XP internet security- hází varovné hlášky- prosím o kontrolu

Zpráva

Ecinazuz · #31 Příspěvek od **Ecinazuz** » 24 dub 2010 21:20

Hustone- máme asi problém

- při skenování se objevila nějaká hláška, já na to klikla- pokračoval sken a pak restart- log na ploše nevidím...sakra...
spustila jsem znovu..a asi po 15 řádku to zamrzlo- nehýbe se ani kurzor myši

....doplňuji...restartovala jsem PC a spustila znovu.....zatím to jede..../ach bože...ještě že nevidím jak koulíš očima

/

Ecinazuz · #32 Příspěvek od **Ecinazuz** » 24 dub 2010 22:04

OK- jdu taky/ co blešky...ale viry potvory mě budou strašit

/ - tedy až doskenuju

....zítra pokračování.....zatím DÍKY MOC za pomoc A DOBROU

Ecinazuz · #33 Příspěvek od **Ecinazuz** » 25 dub 2010 06:58

Dobré ráno přeji, ještě mám zaleprné oči....včera jsem čekala na sken z toho gmeru....zase se to seklo- tak nic...ráno jsem to udělala znovu, snad to už je Ok posílám sken:

dotaz- tu složku, kterou chceš zazipovat a ,,někam" dát"- tu mám vyjmout z PC/není nutno jí tu mít/ nebo udělat kopii ?

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-25 07:52:45
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Admin\LOCALS~1\Temp\agayqfog.sys

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG10.00.00.01WORKSTATION 1D7AB883B73BF6B86D9B3FCEF5020B881715A7FEE16DAFEB42296D5E0B95519E4A14F3FE715559E8B9165BD4C3048B1852D9DC96B4FE6A52289E39F35C052E2C4DC0B71AAC5749978A80B308F0397FA0AA2CBCFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933C038D530D6EB34528EDD5E5BE2F6E6679DB7CE019D40AA5CB2F2C6C7D4B0C8245F61BDCC0CB82FEBBE9FD44F82634DB471F8304B83A9CBDCDAB906DDF9E2C0C2F9AE91E2368F56DA88BCDE117637B9E7F87EE1BAC44ED7B22F7ADE0D9F34F15C1EE1256AFC3D7FB9A7E813CF11C9D5C35124F3C86D743596CD78257C6E4C90FEC8298E3DF49EAE1612DC6D3273509E7712C7E88FCE4AF478895EFED783F2DEF82914BB3828377EC1F6AFBD69B6A822F583AE95AD2C263B8BE737E74E6F9438DFA2986ABA952B9FD1B6E2A92565500373A28024C5BDFDBEC624F32E943842870B4C91AF29ADC5D11EE4D52A1CFE69FA6BA14791FD2FEDCC642D68F36256315117F2BB72ED59746DC5C8D18B86753CD29BE6F23082213747E4A44D30F1373AA8639436EE756FC8DA29E1FEEDA330B26C868A58A600A83C200BE240AE83BBD93716658935AEBF79186C5E6D48330ADBB8F05B2C6DAACA06DFDD703F0E5BB7313B14CD1EA8108BDE3A79A30FE0FC53EB40E6D90BD3390
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000

Ecinazuz · #34 Příspěvek od **Ecinazuz** » 25 dub 2010 07:09

http://www.uloz.to/4640060/qoobox.zip

snad jsem to udělala dobře

ještě přidávám nový sken z aktualizovaného malwarebytes:
Položky jsem odstranila

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Verze databáze: 3930

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

25.4.2010 8:48:10
mbam-log-2010-04-25 (08-48-10).txt

Typ skenu: Úplný sken (C:\|)
Skenované objekty: 172130
Uplynulý čas: 24 minuta(y), 17 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 2
Infikované datové položky registru: 3
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\secfile\shell\open\command\(default) (Rogue.MultipleAV) -> Quarantined and deleted successfully.

Infikované datové položky registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\WINDOWS\system32\config\systemprofile\Local Settings\Data aplikací\ave.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe") Good: (firefox.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\WINDOWS\system32\config\systemprofile\Local Settings\Data aplikací\ave.exe" /START "C:\Program Files\Internet Explorer\IEXPLORE.EXE") Good: (iexplore.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\WINDOWS\system32\config\systemprofile\Local Settings\Data aplikací\ave.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

Ecinazuz · #35 Příspěvek od **Ecinazuz** » 25 dub 2010 09:19

ahoj...
prosím polopaticky

.....
Uploudni i slozko C:\_otl pak znovu spust otl a zmackni Vycisti.
chápu to dobře-... tu složku chceš zase někam uložit a pak spustit otl a dát vyčistit

a tu složku qoobox mám úplně vyhodit z PC????

Ecinazuz · #36 Příspěvek od **Ecinazuz** » 25 dub 2010 09:46

OK- v pohodě...jsem ti vděčná za pomoc....a trpělivost;-)

http://www.uloz.to/4641009/otl.zip

Složku Qoobox jsem smázla

Jdu na to další....
OTL - vyčištěno

/jo mimochodem- už mi neskáčou ty varovná okna/

Log z nového OTL:

OTL logfile created on: 25.4.2010 10:59:15 - Run 1
OTL by OldTimer - Version 3.2.2.0 Folder = C:\Documents and Settings\Admin\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 69,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 89,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 155,24 Gb Total Space | 140,73 Gb Free Space | 90,65% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 77,64 Gb Total Space | 37,64 Gb Free Space | 48,48% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-D958691FD9
Current User Name: Admin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 7 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.04.25 10:58:10 | 000,562,688 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Plocha\OTL.exe
PRC - [2010.04.14 01:01:29 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010.04.07 21:07:24 | 000,810,120 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2010.04.07 21:07:04 | 002,145,000 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2009.10.28 21:33:14 | 000,603,904 | ---- | M] (TuneUp Software) -- C:\WINDOWS\system32\TUProgSt.exe
PRC - [2008.04.14 14:00:00 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.03.17 18:06:00 | 001,848,648 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2008.01.22 10:35:52 | 000,103,808 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2007.05.11 02:09:48 | 001,050,120 | ---- | M] (O&O Software GmbH) -- C:\WINDOWS\system32\oodag.exe
PRC - [2007.05.11 02:08:54 | 002,512,392 | ---- | M] (O&O Software GmbH) -- C:\WINDOWS\system32\oodtray.exe
PRC - [2007.03.30 13:05:32 | 001,024,512 | ---- | M] () -- C:\Program Files\GIGABYTE\VGA Utility Manager\Utility.exe
PRC - [2007.03.06 19:20:00 | 000,536,576 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
PRC - [2006.11.08 12:36:40 | 000,118,870 | ---- | M] () -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
PRC - [2006.11.08 12:36:38 | 000,274,520 | ---- | M] () -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
PRC - [2003.05.23 06:38:26 | 000,106,496 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe
PRC - [2003.03.14 04:38:12 | 000,155,648 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\RAMASST.exe

========== Modules (SafeList) ==========

MOD - [2010.04.25 10:58:10 | 000,562,688 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Plocha\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2010.04.07 21:10:38 | 000,033,560 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2010.04.07 21:07:24 | 000,810,120 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2009.10.28 21:33:14 | 000,603,904 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
SRV - [2009.10.28 21:33:13 | 000,360,192 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2009.09.10 12:35:45 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008.12.11 14:31:36 | 000,027,904 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2008.01.22 10:35:52 | 000,103,808 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2007.05.11 02:09:48 | 001,050,120 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\WINDOWS\system32\oodag.exe -- (O&O Defrag)
SRV - [2006.11.08 12:36:40 | 000,118,870 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2006.11.08 12:36:38 | 000,274,520 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2003.05.23 06:38:26 | 000,106,496 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)

========== Driver Services (SafeList) ==========

DRV - [2010.04.07 21:08:08 | 000,055,232 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2010.04.07 21:08:06 | 000,032,584 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2010.04.07 21:08:04 | 000,134,488 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2010.04.07 21:07:08 | 000,114,984 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010.04.07 21:03:44 | 000,139,192 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2009.09.09 12:28:18 | 000,015,600 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2008.04.14 14:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007.07.18 13:26:04 | 004,547,584 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007.06.29 14:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2007.05.11 00:03:00 | 006,738,432 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006.11.27 16:33:54 | 000,019,968 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006.11.27 16:33:50 | 000,058,368 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006.10.18 16:31:38 | 000,105,472 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2006.06.18 23:59:28 | 000,043,008 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004.10.15 12:50:20 | 000,015,295 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb)
DRV - [2003.10.24 06:53:14 | 000,090,416 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [1997.12.23 03:02:46 | 000,023,936 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\aspi32.sys -- (Aspi32)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-583907252-162531612-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
IE - HKU\S-1-5-21-583907252-162531612-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-583907252-162531612-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.5
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.14 01:01:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.14 01:01:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010.04.25 09:37:20 | 000,000,000 | ---D | M]

[2009.09.10 19:01:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Data aplikací\Mozilla\Extensions
[2009.09.10 19:01:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\65rphqj6.default\extensions
[2009.12.18 07:51:15 | 000,000,694 | ---- | M] () -- C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\65rphqj6.default\searchplugins\icq-search.xml
[2010.02.19 23:05:21 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\65rphqj6.default\searchplugins\icqplugin-1.xml
[2010.03.11 22:01:21 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\65rphqj6.default\searchplugins\icqplugin-2.xml
[2010.03.23 10:04:16 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\65rphqj6.default\searchplugins\icqplugin-3.xml
[2010.04.14 01:01:53 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\65rphqj6.default\searchplugins\icqplugin-4.xml
[2008.03.31 09:52:00 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\65rphqj6.default\searchplugins\icqplugin.gif
[2008.03.31 09:52:00 | 000,000,618 | ---- | M] () -- C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\65rphqj6.default\searchplugins\icqplugin.src
[2010.01.08 19:55:19 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\65rphqj6.default\searchplugins\icqplugin.xml
[2010.04.21 19:59:38 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009.09.10 19:04:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.03.11 22:01:11 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.03.11 22:01:11 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.03.11 22:01:11 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.03.11 22:01:11 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.03.11 22:01:11 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2010.04.24 18:56:36 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Podpora odkazu pro Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKU\S-1-5-21-583907252-162531612-682003330-1004\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe (O&O Software GmbH)
O4 - Startup: C:\Documents and Settings\Admin\Nabídka Start\Programy\Po spuštění\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Admin\Nabídka Start\Programy\Po spuštění\GIGABYTE VGA Utility.lnk = C:\Documents and Settings\Admin\Data aplikací\Microsoft\Installer\{D27BDB5D-3B4C-44F0-A648-BD00B0E79B39}\Utility.exe2_D27BDB5D3B4C44F0A648BD00B0E79B39.exe (Macrovision Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-583907252-162531612-682003330-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-583907252-162531612-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-583907252-162531612-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-583907252-162531612-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Admin\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Admin\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.09.09 11:59:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (OODBS) - C:\WINDOWS\System32\OODBS.exe (O&O Software GmbH)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = secfile] -- Reg Error: Value error. File not found
O37 - HKU\.DEFAULT\...exe [@ = secfile] -- "C:\Documents and Settings\LocalService\Local Settings\Data aplikací\ave.exe" /START "%1" %* File not found
O37 - HKU\S-1-5-18\...exe [@ = secfile] -- "C:\Documents and Settings\LocalService\Local Settings\Data aplikací\ave.exe" /START "%1" %* File not found
O37 - HKU\S-1-5-21-583907252-162531612-682003330-1004\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009.09.09 13:42:16 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\AC3ACM.acm (fccHandler)
Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm ()
Drivers32: msacm.at3 - C:\WINDOWS\System32\atrac3.acm ()
Drivers32: msacm.divxa32 - C:\WINDOWS\System32\DivXa32.acm (Packed With Joy !)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - File not found
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.ffds - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.hfyu - C:\WINDOWS\System32\huffyuv.dll (Disappearing Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.vp60 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.vp61 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.vp62 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.xvid - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (55745656140070912)

========== Files/Folders - Created Within 7 Days ==========

[2010.04.25 10:57:54 | 000,562,688 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Admin\Plocha\OTL.exe
[2010.04.25 10:55:11 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010.04.25 10:52:40 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Admin\Plocha\erunt_setup.exe
[2010.04.24 20:02:29 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010.04.24 18:55:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010.04.24 16:26:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\avG
[2010.04.24 16:03:52 | 000,910,296 | ---- | C] (Mozilla Corporation) -- C:\Documents and Settings\Admin\Plocha\firefox.exe
[2010.04.24 13:35:35 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Admin\Recent
[2010.04.24 13:28:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\avG
[2010.04.24 13:28:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Data aplikací\avG
[2010.04.19 18:34:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Plocha\plány MŠ

========== Files - Modified Within 7 Days ==========

[2010.04.25 11:00:01 | 000,000,478 | ---- | M] () -- C:\WINDOWS\tasks\Úklid 1 kliknutím.job
[2010.04.25 10:58:10 | 000,562,688 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Plocha\OTL.exe
[2010.04.25 10:55:33 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Admin\Nabídka Start\Programy\Po spuštění\ERUNT AutoBackup.lnk
[2010.04.25 10:55:20 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Admin\Plocha\NTREGOPT.lnk
[2010.04.25 10:55:20 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Admin\Plocha\ERUNT.lnk
[2010.04.25 10:52:58 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Admin\Plocha\erunt_setup.exe
[2010.04.25 10:49:26 | 000,002,545 | ---- | M] () -- C:\Documents and Settings\Admin\Nabídka Start\Programy\Po spuštění\GIGABYTE VGA Utility.lnk
[2010.04.25 10:49:22 | 001,530,440 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.04.25 10:49:17 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.04.25 10:49:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.04.25 10:49:10 | 000,621,773 | ---- | M] () -- C:\WINDOWS\System32\oodbs.lor
[2010.04.25 10:48:34 | 004,980,736 | ---- | M] () -- C:\Documents and Settings\Admin\NTUSER.DAT
[2010.04.24 21:56:16 | 000,245,902 | ---- | M] () -- C:\Documents and Settings\Admin\Plocha\daft.com
[2010.04.24 21:35:00 | 000,013,166 | -HS- | M] () -- C:\Documents and Settings\All Users\Data aplikací\I6vNTV7g2h23
[2010.04.24 18:56:42 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.04.24 18:56:36 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.04.24 18:19:54 | 000,013,170 | -HS- | M] () -- C:\Documents and Settings\All Users\Data aplikací\3413392581
[2010.04.24 18:19:54 | 000,013,170 | -HS- | M] () -- C:\Documents and Settings\Admin\Local Settings\Data aplikací\3413392581
[2010.04.24 18:18:55 | 000,013,178 | -HS- | M] () -- C:\Documents and Settings\All Users\Data aplikací\1891633005
[2010.04.24 18:18:55 | 000,013,178 | -HS- | M] () -- C:\Documents and Settings\Admin\Local Settings\Data aplikací\1891633005
[2010.04.24 18:16:30 | 000,013,182 | -HS- | M] () -- C:\Documents and Settings\Admin\Local Settings\Data aplikací\I6vNTV7g2h23
[2010.04.24 16:32:39 | 000,002,561 | ---- | M] () -- C:\Documents and Settings\Admin\Plocha\Microsoft Office Word 2003.lnk
[2010.04.24 16:17:49 | 003,923,062 | R--- | M] () -- C:\Documents and Settings\Admin\Plocha\abraka.com
[2010.04.24 16:07:10 | 000,002,517 | ---- | M] () -- C:\Documents and Settings\Admin\Plocha\Microsoft Office Excel 2003.lnk
[2010.04.24 16:03:45 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Documents and Settings\Admin\Plocha\firefox.exe
[2010.04.24 15:15:44 | 000,002,283 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Skype.lnk
[2010.04.24 13:35:27 | 000,000,416 | ---- | M] () -- C:\Documents and Settings\Admin\Dokumenty\cc_20100424_133515.reg
[2010.04.23 20:09:20 | 000,425,984 | ---- | M] () -- C:\Documents and Settings\Admin\Plocha\Část z manuálu do balíčku.doc
[2010.04.21 22:52:25 | 000,000,176 | ---- | M] () -- C:\Documents and Settings\Admin\Dokumenty\cc_20100421_225222.reg
[2010.04.21 17:19:40 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Admin\Plocha\V jedné chaloupce žila koza se svými kůzlátky.doc
[2010.04.21 17:19:26 | 000,047,104 | ---- | M] () -- C:\Documents and Settings\Admin\Plocha\Mustr priprava - Kopie.doc
[2010.04.21 16:39:19 | 000,049,664 | ---- | M] () -- C:\Documents and Settings\Admin\Plocha\Jaro budí zvířátka...a jejich mláďátka...2010.doc
[2010.04.20 23:28:23 | 000,000,626 | ---- | M] () -- C:\Documents and Settings\Admin\Dokumenty\cc_20100420_232820.reg
[2010.04.19 07:20:25 | 000,000,012 | ---- | M] () -- C:\Documents and Settings\Admin\intlname.ols

========== Files Created - No Company Name ==========

[2010.04.25 10:55:33 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Admin\Nabídka Start\Programy\Po spuštění\ERUNT AutoBackup.lnk
[2010.04.25 10:55:20 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Admin\Plocha\NTREGOPT.lnk
[2010.04.25 10:55:20 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Admin\Plocha\ERUNT.lnk
[2010.04.24 21:56:15 | 000,245,902 | ---- | C] () -- C:\Documents and Settings\Admin\Plocha\daft.com
[2010.04.24 16:32:40 | 000,013,170 | -HS- | C] () -- C:\Documents and Settings\Admin\Local Settings\Data aplikací\3413392581
[2010.04.24 16:32:39 | 000,013,178 | -HS- | C] () -- C:\Documents and Settings\Admin\Local Settings\Data aplikací\1891633005
[2010.04.24 16:32:39 | 000,013,170 | -HS- | C] () -- C:\Documents and Settings\All Users\Data aplikací\3413392581
[2010.04.24 16:22:33 | 000,013,178 | -HS- | C] () -- C:\Documents and Settings\All Users\Data aplikací\1891633005
[2010.04.24 16:20:26 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010.04.24 16:20:23 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010.04.24 16:17:27 | 003,923,062 | R--- | C] () -- C:\Documents and Settings\Admin\Plocha\abraka.com
[2010.04.24 15:00:30 | 000,013,166 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\I6vNTV7g2h23
[2010.04.24 14:47:19 | 000,013,182 | -HS- | C] () -- C:\Documents and Settings\Admin\Local Settings\Data aplikací\I6vNTV7g2h23
[2010.04.24 13:35:17 | 000,000,416 | ---- | C] () -- C:\Documents and Settings\Admin\Dokumenty\cc_20100424_133515.reg
[2010.04.24 13:26:02 | 000,013,166 | -HS- | C] () -- C:\Documents and Settings\All Users\Data aplikací\I6vNTV7g2h23
[2010.04.24 13:25:45 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\NetworkService\Data aplikací\kcmdte.dat
[2010.04.23 20:09:20 | 000,425,984 | ---- | C] () -- C:\Documents and Settings\Admin\Plocha\Část z manuálu do balíčku.doc
[2010.04.21 22:52:23 | 000,000,176 | ---- | C] () -- C:\Documents and Settings\Admin\Dokumenty\cc_20100421_225222.reg
[2010.04.21 17:19:40 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Admin\Plocha\V jedné chaloupce žila koza se svými kůzlátky.doc
[2010.04.21 16:39:18 | 000,049,664 | ---- | C] () -- C:\Documents and Settings\Admin\Plocha\Jaro budí zvířátka...a jejich mláďátka...2010.doc
[2010.04.20 23:28:22 | 000,000,626 | ---- | C] () -- C:\Documents and Settings\Admin\Dokumenty\cc_20100420_232820.reg
[2009.11.20 17:40:06 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2009.11.11 15:41:30 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.10.12 21:03:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\oodcnt.INI
[2009.09.10 16:54:02 | 000,000,416 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009.09.10 16:54:02 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009.09.10 16:53:08 | 000,000,213 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2009.09.10 16:53:08 | 000,000,094 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2009.09.09 15:44:56 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2007.05.11 00:03:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007.05.11 00:03:00 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007.05.11 00:03:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007.05.11 00:03:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007.05.11 00:03:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007.02.26 23:24:20 | 000,220,672 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2007.02.26 23:22:42 | 000,150,528 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2007.02.26 23:22:36 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2007.02.26 23:22:34 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2007.02.26 23:22:30 | 000,141,312 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2007.02.26 23:22:24 | 000,123,392 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2007.02.26 23:22:14 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll
[2007.02.26 23:22:04 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2007.02.26 23:21:46 | 000,099,840 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2007.02.26 23:21:38 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2007.02.26 23:21:38 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2007.02.12 21:21:22 | 003,426,304 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2007.02.12 21:21:22 | 000,741,376 | ---- | C] () -- C:\WINDOWS\System32\audxlib.dll
[2007.02.12 21:21:22 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2007.02.12 21:21:22 | 000,399,872 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2007.02.12 21:21:22 | 000,245,760 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2007.02.12 21:21:22 | 000,225,280 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2007.02.12 21:21:22 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2007.02.12 21:21:22 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2007.02.12 21:21:22 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2007.02.12 21:21:22 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2007.02.12 21:21:22 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2007.02.12 21:21:22 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2007.02.12 21:21:22 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\ff_realaac.dll
[2007.02.12 21:21:22 | 000,079,872 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2007.02.12 21:21:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2007.02.12 21:21:22 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2007.02.12 21:21:22 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2007.02.12 21:21:22 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007.02.12 21:21:22 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2007.01.30 07:03:40 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006.11.01 16:54:30 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006.11.01 16:52:38 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006.07.07 17:51:02 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\FLT_ffdshow.dll
[2006.03.21 21:13:33 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2005.10.14 11:56:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005.10.14 11:56:50 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005.10.14 11:56:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005.10.14 11:56:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005.10.14 11:56:50 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005.10.14 11:56:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2003.04.09 15:38:04 | 000,005,664 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002.05.18 00:18:30 | 000,124,928 | ---- | C] () -- C:\WINDOWS\System32\mp4fil32.dll

========== LOP Check ==========

[2009.09.09 15:52:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Data aplikací\BinarySense
[2009.12.13 16:59:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Data aplikací\Canon
[2009.10.16 19:06:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Data aplikací\ESET
[2010.02.09 22:33:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Data aplikací\ICQ
[2009.10.28 21:33:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Data aplikací\TuneUp Software
[2010.03.26 22:39:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Data aplikací\VSO
[2010.04.24 13:28:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\avG
[2009.11.21 12:19:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\CanonBJ
[2010.03.30 19:30:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\CanonIJ
[2009.11.21 12:23:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\CanonIJMyPrinter
[2010.04.20 19:50:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\CanonIJPLM
[2009.12.13 16:59:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\CanonIJScan
[2009.11.21 12:23:46 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\CanonIJSolutionMenu
[2009.10.16 19:06:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ESET
[2009.09.10 19:04:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ICQ
[2009.09.30 22:29:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\PCSettings
[2009.10.28 21:32:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TuneUp Software
[2009.10.28 21:32:30 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Data aplikací\{55A29068-F2CE-456C-9148-C869879E2357}
[2010.04.25 11:00:01 | 000,000,478 | ---- | M] () -- C:\WINDOWS\Tasks\Úklid 1 kliknutím.job

========== Purity Check ==========

========== Custom Scans ==========

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Skype" = "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized -- [2010.03.09 10:02:14 | 026,100,520 | R--- | M] (Skype Technologies S.A.)
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater]
"" =

< c:\windows\*.* /U >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2009.10.11 12:04:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Data aplikací\Adobe
[2009.09.09 15:58:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Data aplikací\Ahead
[2009.09.09 15:52:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Data aplikací\BinarySense
[2009.09.10 16:56:37 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Admin\Data aplikací\Brother
[2009.12.13 16:59:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Data aplikací\Canon
[2009.11.11 15:41:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Data aplikací\DivX
[2009.10.16 19:06:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Data aplikací\ESET
[2010.02.09 22:33:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Data aplikací\ICQ
[2009.09.09 12:23:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Data aplikací\Identities
[2009.09.09 12:25:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Data aplikací\InstallShield
[2009.09.10 19:18:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Data aplikací\Macromedia
[2009.10.14 13:41:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Data aplikací\Malwarebytes
[2010.02.13 09:06:16 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Admin\Data aplikací\Microsoft
[2009.09.10 19:01:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Data aplikací\Mozilla
[2010.04.25 10:49:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Data aplikací\Skype
[2010.04.25 09:33:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Data aplikací\skypePM
[2009.09.10 12:20:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Data aplikací\Symantec
[2009.10.28 21:33:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Data aplikací\TuneUp Software
[2010.03.26 22:39:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Data aplikací\VSO
[2009.10.05 22:18:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Data aplikací\WinRAR

< %APPDATA%\*.exe /s >
[2009.09.09 15:52:15 | 000,025,214 | R--- | M] () -- C:\Documents and Settings\Admin\Data aplikací\Microsoft\Installer\{2EDC23E5-29FB-49D0-BF6D-F2D55EA25496}\_0F4BC114588B95640F7F3B.exe
[2009.09.09 15:52:15 | 000,025,214 | R--- | M] () -- C:\Documents and Settings\Admin\Data aplikací\Microsoft\Installer\{2EDC23E5-29FB-49D0-BF6D-F2D55EA25496}\_3822ED5C6A689F7E906806.exe
[2009.09.09 15:52:15 | 000,025,214 | R--- | M] () -- C:\Documents and Settings\Admin\Data aplikací\Microsoft\Installer\{2EDC23E5-29FB-49D0-BF6D-F2D55EA25496}\_6FEFF9B68218417F98F549.exe
[2009.09.09 15:52:15 | 000,062,526 | R--- | M] () -- C:\Documents and Settings\Admin\Data aplikací\Microsoft\Installer\{2EDC23E5-29FB-49D0-BF6D-F2D55EA25496}\_A2BDAD1987E4FB1071BD84.exe
[2009.09.09 15:52:15 | 000,029,926 | R--- | M] () -- C:\Documents and Settings\Admin\Data aplikací\Microsoft\Installer\{2EDC23E5-29FB-49D0-BF6D-F2D55EA25496}\_B3AF483CD1C894FD13F9F6.exe
[2010.02.18 17:19:08 | 000,000,766 | R--- | M] () -- C:\Documents and Settings\Admin\Data aplikací\Microsoft\Installer\{D27BDB5D-3B4C-44F0-A648-BD00B0E79B39}\ARPPRODUCTICON.exe
[2010.02.18 17:19:08 | 000,065,536 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\Admin\Data aplikací\Microsoft\Installer\{D27BDB5D-3B4C-44F0-A648-BD00B0E79B39}\Shortcut0.C3A146F5_4B48_11D5_A819_00B0D0428C0C.exe
[2010.02.18 17:19:09 | 000,040,960 | R--- | M] (Macrovision Corporation) -- C:\Documents and Settings\Admin\Data aplikací\Microsoft\Installer\{D27BDB5D-3B4C-44F0-A648-BD00B0E79B39}\UNINST_Uninstall_VGA_D27BDB5D3B4C44F0A648BD00B0E79B39.exe
[2010.02.18 17:19:08 | 000,040,960 | R--- | M] (Macrovision Corporation) -- C:\Documents and Settings\Admin\Data aplikací\Microsoft\Installer\{D27BDB5D-3B4C-44F0-A648-BD00B0E79B39}\Utility.exe1_D27BDB5D3B4C44F0A648BD00B0E79B39.exe
[2010.02.18 17:19:09 | 000,040,960 | R--- | M] (Macrovision Corporation) -- C:\Documents and Settings\Admin\Data aplikací\Microsoft\Installer\{D27BDB5D-3B4C-44F0-A648-BD00B0E79B39}\Utility.exe2_D27BDB5D3B4C44F0A648BD00B0E79B39.exe
[2010.02.18 17:19:08 | 000,040,960 | R--- | M] (Macrovision Corporation) -- C:\Documents and Settings\Admin\Data aplikací\Microsoft\Installer\{D27BDB5D-3B4C-44F0-A648-BD00B0E79B39}\Utility.exe_D27BDB5D3B4C44F0A648BD00B0E79B39.exe

< MD5 for: AGP440.SYS >
[2008.04.14 14:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2008.04.14 14:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 14:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008.04.14 14:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008.04.14 14:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys

< MD5 for: CRYPTSVC.DLL >
[2008.04.14 14:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\ERDNT\cache\cryptsvc.dll
[2008.04.14 14:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\cryptsvc.dll
[2008.04.14 14:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\dllcache\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2008.04.14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008.04.14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008.04.14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008.04.14 14:00:00 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008.04.14 14:00:00 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 14:00:00 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: HAL.DLL >
[2008.04.14 14:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2008.04.14 14:00:00 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=4329EE7D502C9113EBA0F9570392F5EE -- C:\WINDOWS\system32\hal.dll

< MD5 for: CHANGER.SYS >
[2008.04.14 14:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys

< MD5 for: ISAPNP.SYS >
[2008.04.14 14:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2008.04.14 14:00:00 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\drivers\isapnp.sys

< MD5 for: LSASS.EXE >
[2008.04.14 14:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\ERDNT\cache\lsass.exe
[2008.04.14 14:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\dllcache\lsass.exe
[2008.04.14 14:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\lsass.exe

< MD5 for: NDIS.SYS >
[2008.04.14 14:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ERDNT\cache\ndis.sys
[2008.04.14 14:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\ndis.sys
[2008.04.14 14:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys

< MD5 for: NETLOGON.DLL >
[2008.04.14 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008.04.14 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008.04.14 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: NVATA.SYS >
[2006.10.18 16:31:38 | 000,105,472 | ---- | M] (NVIDIA Corporation) MD5=EF9941593B2E9B436F64A87DDB570D1A -- C:\WINDOWS\system32\drivers\nvata.sys

< MD5 for: SCECLI.DLL >
[2008.04.14 14:00:00 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008.04.14 14:00:00 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008.04.14 14:00:00 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SMSS.EXE >
[2004.08.17 16:49:28 | 000,164,864 | ---- | M] (Microsoft Corporation) MD5=3C100B7FDB179B63829103DF6541337F -- C:\cmdcons\SYSTEM32\SMSS.EXE
[2008.04.14 14:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\dllcache\smss.exe
[2008.04.14 14:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\smss.exe

< MD5 for: SVCHOST.EXE >
[2008.04.14 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008.04.14 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008.04.14 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: TCPIP.SYS >
[2008.04.14 14:00:00 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\ERDNT\cache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.04.14 14:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008.04.14 14:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008.04.14 14:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008.04.14 14:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008.04.14 14:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008.04.14 14:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WS2_32.DLL >
[2008.04.14 14:00:00 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\ERDNT\cache\ws2_32.dll
[2008.04.14 14:00:00 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\dllcache\ws2_32.dll
[2008.04.14 14:00:00 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009.09.09 13:46:38 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009.09.09 13:46:38 | 001,069,056 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009.09.09 13:46:38 | 000,475,136 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2010.04.25 10:49:22 | 001,530,440 | ---- | M] () -- C:\WINDOWS\system32\FNTCACHE.DAT
[2010.04.25 10:49:10 | 000,621,773 | ---- | M] () -- C:\WINDOWS\system32\oodbs.lor
< End of report >

Log Extras v příloze

Ecinazuz · #37 Příspěvek od **Ecinazuz** » 25 dub 2010 12:07

Log:

ComboFix 10-04-21.01 - Admin 25.04.2010 12:55:33.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2047.1402 [GMT 2:00]
Spuštěný z: c:\documents and settings\Admin\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Admin\Plocha\CFScript.txt
AV: ESET Smart Security 4.2 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((( Soubory vytvořené od 2010-03-25 do 2010-04-25 )))))))))))))))))))))))))))))))
.

V tomto časovém úseku nebyly vytvořeny žádné nové soubory.

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-25 08:55 . 2010-04-25 08:55 -------- d-----w- c:\program files\ERUNT
2010-04-25 06:19 . 2009-10-14 11:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-13 23:06 . 2009-09-13 20:21 -------- d-----w- c:\program files\CCleaner
2010-04-07 19:08 . 2010-04-07 19:08 55232 ----a-w- c:\windows\system32\drivers\epfwtdi.sys
2010-04-07 19:08 . 2010-04-07 19:08 32584 ----a-w- c:\windows\system32\drivers\epfwndis.sys
2010-04-07 19:08 . 2010-04-07 19:08 134488 ----a-w- c:\windows\system32\drivers\epfw.sys
2010-04-07 19:07 . 2010-04-07 19:07 114984 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2010-04-07 19:03 . 2010-04-07 19:03 139192 ----a-w- c:\windows\system32\drivers\eamon.sys
2010-03-29 22:46 . 2009-10-14 11:41 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 22:45 . 2009-10-14 11:41 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-28 01:18 . 2008-04-14 12:00 47386 ----a-w- c:\windows\system32\perfc005.dat
2010-03-28 01:18 . 2008-04-14 12:00 313244 ----a-w- c:\windows\system32\perfh005.dat
2010-03-28 01:10 . 2010-03-28 01:10 -------- d-----w- c:\program files\Common Files\Skype
2010-03-10 06:17 . 2008-04-14 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-27 14:45 . 2010-02-27 14:45 -------- d-----w- c:\program files\VSO
2010-02-25 06:18 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2008-04-14 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 19:08 . 2008-04-14 12:00 2148352 ------w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:08 . 2008-04-14 08:06 2026496 ------w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:35 . 2008-04-14 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2008-04-14 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-03-09 26100520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 16380416]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-10 8429568]
"nwiz"="nwiz.exe" [2007-05-10 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-10 81920]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 77824]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2007-05-11 2512392]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-10 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-17 1848648]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-04-07 2145000]

c:\documents and settings\Admin\Nabˇdka Start\Programy\Po spuçtŘnˇ\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
GIGABYTE VGA Utility.lnk - c:\documents and settings\Admin\Data aplikacˇ\Microsoft\Installer\{D27BDB5D-3B4C-44F0-A648-BD00B0E79B39}\Utility.exe2_D27BDB5D3B4C44F0A648BD00B0E79B39.exe [2009-9-9 40960]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2009-9-9 155648]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"BrMfcWnd"=c:\program files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [7.4.2010 21:07 114984]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [7.4.2010 21:07 810120]
S3 TVICHW32;TVICHW32;\??\c:\windows\system32\DRIVERS\TVICHW32.SYS --> c:\windows\system32\DRIVERS\TVICHW32.SYS [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2010-04-25 c:\windows\Tasks\Úklid 1 kliknutím.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 20:36]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
FF - ProfilePath - c:\documents and settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\65rphqj6.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - plugin: c:\windows\system32\C2MP\npdivx32.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-25 13:02
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
"ImagePath"="\"c:\program files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe\"\00xża\02\00\00\00\00ČŞ/\03\00\00™\03pč\13\00\00\00\00\00\01\15\00`Ą0\03˙˙˙˙\18\02\15\00ę\1b€|\08”
[\00\14š\03ú\1b€|\00\00ŮsYM|"

.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,32,da,b0,01,49,af,35,49,82,78,1d,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,32,da,b0,01,49,af,35,49,82,78,1d,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="1D7AB883B73BF6B86D9B3FCEF5020B881715A7FEE16DAFEB42296D5E0B95519E4A14F3FE715559E8B9165BD4C3048B1852D9DC96B4FE6A52289E39F35C052E2C4DC0B71AAC5749978A80B308F0397FA0AA2CBCFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933C038D530D6EB34528EDD5E5BE2F6E6679DB7CE019D40AA5CB2F2C6C7D4B0C8245F61BDCC0CB82FEBBE9FD44F82634DB471F8304B83A9CBDCDAB906DDF9E2C0C2F9AE91E2368F56DA88BCDE117637B9E7F87EE1BAC44ED7B22F7ADE0D9F34F15C1EE1256AFC3D7FB9A7E813CF11C9D5C35124F3C86D743596CD78257C6E4C90FEC8298E3DF49EAE1612DC6D3273509E7712C7E88FCE4AF478895EFED783F2DEF82914BB3828377EC1F6AFBD69B6A822F583AE95AD2C263B8BE737E74E6F9438DFA2986ABA952B9FD1B6E2A92565500373A28024C5BDFDBEC624F32E943842870B4C91AF29ADC5D11EE4D52A1CFE69FA6BA14791FD2FEDCC642D68F36256315117F2BB72ED59746DC5C8D18B86753CD29BE6F23082213747E4A44D30F1373AA8639436EE756FC8DA29E1FEEDA330B26C868A58A600A83C200BE240AE83BBD93716658935AEBF79186C5E6D48330ADBB8F05B2C6DAACA06DFDD703F0E5BB7313B14CD1EA8108BDE3A79A30FE0FC53EB40E6D90BD33906BF24290CAF3F417585058CE7BF01110A78657D4AB9D5C9CDB79C35BBF479E449391C7BA85A0C7F3240F96E83224AAF6467D36A9F2818E631BA0070E94D556DF9E68C276D6C8C671EEC136D2459646A3871D3F3A2F7EAA5A695AAEA045AB2156DDF4DC434F3314C5EBDDD0382DF02489701C814082E69DCCF88F5C059C8AB237262CB2F0B683C040D85FBEA09912C510AA3A8873A2E7E653FFCCC5170A6B5E048CA8705B520446C36BF2324D731BF90088CFB5052C36B1DF97B2EBC83E8159EA21F93A92AD6B3645A879BF24164E9197F0FE233241DC5E5FC352C6AFD66E2AE29089A44122FC9CFEF9E42E1CEB2AEFCD3A690B8334CF5A5B67BF004045A0E66F7CE57BFCC2C9995DE6A8AB93A8AE7575AF1C82EB74937458A4535F7E8E2D72120E5194C6DB60A228471778DF3BE3FC25C3166251E6C1DB14F2E4977B785D5BDA45FC65B399AD5E3B263A2AE1F0236E119CB59F207740A5E4F751079ACA8F19F7DF457A5AC880B502C90BAB8136F9F58424B2230478538C0CAFC80B83B18EAAB1781562674158CDDAD6C80055C84A34EFCDC58BAE624B2D0724CA7B28703D04ED104659A73B891886091C73439A23EF0E4D1A5B3A2BB5C0E718D23A96A7D8AF50222B708BFCFA4D0E7BB7BAB1E0EBDF08622C6FEEA9AE8F8DE9026A2727D5214EDA29634A51A25B8D7CC9813B171470364661146E4F2E118CBC779E961DEB49F53"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(2740)
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
c:\program files\Brother\ControlCenter3\brccMCtl.exe
c:\program files\Skype\Phone\Skype.exe
c:\windows\system32\DVDRAMSV.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\oodag.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\windows\System32\TUProgSt.exe
c:\windows\system32\wdfmgr.exe
c:\program files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Celkový čas: 2010-04-25 13:05:36 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-04-25 11:05

Před spuštěním: Volných bajtů: 151 044 894 720
Po spuštění: Volných bajtů: 150 978 600 960

- - End Of File - - F75F08A7E2F7E4CD602C1E238D33F663

Ecinazuz · #38 Příspěvek od **Ecinazuz** » 25 dub 2010 13:00

uff- OK...
restart proveden- po restratu naběhlo na plochu okno, že proběhlo obnovení souboru-ů v systému...obnovení bylo úspěšné.....

vyzkoušela jsem ty programy co nešly- a jdou

Ještě mi syn stihl odinstalovat starý eset/nešel aktualizovat/ za nový eset smart security4/zatím na 30 dní/- ale aktivní ...a hned mi ohlásil, že mi chybí nějaké poslední aktualizace windows, asi se to smázlo, protože aktualizuju automaticky /?/...

a nyní nový Log z OTL:
v příloze Extras.zip

OTL logfile created on: 25.4.2010 13:44:43 - Run 2
OTL by OldTimer - Version 3.2.2.0 Folder = C:\Documents and Settings\Admin\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 70,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 90,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 155,24 Gb Total Space | 140,61 Gb Free Space | 90,58% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 77,64 Gb Total Space | 37,64 Gb Free Space | 48,48% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-D958691FD9
Current User Name: Admin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 7 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.04.25 10:58:10 | 000,562,688 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Plocha\OTL.exe
PRC - [2010.04.07 21:07:24 | 000,810,120 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2010.04.07 21:07:04 | 002,145,000 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2009.10.28 21:33:14 | 000,603,904 | ---- | M] (TuneUp Software) -- C:\WINDOWS\system32\TUProgSt.exe
PRC - [2008.04.14 14:00:00 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.03.17 18:06:00 | 001,848,648 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2008.01.22 10:35:52 | 000,103,808 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2007.05.11 02:09:48 | 001,050,120 | ---- | M] (O&O Software GmbH) -- C:\WINDOWS\system32\oodag.exe
PRC - [2007.05.11 02:08:54 | 002,512,392 | ---- | M] (O&O Software GmbH) -- C:\WINDOWS\system32\oodtray.exe
PRC - [2007.03.30 13:05:32 | 001,024,512 | ---- | M] () -- C:\Program Files\GIGABYTE\VGA Utility Manager\Utility.exe
PRC - [2007.03.06 19:20:00 | 000,536,576 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
PRC - [2006.11.08 12:36:40 | 000,118,870 | ---- | M] () -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
PRC - [2006.11.08 12:36:38 | 000,274,520 | ---- | M] () -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
PRC - [2003.05.23 06:38:26 | 000,106,496 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe
PRC - [2003.03.14 04:38:12 | 000,155,648 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\RAMASST.exe

========== Modules (SafeList) ==========

MOD - [2010.04.25 10:58:10 | 000,562,688 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Plocha\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2010.04.07 21:10:38 | 000,033,560 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2010.04.07 21:07:24 | 000,810,120 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2009.10.28 21:33:14 | 000,603,904 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
SRV - [2009.10.28 21:33:13 | 000,360,192 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2009.09.10 12:35:45 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008.12.11 14:31:36 | 000,027,904 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2008.01.22 10:35:52 | 000,103,808 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2007.05.11 02:09:48 | 001,050,120 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\WINDOWS\system32\oodag.exe -- (O&O Defrag)
SRV - [2006.11.08 12:36:40 | 000,118,870 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2006.11.08 12:36:38 | 000,274,520 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2003.05.23 06:38:26 | 000,106,496 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)

========== Driver Services (SafeList) ==========

DRV - [2010.04.07 21:08:08 | 000,055,232 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2010.04.07 21:08:06 | 000,032,584 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2010.04.07 21:08:04 | 000,134,488 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2010.04.07 21:07:08 | 000,114,984 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010.04.07 21:03:44 | 000,139,192 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2009.09.09 12:28:18 | 000,015,600 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2008.04.14 14:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007.07.18 13:26:04 | 004,547,584 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007.06.29 14:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2007.05.11 00:03:00 | 006,738,432 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006.11.27 16:33:54 | 000,019,968 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006.11.27 16:33:50 | 000,058,368 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006.10.18 16:31:38 | 000,105,472 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2006.06.18 23:59:28 | 000,043,008 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004.10.15 12:50:20 | 000,015,295 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb)
DRV - [2003.10.24 06:53:14 | 000,090,416 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [1997.12.23 03:02:46 | 000,023,936 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\aspi32.sys -- (Aspi32)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-583907252-162531612-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
IE - HKU\S-1-5-21-583907252-162531612-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-583907252-162531612-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.5
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.14 01:01:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.14 01:01:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010.04.25 09:37:20 | 000,000,000 | ---D | M]

[2009.09.10 19:01:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Data aplikací\Mozilla\Extensions
[2009.09.10 19:01:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\65rphqj6.default\extensions
[2009.12.18 07:51:15 | 000,000,694 | ---- | M] () -- C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\65rphqj6.default\searchplugins\icq-search.xml
[2010.02.19 23:05:21 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\65rphqj6.default\searchplugins\icqplugin-1.xml
[2010.03.11 22:01:21 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\65rphqj6.default\searchplugins\icqplugin-2.xml
[2010.03.23 10:04:16 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\65rphqj6.default\searchplugins\icqplugin-3.xml
[2010.04.14 01:01:53 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\65rphqj6.default\searchplugins\icqplugin-4.xml
[2008.03.31 09:52:00 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\65rphqj6.default\searchplugins\icqplugin.gif
[2008.03.31 09:52:00 | 000,000,618 | ---- | M] () -- C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\65rphqj6.default\searchplugins\icqplugin.src
[2010.01.08 19:55:19 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\65rphqj6.default\searchplugins\icqplugin.xml
[2010.04.21 19:59:38 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009.09.10 19:04:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.03.11 22:01:11 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.03.11 22:01:11 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.03.11 22:01:11 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.03.11 22:01:11 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.03.11 22:01:11 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2010.04.25 12:59:11 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Podpora odkazu pro Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKU\S-1-5-21-583907252-162531612-682003330-1004\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe (O&O Software GmbH)
O4 - Startup: C:\Documents and Settings\Admin\Nabídka Start\Programy\Po spuštění\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Admin\Nabídka Start\Programy\Po spuštění\GIGABYTE VGA Utility.lnk = C:\Documents and Settings\Admin\Data aplikací\Microsoft\Installer\{D27BDB5D-3B4C-44F0-A648-BD00B0E79B39}\Utility.exe2_D27BDB5D3B4C44F0A648BD00B0E79B39.exe (Macrovision Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-583907252-162531612-682003330-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-583907252-162531612-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-583907252-162531612-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-583907252-162531612-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Admin\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Admin\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.09.09 11:59:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (OODBS) - C:\WINDOWS\System32\OODBS.exe (O&O Software GmbH)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = secfile] -- Reg Error: Key error. File not found
O37 - HKU\.DEFAULT\...exe [@ = secfile] -- "C:\Documents and Settings\LocalService\Local Settings\Data aplikací\ave.exe" /START "%1" %* File not found
O37 - HKU\S-1-5-18\...exe [@ = secfile] -- "C:\Documents and Settings\LocalService\Local Settings\Data aplikací\ave.exe" /START "%1" %* File not found
O37 - HKU\S-1-5-21-583907252-162531612-682003330-1004\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009.09.09 13:42:16 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software)
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\AC3ACM.acm (fccHandler)
Drivers32: msacm.ac3filter - C:\WINDOWS\System32\ac3filter.acm ()
Drivers32: msacm.at3 - C:\WINDOWS\System32\atrac3.acm ()
Drivers32: msacm.divxa32 - C:\WINDOWS\System32\DivXa32.acm (Packed With Joy !)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - File not found
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.ffds - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.hfyu - C:\WINDOWS\System32\huffyuv.dll (Disappearing Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.vp60 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.vp61 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.vp62 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.xvid - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (55745656140070912)

========== Files/Folders - Created Within 7 Days ==========

[2010.04.25 13:44:38 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010.04.25 13:43:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Windows Genuine Advantage
[2010.04.25 13:42:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010.04.25 13:05:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010.04.25 12:53:03 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010.04.25 12:53:00 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010.04.25 12:52:58 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010.04.25 12:52:58 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010.04.25 12:51:54 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.04.25 10:57:54 | 000,562,688 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Admin\Plocha\OTL.exe
[2010.04.25 10:55:11 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010.04.24 16:26:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\avG
[2010.04.24 16:03:52 | 000,910,296 | ---- | C] (Mozilla Corporation) -- C:\Documents and Settings\Admin\Plocha\firefox.exe
[2010.04.24 13:35:35 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Admin\Recent
[2010.04.24 13:28:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\avG
[2010.04.24 13:28:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Data aplikací\avG
[2010.04.19 18:34:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Plocha\plány MŠ

========== Files - Modified Within 7 Days ==========

[2010.04.25 13:43:06 | 000,013,720 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.04.25 13:38:48 | 000,000,478 | ---- | M] () -- C:\WINDOWS\tasks\Úklid 1 kliknutím.job
[2010.04.25 13:38:26 | 000,002,545 | ---- | M] () -- C:\Documents and Settings\Admin\Nabídka Start\Programy\Po spuštění\GIGABYTE VGA Utility.lnk
[2010.04.25 13:38:04 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.04.25 13:37:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.04.25 13:37:50 | 000,624,327 | ---- | M] () -- C:\WINDOWS\System32\oodbs.lor
[2010.04.25 13:37:20 | 004,980,736 | ---- | M] () -- C:\Documents and Settings\Admin\NTUSER.DAT
[2010.04.25 12:59:26 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.04.25 12:59:11 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.04.25 12:49:34 | 003,923,062 | R--- | M] () -- C:\Documents and Settings\Admin\Plocha\ComboFix.exe
[2010.04.25 10:58:10 | 000,562,688 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Plocha\OTL.exe
[2010.04.25 10:55:33 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Admin\Nabídka Start\Programy\Po spuštění\ERUNT AutoBackup.lnk
[2010.04.25 10:55:20 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Admin\Plocha\NTREGOPT.lnk
[2010.04.25 10:55:20 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Admin\Plocha\ERUNT.lnk
[2010.04.25 10:49:22 | 001,530,440 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.04.24 21:56:16 | 000,245,902 | ---- | M] () -- C:\Documents and Settings\Admin\Plocha\daft.com
[2010.04.24 21:35:00 | 000,013,166 | -HS- | M] () -- C:\Documents and Settings\All Users\Data aplikací\I6vNTV7g2h23
[2010.04.24 18:19:54 | 000,013,170 | -HS- | M] () -- C:\Documents and Settings\All Users\Data aplikací\3413392581
[2010.04.24 18:19:54 | 000,013,170 | -HS- | M] () -- C:\Documents and Settings\Admin\Local Settings\Data aplikací\3413392581
[2010.04.24 18:18:55 | 000,013,178 | -HS- | M] () -- C:\Documents and Settings\All Users\Data aplikací\1891633005
[2010.04.24 18:18:55 | 000,013,178 | -HS- | M] () -- C:\Documents and Settings\Admin\Local Settings\Data aplikací\1891633005
[2010.04.24 18:16:30 | 000,013,182 | -HS- | M] () -- C:\Documents and Settings\Admin\Local Settings\Data aplikací\I6vNTV7g2h23
[2010.04.24 16:32:39 | 000,002,561 | ---- | M] () -- C:\Documents and Settings\Admin\Plocha\Microsoft Office Word 2003.lnk
[2010.04.24 16:17:49 | 003,923,062 | R--- | M] () -- C:\Documents and Settings\Admin\Plocha\abraka.com
[2010.04.24 16:07:10 | 000,002,517 | ---- | M] () -- C:\Documents and Settings\Admin\Plocha\Microsoft Office Excel 2003.lnk
[2010.04.24 16:03:45 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Documents and Settings\Admin\Plocha\firefox.exe
[2010.04.24 15:15:44 | 000,002,283 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Skype.lnk
[2010.04.24 13:35:27 | 000,000,416 | ---- | M] () -- C:\Documents and Settings\Admin\Dokumenty\cc_20100424_133515.reg
[2010.04.23 20:09:20 | 000,425,984 | ---- | M] () -- C:\Documents and Settings\Admin\Plocha\Část z manuálu do balíčku.doc
[2010.04.21 22:52:25 | 000,000,176 | ---- | M] () -- C:\Documents and Settings\Admin\Dokumenty\cc_20100421_225222.reg
[2010.04.21 17:19:40 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Admin\Plocha\V jedné chaloupce žila koza se svými kůzlátky.doc
[2010.04.21 17:19:26 | 000,047,104 | ---- | M] () -- C:\Documents and Settings\Admin\Plocha\Mustr priprava - Kopie.doc
[2010.04.21 16:39:19 | 000,049,664 | ---- | M] () -- C:\Documents and Settings\Admin\Plocha\Jaro budí zvířátka...a jejich mláďátka...2010.doc
[2010.04.20 23:28:23 | 000,000,626 | ---- | M] () -- C:\Documents and Settings\Admin\Dokumenty\cc_20100420_232820.reg
[2010.04.19 07:20:25 | 000,000,012 | ---- | M] () -- C:\Documents and Settings\Admin\intlname.ols

========== Files Created - No Company Name ==========

[2010.04.25 12:52:59 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010.04.25 12:52:59 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010.04.25 12:52:59 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010.04.25 12:48:43 | 003,923,062 | R--- | C] () -- C:\Documents and Settings\Admin\Plocha\ComboFix.exe
[2010.04.25 10:55:33 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Admin\Nabídka Start\Programy\Po spuštění\ERUNT AutoBackup.lnk
[2010.04.25 10:55:20 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Admin\Plocha\NTREGOPT.lnk
[2010.04.25 10:55:20 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Admin\Plocha\ERUNT.lnk
[2010.04.24 21:56:15 | 000,245,902 | ---- | C] () -- C:\Documents and Settings\Admin\Plocha\daft.com
[2010.04.24 16:32:40 | 000,013,170 | -HS- | C] () -- C:\Documents and Settings\Admin\Local Settings\Data aplikací\3413392581
[2010.04.24 16:32:39 | 000,013,178 | -HS- | C] () -- C:\Documents and Settings\Admin\Local Settings\Data aplikací\1891633005
[2010.04.24 16:32:39 | 000,013,170 | -HS- | C] () -- C:\Documents and Settings\All Users\Data aplikací\3413392581
[2010.04.24 16:22:33 | 000,013,178 | -HS- | C] () -- C:\Documents and Settings\All Users\Data aplikací\1891633005
[2010.04.24 16:20:26 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010.04.24 16:20:23 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010.04.24 16:17:27 | 003,923,062 | R--- | C] () -- C:\Documents and Settings\Admin\Plocha\abraka.com
[2010.04.24 15:00:30 | 000,013,166 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\I6vNTV7g2h23
[2010.04.24 14:47:19 | 000,013,182 | -HS- | C] () -- C:\Documents and Settings\Admin\Local Settings\Data aplikací\I6vNTV7g2h23
[2010.04.24 13:35:17 | 000,000,416 | ---- | C] () -- C:\Documents and Settings\Admin\Dokumenty\cc_20100424_133515.reg
[2010.04.24 13:26:02 | 000,013,166 | -HS- | C] () -- C:\Documents and Settings\All Users\Data aplikací\I6vNTV7g2h23
[2010.04.24 13:25:45 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\NetworkService\Data aplikací\kcmdte.dat
[2010.04.23 20:09:20 | 000,425,984 | ---- | C] () -- C:\Documents and Settings\Admin\Plocha\Část z manuálu do balíčku.doc
[2010.04.21 22:52:23 | 000,000,176 | ---- | C] () -- C:\Documents and Settings\Admin\Dokumenty\cc_20100421_225222.reg
[2010.04.21 17:19:40 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Admin\Plocha\V jedné chaloupce žila koza se svými kůzlátky.doc
[2010.04.21 16:39:18 | 000,049,664 | ---- | C] () -- C:\Documents and Settings\Admin\Plocha\Jaro budí zvířátka...a jejich mláďátka...2010.doc
[2010.04.20 23:28:22 | 000,000,626 | ---- | C] () -- C:\Documents and Settings\Admin\Dokumenty\cc_20100420_232820.reg
[2009.11.20 17:40:06 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2009.11.11 15:41:30 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.10.12 21:03:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\oodcnt.INI
[2009.09.10 16:54:02 | 000,000,416 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009.09.10 16:54:02 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009.09.10 16:53:08 | 000,000,213 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2009.09.10 16:53:08 | 000,000,094 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2009.09.09 15:44:56 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2007.05.11 00:03:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007.05.11 00:03:00 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007.05.11 00:03:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007.05.11 00:03:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007.05.11 00:03:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007.02.26 23:24:20 | 000,220,672 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2007.02.26 23:22:42 | 000,150,528 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2007.02.26 23:22:36 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2007.02.26 23:22:34 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2007.02.26 23:22:30 | 000,141,312 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2007.02.26 23:22:24 | 000,123,392 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2007.02.26 23:22:14 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll
[2007.02.26 23:22:04 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2007.02.26 23:21:46 | 000,099,840 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2007.02.26 23:21:38 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2007.02.26 23:21:38 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2007.02.12 21:21:22 | 003,426,304 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2007.02.12 21:21:22 | 000,741,376 | ---- | C] () -- C:\WINDOWS\System32\audxlib.dll
[2007.02.12 21:21:22 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2007.02.12 21:21:22 | 000,399,872 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2007.02.12 21:21:22 | 000,245,760 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2007.02.12 21:21:22 | 000,225,280 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2007.02.12 21:21:22 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2007.02.12 21:21:22 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2007.02.12 21:21:22 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2007.02.12 21:21:22 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2007.02.12 21:21:22 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2007.02.12 21:21:22 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2007.02.12 21:21:22 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\ff_realaac.dll
[2007.02.12 21:21:22 | 000,079,872 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2007.02.12 21:21:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2007.02.12 21:21:22 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2007.02.12 21:21:22 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2007.02.12 21:21:22 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007.02.12 21:21:22 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2007.01.30 07:03:40 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006.11.01 16:54:30 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006.11.01 16:52:38 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006.07.07 17:51:02 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\FLT_ffdshow.dll
[2006.03.21 21:13:33 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2005.10.14 11:56:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005.10.14 11:56:50 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005.10.14 11:56:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005.10.14 11:56:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005.10.14 11:56:50 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005.10.14 11:56:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2003.04.09 15:38:04 | 000,005,664 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002.05.18 00:18:30 | 000,124,928 | ---- | C] () -- C:\WINDOWS\System32\mp4fil32.dll

========== LOP Check ==========

[2009.09.09 15:52:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Data aplikací\BinarySense
[2009.12.13 16:59:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Data aplikací\Canon
[2009.10.16 19:06:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Data aplikací\ESET
[2010.02.09 22:33:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Data aplikací\ICQ
[2009.10.28 21:33:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Data aplikací\TuneUp Software
[2010.03.26 22:39:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Data aplikací\VSO
[2010.04.24 13:28:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\avG
[2009.11.21 12:19:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\CanonBJ
[2010.03.30 19:30:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\CanonIJ
[2009.11.21 12:23:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\CanonIJMyPrinter
[2010.04.20 19:50:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\CanonIJPLM
[2009.12.13 16:59:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\CanonIJScan
[2009.11.21 12:23:46 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\CanonIJSolutionMenu
[2009.10.16 19:06:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ESET
[2009.09.10 19:04:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ICQ
[2009.09.30 22:29:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\PCSettings
[2009.10.28 21:32:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TuneUp Software
[2009.10.28 21:32:30 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Data aplikací\{55A29068-F2CE-456C-9148-C869879E2357}
[2010.04.25 13:38:48 | 000,000,478 | ---- | M] () -- C:\WINDOWS\Tasks\Úklid 1 kliknutím.job

========== Purity Check ==========

========== Custom Scans ==========

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Skype" = "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized -- [2010.03.09 10:02:14 | 026,100,520 | R--- | M] (Skype Technologies S.A.)
"ctfmon.exe" = C:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 14:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation)
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater]
"" =

< c:\windows\*.* /U >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2009.10.11 12:04:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Data aplikací\Adobe
[2009.09.09 15:58:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Data aplikací\Ahead
[2009.09.09 15:52:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Data aplikací\BinarySense
[2009.09.10 16:56:37 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Admin\Data aplikací\Brother
[2009.12.13 16:59:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Data aplikací\Canon
[2009.11.11 15:41:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Data aplikací\DivX
[2009.10.16 19:06:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Data aplikací\ESET
[2010.02.09 22:33:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Data aplikací\ICQ
[2009.09.09 12:23:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Data aplikací\Identities
[2009.09.09 12:25:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Data aplikací\InstallShield
[2009.09.10 19:18:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Data aplikací\Macromedia
[2009.10.14 13:41:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Data aplikací\Malwarebytes
[2010.02.13 09:06:16 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Admin\Data aplikací\Microsoft
[2009.09.10 19:01:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Data aplikací\Mozilla
[2010.04.25 13:39:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Data aplikací\Skype
[2010.04.25 09:33:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Data aplikací\skypePM
[2009.09.10 12:20:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Data aplikací\Symantec
[2009.10.28 21:33:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Data aplikací\TuneUp Software
[2010.03.26 22:39:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Data aplikací\VSO
[2009.10.05 22:18:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Data aplikací\WinRAR

< %APPDATA%\*.exe /s >
[2009.09.09 15:52:15 | 000,025,214 | R--- | M] () -- C:\Documents and Settings\Admin\Data aplikací\Microsoft\Installer\{2EDC23E5-29FB-49D0-BF6D-F2D55EA25496}\_0F4BC114588B95640F7F3B.exe
[2009.09.09 15:52:15 | 000,025,214 | R--- | M] () -- C:\Documents and Settings\Admin\Data aplikací\Microsoft\Installer\{2EDC23E5-29FB-49D0-BF6D-F2D55EA25496}\_3822ED5C6A689F7E906806.exe
[2009.09.09 15:52:15 | 000,025,214 | R--- | M] () -- C:\Documents and Settings\Admin\Data aplikací\Microsoft\Installer\{2EDC23E5-29FB-49D0-BF6D-F2D55EA25496}\_6FEFF9B68218417F98F549.exe
[2009.09.09 15:52:15 | 000,062,526 | R--- | M] () -- C:\Documents and Settings\Admin\Data aplikací\Microsoft\Installer\{2EDC23E5-29FB-49D0-BF6D-F2D55EA25496}\_A2BDAD1987E4FB1071BD84.exe
[2009.09.09 15:52:15 | 000,029,926 | R--- | M] () -- C:\Documents and Settings\Admin\Data aplikací\Microsoft\Installer\{2EDC23E5-29FB-49D0-BF6D-F2D55EA25496}\_B3AF483CD1C894FD13F9F6.exe
[2010.02.18 17:19:08 | 000,000,766 | R--- | M] () -- C:\Documents and Settings\Admin\Data aplikací\Microsoft\Installer\{D27BDB5D-3B4C-44F0-A648-BD00B0E79B39}\ARPPRODUCTICON.exe
[2010.02.18 17:19:08 | 000,065,536 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\Admin\Data aplikací\Microsoft\Installer\{D27BDB5D-3B4C-44F0-A648-BD00B0E79B39}\Shortcut0.C3A146F5_4B48_11D5_A819_00B0D0428C0C.exe
[2010.02.18 17:19:09 | 000,040,960 | R--- | M] (Macrovision Corporation) -- C:\Documents and Settings\Admin\Data aplikací\Microsoft\Installer\{D27BDB5D-3B4C-44F0-A648-BD00B0E79B39}\UNINST_Uninstall_VGA_D27BDB5D3B4C44F0A648BD00B0E79B39.exe
[2010.02.18 17:19:08 | 000,040,960 | R--- | M] (Macrovision Corporation) -- C:\Documents and Settings\Admin\Data aplikací\Microsoft\Installer\{D27BDB5D-3B4C-44F0-A648-BD00B0E79B39}\Utility.exe1_D27BDB5D3B4C44F0A648BD00B0E79B39.exe
[2010.02.18 17:19:09 | 000,040,960 | R--- | M] (Macrovision Corporation) -- C:\Documents and Settings\Admin\Data aplikací\Microsoft\Installer\{D27BDB5D-3B4C-44F0-A648-BD00B0E79B39}\Utility.exe2_D27BDB5D3B4C44F0A648BD00B0E79B39.exe
[2010.02.18 17:19:08 | 000,040,960 | R--- | M] (Macrovision Corporation) -- C:\Documents and Settings\Admin\Data aplikací\Microsoft\Installer\{D27BDB5D-3B4C-44F0-A648-BD00B0E79B39}\Utility.exe_D27BDB5D3B4C44F0A648BD00B0E79B39.exe

< MD5 for: AGP440.SYS >
[2008.04.14 14:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2008.04.14 14:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 14:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008.04.14 14:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008.04.14 14:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys

< MD5 for: CRYPTSVC.DLL >
[2008.04.14 14:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\ERDNT\cache\cryptsvc.dll
[2008.04.14 14:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\cryptsvc.dll
[2008.04.14 14:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\dllcache\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2008.04.14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008.04.14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008.04.14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008.04.14 14:00:00 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008.04.14 14:00:00 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 14:00:00 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: HAL.DLL >
[2008.04.14 14:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2008.04.14 14:00:00 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=4329EE7D502C9113EBA0F9570392F5EE -- C:\WINDOWS\system32\hal.dll

< MD5 for: CHANGER.SYS >
[2008.04.14 14:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys

< MD5 for: ISAPNP.SYS >
[2008.04.14 14:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2008.04.14 14:00:00 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\drivers\isapnp.sys

< MD5 for: LSASS.EXE >
[2008.04.14 14:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\ERDNT\cache\lsass.exe
[2008.04.14 14:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\dllcache\lsass.exe
[2008.04.14 14:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\lsass.exe

< MD5 for: NDIS.SYS >
[2008.04.14 14:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ERDNT\cache\ndis.sys
[2008.04.14 14:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\ndis.sys
[2008.04.14 14:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys

< MD5 for: NETLOGON.DLL >
[2008.04.14 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008.04.14 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008.04.14 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: NVATA.SYS >
[2006.10.18 16:31:38 | 000,105,472 | ---- | M] (NVIDIA Corporation) MD5=EF9941593B2E9B436F64A87DDB570D1A -- C:\WINDOWS\system32\drivers\nvata.sys

< MD5 for: SCECLI.DLL >
[2008.04.14 14:00:00 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008.04.14 14:00:00 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008.04.14 14:00:00 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SMSS.EXE >
[2004.08.17 16:49:28 | 000,164,864 | ---- | M] (Microsoft Corporation) MD5=3C100B7FDB179B63829103DF6541337F -- C:\cmdcons\SYSTEM32\SMSS.EXE
[2008.04.14 14:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\dllcache\smss.exe
[2008.04.14 14:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\smss.exe

< MD5 for: SVCHOST.EXE >
[2008.04.14 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008.04.14 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008.04.14 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: TCPIP.SYS >
[2008.04.14 14:00:00 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\ERDNT\cache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.04.14 14:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008.04.14 14:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008.04.14 14:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008.04.14 14:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008.04.14 14:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008.04.14 14:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WS2_32.DLL >
[2008.04.14 14:00:00 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\ERDNT\cache\ws2_32.dll
[2008.04.14 14:00:00 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\dllcache\ws2_32.dll
[2008.04.14 14:00:00 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009.09.09 13:46:38 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009.09.09 13:46:38 | 001,069,056 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009.09.09 13:46:38 | 000,475,136 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2010.04.25 10:49:22 | 001,530,440 | ---- | M] () -- C:\WINDOWS\system32\FNTCACHE.DAT
[2010.04.25 13:37:50 | 000,624,327 | ---- | M] () -- C:\WINDOWS\system32\oodbs.lor
[2010.04.25 13:43:06 | 000,013,720 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
< End of report >

Ecinazuz · #39 Příspěvek od **Ecinazuz** » 25 dub 2010 14:07

OK- 1 log:

========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-583907252-162531612-682003330-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\shell\open\command\\|"%1" %* /E : value set successfully!
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
Registry key HKEY_USERS\.DEFAULT\Software\Classes\.exe\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Classes\secfile\ deleted successfully.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
Registry key HKEY_USERS\S-1-5-18\Software\Classes\.exe\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Classes\secfile\ not found.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-583907252-162531612-682003330-1004_Classes\.exe\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-583907252-162531612-682003330-1004_Classes\exefile\ not found.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater\ deleted successfully.

OTL by OldTimer - Version 3.2.2.0 log created on 04252010_150639

2.Log:
OTL logfile created on: 25.4.2010 15:13:40 - Run 3
OTL by OldTimer - Version 3.2.2.0 Folder = C:\Documents and Settings\Admin\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 73,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 91,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 155,24 Gb Total Space | 140,58 Gb Free Space | 90,56% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 77,64 Gb Total Space | 37,64 Gb Free Space | 48,48% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-D958691FD9
Current User Name: Admin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 7 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.04.25 10:58:10 | 000,562,688 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Plocha\OTL.exe
PRC - [2010.04.07 21:07:24 | 000,810,120 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2010.04.07 21:07:04 | 002,145,000 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2009.10.28 21:33:14 | 000,603,904 | ---- | M] (TuneUp Software) -- C:\WINDOWS\system32\TUProgSt.exe
PRC - [2008.04.14 14:00:00 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.03.17 18:06:00 | 001,848,648 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2008.01.22 10:35:52 | 000,103,808 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2007.05.11 02:09:48 | 001,050,120 | ---- | M] (O&O Software GmbH) -- C:\WINDOWS\system32\oodag.exe
PRC - [2007.05.11 02:08:54 | 002,512,392 | ---- | M] (O&O Software GmbH) -- C:\WINDOWS\system32\oodtray.exe
PRC - [2007.03.30 13:05:32 | 001,024,512 | ---- | M] () -- C:\Program Files\GIGABYTE\VGA Utility Manager\Utility.exe
PRC - [2007.03.06 19:20:00 | 000,536,576 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
PRC - [2006.11.08 12:36:40 | 000,118,870 | ---- | M] () -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
PRC - [2006.11.08 12:36:38 | 000,274,520 | ---- | M] () -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
PRC - [2003.05.23 06:38:26 | 000,106,496 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe
PRC - [2003.03.14 04:38:12 | 000,155,648 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\RAMASST.exe

========== Modules (SafeList) ==========

MOD - [2010.04.25 10:58:10 | 000,562,688 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Plocha\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2010.04.07 21:10:38 | 000,033,560 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2010.04.07 21:07:24 | 000,810,120 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2009.10.28 21:33:14 | 000,603,904 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
SRV - [2009.10.28 21:33:13 | 000,360,192 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2009.09.10 12:35:45 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008.12.11 14:31:36 | 000,027,904 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2008.01.22 10:35:52 | 000,103,808 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2007.05.11 02:09:48 | 001,050,120 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\WINDOWS\system32\oodag.exe -- (O&O Defrag)
SRV - [2006.11.08 12:36:40 | 000,118,870 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2006.11.08 12:36:38 | 000,274,520 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2003.05.23 06:38:26 | 000,106,496 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)

========== Driver Services (SafeList) ==========

DRV - [2010.04.07 21:08:08 | 000,055,232 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2010.04.07 21:08:06 | 000,032,584 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2010.04.07 21:08:04 | 000,134,488 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2010.04.07 21:07:08 | 000,114,984 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010.04.07 21:03:44 | 000,139,192 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2009.09.09 12:28:18 | 000,015,600 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2008.04.14 14:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007.07.18 13:26:04 | 004,547,584 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007.06.29 14:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2007.05.11 00:03:00 | 006,738,432 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006.11.27 16:33:54 | 000,019,968 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006.11.27 16:33:50 | 000,058,368 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006.10.18 16:31:38 | 000,105,472 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2006.06.18 23:59:28 | 000,043,008 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004.10.15 12:50:20 | 000,015,295 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb)
DRV - [2003.10.24 06:53:14 | 000,090,416 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [1997.12.23 03:02:46 | 000,023,936 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\aspi32.sys -- (Aspi32)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-583907252-162531612-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
IE - HKU\S-1-5-21-583907252-162531612-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-583907252-162531612-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.5
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.14 01:01:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.14 01:01:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010.04.25 09:37:20 | 000,000,000 | ---D | M]

[2009.09.10 19:01:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Data aplikací\Mozilla\Extensions
[2009.09.10 19:01:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\65rphqj6.default\extensions
[2009.12.18 07:51:15 | 000,000,694 | ---- | M] () -- C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\65rphqj6.default\searchplugins\icq-search.xml
[2010.02.19 23:05:21 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\65rphqj6.default\searchplugins\icqplugin-1.xml
[2010.03.11 22:01:21 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\65rphqj6.default\searchplugins\icqplugin-2.xml
[2010.03.23 10:04:16 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\65rphqj6.default\searchplugins\icqplugin-3.xml
[2010.04.14 01:01:53 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\65rphqj6.default\searchplugins\icqplugin-4.xml
[2008.03.31 09:52:00 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\65rphqj6.default\searchplugins\icqplugin.gif
[2008.03.31 09:52:00 | 000,000,618 | ---- | M] () -- C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\65rphqj6.default\searchplugins\icqplugin.src
[2010.01.08 19:55:19 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\65rphqj6.default\searchplugins\icqplugin.xml
[2010.04.21 19:59:38 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009.09.10 19:04:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.03.11 22:01:11 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.03.11 22:01:11 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.03.11 22:01:11 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.03.11 22:01:11 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.03.11 22:01:11 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2010.04.25 12:59:11 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Podpora odkazu pro Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe (O&O Software GmbH)
O4 - Startup: C:\Documents and Settings\Admin\Nabídka Start\Programy\Po spuštění\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Admin\Nabídka Start\Programy\Po spuštění\GIGABYTE VGA Utility.lnk = C:\Documents and Settings\Admin\Data aplikací\Microsoft\Installer\{D27BDB5D-3B4C-44F0-A648-BD00B0E79B39}\Utility.exe2_D27BDB5D3B4C44F0A648BD00B0E79B39.exe (Macrovision Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-583907252-162531612-682003330-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-583907252-162531612-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-583907252-162531612-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-583907252-162531612-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Admin\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Admin\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.09.09 11:59:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (OODBS) - C:\WINDOWS\System32\OODBS.exe (O&O Software GmbH)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 7 Days ==========

[2010.04.25 15:06:39 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.04.25 13:44:38 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010.04.25 13:43:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Windows Genuine Advantage
[2010.04.25 13:05:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010.04.25 12:53:03 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010.04.25 12:53:00 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010.04.25 12:52:58 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010.04.25 12:52:58 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010.04.25 12:51:54 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.04.25 10:57:54 | 000,562,688 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Admin\Plocha\OTL.exe
[2010.04.25 10:55:11 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010.04.24 16:26:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\avG
[2010.04.24 16:03:52 | 000,910,296 | ---- | C] (Mozilla Corporation) -- C:\Documents and Settings\Admin\Plocha\firefox.exe
[2010.04.24 13:35:35 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Admin\Recent
[2010.04.24 13:28:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\avG
[2010.04.24 13:28:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Data aplikací\avG
[2010.04.19 18:34:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Plocha\plány MŠ

========== Files - Modified Within 7 Days ==========

[2010.04.25 15:12:36 | 000,000,478 | ---- | M] () -- C:\WINDOWS\tasks\Úklid 1 kliknutím.job
[2010.04.25 15:10:49 | 000,002,545 | ---- | M] () -- C:\Documents and Settings\Admin\Nabídka Start\Programy\Po spuštění\GIGABYTE VGA Utility.lnk
[2010.04.25 15:10:46 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.04.25 15:10:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.04.25 15:10:41 | 000,626,881 | ---- | M] () -- C:\WINDOWS\System32\oodbs.lor
[2010.04.25 15:08:16 | 004,980,736 | ---- | M] () -- C:\Documents and Settings\Admin\NTUSER.DAT
[2010.04.25 13:56:15 | 000,002,517 | ---- | M] () -- C:\Documents and Settings\Admin\Plocha\Microsoft Office Excel 2003.lnk
[2010.04.25 13:56:12 | 000,002,561 | ---- | M] () -- C:\Documents and Settings\Admin\Plocha\Microsoft Office Word 2003.lnk
[2010.04.25 13:43:06 | 000,013,720 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.04.25 12:59:26 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.04.25 12:59:11 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.04.25 12:49:34 | 003,923,062 | R--- | M] () -- C:\Documents and Settings\Admin\Plocha\ComboFix.exe
[2010.04.25 10:58:10 | 000,562,688 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Plocha\OTL.exe
[2010.04.25 10:55:33 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Admin\Nabídka Start\Programy\Po spuštění\ERUNT AutoBackup.lnk
[2010.04.25 10:55:20 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Admin\Plocha\NTREGOPT.lnk
[2010.04.25 10:55:20 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Admin\Plocha\ERUNT.lnk
[2010.04.25 10:49:22 | 001,530,440 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.04.24 21:56:16 | 000,245,902 | ---- | M] () -- C:\Documents and Settings\Admin\Plocha\daft.com
[2010.04.24 21:35:00 | 000,013,166 | -HS- | M] () -- C:\Documents and Settings\All Users\Data aplikací\I6vNTV7g2h23
[2010.04.24 18:19:54 | 000,013,170 | -HS- | M] () -- C:\Documents and Settings\All Users\Data aplikací\3413392581
[2010.04.24 18:19:54 | 000,013,170 | -HS- | M] () -- C:\Documents and Settings\Admin\Local Settings\Data aplikací\3413392581
[2010.04.24 18:18:55 | 000,013,178 | -HS- | M] () -- C:\Documents and Settings\All Users\Data aplikací\1891633005
[2010.04.24 18:18:55 | 000,013,178 | -HS- | M] () -- C:\Documents and Settings\Admin\Local Settings\Data aplikací\1891633005
[2010.04.24 18:16:30 | 000,013,182 | -HS- | M] () -- C:\Documents and Settings\Admin\Local Settings\Data aplikací\I6vNTV7g2h23
[2010.04.24 16:17:49 | 003,923,062 | R--- | M] () -- C:\Documents and Settings\Admin\Plocha\abraka.com
[2010.04.24 16:03:45 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Documents and Settings\Admin\Plocha\firefox.exe
[2010.04.24 15:15:44 | 000,002,283 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Skype.lnk
[2010.04.24 13:35:27 | 000,000,416 | ---- | M] () -- C:\Documents and Settings\Admin\Dokumenty\cc_20100424_133515.reg
[2010.04.23 20:09:20 | 000,425,984 | ---- | M] () -- C:\Documents and Settings\Admin\Plocha\Část z manuálu do balíčku.doc
[2010.04.21 22:52:25 | 000,000,176 | ---- | M] () -- C:\Documents and Settings\Admin\Dokumenty\cc_20100421_225222.reg
[2010.04.21 17:19:40 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Admin\Plocha\V jedné chaloupce žila koza se svými kůzlátky.doc
[2010.04.21 17:19:26 | 000,047,104 | ---- | M] () -- C:\Documents and Settings\Admin\Plocha\Mustr priprava - Kopie.doc
[2010.04.21 16:39:19 | 000,049,664 | ---- | M] () -- C:\Documents and Settings\Admin\Plocha\Jaro budí zvířátka...a jejich mláďátka...2010.doc
[2010.04.20 23:28:23 | 000,000,626 | ---- | M] () -- C:\Documents and Settings\Admin\Dokumenty\cc_20100420_232820.reg
[2010.04.19 07:20:25 | 000,000,012 | ---- | M] () -- C:\Documents and Settings\Admin\intlname.ols

========== Files Created - No Company Name ==========

[2010.04.25 12:52:59 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010.04.25 12:52:59 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010.04.25 12:52:59 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010.04.25 12:48:43 | 003,923,062 | R--- | C] () -- C:\Documents and Settings\Admin\Plocha\ComboFix.exe
[2010.04.25 10:55:33 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Admin\Nabídka Start\Programy\Po spuštění\ERUNT AutoBackup.lnk
[2010.04.25 10:55:20 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Admin\Plocha\NTREGOPT.lnk
[2010.04.25 10:55:20 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Admin\Plocha\ERUNT.lnk
[2010.04.24 21:56:15 | 000,245,902 | ---- | C] () -- C:\Documents and Settings\Admin\Plocha\daft.com
[2010.04.24 16:32:40 | 000,013,170 | -HS- | C] () -- C:\Documents and Settings\Admin\Local Settings\Data aplikací\3413392581
[2010.04.24 16:32:39 | 000,013,178 | -HS- | C] () -- C:\Documents and Settings\Admin\Local Settings\Data aplikací\1891633005
[2010.04.24 16:32:39 | 000,013,170 | -HS- | C] () -- C:\Documents and Settings\All Users\Data aplikací\3413392581
[2010.04.24 16:22:33 | 000,013,178 | -HS- | C] () -- C:\Documents and Settings\All Users\Data aplikací\1891633005
[2010.04.24 16:20:26 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010.04.24 16:20:23 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010.04.24 16:17:27 | 003,923,062 | R--- | C] () -- C:\Documents and Settings\Admin\Plocha\abraka.com
[2010.04.24 15:00:30 | 000,013,166 | -HS- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\I6vNTV7g2h23
[2010.04.24 14:47:19 | 000,013,182 | -HS- | C] () -- C:\Documents and Settings\Admin\Local Settings\Data aplikací\I6vNTV7g2h23
[2010.04.24 13:35:17 | 000,000,416 | ---- | C] () -- C:\Documents and Settings\Admin\Dokumenty\cc_20100424_133515.reg
[2010.04.24 13:26:02 | 000,013,166 | -HS- | C] () -- C:\Documents and Settings\All Users\Data aplikací\I6vNTV7g2h23
[2010.04.24 13:25:45 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\NetworkService\Data aplikací\kcmdte.dat
[2010.04.23 20:09:20 | 000,425,984 | ---- | C] () -- C:\Documents and Settings\Admin\Plocha\Část z manuálu do balíčku.doc
[2010.04.21 22:52:23 | 000,000,176 | ---- | C] () -- C:\Documents and Settings\Admin\Dokumenty\cc_20100421_225222.reg
[2010.04.21 17:19:40 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Admin\Plocha\V jedné chaloupce žila koza se svými kůzlátky.doc
[2010.04.21 16:39:18 | 000,049,664 | ---- | C] () -- C:\Documents and Settings\Admin\Plocha\Jaro budí zvířátka...a jejich mláďátka...2010.doc
[2010.04.20 23:28:22 | 000,000,626 | ---- | C] () -- C:\Documents and Settings\Admin\Dokumenty\cc_20100420_232820.reg
[2009.11.20 17:40:06 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2009.11.11 15:41:30 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.10.12 21:03:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\oodcnt.INI
[2009.09.10 16:54:02 | 000,000,416 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009.09.10 16:54:02 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009.09.10 16:53:08 | 000,000,213 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2009.09.10 16:53:08 | 000,000,094 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2009.09.09 15:44:56 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2007.05.11 00:03:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007.05.11 00:03:00 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007.05.11 00:03:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007.05.11 00:03:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007.05.11 00:03:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007.02.26 23:24:20 | 000,220,672 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2007.02.26 23:22:42 | 000,150,528 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2007.02.26 23:22:36 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2007.02.26 23:22:34 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2007.02.26 23:22:30 | 000,141,312 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2007.02.26 23:22:24 | 000,123,392 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2007.02.26 23:22:14 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll
[2007.02.26 23:22:04 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2007.02.26 23:21:46 | 000,099,840 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2007.02.26 23:21:38 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2007.02.26 23:21:38 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2007.02.12 21:21:22 | 003,426,304 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2007.02.12 21:21:22 | 000,741,376 | ---- | C] () -- C:\WINDOWS\System32\audxlib.dll
[2007.02.12 21:21:22 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2007.02.12 21:21:22 | 000,399,872 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2007.02.12 21:21:22 | 000,245,760 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2007.02.12 21:21:22 | 000,225,280 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2007.02.12 21:21:22 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2007.02.12 21:21:22 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2007.02.12 21:21:22 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2007.02.12 21:21:22 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2007.02.12 21:21:22 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2007.02.12 21:21:22 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2007.02.12 21:21:22 | 000,097,280 | ---- | C] () -- C:\WINDOWS\System32\ff_realaac.dll
[2007.02.12 21:21:22 | 000,079,872 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2007.02.12 21:21:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2007.02.12 21:21:22 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2007.02.12 21:21:22 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2007.02.12 21:21:22 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007.02.12 21:21:22 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2007.01.30 07:03:40 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006.11.01 16:54:30 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006.11.01 16:52:38 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006.07.07 17:51:02 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\FLT_ffdshow.dll
[2006.03.21 21:13:33 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2005.10.14 11:56:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005.10.14 11:56:50 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005.10.14 11:56:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005.10.14 11:56:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005.10.14 11:56:50 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005.10.14 11:56:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2003.04.09 15:38:04 | 000,005,664 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002.05.18 00:18:30 | 000,124,928 | ---- | C] () -- C:\WINDOWS\System32\mp4fil32.dll

========== LOP Check ==========

[2009.09.09 15:52:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Data aplikací\BinarySense
[2009.12.13 16:59:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Data aplikací\Canon
[2009.10.16 19:06:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Data aplikací\ESET
[2010.02.09 22:33:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Data aplikací\ICQ
[2009.10.28 21:33:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Data aplikací\TuneUp Software
[2010.03.26 22:39:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Data aplikací\VSO
[2010.04.24 13:28:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\avG
[2009.11.21 12:19:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\CanonBJ
[2010.03.30 19:30:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\CanonIJ
[2009.11.21 12:23:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\CanonIJMyPrinter
[2010.04.20 19:50:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\CanonIJPLM
[2009.12.13 16:59:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\CanonIJScan
[2009.11.21 12:23:46 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\CanonIJSolutionMenu
[2009.10.16 19:06:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ESET
[2009.09.10 19:04:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ICQ
[2009.09.30 22:29:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\PCSettings
[2009.10.28 21:32:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TuneUp Software
[2009.10.28 21:32:30 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Data aplikací\{55A29068-F2CE-456C-9148-C869879E2357}
[2010.04.25 15:12:36 | 000,000,478 | ---- | M] () -- C:\WINDOWS\Tasks\Úklid 1 kliknutím.job

========== Purity Check ==========

< End of report >

Ecinazuz · #40 Příspěvek od **Ecinazuz** » 25 dub 2010 14:17

extras log:

OTL Extras logfile created on: 25.4.2010 15:13:40 - Run 3
OTL by OldTimer - Version 3.2.2.0 Folder = C:\Documents and Settings\Admin\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 73,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 91,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 155,24 Gb Total Space | 140,58 Gb Free Space | 90,56% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 77,64 Gb Total Space | 37,64 Gb Free Space | 48,48% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-D958691FD9
Current User Name: Admin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 7 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-583907252-162531612-682003330-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\ICQ6.5\ICQ.exe" = C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0901FCE8-5415-4499-BBC8-1AA106DD66E2}" = Adobe Setup
"{10C86109-65BB-4E22-990A-110DC70DE29C}" = ESET Smart Security
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP630_series" = Canon MP630 series MP Drivers
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = PowerCinema
"{293D5729-7C01-4FA4-A4DE-BB6A1587BBB9}" = PDF Settings
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2EDC23E5-29FB-49D0-BF6D-F2D55EA25496}" = HDDlife
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3EE51BAD-9916-49C7-90BA-3D500B031E0C}_is1" = VSO Image Resizer 3.0.1.72
"{5178C1BB-1EB1-4468-894B-7DE964DDCAA2}" = Adobe Photoshop CS3
"{53480330-E1D1-41CA-B8F8-7F78644F7F50}" = O&O Defrag Professional Edition
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{6179A7D2-A668-4F1D-BC9A-DCC6A10C7871}" = Adobe Color NA Extra Settings
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6D12B99F-EAAA-49D8-8E2F-74FA7459CCB2}" = Adobe Asset Services CS3
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90110405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91C0B95B-B83A-4828-A775-BBE2DD421029}" = Nero 7 Premium
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}" = DVD-RAM Driver
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}" = Brother MFL-Pro Suite
"{AC76BA86-7AD7-1029-7B44-A81200000003}" = Adobe Reader 8 - Czech
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BD087F50-46B2-43E4-BD73-5DB3DC20B47C}" = Adobe Color EU Recommended Settings
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D27BDB5D-3B4C-44F0-A648-BD00B0E79B39}" = VGA Utility
"{D92B72E2-C854-4738-8ED6-4C3661CC17AE}" = Adobe Color JA Extra Settings
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF3D660E-E5CC-47FD-8050-1B4DE3BA81A9}" = Dual-Core Optimizer
"3FA1705966809259F916AF817C59B4F389F4572C" = Balíček ovladače systému Windows - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"AC3Filter" = AC3Filter (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_4977c84bcdc298c444ccfbdcccb660d" = Adobe Photoshop CS3
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"CANONIJPLM100" = Inkjet Printer/Scanner Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"Cole2k Media - Codec Pack" = Cole2k Media - Codec Pack (Advanced) 6.0.9
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0
"DVD Shrink_is1" = DVD Shrink 3.2
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ERUNT_is1" = ERUNT 1.1j
"Foxit PDF Editor" = Foxit PDF Editor
"HD Tune_is1" = HD Tune 2.50
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"MV2Player" = MV2Player (remove only)
"NOD32 v3.x FiX 1.1 by TemDono_is1" = NOD32 v3.x FiX 1.1 by TemDono (Free Updates - Expire in 2050)
"NVIDIA Drivers" = NVIDIA Drivers
"Registrace uživatele zařízení Canon MP630 series" = Registrace uživatele zařízení Canon MP630 series
"Windows Media Format Runtime" = Windows Media Format Runtime
"WinRAR archiver" = WinRAR

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 24.4.2010 16:36:25 | Computer Name = HOME-D958691FD9 | Source = PerfNet | ID = 2004
Description = Nelze otevřít službu serveru. Data o výkonu serveru nejsou k dispozici.
Vrácený chybový kód je v datech DWORD 0.

Error - 24.4.2010 16:59:33 | Computer Name = HOME-D958691FD9 | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace gmer.exe, verze 1.0.15.15281, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 25.4.2010 1:50:17 | Computer Name = HOME-D958691FD9 | Source = PerfNet | ID = 2004
Description = Nelze otevřít službu serveru. Data o výkonu serveru nejsou k dispozici.
Vrácený chybový kód je v datech DWORD 0.

Error - 25.4.2010 3:30:28 | Computer Name = HOME-D958691FD9 | Source = crypt32 | ID = 131080
Description = Načtení automatické aktualizace pořadového čísla kořenového seznamu
jiného výrobce z: <http://www.download.windowsupdate.com/m ... ootseq.txt>
se nezdařilo. Chyba: A connection with the server could not be established

Error - 25.4.2010 3:30:29 | Computer Name = HOME-D958691FD9 | Source = crypt32 | ID = 131080
Description = Načtení automatické aktualizace pořadového čísla kořenového seznamu
jiného výrobce z: <http://www.download.windowsupdate.com/m ... ootseq.txt>
se nezdařilo. Chyba: Takové síťové připojení neexistuje.

Error - 25.4.2010 3:33:51 | Computer Name = HOME-D958691FD9 | Source = PerfNet | ID = 2004
Description = Nelze otevřít službu serveru. Data o výkonu serveru nejsou k dispozici.
Vrácený chybový kód je v datech DWORD 0.

Error - 25.4.2010 7:01:15 | Computer Name = HOME-D958691FD9 | Source = ESENT | ID = 490
Description = wuauclt (1740) Pokus o otevření souboru C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.chk
pro čtení nebo zápis se nezdařil. Došlo k systémové chybě 32 (0x00000020): Proces
nemá přístup k souboru, neboť jej právě využívá jiný proces. . Operace otevření
souboru se nezdaří a dojde k chybě -1032 (0xfffffbf8).

Error - 25.4.2010 7:01:15 | Computer Name = HOME-D958691FD9 | Source = ESENT | ID = 439
Description = wuauclt (1740) Pro soubor C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.chk
nelze zapsat stínové záhlaví. Chyba -1032

Error - 25.4.2010 9:09:10 | Computer Name = HOME-D958691FD9 | Source = PerfNet | ID = 2004
Description = Nelze otevřít službu serveru. Data o výkonu serveru nejsou k dispozici.
Vrácený chybový kód je v datech DWORD 0.

Error - 25.4.2010 9:10:54 | Computer Name = HOME-D958691FD9 | Source = PerfNet | ID = 2004
Description = Nelze otevřít službu serveru. Data o výkonu serveru nejsou k dispozici.
Vrácený chybový kód je v datech DWORD 0.

[ System Events ]
Error - 25.4.2010 7:01:17 | Computer Name = HOME-D958691FD9 | Source = Disk | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\Harddisk0\D.

Error - 25.4.2010 7:02:35 | Computer Name = HOME-D958691FD9 | Source = Disk | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\Harddisk0\D.

Error - 25.4.2010 7:02:35 | Computer Name = HOME-D958691FD9 | Source = Disk | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\Harddisk0\D.

Error - 25.4.2010 7:38:43 | Computer Name = HOME-D958691FD9 | Source = Disk | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\Harddisk0\D.

Error - 25.4.2010 7:38:43 | Computer Name = HOME-D958691FD9 | Source = Disk | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\Harddisk0\D.

Error - 25.4.2010 7:38:47 | Computer Name = HOME-D958691FD9 | Source = Service Control Manager | ID = 7000
Description = Služba TVICHW32 neuspěla při spuštění v důsledku následující chyby:
%%2

Error - 25.4.2010 7:38:47 | Computer Name = HOME-D958691FD9 | Source = Service Control Manager | ID = 7000
Description = Služba TVICHW32 neuspěla při spuštění v důsledku následující chyby:
%%2

Error - 25.4.2010 9:11:01 | Computer Name = HOME-D958691FD9 | Source = Disk | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\Harddisk0\D.

Error - 25.4.2010 9:12:35 | Computer Name = HOME-D958691FD9 | Source = Service Control Manager | ID = 7000
Description = Služba TVICHW32 neuspěla při spuštění v důsledku následující chyby:
%%2

Error - 25.4.2010 9:12:39 | Computer Name = HOME-D958691FD9 | Source = Service Control Manager | ID = 7000
Description = Služba TVICHW32 neuspěla při spuštění v důsledku následující chyby:
%%2

[ TuneUp Events ]
Error - 14.1.2010 17:39:21 | Computer Name = HOME-D958691FD9 | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-01-14 22:39:21', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','2128',0)

Error - 31.1.2010 12:07:45 | Computer Name = HOME-D958691FD9 | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-01-31 17:07:45', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','2280',0)

Error - 8.2.2010 14:29:43 | Computer Name = HOME-D958691FD9 | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-02-08 19:29:43', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','2140',0)

Error - 8.2.2010 14:29:48 | Computer Name = HOME-D958691FD9 | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-02-08 19:29:48', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','1496',0)

Error - 8.2.2010 14:30:13 | Computer Name = HOME-D958691FD9 | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-02-08 19:30:13', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','1140',0)

Error - 16.3.2010 9:16:12 | Computer Name = HOME-D958691FD9 | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-03-16 14:16:12', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','2920',0)

Error - 29.3.2010 15:50:35 | Computer Name = HOME-D958691FD9 | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-03-29 21:50:35', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','2408',0)

Error - 24.4.2010 15:00:20 | Computer Name = HOME-D958691FD9 | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-04-24 21:00:20', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','2416',0)

Error - 25.4.2010 2:13:58 | Computer Name = HOME-D958691FD9 | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-04-25 08:13:58', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','3748',0)

Error - 25.4.2010 2:14:48 | Computer Name = HOME-D958691FD9 | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-04-25 08:14:48', '\device\harddiskvolume1\documents
and settings\all users\data aplikací\malwarebytes\malwarebytes' anti-malware\mbam-setup.exe','3656',0)

< End of report >

Ecinazuz · #41 Příspěvek od **Ecinazuz** » 25 dub 2010 14:27

http://www.virustotal.com/cs/analisis/b ... 1272201834

Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.50 2010.04.25 -
AhnLab-V3 5.0.0.2 2010.04.24 -
AntiVir 8.2.1.224 2010.04.23 -
Antiy-AVL 2.0.3.7 2010.04.23 -
Authentium 5.2.0.5 2010.04.25 -
Avast 4.8.1351.0 2010.04.25 -
Avast5 5.0.332.0 2010.04.25 -
AVG 9.0.0.787 2010.04.25 -
BitDefender 7.2 2010.04.25 -
CAT-QuickHeal 10.00 2010.04.23 -
ClamAV 0.96.0.3-git 2010.04.25 -
Comodo 4678 2010.04.25 -
DrWeb 5.0.2.03300 2010.04.25 -
eSafe 7.0.17.0 2010.04.22 -
eTrust-Vet 35.2.7448 2010.04.24 -
F-Prot 4.5.1.85 2010.04.25 -
F-Secure 9.0.15370.0 2010.04.25 -
Fortinet 4.0.14.0 2010.04.25 -
GData 21 2010.04.25 -
Ikarus T3.1.1.80.0 2010.04.25 -
Jiangmin 13.0.900 2010.04.25 -
Kaspersky 7.0.0.125 2010.04.25 -
McAfee 5.400.0.1158 2010.04.25 -
McAfee-GW-Edition 6.8.5 2010.04.23 -
Microsoft 1.5703 2010.04.25 -
NOD32 5058 2010.04.25 -
Norman 6.04.11 2010.04.25 -
nProtect 2010-04-25.01 2010.04.25 -
Panda 10.0.2.7 2010.04.24 -
PCTools 7.0.3.5 2010.04.25 -
Rising 22.44.06.04 2010.04.25 -
Sophos 4.53.0 2010.04.25 -
Sunbelt 6218 2010.04.25 -
Symantec 20091.2.0.41 2010.04.25 -
TheHacker 6.5.2.0.268 2010.04.25 -
TrendMicro 9.120.0.1004 2010.04.25 -
TrendMicro-HouseCall 9.120.0.1004 2010.04.25 -
VBA32 3.12.12.4 2010.04.23 -
ViRobot 2010.4.24.2293 2010.04.25 -
VirusBuster 5.0.27.0 2010.04.24 -
Rozšiřující informace
File size: 62976 bytes
MD5...: 1f4260cc5b42272d71f79e570a27a4fe
SHA1..: a80d103eecfe831b93c01f092abcddae90bccd6f
SHA256: b51c2a3ed3c309953d0ea45869c8e464c10f2533dade9e0286af674979098d1d
ssdeep: 1536:WxY6E/OU1rQzm/P174HlqV17EjmwzYVmcsdR:Wj/U1rQ6F74HQV7YYVmcsd
R
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0xd7f2
timedatestamp.....: 0x480253ad (Sun Apr 13 18:40:45 2008)
machinetype.......: 0x14c (I386)

( 11 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x380 0xb336 0xb380 6.47 5a32f306185e1a4ad2cd99f78fd68f95
.rdata 0xb700 0x7ca 0x800 4.59 b065c91fa7f5b699dfa951ee12c50867
.data 0xbf00 0x50 0x80 2.98 3af530f8b58513e653816241f3fd659b
PAGE 0xbf80 0x101b 0x1080 6.05 3a567203d8c32be151bb69e1e2d2b354
PAGEHIT2 0xd000 0x65 0x80 4.39 52e50ac51e6ac2a003e6f84d722e794d
PAGEHITA 0xd080 0x196 0x200 5.48 9e26e56d44e1e2d1516ae69518e050c9
PAGETOSH 0xd280 0x218 0x280 5.60 15796fdd18f07fbca32fce140b5edff7
PAGE 0xd500 0x110 0x180 1.81 b9ffcbab85ed2ab7cfe06001fcc62b34
INIT 0xd680 0xcde 0xd00 5.64 281ca5d003b86f3af422b4ab89db87e2
.rsrc 0xe380 0x3d8 0x400 3.32 7e2d33ab3e6191db9c89c25eb49d0126
.reloc 0xe780 0xe40 0xe80 6.59 52696ee940c55b8f96b1d57bd654d493

( 3 imports )
> ntoskrnl.exe: IoSetHardErrorOrVerifyDevice, _allshr, MmLockPagableDataSection, KeDelayExecutionThread, _allmul, IoSetDeviceInterfaceState, IoRegisterDeviceInterface, RtlGetVersion, KeInitializeSpinLock, MmUnlockPagableImageSection, RtlFreeUnicodeString, IoSetStartIoAttributes, strchr, memmove, _allshl, IoFreeWorkItem, IoReportTargetDeviceChangeAsynchronous, KeReleaseMutex, _aullshr, KeTickCount, ZwCreateKey, KeBugCheckEx, IoGetAttachedDeviceReference, ObfDereferenceObject, IoGetDriverObjectExtension, sprintf, IoAttachDeviceToDeviceStack, IoDeleteDevice, KeInitializeMutex, KeSetEvent, KeClearEvent, IoReuseIrp, KeInitializeEvent, IofCompleteRequest, KeEnterCriticalRegion, KeWaitForSingleObject, KeLeaveCriticalRegion, IoStartPacket, IoAllocateWorkItem, IoQueueWorkItem, RtlWriteRegistryValue, IoOpenDeviceRegistryKey, RtlQueryRegistryValues, ZwClose, swprintf, IoCreateSymbolicLink, IoDeleteSymbolicLink, IoAllocateIrp, IoAllocateMdl, MmBuildMdlForNonPagedPool, IoFreeMdl, IoFreeIrp, ExAllocatePoolWithTag, IoBuildAsynchronousFsdRequest, ExFreePoolWithTag, IofCallDriver, IoGetConfigurationInformation, IoWMIRegistrationControl, RtlInitUnicodeString, WmiQueryTraceInformation, WmiTraceMessage, IoAllocateDriverObjectExtension, IoStartNextPacket
> HAL.dll: KfRaiseIrql, KfAcquireSpinLock, KfReleaseSpinLock, KeGetCurrentIrql, KeRaiseIrqlToDpcLevel, KfLowerIrql
> CLASSPNP.SYS: ClassGetVpb, ClassDisableMediaChangeDetection, ClassFindModePage, ClassSpinDownPowerHandler, ClassInitialize, ClassDeleteSrbLookasideList, ClassGetDriverExtension, ClassInitializeSrbLookasideList, ClassQueryTimeOutRegistryValue, ClassReadDriveCapacity, ClassInitializeMediaChangeDetection, ClassGetDeviceParameter, ClassSetDeviceParameter, ClassResetMediaChangeTimer, ClassScanForSpecial, ClassReleaseQueue, ClassBuildRequest, ClassSplitRequest, ClassClaimDevice, ClassCreateDeviceObject, ClassUpdateInformationInRegistry, ClassInterpretSenseInfo, ClassEnableMediaChangeDetection, ClassIoComplete, ClassSendSrbAsynchronous, ClassSendSrbSynchronous, ClassSendDeviceIoControlSynchronous, ClassAsynchronousCompletion, ClassSendStartUnit, ClassAcquireRemoveLockEx, ClassReleaseRemoveLock, ClassCompleteRequest, ClassDeviceControl

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win64 Executable Generic (95.5%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: SCSI CD-ROM Driver
original name: cdrom.sys
internal name: cdrom.sys
file version.: 5.1.2600.5512 (xpsp.080413-2108)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
packers (Kaspersky): PE_Patch

Ecinazuz · #42 Příspěvek od **Ecinazuz** » 25 dub 2010 14:32

na ten ,,prikaz regedit" - se otevře okno Editor registru- hlavní okno je prázdné, v levém menu- sloupci Tento počítač a pod ním 5 složek HKEY......po rozkliknutí tam sou složky

hmm- ten samý eset

...mám také na noťasu

- budu tedy muset změnit...ale v týdnu ještě běžel- určitě...a mám ho tam/tedy měla velkém PC/ už delší dobu....

Ecinazuz · #43 Příspěvek od **Ecinazuz** » 25 dub 2010 15:10

Combofix- odinstalován

TFC - hotovo- nabídlo to možnost-ponechani slozky C:\Windows\erdnt doporucuji ponechat (klavesa N)

po tomto http://oldtimer.geekstogo.com/[b]TFC.exe[/b] - se PC restartoval- zustala na ploše ikona

po tomto http://oldtimer.geekstogo.com/[b]OTC.exe [/b] - opět restart

CCcleaner jsem tam měla- přeinstalovala jsem- opravila nastavení

teď mě čeká ta obnova....toho se bojím a pak to poslední/snad

/

doplňuji: bod obnovení ,,snad" proveden- s dnešním datem/hlásilo to, že nový bod byl vytvořen/...ufff /

jedu dál....

Ecinazuz · #44 Příspěvek od **Ecinazuz** » 25 dub 2010 15:27

log RSIT:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Admin at 2010-04-25 16:25:24
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 146 GB (92%) free of 159 GB
Total RAM: 2047 MB (71% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:25:35, on 25.4.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\oodtray.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\GIGABYTE\VGA Utility Manager\Utility.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Documents and Settings\Admin\Plocha\RSIT.exe
C:\Documents and Settings\Admin\Plocha\Admin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: GIGABYTE VGA Utility.lnk = ?
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Inkjet Printer/Scanner Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 6857 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Úklid 1 kliknutím.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-07-05 16380416]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-05-11 8429568]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-05-11 81920]
"amd_dc_opt"=C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2007-07-23 77824]
"ControlCenter3"=C:\Program Files\Brother\ControlCenter3\brctrcen.exe [2007-01-26 65536]
"OODefragTray"=C:\WINDOWS\system32\oodtray.exe [2007-05-11 2512392]
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2008-03-10 689488]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2008-03-17 1848648]
"ISUSPM Startup"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2005-08-11 249856]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2010-04-07 2145000]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files\Skype\\Phone\Skype.exe [2010-03-09 26100520]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe

C:\Documents and Settings\Admin\Nabídka Start\Programy\Po spuštění
ERUNT AutoBackup.lnk - C:\Program Files\ERUNT\AUTOBACK.EXE
GIGABYTE VGA Utility.lnk - C:\Documents and Settings\Admin\Data aplikací\Microsoft\Installer\{D27BDB5D-3B4C-44F0-A648-BD00B0E79B39}\Utility.exe2_D27BDB5D3B4C44F0A648BD00B0E79B39.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-04-25 16:25:24 ----D---- C:\rsit
2010-04-25 13:44:38 ----SHD---- C:\RECYCLER
2010-04-25 13:43:06 ----D---- C:\Documents and Settings\All Users\Data aplikací\Windows Genuine Advantage
2010-04-25 13:05:38 ----D---- C:\WINDOWS\temp
2010-04-25 10:55:11 ----D---- C:\Program Files\ERUNT
2010-04-24 13:28:38 ----D---- C:\Documents and Settings\All Users\Data aplikací\avG
2010-04-14 22:28:07 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$
2010-04-14 22:27:58 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2010-04-14 22:27:53 ----HDC---- C:\WINDOWS\$NtUninstallKB979402_WM9$
2010-04-14 22:26:32 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2010-04-14 22:26:27 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2010-04-14 01:08:15 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2010-04-14 01:08:08 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2010-03-28 03:10:51 ----D---- C:\Program Files\Common Files\Skype

======List of files/folders modified in the last 1 months======

2010-04-25 16:25:32 ----D---- C:\WINDOWS\Prefetch
2010-04-25 16:17:08 ----SHD---- C:\System Volume Information
2010-04-25 16:17:08 ----D---- C:\WINDOWS\system32\Restore
2010-04-25 16:15:22 ----D---- C:\Documents and Settings\Admin\Data aplikací\Skype
2010-04-25 16:15:09 ----D---- C:\WINDOWS
2010-04-25 16:13:51 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-25 16:04:13 ----D---- C:\Program Files\CCleaner
2010-04-25 15:49:21 ----D---- C:\WINDOWS\Minidump
2010-04-25 15:48:34 ----RD---- C:\Program Files
2010-04-25 15:41:52 ----D---- C:\WINDOWS\ERDNT
2010-04-25 13:43:02 ----HD---- C:\WINDOWS\inf
2010-04-25 13:43:02 ----D---- C:\WINDOWS\system32
2010-04-25 13:42:35 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-25 13:41:26 ----D---- C:\WINDOWS\SoftwareDistribution
2010-04-25 13:05:39 ----D---- C:\WINDOWS\system32\drivers
2010-04-25 12:59:26 ----A---- C:\WINDOWS\system.ini
2010-04-25 12:56:59 ----D---- C:\WINDOWS\AppPatch
2010-04-25 12:56:58 ----D---- C:\Program Files\Common Files
2010-04-25 09:37:57 ----SHD---- C:\WINDOWS\Installer
2010-04-25 09:33:59 ----D---- C:\Documents and Settings\Admin\Data aplikací\skypePM
2010-04-25 08:19:33 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-04-24 22:54:58 ----D---- C:\WINDOWS\system32\config
2010-04-24 21:34:27 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2010-04-24 18:55:09 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-04-24 13:28:38 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2010-04-20 19:50:13 ----D---- C:\Documents and Settings\All Users\Data aplikací\CanonIJPLM
2010-04-20 19:46:51 ----D---- C:\Program Files\Mozilla Firefox
2010-04-16 21:55:06 ----D---- C:\WINDOWS\Debug
2010-04-14 22:28:05 ----HD---- C:\WINDOWS\$hf_mig$
2010-04-14 08:35:56 ----A---- C:\WINDOWS\NeroDigital.ini
2010-04-06 19:52:54 ----A---- C:\WINDOWS\system32\MRT.exe
2010-03-31 22:38:49 ----D---- C:\Program Files\Internet Explorer
2010-03-30 19:30:13 ----D---- C:\Documents and Settings\All Users\Data aplikací\CanonIJ
2010-03-28 03:18:16 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-03-26 22:39:52 ----D---- C:\Documents and Settings\Admin\Data aplikací\VSO

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-18 43008]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2010-04-07 114984]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2010-04-07 55232]
R1 meiudf;meiudf; C:\WINDOWS\System32\Drivers\meiudf.sys [2003-10-24 90416]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [1997-12-23 23936]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2010-04-07 139192]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2010-04-07 134488]
R3 AmdLLD;AMD Low Level Device Driver; C:\WINDOWS\system32\DRIVERS\AmdLLD.sys [2007-06-29 34304]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2010-04-07 32584]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-07-18 4547584]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-05-11 6738432]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-11-27 58368]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-11-27 19968]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-14 17152]
S3 BrScnUsb;Brother USB Still Image driver; C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys [2004-10-15 15295]
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 TVICHW32;TVICHW32; \??\C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 CLCapSvc;CyberLink Background Capture Service (CBCS); C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe [2006-11-08 274520]
R2 CLSched;CyberLink Task Scheduler (CTS); C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe [2006-11-08 118870]
R2 DVD-RAM_Service;DVD-RAM_Service; C:\WINDOWS\system32\DVDRAMSV.exe [2003-05-23 106496]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2010-04-07 810120]
R2 IJPLMSVC;Inkjet Printer/Scanner Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2008-01-22 103808]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-05-11 163908]
R2 O&O Defrag;O&O Defrag; C:\WINDOWS\system32\oodag.exe [2007-05-11 1050120]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2006-11-08 262247]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service; C:\WINDOWS\System32\TUProgSt.exe [2009-10-28 603904]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2010-04-07 33560]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-09-10 654848]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2009-10-28 360192]

-----------------EOF-----------------

Ecinazuz · #45 Příspěvek od **Ecinazuz** » 25 dub 2010 16:08

Jupíííí.....!!!

při odstranění ENRUT mi to nabídlo odinstalaci z programů.....tak jsem provedla..../ale teď si nejsem jistá,jestli to tak mělo být..když si znovu čtu dovětek (jedna se program, vytvarejici zalhu registru, jenz sem ho radci strcil do kmplu)???/

jinak ti samozřejmě patří VELKÉ PODĚKOVÁNÍ!!!!! , že jsi svou trpělivostí a ochotou dovedl takovou,,PC lamu- mě" ke zdárnému a úspěšnému konci

WOW!!!!
Proto také ráda podpořím toto forum

dodatek:

...co když pošlu pro kontrolu ještě log z noťasu

VIRY.CZ

XP internet security- hází varovné hlášky- prosím o kontrolu

Re: XP internet security- hází varovné hlášky- prosím o kont

Re: XP internet security- hází varovné hlášky- prosím o kont

Re: XP internet security- hází varovné hlášky- prosím o kont

Re: XP internet security- hází varovné hlášky- prosím o kont

Re: XP internet security- hází varovné hlášky- prosím o kont

Re: XP internet security- hází varovné hlášky- prosím o kont

Re: XP internet security- hází varovné hlášky- prosím o kont

Re: XP internet security- hází varovné hlášky- prosím o kont

Re: XP internet security- hází varovné hlášky- prosím o kont

Re: XP internet security- hází varovné hlášky- prosím o kont

Re: XP internet security- hází varovné hlášky- prosím o kont

Re: XP internet security- hází varovné hlášky- prosím o kont

Re: XP internet security- hází varovné hlášky- prosím o kont

Re: XP internet security- hází varovné hlášky- prosím o kont

Re: XP internet security- hází varovné hlášky- prosím o kont