\Blitzkrieg\Bin\Game.exe" = D:\Game\Blitzkrieg\Bin\Game.exe:*:Enabled:Game -- (NIVAL Interactive)
"D:\Game\airborne\EMPIRESX.EXE" = D:\Game\airborne\EMPIRESX.EXE:*:Enabled:Age of Empires, the Rise of Rome -- (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0DEA94ED-915A-4834-A87E-388D012C8E02}" = Medal of Honor Allied Assault
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4700_series" = Canon iP4700 series Printer Driver
"{18EF2DEE-DCB0-466A-ABA5-4C73E508530A}" = Medal of Honor Allied Assault(tm) Spearhead Patch 2.15
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2527736B-927C-4E5F-A861-6BA616568B80}_is1" = Sniper Elite
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HydraVision
"{435673AB-6821-416D-806A-E477DFA60A42}" = WingMan Software
"{5194F1F9-2C98-4481-B9AA-A2078B56AF4E}" = The Entente
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{590D4F8F-98FE-47FA-AC2B-3F22FDCF7C09}" = ShareIns
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{796ADAFF-7C5B-4CED-BA11-55A3644F1E0D}" = HP Photo and Imaging 2.2 - Scanjet 3970 Series
"{79ABDCBE-BFF4-4722-850F-D858C10580CE}" = Blizkrieg II: Liberation
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"{85B1BEF2-2357-4C27-ABBE-15A1AE3AF78D}" = HP Deskjet 5700
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8DF712DA-D325-4FD0-8DE8-E2D78FC3CDC3}" = IL-2 Sturmovik: Forgotten Battles
"{9011041B-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-041B-0000-0000000FF1CE}" = Balík Compatibility Pack pre systém Office 2007
"{95CE660F-6CA9-4BAE-B637-26A767AF9861}" = XIII Century - Smrt, nebo vítězství
"{976EA7B1-7562-483D-88DA-4323D263B7CD}" = DiMAGE Viewer
"{9FB2CE8C-E86C-4368-B3C9-F472898F926E}" = Desert Storm
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AEDDF5A3-29CE-11D5-A8C2-000102246AAE}" = ubi.com
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{B81023A5-71ED-46EB-BE3B-9F974D1155F1}" = HP Software Update
"{BE699EDC-9E58-4671-A23E-9CDF7F6F42F2}" = Medal of Honor Allied Assault(tm) Spearhead
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D2BBEABB-A8DF-4451-A7C4-63C87B31E325}" = IL-2 Sturmovik: Forgotten Battles AEP
"{D6044256-A309-43B5-9833-D3FAFE2AD24D}" = MagicTune Premium
"{E91E8912-769D-42F0-8408-0E329443BABC}" = Ralink Wireless LAN Card
"{E9F81423-211E-46B6-9AE0-38568BC5CF6F}" =
"{F530581E-12FE-43B4-A28D-E5257AAD63E6}" = O&O Defrag Professional
"{F652D238-5F29-42D5-BAF3-0115EF977EC2}" = Windows Live Sign-in Assistant
"{F850707C-B6A0-4B56-8709-F89CF8F9AC6D}" = Eraser
"{FC2C7405-BC58-4E11-8F51-29671BEAC06B}" = Natural Color Pro
"µTorrent CZ_is1" = µTorrent CZ 1.6.1 (build 490)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Age of Empires Gold 1.0" = Microsoft Age of Empires Gold
"AirborneTroops" = AirborneTroops
"ATI Display Driver" = ATI Display Driver
"avast" = avast! Free Antivirus
"Call of Duty" = Call of Duty
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"CloneCD" = CloneCD
"C-Media Audio" = C-Media 3D Audio
"C-Media Audio Driver" = C-Media WDM Audio Driver
"Cole2k Media - Codec Pack" = Cole2k Media - Codec Pack (Advanced) 7.9.0
"Corel Applications" = Corel Applications
"CrystalDiskInfo_is1" = CrystalDiskInfo 3.10.0
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"Eraser" = Eraser
"ffdshow_is1" = ffdshow [rev 3207] [2010-01-18]
"Foxit Reader" = Foxit Reader
"HD Tune_is1" = HD Tune 2.55
"HijackThis" = HijackThis 2.0.2
"HS CleanDisk SE_is1" = HS CleanDisk SE
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"IL-2 Sturmovik" = IL-2 Sturmovik
"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"InstallShield_{8DF712DA-D325-4FD0-8DE8-E2D78FC3CDC3}" = IL-2 Sturmovik: Forgotten Battles
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"InstallShield_{D2BBEABB-A8DF-4451-A7C4-63C87B31E325}" = IL-2 Sturmovik: Forgotten Battles AEP
"JDownloader" = JDownloader
"kopfjeager_is1" = Operation Thunderstorm (1.01)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Medal of Honor" = Medal of Honor
"Medal of Honor - Spearhead" = Medal of Honor - Spearhead
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Thunderbird (3.1.9)" = Mozilla Thunderbird (3.1.9)
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Ogg Vorbis Redistributable V 1.0b (vorbis1_0_pub~343AD259_is1" = Ogg Vorbis Redistributable V 1.0b (vorbis1_0_public_release)
"PuTTY_is1" = PuTTY version 0.60
"QuickTime" = QuickTime
"Registrace uživatele zařízení Canon iP4700 series" = Registrace uživatele zařízení Canon iP4700 series
"Return to Castle Wolfenstein" = Return to Castle Wolfenstein
"Revo Uninstaller" = Revo Uninstaller 1.85
"SeaMonkey (1.1.7)" = SeaMonkey (1.1.7)
"SeaMonkey (2.7.2)" = SeaMonkey (2.7.2)
"Soldner" = Soldner
"Totalcmd" = Total Commander (Remove or Repair)
"Ultra Video Converter_is1" = Ultra Video Converter 4.1.1104
"VIA Audio Driver Setup Program" = VIA Audio Driver Setup Program
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"XviD" = XviD MPEG-4 Codec
"XviD_is1" = XviD MPEG-4 Video Codec

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 21. 1. 2012 6:03:24 | Computer Name = KOV | Source = ESENT | ID = 489
Description = wuauclt (1716) Pokus o otevření souboru C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log
jen pro čtení se nezdařil. Došlo k systémové chybě 32 (0x00000020): Proces nemá
přístup k souboru, neboť jej právě využívá jiný proces. . Operace otevření souboru
se nezdaří a dojde k chybě -1032 (0xfffffbf8).

Error - 21. 1. 2012 6:03:24 | Computer Name = KOV | Source = ESENT | ID = 455
Description = wuaueng.dll (1716) SUS20ClientDataStore: Při otevírání souboru protokolu
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log došlo k chybě -1032 (0xfffffbf8).

Error - 21. 1. 2012 6:03:34 | Computer Name = KOV | Source = ESENT | ID = 489
Description = wuauclt (1716) Pokus o otevření souboru C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log
jen pro čtení se nezdařil. Došlo k systémové chybě 32 (0x00000020): Proces nemá
přístup k souboru, neboť jej právě využívá jiný proces. . Operace otevření souboru
se nezdaří a dojde k chybě -1032 (0xfffffbf8).

Error - 21. 1. 2012 6:03:34 | Computer Name = KOV | Source = ESENT | ID = 455
Description = wuaueng.dll (1716) SUS20ClientDataStore: Při otevírání souboru protokolu
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log došlo k chybě -1032 (0xfffffbf8).

Error - 31. 1. 2012 13:26:01 | Computer Name = KOV | Source = ESENT | ID = 489
Description = wuauclt (3140) Pokus o otevření souboru C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log
jen pro čtení se nezdařil. Došlo k systémové chybě 32 (0x00000020): Proces nemá
přístup k souboru, neboť jej právě využívá jiný proces. . Operace otevření souboru
se nezdaří a dojde k chybě -1032 (0xfffffbf8).

Error - 31. 1. 2012 13:26:01 | Computer Name = KOV | Source = ESENT | ID = 455
Description = wuaueng.dll (3140) SUS20ClientDataStore: Při otevírání souboru protokolu
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log došlo k chybě -1032 (0xfffffbf8).

Error - 31. 1. 2012 13:26:11 | Computer Name = KOV | Source = ESENT | ID = 489
Description = wuauclt (3140) Pokus o otevření souboru C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log
jen pro čtení se nezdařil. Došlo k systémové chybě 32 (0x00000020): Proces nemá
přístup k souboru, neboť jej právě využívá jiný proces. . Operace otevření souboru
se nezdaří a dojde k chybě -1032 (0xfffffbf8).

Error - 31. 1. 2012 13:26:11 | Computer Name = KOV | Source = ESENT | ID = 455
Description = wuaueng.dll (3140) SUS20ClientDataStore: Při otevírání souboru protokolu
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log došlo k chybě -1032 (0xfffffbf8).

Error - 19. 2. 2012 9:19:04 | Computer Name = KOV | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace utorrent.exe, verze 2.2.0.23703, zablokovaný
modul hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 19. 2. 2012 16:00:00 | Computer Name = KOV | Source = Application Error | ID = 1000
Description = Chybující aplikace svchost.exe, verze 5.1.2600.5512, chybující modul
wzcsvc.dll, verze 5.1.2600.5512, adresa chyby 0x0002d3ae.

[ System Events ]
Error - 23. 2. 2012 6:00:05 | Computer Name = KOV | Source = sptd | ID = 262148
Description = Ovladač zjistil interní chybu ve vlastní struktuře dat u .

Error - 23. 2. 2012 6:00:33 | Computer Name = KOV | Source = NetBT | ID = 4321
Description = Název KOV :0 nelze zaregistrovat v rozhraní s adresou IP
192.168.1.104. Počítač s adresou IP 192.168.1.105 nepovolil získání názvu tímto
počítačem.

Error - 23. 2. 2012 6:00:38 | Computer Name = KOV | Source = NetBT | ID = 4321
Description = Název KOV :20 nelze zaregistrovat v rozhraní s adresou
IP 192.168.1.104. Počítač s adresou IP 192.168.1.105 nepovolil získání názvu tímto
počítačem.

Error - 23. 2. 2012 6:00:38 | Computer Name = KOV | Source = Server | ID = 2505
Description = Server nemohl vytvořit vazbu na přenos \Device\NetBT_Tcpip_{E6EDF622-BD0C-474C-8FE9-79AA6D613E45},
protože jiný počítač v síti má stejný název. Server nelze spustit.

Error - 23. 2. 2012 6:01:05 | Computer Name = KOV | Source = Service Control Manager | ID = 7000
Description = Služba AshampooDefragService neuspěla při spuštění v důsledku následující
chyby: %%2

Error - 23. 2. 2012 6:01:05 | Computer Name = KOV | Source = Service Control Manager | ID = 7000
Description = Služba Machine Debug Manager neuspěla při spuštění v důsledku následující
chyby: %%3

Error - 23. 2. 2012 6:01:06 | Computer Name = KOV | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: sptd

Error - 23. 2. 2012 6:43:42 | Computer Name = KOV | Source = NetBT | ID = 4321
Description = Název KOV :0 nelze zaregistrovat v rozhraní s adresou IP
192.168.1.104. Počítač s adresou IP 192.168.1.105 nepovolil získání názvu tímto
počítačem.

Error - 23. 2. 2012 6:43:42 | Computer Name = KOV | Source = NetBT | ID = 4321
Description = Název KOV :20 nelze zaregistrovat v rozhraní s adresou
IP 192.168.1.104. Počítač s adresou IP 192.168.1.105 nepovolil získání názvu tímto
počítačem.

Error - 23. 2. 2012 6:43:42 | Computer Name = KOV | Source = Server | ID = 2505
Description = Server nemohl vytvořit vazbu na přenos \Device\NetBT_Tcpip_{E6EDF622-BD0C-474C-8FE9-79AA6D613E45},
protože jiný počítač v síti má stejný název. Server nelze spustit.

[ TuneUp Events ]
Error - 15. 3. 2010 17:15:50 | Computer Name = KOV | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-03-15 22:15:50', '\device\harddiskvolume2\programy\malwarebytes'
anti-malware\mbam.exe','1676',0)

Error - 15. 3. 2010 17:17:13 | Computer Name = KOV | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-03-15 22:17:13', '\device\harddiskvolume2\programy\malwarebytes'
anti-malware\mbam.exe','3176',0)

Error - 1. 10. 2010 9:41:55 | Computer Name = KOV | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-10-01 15:41:55', '\device\harddiskvolume2\programy\malwarebytes'
anti-malware\mbam.exe','3308',0)

Error - 10. 10. 2010 19:14:31 | Computer Name = KOV | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-10-11 01:14:31', '\device\harddiskvolume2\programy\malwarebytes'
anti-malware\mbam.exe','692',0)

Error - 10. 10. 2010 19:15:20 | Computer Name = KOV | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-10-11 01:15:20', '\device\harddiskvolume2\programy\malwarebytes'
anti-malware\mbam.exe','644',0)

Error - 17. 10. 2010 3:52:39 | Computer Name = KOV | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-10-17 09:52:39', '\device\harddiskvolume2\programy\malwarebytes'
anti-malware\mbam.exe','3188',0)

Error - 17. 10. 2010 3:55:03 | Computer Name = KOV | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-10-17 09:55:03', '\device\harddiskvolume2\programy\malwarebytes'
anti-malware\unins000.exe','3732',0)

Error - 17. 10. 2010 3:55:03 | Computer Name = KOV | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-10-17 09:55:03', '\device\harddiskvolume2\programy\malwarebytes'
anti-malware\mbam.exe','2008',0)

Error - 17. 10. 2010 4:02:06 | Computer Name = KOV | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-10-17 10:02:06', '\device\harddiskvolume2\instal\malwarebytes'
anti-malware\mbam-setup-1.46.exe','1192',0)

Error - 17. 10. 2010 4:02:54 | Computer Name = KOV | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-10-17 10:02:54', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','3668',0)

< End of report >

#12 Příspěvek od **vyosek** » 24 úno 2012 09:44

Spustte znovu OTL

Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

Kód: Vybrat vše

:otl
SRV - File not found [Auto | Stopped] -- -- (MDM)
SRV - File not found [Auto | Stopped] -- -- (MagicTuneEngine)
SRV - File not found [Auto | Stopped] -- -- (AshampooDefragService)
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\DATA APLIKACĂ\MOZILLA\SEAMONKEY\PROFILES\39JYZEU1.DEFAULT\EXTENSIONS\{59C81DF5-4B7A-477B-912D-4E0FDF64E5F2}.XPI
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\DATA APLIKACĂ\MOZILLA\SEAMONKEY\PROFILES\39JYZEU1.DEFAULT\EXTENSIONS\{F13B157F-B174-47E7-A34D-4815DDFDFEB8}.XPI
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\DATA APLIKACĂ\MOZILLA\SEAMONKEY\PROFILES\39JYZEU1.DEFAULT\EXTENSIONS\INSPECTOR@MOZILLA.ORG.XPI
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\DATA APLIKACĂ\MOZILLA\SEAMONKEY\PROFILES\39JYZEU1.DEFAULT\EXTENSIONS\LANGPACK-CS@CHATZILLA.MOZILLA.ORG.XPI
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O3 - HKU\S-1-5-21-220523388-839522115-1343024091-1003\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-220523388-839522115-1343024091-1003\..\Toolbar\WebBrowser: (no name) - {4C4E7CDB-5BFC-4D74-83E2-8AE659B7EDA2} - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[18 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[1 C:\WINDOWS\inf\*.tmp files -> C:\WINDOWS\inf\*.tmp -> ]
[22 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]
[1 C:\WINDOWS\Installer\{CC6B1BB4-4E06-4A5B-A166-B371B551324B}\*.tmp files -> C:\WINDOWS\Installer\{CC6B1BB4-4E06-4A5B-A166-B371B551324B}\*.tmp -> ]
[1 C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\*.tmp files -> C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\*.tmp -> ]
[3 C:\WINDOWS\system32\wbem\*.tmp files -> C:\WINDOWS\system32\wbem\*.tmp -> ]
[1 C:\WINDOWS\twain_32\*.tmp files -> C:\WINDOWS\twain_32\*.tmp -> ]
[2012.02.23 11:02:01 | 000,000,238 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

:files
c:\Documents and Settings\Kováčik\Data aplikací\uTorrent\*crack*.*
c:\Documents and Settings\Kováčik\Data aplikací\uTorrent\*keygen*.*
C:\Program Files\Ask.com
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]

Nasledne kliknete na Opravit
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

Kovas · #13 Příspěvek od **Kovas** » 24 úno 2012 10:47

Prikladám log z OTLm :
All processes killed
========== OTL ==========
Service MDM stopped successfully!
Service MDM deleted successfully!
Service MagicTuneEngine stopped successfully!
Service MagicTuneEngine deleted successfully!
Service AshampooDefragService stopped successfully!
Service AshampooDefragService deleted successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
C:\Program Files\Ask.com\GenericAskToolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
C:\Program Files\Ask.com\Updater\Updater.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-220523388-839522115-1343024091-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-220523388-839522115-1343024091-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4C4E7CDB-5BFC-4D74-83E2-8AE659B7EDA2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4C4E7CDB-5BFC-4D74-83E2-8AE659B7EDA2}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
C:\WINDOWS\003220_.tmp deleted successfully.
C:\WINDOWS\SETAB.tmp deleted successfully.
C:\WINDOWS\SETAE.tmp deleted successfully.
C:\WINDOWS\SETBA.tmp deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP118.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP140.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP161.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP173.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP193.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1A.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1D7.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1EC.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP21D.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2B.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2F7.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP34A.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP371.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP57.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP8.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPF9.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPFF.tmp folder deleted successfully.
C:\WINDOWS\inf\COM195.tmp deleted successfully.
C:\WINDOWS\Installer\MSI11.tmp deleted successfully.
C:\WINDOWS\Installer\MSI12.tmp deleted successfully.
C:\WINDOWS\Installer\MSI13.tmp deleted successfully.
C:\WINDOWS\Installer\MSI14.tmp deleted successfully.
C:\WINDOWS\Installer\MSI15.tmp deleted successfully.
C:\WINDOWS\Installer\MSI16.tmp deleted successfully.
C:\WINDOWS\Installer\MSI19.tmp deleted successfully.
C:\WINDOWS\Installer\MSI1A.tmp deleted successfully.
C:\WINDOWS\Installer\MSI1B.tmp deleted successfully.
C:\WINDOWS\Installer\MSI1C.tmp deleted successfully.
C:\WINDOWS\Installer\MSI29.tmp deleted successfully.
C:\WINDOWS\Installer\MSI4.tmp deleted successfully.
C:\WINDOWS\Installer\MSI5.tmp deleted successfully.
C:\WINDOWS\Installer\MSI54.tmp deleted successfully.
C:\WINDOWS\Installer\MSI6.tmp deleted successfully.
C:\WINDOWS\Installer\MSI7.tmp deleted successfully.
C:\WINDOWS\Installer\MSIA.tmp deleted successfully.
C:\WINDOWS\Installer\MSIB.tmp deleted successfully.
C:\WINDOWS\Installer\MSIC.tmp deleted successfully.
C:\WINDOWS\Installer\MSID.tmp deleted successfully.
C:\WINDOWS\Installer\MSIE.tmp deleted successfully.
C:\WINDOWS\Installer\MSIF.tmp deleted successfully.
C:\WINDOWS\Installer\{CC6B1BB4-4E06-4A5B-A166-B371B551324B}\upd81.tmp deleted successfully.
C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\infa2.tmp deleted successfully.
C:\WINDOWS\system32\wbem\SET65.tmp deleted successfully.
C:\WINDOWS\system32\wbem\SET66.tmp deleted successfully.
C:\WINDOWS\system32\wbem\SET67.tmp deleted successfully.
C:\WINDOWS\twain_32\hpqgends.tmp deleted successfully.
C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job moved successfully.
========== FILES ==========
c:\Documents and Settings\Kováčik\Data aplikací\uTorrent\Adobe Photoshop CS3 Extended - FULL CRACKED [MUST HAVE!].torrent moved successfully.
c:\Documents and Settings\Kováčik\Data aplikací\uTorrent\Age Of Empires 3 full DVD +crack + serial.iso.1.torrent moved successfully.
c:\Documents and Settings\Kováčik\Data aplikací\uTorrent\Age Of Empires 3 full DVD +crack + serial.iso.torrent moved successfully.
c:\Documents and Settings\Kováčik\Data aplikací\uTorrent\Medal of Honor Airborne-HATRED Crack+Keygen.exe.torrent moved successfully.
c:\Documents and Settings\Kováčik\Data aplikací\uTorrent\Plato DVD Ripper Pro v6.66.5 + Crack [App][Ingles][www.zonatorrent.com].rar.torrent moved successfully.
c:\Documents and Settings\Kováčik\Data aplikací\uTorrent\Plato.DVD.Ripper.Pro.v6.66.5.WinALL.Cracked-TUkEY.rar.torrent moved successfully.
c:\Documents and Settings\Kováčik\Data aplikací\uTorrent\Corel Paint Shop Pro Photo X2 v12.0 Incl Keygen.torrent moved successfully.
C:\Program Files\Ask.com\Updater folder moved successfully.
C:\Program Files\Ask.com\assets\oobe folder moved successfully.
C:\Program Files\Ask.com\assets folder moved successfully.
C:\Program Files\Ask.com folder moved successfully.
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
File/Folder C:\WINDOWS\*.tmp not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Kováčik
->Temp folder emptied: 10752 bytes
->Temporary Internet Files folder emptied: 680640 bytes
->Java cache emptied: 6855 bytes
->Flash cache emptied: 1509 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 131555 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34306 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: Kováčik
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0,00 mb

OTL by OldTimer - Version 3.2.33.2 log created on 02242012_103904

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

#14 Příspěvek od **vyosek** » 24 úno 2012 10:50

Fajn, jak se chova PC

Kovas · #15 Příspěvek od **Kovas** » 24 úno 2012 11:26

PC teraz beží v pohode.
po štarte Windows na systémovej lište neobjaví ikonka Avastu. V správcovi úloh v procesoch síce beží AvastSvc.exe, ale Avast nie je medzi programami po spustení. Je len medzi službami, kde je oddfajknutý. Taktiež keď napríklad chcem Avastom otestovať nejaký súbor (pravým tlačítkom myši) sa mi objaví chybové hlásenie, že Proces uživateěského rozhrania programu avast (AvastUI.exe) momentálne nebeží. Pred začatím testu prosím spustite túto aplikáciu. Nie je to nejaký problém? Avast teraz takto spúšťam cez ponuku Štart. Avast teraz ponúka aktualizáciu na Avast free 7. Skúsiť to nainštalovať, či sa to opraví?

VIRY.CZ

Avast detekoval Rootkit a Trojana

Avast detekoval Rootkit a Trojana

Re: Avast detekoval Rootkit a Trojana

Re: Avast detekoval Rootkit a Trojana

Re: Avast detekoval Rootkit a Trojana

Re: Avast detekoval Rootkit a Trojana

Re: Avast detekoval Rootkit a Trojana

Re: Avast detekoval Rootkit a Trojana

Re: Avast detekoval Rootkit a Trojana

Re: Avast detekoval Rootkit a Trojana

Re: Avast detekoval Rootkit a Trojana

Re: Avast detekoval Rootkit a Trojana

Re: Avast detekoval Rootkit a Trojana

Re: Avast detekoval Rootkit a Trojana

Re: Avast detekoval Rootkit a Trojana

Re: Avast detekoval Rootkit a Trojana