Prosím o kontrolu, sem tam se to sekne

Zpráva

kemgura · #1 Příspěvek od **kemgura** » 07 kvě 2012 10:16

Logfile of random's system information tool 1.08 (written by random/random)
Run by ivo at 2012-05-07 10:06:22
Microsoft Windows 7 Ultimate
System drive C: has 68 GB (49%) free of 140 GB
Total RAM: 2047 MB (71% free)

HijackThis download failed

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-01-03 41760]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
""= []
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1173504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
C:\Program Files\Cyberlink\Shared Files\brs.exe [2009-02-28 75048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe [2011-06-29 966712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD9LanguageShortcut]
C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe [2008-10-13 50472]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE [2010-04-12 180224]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl9]
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe [2009-02-16 87336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1173504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger=""C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger=""C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger=""C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
"Debugger=""C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe"

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2012-05-07 10:06:22 ----D---- C:\rsit
2012-05-07 10:06:22 ----D---- C:\Program Files\trend micro
2012-04-21 10:10:30 ----D---- C:\ProgramData\Norton
2012-04-21 10:10:22 ----D---- C:\ProgramData\NortonInstaller
2012-04-21 09:48:21 ----SHD---- C:\Config.Msi
2012-04-18 14:25:35 ----D---- C:\Windows\system32\appmgmt

======List of files/folders modified in the last 1 months======

2012-05-07 10:06:23 ----D---- C:\Windows\Prefetch
2012-05-07 10:06:22 ----RD---- C:\Program Files
2012-05-07 10:03:28 ----D---- C:\Windows\Temp
2012-05-07 09:49:34 ----D---- C:\Windows
2012-05-05 17:46:15 ----D---- C:\Windows\system32\config
2012-05-05 16:31:41 ----D---- C:\Windows\SoftwareDistribution
2012-05-04 12:20:50 ----D---- C:\Users\ivo\AppData\Roaming\Media Player Classic
2012-05-02 14:58:49 ----SHD---- C:\System Volume Information
2012-04-30 17:24:19 ----D---- C:\Windows\system32\drivers
2012-04-30 17:23:27 ----D---- C:\Program Files\Common Files
2012-04-30 17:23:23 ----D---- C:\Windows\system32\Tasks
2012-04-27 17:38:11 ----D---- C:\ProgramData\MFAData
2012-04-26 15:17:18 ----D---- C:\Windows\system32\catroot2
2012-04-24 08:13:25 ----A---- C:\Windows\WINTRAN.INI
2012-04-21 18:55:49 ----D---- C:\Windows\inf
2012-04-21 10:10:30 ----HD---- C:\ProgramData
2012-04-21 09:51:33 ----HD---- C:\Program Files\InstallShield Installation Information
2012-04-21 09:51:19 ----SHD---- C:\Windows\Installer
2012-04-21 09:50:22 ----D---- C:\Windows\System32
2012-04-21 09:50:22 ----D---- C:\Windows\ehome
2012-04-18 17:33:37 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-04-18 14:25:34 ----D---- C:\Program Files\Microsoft Office
2012-04-18 14:25:34 ----D---- C:\Program Files\Common Files\microsoft shared
2012-04-12 09:19:15 ----D---- C:\Users\ivo\AppData\Roaming\Vso

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswNdis2;avast! Firewall Core Firewall Service; C:\Windows\system32\drivers\aswNdis2.sys [2010-12-30 189776]
R0 giveio;giveio; C:\Windows\system32\giveio.sys [1996-04-03 5248]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R1 aswFW;avast! TDI Firewall driver; C:\Windows\system32\drivers\aswFW.sys [2010-12-30 99792]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2010-04-12 59388]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2011/08/16 18:16:22]; \??\C:\Program Files\CyberLink\PowerDVD9\000.fcl [2009-02-28 87536]
R2 enodpl;enodpl; C:\Windows\System32\drivers\enodpl.sys [2003-03-02 7552]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R2 tandpl;tandpl; C:\Windows\System32\drivers\tandpl.sys [2003-04-19 4736]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2011-03-03 139368]
R3 PAC207;SoC PC-Camera; C:\Windows\system32\DRIVERS\PFC027.SYS [2006-12-05 507136]
R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2011-01-03 47360]
R3 RTL8167;Ovladač Realtek 8167 NT; C:\Windows\system32\DRIVERS\Rt86win7.sys [2009-07-14 139776]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2010-11-29 10064]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-07-14 4194816]
S3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-11-26 231936]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW73.sys [2010-11-17 101392]
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-07-14 4194816]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-06-10 4756480]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmb.sys [2011-05-18 18176]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbo.sys [2011-05-18 23168]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\Windows\system32\drivers\nmwcdnsu.sys [2011-05-18 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\Windows\system32\drivers\nmwcdnsuc.sys [2011-05-18 8576]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2011-05-18 8192]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2009-07-14 27648]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2011-05-18 8192]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 NVSvc;NVIDIA Driver Helper Service; C:\Windows\system32\nvvsvc.exe [2011-04-07 612456]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2010-12-14 1517376]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 2218600]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-01-03 1343400]
S4 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2011-06-08 633856]
S4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-04-07 378472]

-----------------EOF-----------------

#2 Příspěvek od **Márty84** » 07 kvě 2012 20:47

Zdravim

Pouzivate nejaky antivir?

Jak je to s legalitou systemu? Windows 7 Ultimate neni zrovna standardni domaci verze

Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte na plochu.
Kliknete na nej pravym mysidlem a levym na Spustit jako spravce
Oznacte polozky (dejte tam zatrzitka) Pro všechny uživatele, Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Do spodniho okna vlozte nasledujici text

Kód: Vybrat vše

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
autochk.exe
cdrom.sys
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
explorer.exe
hal.dll
Changer.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys
JakNDis.sys
KR10N.sys
logevent.dll
lsass.exe
mv61xx.sys
ndis.sys
netlogon.dll
ntelogon.dll
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys
nvrd32.sys
nvstor.sys
nvstor32.sys
scecli.dll
sceclt.dll
smss.exe
svchost.exe
symmpi.sys
tcpip.sys
userinit.exe
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
winlogon.exe
ws2_32.dll
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c

type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5

*crack* /s
*keygen* /s
*loader* /s
*minodlogin* /s
*tnod* /s
*AutoKMS* /s
*activator* /s
*serial* /s
*w7lxe* /s

Kliknete na Prohledat
Po skenu se vytvori dva logy (OTL.Txt a Extras.txt), oba sem vlozte (kdyz budou dlouhe, rozdelte je do vice prispevku).

kemgura · #3 Příspěvek od **kemgura** » 11 kvě 2012 07:42

OTL Extras logfile created on: 9.5.2012 17:48:10 - Run 1
OTL by OldTimer - Version 3.2.42.3 Folder = F:\
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,52 Gb Available Physical Memory | 75,89% Memory free
4,00 Gb Paging File | 3,46 Gb Available in Paging File | 86,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136,71 Gb Total Space | 72,93 Gb Free Space | 53,35% Space Free | Partition Type: NTFS
Drive D: | 12,33 Gb Total Space | 2,60 Gb Free Space | 21,07% Space Free | Partition Type: NTFS
Drive F: | 7,51 Gb Total Space | 3,20 Gb Free Space | 42,60% Space Free | Partition Type: FAT32

Computer Name: IVO-PC | User Name: ivo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D7D5F96-8368-47B3-8869-3D4C7464696A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{2F42653F-B598-4B14-86A2-AA883DD79E27}" = rport=138 | protocol=17 | dir=out | app=system |
"{3B6BBB9F-9810-499A-90A4-51EB834963AA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4F3E5585-9C9A-4EC0-8EE4-7DB1FA9DF2C6}" = rport=137 | protocol=17 | dir=out | app=system |
"{5C203EC0-9678-472A-BF4E-3190F58460F3}" = lport=137 | protocol=17 | dir=in | app=system |
"{6332500D-FC15-4E3C-AFC9-0B405450AB22}" = lport=10243 | protocol=6 | dir=in | app=system |
"{70A777FF-FF54-41B7-9F64-46F51DD679D2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7EA73307-99C0-4B2A-ACA5-B64974645FC6}" = lport=445 | protocol=6 | dir=in | app=system |
"{861B56E7-C2B4-46C3-9407-4CD725ED8D5B}" = rport=139 | protocol=6 | dir=out | app=system |
"{8900F004-0B40-490E-A135-9437F8A6EB15}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8B6E21C4-F188-462A-9F66-2A6CF4BBC57A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{924FB32D-D77D-4F29-B9D2-1FDF9E60CD38}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9CB4BA45-D182-440E-A5B6-D4F69F433C0B}" = lport=138 | protocol=17 | dir=in | app=system |
"{A47AB88C-12F6-4A0B-80A9-5D413101FA8A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A721FBA1-AFD7-4C7A-AC4B-AEF3F71E3D2F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A878CEA4-E854-4C5F-B8B6-092885B42EF0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{AF1E6CF2-41DC-4A5E-8928-7DFB78A3B775}" = lport=139 | protocol=6 | dir=in | app=system |
"{B1AB394C-2FAE-4AAA-A2D8-12A5388ACA50}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C0E204A7-61CA-4874-B227-5AFA6105538A}" = rport=445 | protocol=6 | dir=out | app=system |
"{C9CA4A55-EEB8-4E49-8367-B851CCF6DCBA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D76CE28B-A8E9-413D-8238-7317CE7F162E}" = rport=10243 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{11E8236A-D4F1-44F5-BF2E-3B3AE32DB77C}" = dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |
"{1C2C10BF-EFE5-4164-BD6D-A866FF97B131}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2DCB2E0D-B606-4063-8D8A-81A827864FFF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{339C34A0-B911-42C2-B1C8-C52DFDDC65C8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{540E68FA-C5B2-42D6-A6E9-788B31E2C131}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{56ADC719-8CCC-47E2-B4FE-6DD2DF42D4FC}" = dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"{5D6C7457-2BC9-4D3B-8A73-AF48063C3E71}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{72887B54-7612-486C-97FB-26A3311678F0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{BAB98C11-2A32-4DE7-AC4A-2335ADA7EED7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{BEA76CC7-A57C-4629-9ED3-94B98447A923}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C3E51F8B-10CA-4E26-A4C6-196207ED5FB9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CADA6C74-DD84-46ED-9821-81C7146E8D9B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D03236B1-01E9-4412-9255-E40ED0A066F1}" = protocol=6 | dir=out | app=system |
"{D10EA164-DA5F-4848-835D-CC7EE2F98D1F}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd9.exe |
"{D282BB94-99F8-4AB6-B1A9-7A26D2E4A59E}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
"{E6BB2F19-73B9-4C71-AC66-251936DB55D3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E83A6BAE-2106-4548-8386-287B636F9DDF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{ECF7F14D-80DD-4A13-A0B3-29BC17C423F9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F0E0F4D7-39B5-41B9-A34B-6434793D9676}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F164CBA8-99C6-4A14-94DF-E8D566C24382}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{12451AF7-EFF8-4B5B-8255-282D7CC7CAEE}" = OviMPlatform
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23BE4DF2-293D-4077-82F4-1FD8C269277C}" = TuneUp Utilities Language Pack (en-US)
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
"{2CC53A53-44F4-4667-8584-2FFC9ACB2242}" = Ovi Desktop Sync Engine
"{2D99A593-C841-43A7-B7C9-D6F3AE70B756}" = Nokia Connectivity Cable Driver
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89661B04-C646-4412-B6D3-5E19F02F1F37}" = EAX4 Unified Redist
"{90280405-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional s aplikací FrontPage
"{94490075-155F-4D08-B92D-4FE592F98591}" = Nokia Ovi Suite
"{95140000-00AF-0405-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A8F7FCEF-3CA6-4CE9-8FEA-8BB18F8686F0}" = Nokia Ovi Suite Software Updater
"{AC76BA86-7AD7-1029-7B44-A94000000001}" = Adobe Reader 9.4.3 - Czech
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA Ovladač 3D Vision 270.61
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Ovládací panel NVIDIA 270.61
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Ovladače grafiky 270.61
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 270.61
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Systémový software PhysX 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA Ovladač HD audia 1.2.22.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{C373F7C4-05D2-4047-96D1-6AF30661C6AA}" = PC Connectivity Solution
"{D1B01DC9-CBAF-45F9-A387-7D00C11B630E}" = Microsoft Games for Windows - LIVE Redistributable
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.9.322
"{F5346614-B7C4-4E94-826A-E2363155233D}" = EasyCleaner
"504244733D18C8F63FF584AEB290E3904E791693" = Balíček ovladače systému Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ashampoo Burning Studio 11_is1" = Ashampoo Burning Studio 11 v.11.0.4
"CCleaner" = CCleaner
"CyberLink PowerDVD 9.0.1501" = CyberLink PowerDVD 9.0.1501 CZ
"GoldWave v5.58" = GoldWave v5.58
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 6.9.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware verze 1.51.2.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Nokia Ovi Suite" = Nokia Ovi Suite
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"PowerISO" = PowerISO
"The KMPlayer" = The KMPlayer (remove only)
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"WinRAR archiver" = WinRAR
"ZonerPhotoStudio12_CZ_is1" = Zoner Photo Studio 12

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2835880761-377794395-384413730-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5.10.2011 8:27:17 | Computer Name = ivo-PC | Source = VSS | ID = 12292
Description =

Error - 5.10.2011 8:27:17 | Computer Name = ivo-PC | Source = VSS | ID = 8193
Description =

Error - 5.10.2011 8:27:18 | Computer Name = ivo-PC | Source = System Restore | ID = 8193
Description =

Error - 5.10.2011 9:30:03 | Computer Name = ivo-PC | Source = VSS | ID = 13
Description =

Error - 5.10.2011 9:30:03 | Computer Name = ivo-PC | Source = VSS | ID = 12292
Description =

Error - 6.10.2011 2:36:02 | Computer Name = ivo-PC | Source = VSS | ID = 13
Description =

Error - 6.10.2011 2:36:02 | Computer Name = ivo-PC | Source = VSS | ID = 12292
Description =

Error - 6.10.2011 2:44:44 | Computer Name = ivo-PC | Source = VSS | ID = 13
Description =

Error - 6.10.2011 2:44:44 | Computer Name = ivo-PC | Source = VSS | ID = 12292
Description =

Error - 6.10.2011 2:44:44 | Computer Name = ivo-PC | Source = VSS | ID = 8193
Description =

[ System Events ]
Error - 9.5.2012 7:43:05 | Computer Name = ivo-PC | Source = EventLog | ID = 6008
Description = Předchozí vypnutí systému (13:42:11, ?9.?5.?2012) bylo neočekávané.

Error - 9.5.2012 7:43:13 | Computer Name = ivo-PC | Source = Service Control Manager | ID = 7001
Description = Služba Načítání obrázků (WIA) závisí na službě Rozpoznávání hardwaru,
která neuspěla při spuštění v důsledku následující chyby: %%1058

Error - 9.5.2012 10:01:33 | Computer Name = ivo-PC | Source = Service Control Manager | ID = 7001
Description = Služba Načítání obrázků (WIA) závisí na službě Rozpoznávání hardwaru,
která neuspěla při spuštění v důsledku následující chyby: %%1058

Error - 9.5.2012 10:03:35 | Computer Name = ivo-PC | Source = Service Control Manager | ID = 7000
Description = Služba MBAMService neuspěla při spuštění v důsledku následující chyby:
%%2

Error - 9.5.2012 10:11:11 | Computer Name = ivo-PC | Source = Service Control Manager | ID = 7001
Description = Služba Načítání obrázků (WIA) závisí na službě Rozpoznávání hardwaru,
která neuspěla při spuštění v důsledku následující chyby: %%1058

Error - 9.5.2012 10:13:13 | Computer Name = ivo-PC | Source = Service Control Manager | ID = 7000
Description = Služba MBAMService neuspěla při spuštění v důsledku následující chyby:
%%2

Error - 9.5.2012 10:15:50 | Computer Name = ivo-PC | Source = Service Control Manager | ID = 7001
Description = Služba Načítání obrázků (WIA) závisí na službě Rozpoznávání hardwaru,
která neuspěla při spuštění v důsledku následující chyby: %%1058

Error - 9.5.2012 10:17:54 | Computer Name = ivo-PC | Source = Service Control Manager | ID = 7000
Description = Služba MBAMService neuspěla při spuštění v důsledku následující chyby:
%%2

Error - 9.5.2012 11:46:49 | Computer Name = ivo-PC | Source = Service Control Manager | ID = 7001
Description = Služba Načítání obrázků (WIA) závisí na službě Rozpoznávání hardwaru,
která neuspěla při spuštění v důsledku následující chyby: %%1058

Error - 9.5.2012 11:48:52 | Computer Name = ivo-PC | Source = Service Control Manager | ID = 7000
Description = Služba MBAMService neuspěla při spuštění v důsledku následující chyby:
%%2

[ TuneUp Events ]
Error - 21.7.2011 6:26:05 | Computer Name = ivo-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =

Error - 21.7.2011 6:26:26 | Computer Name = ivo-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =

Error - 20.11.2011 9:48:28 | Computer Name = ivo-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =

Error - 22.11.2011 10:00:23 | Computer Name = ivo-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =

< End of report >

OTL logfile created on: 9.5.2012 17:48:10 - Run 1
OTL by OldTimer - Version 3.2.42.3 Folder = F:\
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,52 Gb Available Physical Memory | 75,89% Memory free
4,00 Gb Paging File | 3,46 Gb Available in Paging File | 86,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136,71 Gb Total Space | 72,93 Gb Free Space | 53,35% Space Free | Partition Type: NTFS
Drive D: | 12,33 Gb Total Space | 2,60 Gb Free Space | 21,07% Space Free | Partition Type: NTFS
Drive F: | 7,51 Gb Total Space | 3,20 Gb Free Space | 42,60% Space Free | Partition Type: FAT32

Computer Name: IVO-PC | User Name: ivo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.05.09 15:28:42 | 000,595,456 | ---- | M] (OldTimer Tools) -- F:\OTL.exe
PRC - [2011.04.07 22:43:20 | 000,373,864 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2011.04.07 22:43:04 | 000,841,832 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2010.12.14 15:42:42 | 000,653,120 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
PRC - [2010.12.14 15:41:10 | 001,517,376 | ---- | M] (TuneUp Software) -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
PRC - [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

========== Modules (No Company Name) ==========

MOD - [2010.02.10 19:10:12 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- F:\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.06.08 13:02:00 | 000,633,856 | ---- | M] (Nokia) [Disabled | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011.04.08 07:14:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.04.07 21:54:52 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.01.03 21:14:19 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010.12.14 15:41:10 | 001,517,376 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010.12.14 15:39:10 | 000,029,504 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.05.18 10:12:38 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2011.05.18 10:12:36 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011.05.18 10:12:32 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2011.05.18 10:12:28 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2011.05.18 10:09:48 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2011.05.18 10:09:48 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2011.04.08 07:14:00 | 010,690,024 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011.03.03 17:59:19 | 000,139,368 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2010.12.30 21:04:20 | 000,099,792 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswFW.sys -- (aswFW)
DRV - [2010.12.30 21:03:08 | 000,189,776 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswNdis2.sys -- (aswNdis2)
DRV - [2010.11.29 20:27:40 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2010.11.26 04:16:26 | 000,231,936 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010.11.17 14:04:24 | 000,101,392 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2010.04.12 10:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009.07.14 00:09:17 | 004,194,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009.07.14 00:09:17 | 004,194,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2009.02.28 19:40:18 | 000,087,536 | ---- | M] (CyberLink Corp.) [2011/08/16 18:16:22] [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD9\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD})
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2006.12.05 12:34:42 | 000,507,136 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PFC027.SYS -- (PAC207)
DRV - [2003.04.19 01:32:04 | 000,004,736 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tandpl.sys -- (tandpl)
DRV - [2003.03.02 18:44:26 | 000,007,552 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\enodpl.sys -- (enodpl)
DRV - [1996.04.03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\giveio.sys -- (giveio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.as ... =CT2475029

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2835880761-377794395-384413730-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
IE - HKU\S-1-5-21-2835880761-377794395-384413730-1000\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKU\S-1-5-21-2835880761-377794395-384413730-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... ORM=IE8SRC
IE - HKU\S-1-5-21-2835880761-377794395-384413730-1000\..\SearchScopes\{3CA653D2-2360-4DEA-BD5B-B5750F4F35E5}: "URL" = http://www.webhledani.cz/results.aspx?i ... earchTerms}
IE - HKU\S-1-5-21-2835880761-377794395-384413730-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.as ... =CT2475029
IE - HKU\S-1-5-21-2835880761-377794395-384413730-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "MyAshampoo Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.as ... earchTerms}"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://centrum.cz/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.76
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_result ... r=1.1.9&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011.07.11 13:09:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011.07.11 13:09:53 | 000,000,000 | ---D | M]

[2011.01.02 20:07:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ivo\AppData\Roaming\Mozilla\Extensions
[2011.11.25 11:48:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\ivo\AppData\Roaming\Mozilla\Firefox\Profiles\1nhnezth.default\extensions
[2011.03.12 00:37:56 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\ivo\AppData\Roaming\Mozilla\Firefox\Profiles\1nhnezth.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.11.02 16:51:16 | 000,000,923 | ---- | M] () -- C:\Users\ivo\AppData\Roaming\Mozilla\Firefox\Profiles\1nhnezth.default\searchplugins\conduit.xml
[2011.01.03 04:25:12 | 000,002,342 | ---- | M] () -- C:\Users\ivo\AppData\Roaming\Mozilla\Firefox\Profiles\1nhnezth.default\searchplugins\icq-search.xml
[2011.01.16 02:18:02 | 000,000,950 | ---- | M] () -- C:\Users\ivo\AppData\Roaming\Mozilla\Firefox\Profiles\1nhnezth.default\searchplugins\icqplugin-1.xml
[2011.03.06 19:53:06 | 000,000,950 | ---- | M] () -- C:\Users\ivo\AppData\Roaming\Mozilla\Firefox\Profiles\1nhnezth.default\searchplugins\icqplugin-2.xml
[2011.03.24 18:14:33 | 000,000,950 | ---- | M] () -- C:\Users\ivo\AppData\Roaming\Mozilla\Firefox\Profiles\1nhnezth.default\searchplugins\icqplugin-3.xml
[2011.08.31 07:17:26 | 000,000,950 | ---- | M] () -- C:\Users\ivo\AppData\Roaming\Mozilla\Firefox\Profiles\1nhnezth.default\searchplugins\icqplugin-4.xml
[2011.01.14 10:21:37 | 000,000,950 | ---- | M] () -- C:\Users\ivo\AppData\Roaming\Mozilla\Firefox\Profiles\1nhnezth.default\searchplugins\icqplugin.xml
[2012.01.27 16:10:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.01.03 01:39:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.07.11 13:09:53 | 000,000,000 | ---D | M] (Firefox Synchronisation Extension) -- C:\PROGRAM FILES\NOKIA\NOKIA OVI SUITE\CONNECTORS\BOOKMARKS CONNECTOR\FIREFOXEXTENSION
[2011.01.03 01:39:34 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O3 - HKU\S-1-5-21-2835880761-377794395-384413730-1000\..\Toolbar\WebBrowser: (no name) - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - No CLSID value found.
O3 - HKU\S-1-5-21-2835880761-377794395-384413730-1000\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] "F:\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray File not found
O4 - HKU\S-1-5-21-2835880761-377794395-384413730-1000..\Run: [] File not found
O4 - HKU\S-1-5-21-2835880761-377794395-384413730-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-2835880761-377794395-384413730-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 File not found
O13 - gopher Prefix: missing
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27 - HKLM IFEO\controller editor.exe: Debugger - C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\nvstlink.exe: Debugger - C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\nvstview.exe: Debugger - C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\skype.exe: Debugger - C:\Program Files\TuneUp Utilities 2011\TUAutoReactivator32.exe (TuneUp Software)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.11.01 19:36:46 | 000,000,000 | RHSD | M] - D:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
System Restore Service not available.

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3fhg - C:\Windows\System32\mp3fhg.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (EA.com/On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (EA.com/On2.com)
Drivers32: vidc.VP62 - C:\Windows\System32\vp6vfw.dll (EA.com/On2.com)
Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2012.05.09 13:44:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.05.07 16:27:38 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.05.07 15:28:39 | 000,000,000 | ---D | C] -- C:\Users\ivo\Documents\default
[2012.05.07 15:17:16 | 000,000,000 | ---D | C] -- C:\Users\ivo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ashampoo
[2012.05.07 15:17:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo
[2012.05.07 15:15:27 | 000,000,000 | ---D | C] -- C:\Program Files\Ashampoo
[2012.05.07 10:25:25 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.05.07 10:06:22 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2012.04.21 10:10:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2012.04.21 10:10:22 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2012.04.18 14:25:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2011.01.03 04:53:39 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\ivo\AppData\Roaming\pcouffin.sys
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.05.09 17:49:59 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2012.05.09 17:46:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.09 16:24:05 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.09 16:24:05 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.09 12:56:23 | 000,638,182 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2012.05.09 12:56:23 | 000,623,560 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.05.09 12:56:23 | 000,126,844 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2012.05.09 12:56:23 | 000,111,146 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.05.07 19:07:23 | 000,001,041 | ---- | M] () -- C:\Users\ivo\AppData\Roaming\vso_ts_preview.xml
[2012.05.07 15:17:17 | 000,002,204 | ---- | M] () -- C:\Users\Public\Desktop\Ashampoo Burning Studio 11 Compact Mode.lnk
[2012.05.07 15:17:16 | 000,001,260 | ---- | M] () -- C:\Users\Public\Desktop\Ashampoo Burning Studio 11.lnk
[2012.04.24 08:13:25 | 000,002,116 | ---- | M] () -- C:\Windows\WINTRAN.INI
[2012.04.09 21:43:33 | 000,007,168 | ---- | M] () -- C:\Users\ivo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.05.09 17:49:59 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2012.05.07 15:17:17 | 000,002,204 | ---- | C] () -- C:\Users\Public\Desktop\Ashampoo Burning Studio 11 Compact Mode.lnk
[2012.05.07 15:17:16 | 000,001,260 | ---- | C] () -- C:\Users\Public\Desktop\Ashampoo Burning Studio 11.lnk
[2011.12.17 10:47:14 | 000,000,042 | ---- | C] () -- C:\Windows\STXKBD.INI
[2011.12.17 10:47:13 | 000,002,116 | ---- | C] () -- C:\Windows\WINTRAN.INI
[2011.12.17 10:47:13 | 000,000,882 | ---- | C] () -- C:\Windows\WDICT32.INI
[2011.12.17 10:47:13 | 000,000,033 | ---- | C] () -- C:\Windows\WTRDCTM.INI
[2011.10.22 10:27:30 | 000,007,605 | ---- | C] () -- C:\Users\ivo\AppData\Local\Resmon.ResmonCfg
[2011.09.20 16:46:50 | 000,000,024 | ---- | C] () -- C:\Windows\System32\Morrowind.ini
[2011.07.25 07:52:17 | 000,000,120 | ---- | C] () -- C:\Windows\disney.ini
[2011.07.10 09:30:00 | 000,000,059 | ---- | C] () -- C:\Windows\wininit.ini
[2011.06.11 11:39:29 | 000,007,552 | ---- | C] () -- C:\Windows\System32\drivers\enodpl.sys
[2011.06.11 11:39:29 | 000,004,736 | ---- | C] () -- C:\Windows\System32\drivers\tandpl.sys
[2011.06.11 10:48:08 | 000,000,604 | ---- | C] () -- C:\Windows\Sof2.INI
[2011.05.09 09:56:51 | 000,022,328 | ---- | C] () -- C:\Users\ivo\AppData\Roaming\PnkBstrK.sys
[2011.05.07 22:21:26 | 000,000,600 | ---- | C] () -- C:\Windows\Rtcw.INI
[2011.02.10 14:23:40 | 000,007,168 | ---- | C] () -- C:\Users\ivo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.02.01 12:50:31 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011.02.01 12:50:31 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011.02.01 12:50:29 | 000,810,496 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011.02.01 12:50:29 | 000,183,808 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011.02.01 12:50:28 | 000,080,896 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011.01.18 16:32:40 | 000,000,599 | ---- | C] () -- C:\Windows\videoimp.ini
[2011.01.18 16:32:32 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2011.01.03 21:13:30 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2011.01.03 16:43:57 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011.01.03 04:55:37 | 000,001,041 | ---- | C] () -- C:\Users\ivo\AppData\Roaming\vso_ts_preview.xml
[2011.01.03 04:53:39 | 000,087,608 | ---- | C] () -- C:\Users\ivo\AppData\Roaming\inst.exe
[2011.01.03 04:53:39 | 000,007,887 | ---- | C] () -- C:\Users\ivo\AppData\Roaming\pcouffin.cat
[2011.01.03 04:53:39 | 000,001,144 | ---- | C] () -- C:\Users\ivo\AppData\Roaming\pcouffin.inf
[2011.01.03 02:19:57 | 000,000,384 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.01.02 08:39:20 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.09.28 22:07:36 | 000,224,001 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2010.09.17 21:17:00 | 000,002,888 | ---- | C] () -- C:\Windows\System32\atipblag.dat

========== LOP Check ==========

[2012.05.07 15:17:54 | 000,000,000 | ---D | M] -- C:\Users\ivo\AppData\Roaming\Ashampoo
[2011.10.05 11:35:42 | 000,000,000 | ---D | M] -- C:\Users\ivo\AppData\Roaming\AVG2012
[2011.09.05 16:52:22 | 000,000,000 | ---D | M] -- C:\Users\ivo\AppData\Roaming\Bioshock
[2011.03.12 16:34:39 | 000,000,000 | ---D | M] -- C:\Users\ivo\AppData\Roaming\FairStars Audio Converter Pro
[2011.01.16 01:58:42 | 000,000,000 | ---D | M] -- C:\Users\ivo\AppData\Roaming\FreeFileViewer
[2011.03.17 09:07:43 | 000,000,000 | ---D | M] -- C:\Users\ivo\AppData\Roaming\ICQ
[2011.09.03 13:09:41 | 000,000,000 | ---D | M] -- C:\Users\ivo\AppData\Roaming\Leadertech
[2011.07.11 13:46:23 | 000,000,000 | ---D | M] -- C:\Users\ivo\AppData\Roaming\Nokia
[2011.07.11 13:46:23 | 000,000,000 | ---D | M] -- C:\Users\ivo\AppData\Roaming\Nokia Ovi Suite
[2011.01.11 18:42:06 | 000,000,000 | ---D | M] -- C:\Users\ivo\AppData\Roaming\PC Suite
[2011.09.28 11:21:43 | 000,000,000 | ---D | M] -- C:\Users\ivo\AppData\Roaming\Stardock
[2011.01.13 13:50:40 | 000,000,000 | ---D | M] -- C:\Users\ivo\AppData\Roaming\Tific
[2011.07.25 08:19:22 | 000,000,000 | ---D | M] -- C:\Users\ivo\AppData\Roaming\Touchstone
[2011.01.03 04:39:40 | 000,000,000 | ---D | M] -- C:\Users\ivo\AppData\Roaming\TuneUp Software
[2012.03.31 09:02:03 | 000,000,000 | ---D | M] -- C:\Users\ivo\AppData\Roaming\Ubisoft
[2011.01.16 01:58:17 | 000,000,000 | ---D | M] -- C:\Users\ivo\AppData\Roaming\Uniblue
[2011.01.10 13:30:31 | 000,000,000 | ---D | M] -- C:\Users\ivo\AppData\Roaming\Voipwise
[2012.05.08 09:51:24 | 000,000,000 | ---D | M] -- C:\Users\ivo\AppData\Roaming\Vso
[2011.01.02 20:25:08 | 000,000,000 | ---D | M] -- C:\Users\ivo\AppData\Roaming\Zoner
[2012.04.22 14:21:15 | 000,032,634 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< >

< >

< MD5 for: AGP440.SYS >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2009.07.14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\System32\autochk.exe
[2009.07.14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe

< MD5 for: CDROM.SYS >
[2009.07.14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\drivers\cdrom.sys
[2009.07.14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_db87d184bc84f910\cdrom.sys
[2009.07.14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_5f7fb206051affbb\cdrom.sys

< MD5 for: CNGAUDIT.DLL >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

< MD5 for: CRYPTSVC.DLL >
[2009.07.14 03:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\System32\cryptsvc.dll
[2009.07.14 03:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll

< MD5 for: EXPLORER.EXE >
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: HAL.DLL >
[2009.07.14 03:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\System32\hal.dll
[2009.07.14 03:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_aaff48c7bafdccc6\hal.dll

< MD5 for: IASTORV.SYS >
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

< MD5 for: ISAPNP.SYS >
[2009.07.14 03:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\System32\drivers\isapnp.sys
[2009.07.14 03:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\isapnp.sys
[2009.07.14 03:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\isapnp.sys

< MD5 for: LSASS.EXE >
[2009.07.14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\System32\lsass.exe
[2009.07.14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_a620e0e5be1ecda7\lsass.exe
[2009.07.14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_a61fe281be1fb177\lsass.exe
[2009.07.14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_a69eaf60d7456d32\lsass.exe

< MD5 for: NDIS.SYS >
[2009.07.14 03:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\System32\drivers\ndis.sys
[2009.07.14 03:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_a79d81ea7d62a289\ndis.sys

< MD5 for: NETLOGON.DLL >
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NVRAID.SYS >
[2009.07.14 03:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\System32\drivers\nvraid.sys
[2009.07.14 03:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvraid.sys
[2009.07.14 03:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

< MD5 for: SMSS.EXE >
[2009.07.14 03:14:39 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=16742790895960690237A5143CEDEC8B -- C:\Windows\System32\smss.exe
[2009.07.14 03:14:39 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=16742790895960690237A5143CEDEC8B -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_ac10fe207a85352b\smss.exe

< MD5 for: SVCHOST.EXE >
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: TCPIP.SYS >
[2009.07.14 03:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_b2f46875c7b9d667\tcpip.sys
[2010.06.14 08:06:58 | 001,288,576 | ---- | M] (Microsoft Corporation) MD5=A39EA325C081AD27461F630C8E3E56E0 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_b3b219fae0b0af43\tcpip.sys
[2010.06.14 08:12:30 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=BB7F39C31C4A4417FD318E7CD184E225 -- C:\Windows\System32\drivers\tcpip.sys
[2010.06.14 08:12:30 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=BB7F39C31C4A4417FD318E7CD184E225 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_b33b1c29c7858b92\tcpip.sys

< MD5 for: USERINIT.EXE >
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< MD5 for: WS2_32.DLL >
[2009.07.14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\System32\ws2_32.dll
[2009.07.14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_f28e06e62fa99b35\ws2_32.dll

< >

< %systemroot%*.* /U /s >
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[3 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2011.02.11 23:28:44 | 000,000,000 | ---D | M] -- C:\Users\ivo\AppData\Roaming\Adobe
[2011.02.27 20:00:00 | 000,000,000 | ---D | M] -- C:\Users\ivo\AppData\Roaming\Ahead
[2012.05.07 15:17:54 | 000,000,000 | ---D | M] -- C:\Users\ivo\AppData\Roaming\Ashampoo
[2011.01.02 18:24:01 | 000,000,000 | ---D | M] -- C:\Users\ivo\AppData\Roaming\ATI
[2011.10.05 11:35:42 | 000,000,000 | ---D | M] -- C:\Users\ivo\AppData\Roaming\AVG2012
[2011.09.05 16:52:22 | 000,000,000 | ---D | M] -- C:\Users\ivo\AppData\Roaming\Bioshock
[2011.08.16 07:46:22 | 000,000,000 | ---D | M] -- C:\Users\ivo\AppData\Roaming\CyberLink
[2011.03.12 16:34:39 | 000,000,000 | ---D | M] -- C:\Users\ivo\AppData\Roaming\FairStars Audio Converter Pro
[2011.01.16 01:58:42 | 000,000,000 | ---D | M] -- C:\Users\ivo\AppData\Roaming\FreeFileViewer
[2011.03.17 09:07:43 | 000,000,000 | ---D | M] -- C:\Users\ivo\AppData\Roaming\ICQ
[2011.01.02 08:46:27 | 000,000,000 | ---D | M] -- C:\Users\ivo\AppData\Roaming\Identities
[2011.08.31 06:51:44 | 000,000,000 | ---D | M] -- C:\Users\ivo\AppData\Roaming\InstallShield
[2011.09.03 13:09:41 | 000,000,000 | ---D | M] -- C:\Users\ivo\AppData\Roaming\Leadertech
[2011.01.02 08:51:53 | 000,000,000 | ---D | M] -- C:\Users\ivo\AppData\Roaming\Macromedia
[2011.01.02 20:43:04 | 000,000,000 | ---D | M] -- C:\Users\ivo\AppData\Roaming\Malwarebytes
[2009.07.14 11:20:06 | 000,000,000 | ---D | M] -- C:\Users\ivo\AppData\Roaming\Media Center Programs
[2012.05.04 12:20:50 | 000,000,000 | ---D | M] -- C:\Users\ivo\AppData\Roaming\Media Player Classic
[2011.08.03 18:01:10 | 000,000,000 | --SD | M] -- C:\Users\ivo\AppData\Roaming\Microsoft
[2011.01.02 20:07:42 | 000,000,000 | ---D | M] -- C:\Users\ivo\AppData\Roaming\Mozilla
[2011.02.18 14:08:28 | 000,000,000 | ---D | M] -- C:\Users\ivo\AppData\Roaming\Nero
[2011.07.11 13:46:23 | 000,000,000 | ---D | M] -- C:\Users\ivo\AppData\Roaming\Nokia
[2011.07.11 13:46:23 | 000,000,000 | ---D | M] -- C:\Users\ivo\AppData\Roaming\Nokia Ovi Suite
[2011.02.18 15:31:46 | 000,000,000 | ---D | M] -- C:\Users\ivo\AppData\Roaming\NVIDIA
[2011.01.11 18:42:06 | 000,000,000 | ---D | M] -- C:\Users\ivo\AppData\Roaming\PC Suite
[2011.05.24 07:07:07 | 000,000,000 | RH-D | M] -- C:\Users\ivo\AppData\Roaming\SecuROM
[2012.01.27 16:10:47 | 000,000,000 | ---D | M] -- C:\Users\ivo\AppData\Roaming\Skype
[2011.04.01 09:15:28 | 000,000,000 | ---D | M] -- C:\Users\ivo\AppData\Roaming\skypePM
[2011.09.28 11:21:43 | 000,000,000 | ---D | M] -- C:\Users\ivo\AppData\Roaming\Stardock
[2011.01.13 13:50:40 | 000,000,000 | ---D | M] -- C:\Users\ivo\AppData\Roaming\Tific
[2011.07.25 08:19:22 | 000,000,000 | ---D | M] -- C:\Users\ivo\AppData\Roaming\Touchstone
[2011.01.03 04:39:40 | 000,000,000 | ---D | M] -- C:\Users\ivo\AppData\Roaming\TuneUp Software
[2012.03.31 09:02:03 | 000,000,000 | ---D | M] -- C:\Users\ivo\AppData\Roaming\Ubisoft
[2011.01.16 01:58:17 | 000,000,000 | ---D | M] -- C:\Users\ivo\AppData\Roaming\Uniblue
[2011.01.10 13:30:31 | 000,000,000 | ---D | M] -- C:\Users\ivo\AppData\Roaming\Voipwise
[2012.05.08 09:51:24 | 000,000,000 | ---D | M] -- C:\Users\ivo\AppData\Roaming\Vso
[2011.01.02 09:02:57 | 000,000,000 | ---D | M] -- C:\Users\ivo\AppData\Roaming\WinRAR
[2011.01.02 20:25:08 | 000,000,000 | ---D | M] -- C:\Users\ivo\AppData\Roaming\Zoner

< %APPDATA%\*.exe /s >
[2011.01.03 04:53:39 | 000,087,608 | ---- | M] () -- C:\Users\ivo\AppData\Roaming\inst.exe
[2011.11.22 15:35:13 | 000,007,680 | R--- | M] () -- C:\Users\ivo\AppData\Roaming\Microsoft\Installer\{2B0C9858-8D78-48B2-BC37-4CAEBB2CA510}\Icon2B0C9858.exe
[2011.11.22 15:35:13 | 000,101,888 | R--- | M] () -- C:\Users\ivo\AppData\Roaming\Microsoft\Installer\{2B0C9858-8D78-48B2-BC37-4CAEBB2CA510}\Icon2B0C98582.exe
[2011.11.22 15:35:13 | 000,012,800 | R--- | M] () -- C:\Users\ivo\AppData\Roaming\Microsoft\Installer\{2B0C9858-8D78-48B2-BC37-4CAEBB2CA510}\Icon2B0C98583.exe
[2011.11.22 15:35:13 | 000,018,944 | R--- | M] () -- C:\Users\ivo\AppData\Roaming\Microsoft\Installer\{2B0C9858-8D78-48B2-BC37-4CAEBB2CA510}\Icon2B0C98584.exe
[2011.11.22 15:35:13 | 000,396,288 | R--- | M] () -- C:\Users\ivo\AppData\Roaming\Microsoft\Installer\{2B0C9858-8D78-48B2-BC37-4CAEBB2CA510}\Icon2B0C98585.exe
[2011.11.22 15:35:13 | 000,252,416 | R--- | M] () -- C:\Users\ivo\AppData\Roaming\Microsoft\Installer\{2B0C9858-8D78-48B2-BC37-4CAEBB2CA510}\Icon2B0C98586.exe
[2011.11.27 18:33:29 | 000,107,008 | R--- | M] () -- C:\Users\ivo\AppData\Roaming\Microsoft\Installer\{359ADF3A-F727-40F1-9D8A-6699EE355287}\Icon359ADF3A1.exe
[2011.11.27 18:33:29 | 000,004,608 | R--- | M] () -- C:\Users\ivo\AppData\Roaming\Microsoft\Installer\{359ADF3A-F727-40F1-9D8A-6699EE355287}\Icon359ADF3A2.exe
[2011.11.27 18:33:29 | 000,106,496 | R--- | M] () -- C:\Users\ivo\AppData\Roaming\Microsoft\Installer\{359ADF3A-F727-40F1-9D8A-6699EE355287}\Icon359ADF3A3.exe
[2011.11.27 18:33:29 | 000,107,008 | R--- | M] () -- C:\Users\ivo\AppData\Roaming\Microsoft\Installer\{359ADF3A-F727-40F1-9D8A-6699EE355287}\Icon359ADF3A4.exe
[2011.11.27 18:33:29 | 000,210,432 | R--- | M] () -- C:\Users\ivo\AppData\Roaming\Microsoft\Installer\{359ADF3A-F727-40F1-9D8A-6699EE355287}\Icon359ADF3A5.exe
[2011.05.21 22:39:04 | 000,010,134 | R--- | M] () -- C:\Users\ivo\AppData\Roaming\Microsoft\Installer\{89661B04-C646-4412-B6D3-5E19F02F1F37}\ARPPRODUCTICON.exe
[2010.04.25 22:08:43 | 000,342,365 | ---- | M] () -- C:\Users\ivo\AppData\Roaming\Nero\Uninstall.exe
[2011.03.31 23:26:36 | 007,391,320 | ---- | M] (ZONER software ) -- C:\Users\ivo\AppData\Roaming\Zoner\NLMDB\product.0032\autoupdate.cz\ZPS12_Update_Build12.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2012.05.09 17:54:32 | 000,014,224 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.09 17:54:32 | 000,014,224 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.09 12:56:23 | 000,126,844 | ---- | M] () -- C:\Windows\system32\perfc005.dat
[2012.05.09 12:56:23 | 000,111,146 | ---- | M] () -- C:\Windows\system32\perfc009.dat
[2012.05.09 12:56:23 | 000,638,182 | ---- | M] () -- C:\Windows\system32\perfh005.dat
[2012.05.09 12:56:23 | 000,623,560 | ---- | M] () -- C:\Windows\system32\perfh009.dat
[2012.05.09 12:56:23 | 001,495,348 | ---- | M] () -- C:\Windows\system32\PerfStringBackup.INI
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"" =
"Sidebar" = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun -- [2009.07.14 03:14:38 | 001,173,504 | ---- | M] (Microsoft Corporation)

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k netsvcs

< >

< type c:\boot.ini >> test.txt /c >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2012.05.09 17:49:59 | 000,000,512 | ---- | M] () MD5=C1640A2FD066CD86531E1D057C2FEBE9 -- C:\PhysicalMBR.bin

< >

< *crack* /s >

< *keygen* /s >

< *loader* /s >

< *minodlogin* /s >

< *tnod* /s >

< *AutoKMS* /s >

< *activator* /s >

< *serial* /s >

< *w7lxe* /s >

< End of report >
Dobrý den.Nemám připojení na Net.Widle jsou zn."pirát"...

#4 Příspěvek od **Márty84** » 11 kvě 2012 09:25

kemgura píše:Widle jsou zn."pirát"...

Toz co s vama

Zkuste to procistit CCleanerem, vcetne registru a defragmentovat disk. Taky tam mate nejake zbytky po Avastu a i neco od AVG jsem tam zahledl. Tak se toho zkuste zbavit. Treba to zabere.

Protoze jinak:
Podle pravidel fora se zde nelegalnim software nezabyvame (prectete si pravidlo - pomahat nelze cislo 2 http://www.viry.cz/forum/viewtopic.php?f=12&t=115512 ).

#5 Příspěvek od **Márty84** » 11 kvě 2012 17:50

Tak co, pomohlo to?

kemgura · #6 Příspěvek od **kemgura** » 19 kvě 2012 11:46

Dobrý den.Zdá se,že mi to už nedělá zlobu...Jste génius...Zbytky Avastu a AVG mi tam zavazí už léta .Nevím jak je ostranit. Příjemný den.

#7 Příspěvek od **Márty84** » 20 kvě 2012 10:16

Tak to docistime, kdyz jste ten lnelegal priznal a bylo to poprve. Ale priste uz nee, OK?

Jsou tam i nejake stopy MBAM, ale taky asi neni plne funkcni, nebo ano?

V tomto skriptu se odpali i MBAM, tak jestli ho tam mate schvalne, napiste, ja ho upravim.

Znovu spustte OTL jako spravce
Do spodniho okna vlozte nasledujici text

Kód: Vybrat vše

:otl
SRV - File not found [Auto | Stopped] -- F:\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
DRV - [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010.12.30 21:04:20 | 000,099,792 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswFW.sys -- (aswFW)
DRV - [2010.12.30 21:03:08 | 000,189,776 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswNdis2.sys -- (aswNdis2)
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029
IE - HKU\S-1-5-21-2835880761-377794395-384413730-1000\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKU\S-1-5-21-2835880761-377794395-384413730-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2835880761-377794395-384413730-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "MyAshampoo Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2475029&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q="
[2011.03.12 00:37:56 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\ivo\AppData\Roaming\Mozilla\Firefox\Profiles\1nhnezth.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.11.02 16:51:16 | 000,000,923 | ---- | M] () -- C:\Users\ivo\AppData\Roaming\Mozilla\Firefox\Profiles\1nhnezth.default\searchplugins\conduit.xml
[2011.01.03 04:25:12 | 000,002,342 | ---- | M] () -- C:\Users\ivo\AppData\Roaming\Mozilla\Firefox\Profiles\1nhnezth.default\searchplugins\icq-search.xml
[2011.01.16 02:18:02 | 000,000,950 | ---- | M] () -- C:\Users\ivo\AppData\Roaming\Mozilla\Firefox\Profiles\1nhnezth.default\searchplugins\icqplugin-1.xml
[2011.03.06 19:53:06 | 000,000,950 | ---- | M] () -- C:\Users\ivo\AppData\Roaming\Mozilla\Firefox\Profiles\1nhnezth.default\searchplugins\icqplugin-2.xml
[2011.03.24 18:14:33 | 000,000,950 | ---- | M] () -- C:\Users\ivo\AppData\Roaming\Mozilla\Firefox\Profiles\1nhnezth.default\searchplugins\icqplugin-3.xml
[2011.08.31 07:17:26 | 000,000,950 | ---- | M] () -- C:\Users\ivo\AppData\Roaming\Mozilla\Firefox\Profiles\1nhnezth.default\searchplugins\icqplugin-4.xml
[2011.01.14 10:21:37 | 000,000,950 | ---- | M] () -- C:\Users\ivo\AppData\Roaming\Mozilla\Firefox\Profiles\1nhnezth.default\searchplugins\icqplugin.xml
O3 - HKU\S-1-5-21-2835880761-377794395-384413730-1000\..\Toolbar\WebBrowser: (no name) - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - No CLSID value found.
O3 - HKU\S-1-5-21-2835880761-377794395-384413730-1000\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] "F:\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray File not found
O4 - HKU\S-1-5-21-2835880761-377794395-384413730-1000..\Run: [] File not found
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 File not found
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2011.10.05 11:35:42 | 000,000,000 | ---D | M] -- C:\Users\ivo\AppData\Roaming\AVG2012
[3 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]

:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:reg
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD9LanguageShortcut]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl9]

:commands
[RESETHOSTS]
[EMPTYTEMP]
[Purity]
[EMPTYFLASH]

Kliknete na Opravit a nechte program pracovat. Pri otazce na restart souhlaste.
Po restartu se objevi novy log, ten sem dejte.

kemgura · #8 Příspěvek od **kemgura** » 25 kvě 2012 12:24

Díky ! Posílám OTL log...
All processes killed
========== OTL ==========
Error: No service named MBAMService was found to stop!
Service\Driver key MBAMService not found.
File F:\Malwarebytes' Anti-Malware\mbamservice.exe not found.
Error: No service named MBAMProtector was found to stop!
Service\Driver key MBAMProtector not found.
File C:\Windows\System32\drivers\mbam.sys not found.
Error: Unable to stop service aswFW!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aswFW deleted successfully.
C:\Windows\System32\drivers\aswFW.sys moved successfully.
Error: Unable to stop service aswNdis2!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aswNdis2 deleted successfully.
C:\Windows\System32\drivers\aswNdis2.sys moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKEY_USERS\S-1-5-21-2835880761-377794395-384413730-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2835880761-377794395-384413730-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-2835880761-377794395-384413730-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "MyAshampoo Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "http://search.conduit.com/ResultsExt.as ... earchTerms}" removed from browser.search.defaulturl
Prefs.js: "ICQ Search" removed from browser.search.selectedEngine
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "http://search.icq.com/search/afe_result ... r=1.1.9&q=" removed from keyword.URL
C:\Users\ivo\AppData\Roaming\Mozilla\Firefox\Profiles\1nhnezth.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Users\ivo\AppData\Roaming\Mozilla\Firefox\Profiles\1nhnezth.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Users\ivo\AppData\Roaming\Mozilla\Firefox\Profiles\1nhnezth.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
C:\Users\ivo\AppData\Roaming\Mozilla\Firefox\Profiles\1nhnezth.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Users\ivo\AppData\Roaming\Mozilla\Firefox\Profiles\1nhnezth.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Users\ivo\AppData\Roaming\Mozilla\Firefox\Profiles\1nhnezth.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin folder moved successfully.
C:\Users\ivo\AppData\Roaming\Mozilla\Firefox\Profiles\1nhnezth.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr folder moved successfully.
C:\Users\ivo\AppData\Roaming\Mozilla\Firefox\Profiles\1nhnezth.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk folder moved successfully.
C:\Users\ivo\AppData\Roaming\Mozilla\Firefox\Profiles\1nhnezth.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru folder moved successfully.
C:\Users\ivo\AppData\Roaming\Mozilla\Firefox\Profiles\1nhnezth.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it folder moved successfully.
C:\Users\ivo\AppData\Roaming\Mozilla\Firefox\Profiles\1nhnezth.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he folder moved successfully.
C:\Users\ivo\AppData\Roaming\Mozilla\Firefox\Profiles\1nhnezth.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr folder moved successfully.
C:\Users\ivo\AppData\Roaming\Mozilla\Firefox\Profiles\1nhnezth.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es folder moved successfully.
C:\Users\ivo\AppData\Roaming\Mozilla\Firefox\Profiles\1nhnezth.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US folder moved successfully.
C:\Users\ivo\AppData\Roaming\Mozilla\Firefox\Profiles\1nhnezth.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de folder moved successfully.
C:\Users\ivo\AppData\Roaming\Mozilla\Firefox\Profiles\1nhnezth.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs folder moved successfully.
C:\Users\ivo\AppData\Roaming\Mozilla\Firefox\Profiles\1nhnezth.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg folder moved successfully.
C:\Users\ivo\AppData\Roaming\Mozilla\Firefox\Profiles\1nhnezth.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale folder moved successfully.
C:\Users\ivo\AppData\Roaming\Mozilla\Firefox\Profiles\1nhnezth.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img folder moved successfully.
C:\Users\ivo\AppData\Roaming\Mozilla\Firefox\Profiles\1nhnezth.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content folder moved successfully.
C:\Users\ivo\AppData\Roaming\Mozilla\Firefox\Profiles\1nhnezth.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Users\ivo\AppData\Roaming\Mozilla\Firefox\Profiles\1nhnezth.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
C:\Users\ivo\AppData\Roaming\Mozilla\Firefox\Profiles\1nhnezth.default\searchplugins\conduit.xml moved successfully.
C:\Users\ivo\AppData\Roaming\Mozilla\Firefox\Profiles\1nhnezth.default\searchplugins\icq-search.xml moved successfully.
C:\Users\ivo\AppData\Roaming\Mozilla\Firefox\Profiles\1nhnezth.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Users\ivo\AppData\Roaming\Mozilla\Firefox\Profiles\1nhnezth.default\searchplugins\icqplugin-2.xml moved successfully.
C:\Users\ivo\AppData\Roaming\Mozilla\Firefox\Profiles\1nhnezth.default\searchplugins\icqplugin-3.xml moved successfully.
C:\Users\ivo\AppData\Roaming\Mozilla\Firefox\Profiles\1nhnezth.default\searchplugins\icqplugin-4.xml moved successfully.
C:\Users\ivo\AppData\Roaming\Mozilla\Firefox\Profiles\1nhnezth.default\searchplugins\icqplugin.xml moved successfully.
Registry value HKEY_USERS\S-1-5-21-2835880761-377794395-384413730-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A1E75A0E-4397-4BA8-BB50-E19FB66890F4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}\ not found.
Registry value HKEY_USERS\S-1-5-21-2835880761-377794395-384413730-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Malwarebytes' Anti-Malware not found.
Registry value HKEY_USERS\S-1-5-21-2835880761-377794395-384413730-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xportovat do aplikace Microsoft Excel\ deleted successfully.
C:\Windows\85EBB28365AF4C539EBE7C0A232762F7.TMP\WiseCustomCalla.dll deleted successfully.
C:\Windows\85EBB28365AF4C539EBE7C0A232762F7.TMP folder deleted successfully.
C:\Windows\A5B5A16D277A476B8F621029A2F23072.TMP\WiseCustomCalla.dll deleted successfully.
C:\Windows\A5B5A16D277A476B8F621029A2F23072.TMP folder deleted successfully.
C:\Windows\msdownld.tmp folder deleted successfully.
C:\Windows\System32\tmp8EE8.tmp deleted successfully.
C:\Windows\System32\tmp9012.tmp deleted successfully.
C:\Users\ivo\AppData\Roaming\AVG2012\cfgall folder moved successfully.
C:\Users\ivo\AppData\Roaming\AVG2012 folder moved successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP34D.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5E64.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP8545.tmp folder deleted successfully.
========== FILES ==========
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD9LanguageShortcut\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl9\ deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: ivo
->Temp folder emptied: 59876210 bytes
->Temporary Internet Files folder emptied: 327814 bytes
->Java cache emptied: 5529783 bytes
->FireFox cache emptied: 46535308 bytes
->Flash cache emptied: 602 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 590304 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 108,00 mb

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: ivo
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser

Total Flash Files Cleaned = 0,00 mb

OTL by OldTimer - Version 3.2.43.1 log created on 05232012_134922

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

#9 Příspěvek od **Márty84** » 25 kvě 2012 16:45

Smazano.

Spustte znovu OTL jako spravce a kliknete na napis Vycisti. Program po sobe uklidi a pokud nebudou problemy, melo by to byt vse

kemgura · #10 Příspěvek od **kemgura** » 30 kvě 2012 13:27

Děkuji Vám za Váš čas....

#11 Příspěvek od **Márty84** » 30 kvě 2012 15:35

Nemate zac

Mejte se

VIRY.CZ

Prosím o kontrolu, sem tam se to sekne

Prosím o kontrolu, sem tam se to sekne

Re: Prosím o kontrolu, sem tam se to sekne

Re: Prosím o kontrolu, sem tam se to sekne

Re: Prosím o kontrolu, sem tam se to sekne

Re: Prosím o kontrolu, sem tam se to sekne

Re: Prosím o kontrolu, sem tam se to sekne

Re: Prosím o kontrolu, sem tam se to sekne

Re: Prosím o kontrolu, sem tam se to sekne

Re: Prosím o kontrolu, sem tam se to sekne

Re: Prosím o kontrolu, sem tam se to sekne

Re: Prosím o kontrolu, sem tam se to sekne