nefunkčnost některých stránek na internetu

Zpráva

nijanek · #1 Příspěvek od **nijanek** » 02 kvě 2010 07:46

prosím o kontrolu,pc pracuje normálně,pouze na internetu nefungují některé stránky,zatím jsem narazil na avast.cz,google.com. Děkuji

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:43:49, on 2.5.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\K\Desktop\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - (no file)
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - D:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O24 - Desktop Component 0: (no name) - http://www.xxyt2.com/webinc/GetCode.asp

--
End of file - 5136 bytes

#2 Příspěvek od **Caroprd111** » 02 kvě 2010 09:04

Zdravím

Přečtěte si pravidla fóra a dejte log z RSIT.

nijanek · #3 Příspěvek od **nijanek** » 02 kvě 2010 09:16

omlouvám se:) tady je nový log

Logfile of random's system information tool 1.06 (written by random/random)
Run by K at 2010-05-02 10:14:38
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 2 GB (9%) free of 21 GB
Total RAM: 1015 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:14:51, on 2.5.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\K\Desktop\RSIT.exe
C:\Documents and Settings\K\Desktop\K.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - (no file)
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application Updater\ApplicationUpdater.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - D:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O24 - Desktop Component 0: (no name) - http://www.xxyt2.com/webinc/GetCode.asp

--
End of file - 5214 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-12 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-12 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436a-86E4-9690573BEE8A}]
YouTube Downloader Toolbar

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2009-08-16 962808]
{F3FEE66E-E034-436a-86E4-9690573BEE8A} - []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-05-10 16342528]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-25 81000]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMISR]
C:\Program Files\KYE\WebMate\BM.exe [2007-12-14 229376]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
C:\WINDOWS\system32\hkcmd.exe [2008-02-15 159744]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
C:\WINDOWS\system32\igfxtray.exe [2008-02-15 135168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2010-03-30 1820040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
C:\WINDOWS\system32\igfxpers.exe [2008-02-15 131072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-03-29 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegClean Expert Scheduler]
C:\Program Files\Registry Clean Expert\RCHelper.exe [2010-04-06 605056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2010-03-09 26100520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
D:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [2009-09-24 434176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-12 149280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-02-15 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Program Files\Gameforge4D\AirRivals_EN\Launcher.atm"="D:\Program Files\Gameforge4D\AirRivals_EN\Launcher.atm:Enabled:GameExe2"
"D:\Program Files\Gameforge4D\AirRivals_EN\Res-Voip\SCVoIP.exe"="D:\Program Files\Gameforge4D\AirRivals_EN\Res-Voip\SCVoIP.exe:Enabled:GameVoIP"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"D:\Program Files\ICQ6.5\ICQ.exe"="D:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"D:\Program Files\Firefly Studios\Stronghold 2\Stronghold2.exe"="D:\Program Files\Firefly Studios\Stronghold 2\Stronghold2.exe:*:Enabled:Stronghold 2"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-05-02 10:14:38 ----D---- C:\rsit
2010-05-02 10:11:39 ----A---- C:\WINDOWS\OEWABLog.txt
2010-05-02 10:11:26 ----D---- C:\WINDOWS\Prefetch
2010-05-02 10:07:04 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2010-05-02 10:06:36 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$
2010-05-02 10:06:18 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2010-05-02 10:06:07 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-05-02 10:05:56 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2010-05-02 10:05:44 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2010-05-02 10:05:31 ----HDC---- C:\WINDOWS\$NtUninstallKB978251$
2010-05-02 10:05:17 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-05-02 10:05:05 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-05-02 10:04:40 ----HDC---- C:\WINDOWS\$NtUninstallKB977165$
2010-05-02 10:04:19 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-05-02 10:04:05 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$
2010-05-02 10:03:49 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-05-02 10:03:38 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2010-05-02 10:03:25 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2010-05-02 10:03:15 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2010-05-02 10:03:01 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2010-05-02 10:02:50 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-05-02 10:02:39 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2010-05-02 10:02:27 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2010-05-02 10:02:15 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2010-05-02 10:02:04 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2010-05-02 10:01:51 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2010-05-02 10:01:38 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2010-05-02 10:01:24 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-05-02 10:01:10 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2010-05-02 10:01:00 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2010-05-02 10:00:48 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2010-05-02 10:00:36 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2010-05-02 10:00:01 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2010-05-02 09:59:43 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-05-02 09:59:31 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2010-05-02 09:59:19 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2010-05-02 09:59:06 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2010-05-02 09:58:54 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2010-05-02 09:58:40 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2010-05-02 09:58:24 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2010-05-02 09:57:57 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2010-05-02 09:57:42 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2010-05-02 09:57:30 ----HDC---- C:\WINDOWS\$NtUninstallKB961371-v2$
2010-05-02 09:57:19 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2010-05-02 09:57:06 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2010-05-02 09:56:55 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2010-05-02 09:56:42 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2010-05-02 09:56:30 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2010-05-02 09:56:18 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2010-05-02 09:56:07 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2010-05-02 09:55:56 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2010-05-02 09:55:46 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2010-05-02 09:55:33 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2010-05-02 09:55:04 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2010-05-02 09:54:36 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-05-02 09:54:21 ----HDC---- C:\WINDOWS\$NtUninstallKB973687_1$
2010-05-02 09:54:10 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2010-05-02 09:54:00 ----HDC---- C:\WINDOWS\$NtUninstallKB974112_1$
2010-05-02 09:53:48 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2010-05-02 09:53:36 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2010-05-02 09:53:25 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2010-05-02 09:53:10 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2010-05-02 09:52:58 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2010-05-02 09:52:47 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2010-05-02 09:52:36 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2010-05-02 09:52:22 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2010-05-02 09:52:11 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2010-05-02 09:52:01 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2010-05-02 09:51:51 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2010-05-02 09:51:40 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2010-05-02 09:51:32 ----D---- C:\WINDOWS\LastGood.Tmp
2010-05-02 09:47:27 ----A---- C:\WINDOWS\setuplog.txt
2010-05-02 09:44:39 ----D---- C:\WINDOWS\system32\scripting
2010-05-02 09:44:38 ----D---- C:\WINDOWS\l2schemas
2010-05-02 09:44:37 ----D---- C:\WINDOWS\system32\en
2010-05-02 09:44:37 ----D---- C:\WINDOWS\system32\bits
2010-05-02 09:07:40 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-05-02 08:48:20 ----A---- C:\WINDOWS\system32\asw10.tmp
2010-05-02 08:32:59 ----D---- C:\Program Files\Alwil Software
2010-05-02 08:32:59 ----D---- C:\Documents and Settings\All Users\Application Data\Alwil Software
2010-05-02 08:18:49 ----D---- C:\Program Files\Lavasoft
2010-05-02 08:18:49 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2010-05-02 07:59:13 ----D---- C:\Program Files\CCleaner
2010-05-01 22:06:42 ----D---- C:\WINDOWS\pss
2010-05-01 22:04:26 ----D---- C:\WINDOWS\$regcmp$
2010-05-01 21:55:23 ----D---- C:\Program Files\Registry Clean Expert
2010-05-01 21:07:33 ----D---- C:\Config.Msi
2010-04-24 13:57:06 ----A---- C:\WINDOWS\system32\SPR004BD.TMP
2010-04-24 13:34:57 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2010-04-23 06:29:09 ----A---- C:\24980.txt
2010-04-23 06:29:09 ----A---- C:\18343.txt
2010-04-23 06:29:09 ----A---- C:\17751.txt
2010-04-23 06:29:09 ----A---- C:\16174.txt
2010-04-23 06:29:09 ----A---- C:\14276.txt
2010-04-23 06:29:09 ----A---- C:\13592.txt
2010-04-23 06:29:08 ----A---- C:\9226.txt
2010-04-23 06:29:08 ----A---- C:\8967.txt
2010-04-23 06:29:08 ----A---- C:\8287.txt
2010-04-23 06:29:08 ----A---- C:\6168.txt
2010-04-23 06:29:08 ----A---- C:\6074.txt
2010-04-23 06:29:08 ----A---- C:\549.txt
2010-04-23 06:29:08 ----A---- C:\32330.txt
2010-04-23 06:29:08 ----A---- C:\27910.txt
2010-04-23 06:29:08 ----A---- C:\26999.txt
2010-04-23 06:29:08 ----A---- C:\268.txt
2010-04-23 06:29:08 ----A---- C:\26393.txt
2010-04-23 06:29:08 ----A---- C:\26286.txt
2010-04-23 06:29:08 ----A---- C:\25884.txt
2010-04-23 06:29:08 ----A---- C:\23161.txt
2010-04-23 06:29:08 ----A---- C:\2288.txt
2010-04-23 06:29:08 ----A---- C:\21910.txt
2010-04-23 06:29:08 ----A---- C:\21730.txt
2010-04-23 06:29:08 ----A---- C:\21145.txt
2010-04-23 06:29:08 ----A---- C:\19600.txt
2010-04-23 06:29:08 ----A---- C:\17994.txt
2010-04-23 06:29:08 ----A---- C:\14840.txt
2010-04-23 06:29:08 ----A---- C:\14469.txt
2010-04-23 06:29:08 ----A---- C:\13986.txt
2010-04-23 06:29:08 ----A---- C:\13670.txt
2010-04-23 06:29:08 ----A---- C:\13257.txt
2010-04-23 06:29:08 ----A---- C:\13101.txt
2010-04-23 06:29:08 ----A---- C:\120.txt
2010-04-20 15:14:59 ----A---- C:\WINDOWS\ModemLog_Sony Ericsson Device 0016 USB WMC Data Modem.txt
2010-04-14 07:25:07 ----HDC---- C:\WINDOWS\$NtUninstallKB979683_0$
2010-04-14 07:24:55 ----HDC---- C:\WINDOWS\$NtUninstallKB980232_0$
2010-04-14 07:23:29 ----HDC---- C:\WINDOWS\$NtUninstallKB981349$
2010-04-14 07:23:16 ----HDC---- C:\WINDOWS\$NtUninstallKB978338_0$
2010-04-14 07:23:09 ----DC---- C:\WINDOWS\$NtUninstallKB977816$
2010-04-14 07:23:00 ----HDC---- C:\WINDOWS\$NtUninstallKB978601_0$
2010-04-14 07:22:53 ----HDC---- C:\WINDOWS\$NtUninstallKB979309_0$
2010-04-14 07:22:22 ----HDC---- C:\WINDOWS\$NtUninstallKB979402_WM9L$
2010-04-10 12:31:42 ----D---- C:\Program Files\DAEMON Tools Toolbar
2010-04-10 12:20:55 ----D---- C:\Documents and Settings\K\Application Data\DAEMON Tools Lite
2010-04-05 08:01:38 ----D---- C:\Documents and Settings\K\Application Data\Facebook

======List of files/folders modified in the last 1 months======

2010-05-02 10:13:15 ----D---- C:\WINDOWS\system32
2010-05-02 10:13:15 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-05-02 10:12:36 ----D---- C:\WINDOWS\Temp
2010-05-02 10:12:01 ----D---- C:\WINDOWS\Debug
2010-05-02 10:12:01 ----D---- C:\WINDOWS
2010-05-02 10:11:51 ----D---- C:\WINDOWS\system32\CatRoot2
2010-05-02 10:10:50 ----D---- C:\WINDOWS\system32\wbem
2010-05-02 10:10:50 ----D---- C:\WINDOWS\system32\Setup
2010-05-02 10:10:50 ----D---- C:\WINDOWS\AppPatch
2010-05-02 10:10:49 ----RSD---- C:\WINDOWS\Fonts
2010-05-02 10:10:44 ----D---- C:\WINDOWS\system32\drivers
2010-05-02 10:10:16 ----D---- C:\WINDOWS\security
2010-05-02 10:10:13 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-05-02 10:07:14 ----HD---- C:\WINDOWS\inf
2010-05-02 10:07:08 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-05-02 10:07:08 ----D---- C:\WINDOWS\system32\CatRoot
2010-05-02 10:04:10 ----D---- C:\Program Files\Movie Maker
2010-05-02 10:01:42 ----D---- C:\Program Files\Outlook Express
2010-05-02 09:52:03 ----D---- C:\Program Files\Messenger
2010-05-02 09:51:52 ----D---- C:\WINDOWS\WinSxS
2010-05-02 09:46:06 ----D---- C:\Program Files\Windows Media Player
2010-05-02 09:45:18 ----D---- C:\WINDOWS\system32\inetsrv
2010-05-02 09:45:17 ----D---- C:\WINDOWS\network diagnostic
2010-05-02 09:45:17 ----D---- C:\WINDOWS\ime
2010-05-02 09:45:17 ----D---- C:\WINDOWS\Help
2010-05-02 09:44:40 ----D---- C:\WINDOWS\system32\usmt
2010-05-02 09:44:40 ----D---- C:\WINDOWS\system32\en-US
2010-05-02 09:44:38 ----SHD---- C:\WINDOWS\Installer
2010-05-02 09:44:37 ----D---- C:\WINDOWS\PeerNet
2010-05-02 09:37:38 ----D---- C:\WINDOWS\ServicePackFiles
2010-05-02 09:37:17 ----D---- C:\WINDOWS\system32\Restore
2010-05-02 09:37:17 ----D---- C:\WINDOWS\system32\npp
2010-05-02 09:37:16 ----D---- C:\WINDOWS\mui
2010-05-02 09:37:15 ----D---- C:\WINDOWS\msagent
2010-05-02 09:37:12 ----D---- C:\WINDOWS\srchasst
2010-05-02 09:37:09 ----D---- C:\Program Files\NetMeeting
2010-05-02 09:37:06 ----D---- C:\WINDOWS\system32\Com
2010-05-02 09:36:59 ----D---- C:\Program Files\Windows NT
2010-05-02 09:36:50 ----D---- C:\Program Files\Common Files\System
2010-05-02 09:36:07 ----D---- C:\WINDOWS\system32\oobe
2010-05-02 09:36:03 ----D---- C:\WINDOWS\system
2010-05-02 09:29:48 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-05-02 09:23:12 ----D---- C:\WINDOWS\ehome
2010-05-02 09:05:28 ----D---- C:\WINDOWS\SxsCaPendDel
2010-05-02 08:55:20 ----D---- C:\WINDOWS\system32\config
2010-05-02 08:51:56 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-05-02 08:51:00 ----SD---- C:\WINDOWS\Tasks
2010-05-02 08:32:59 ----RD---- C:\Program Files
2010-05-02 08:23:32 ----D---- C:\Program Files\Mozilla Firefox
2010-05-02 08:00:48 ----D---- C:\WINDOWS\Minidump
2010-05-01 22:07:01 ----SH---- C:\boot.ini
2010-05-01 22:07:01 ----A---- C:\WINDOWS\win.ini
2010-05-01 22:07:01 ----A---- C:\WINDOWS\system.ini
2010-05-01 21:20:14 ----D---- C:\Documents and Settings\K\Application Data\Skype
2010-05-01 21:11:00 ----D---- C:\WINDOWS\Registration
2010-05-01 21:07:27 ----D---- C:\Program Files\WinRAR
2010-05-01 21:07:03 ----D---- C:\Program Files\QuickTime
2010-05-01 20:40:16 ----D---- C:\Documents and Settings
2010-05-01 16:07:12 ----D---- C:\Documents and Settings\K\Application Data\skypePM
2010-04-22 11:49:55 ----D---- C:\Documents and Settings\K\Application Data\ICQ
2010-04-18 19:11:38 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2010-04-14 07:25:05 ----HD---- C:\WINDOWS\$hf_mig$
2010-04-13 16:36:48 ----D---- C:\WINDOWS\Album
2010-04-06 19:52:54 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-11-25 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 oreans32;oreans32; \??\C:\WINDOWS\system32\drivers\oreans32.sys []
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-11-25 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-11-25 94160]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2010-02-03 26176]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-02-15 5854752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-05-10 4419584]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
R3 seehcri;Sony Ericsson seehcri Device Driver; C:\WINDOWS\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 i740;i740; C:\WINDOWS\system32\DRIVERS\i740nt5.sys [2001-08-17 58592]
S3 i81x;i81x; C:\WINDOWS\system32\DRIVERS\i81xnt5.sys [2004-08-03 161020]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM); C:\WINDOWS\system32\DRIVERS\s0016bus.sys [2008-05-16 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s0016mdfl.sys [2008-05-16 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s0016mdm.sys [2008-05-16 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s0016mgmt.sys [2008-05-16 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS); C:\WINDOWS\system32\DRIVERS\s0016nd5.sys [2008-05-16 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s0016obex.sys [2008-05-16 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM); C:\WINDOWS\system32\DRIVERS\s0016unic.sys [2008-05-16 115752]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Application Updater;Application Updater; C:\Program Files\Application Updater\ApplicationUpdater.exe [2010-02-19 380928]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2010-03-30 1107336]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2009-08-16 222968]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-12 153376]
R2 OMSI download service;Sony Ericsson OMSI download service; D:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

-----------------EOF-----------------

#4 Příspěvek od **Caroprd111** » 02 kvě 2010 09:30

Doporučuji odinstalovat (pokud nepoužíváte) toolbary (lišty) v Přidat nebo odebrat programy.

Obrázek

Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe

Spusťte, poté do spodního políčka vložte následující skript.

Kód: Vybrat vše

 netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys 
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys 
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
tcpip.sys
cryptsvc.dll
Changer.sys
JakNDis.sys
isapnp.sys 
cdrom.sys 
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav 
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
CREATERESTOREPOINT

Označte položku Pro všechny uživatele.
Označte položky Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Klikněte na tlačítko Prohledat
Po dokončení, sem vložte logy OTL.Txt a Extras.txt

nijanek · #5 Příspěvek od **nijanek** » 02 kvě 2010 10:12

extras
OTL Extras logfile created on: 2.5.2010 10:49:57 - Run 1
OTL by OldTimer - Version 3.2.4.0 Folder = C:\Documents and Settings\K\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000405 | Country: Czech Republic | Language: CSY | Date Format: d.M.yyyy

1 015,00 Mb Total Physical Memory | 606,00 Mb Available Physical Memory | 60,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 20,57 Gb Total Space | 4,57 Gb Free Space | 22,23% Space Free | Partition Type: NTFS
Drive D: | 107,42 Gb Total Space | 34,84 Gb Free Space | 32,43% Space Free | Partition Type: NTFS
Drive E: | 104,89 Gb Total Space | 104,06 Gb Free Space | 99,20% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KAMIL
Current User Name: K
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-220523388-1035525444-1801674531-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\ICQ6.5\ICQ.exe" = C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
"D:\Program Files\Gameforge4D\AirRivals_EN\Launcher.atm" = D:\Program Files\Gameforge4D\AirRivals_EN\Launcher.atm:Enabled:GameExe2 -- File not found
"D:\Program Files\Gameforge4D\AirRivals_EN\Res-Voip\SCVoIP.exe" = D:\Program Files\Gameforge4D\AirRivals_EN\Res-Voip\SCVoIP.exe:Enabled:GameVoIP -- File not found
"D:\Program Files\ICQ6.5\ICQ.exe" = D:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
"D:\Program Files\Firefly Studios\Stronghold 2\Stronghold2.exe" = D:\Program Files\Firefly Studios\Stronghold 2\Stronghold2.exe:*:Enabled:Stronghold 2 -- ()

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A2A5039-B37F-489D-B1DC-A5258DF9E697}" = FIFA 08
"{13605214-8CA9-4B59-90A0-DEBB9A9F68E5}" = WebMate
"{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2
"{1838C5A2-AB32-4145-85C1-BB9B8DFA24CD}" = QuickTime
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.3
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{2FA1102F-DE05-4E79-8CED-E5BAABFC2FEF}" = Starshine 2.díl
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.009.00
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{379F9A64-4317-477A-BBC5-35466F8476B5}" = OpenOffice.org 3.2
"{4388155B-A19E-41DE-B262-CF2DE2C8D32E}" = Psychonauts Demo
"{49717756-D60B-41A7-80AE-1782D03722DB}_is1" = Tony Vočko a případ růžového tapíra
"{53B9A1FE-FF04-4431-B394-B110FE794200}" = Bad Boys 2
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{73B3C57B-3ED7-40DB-A554-32EB5D35F84E}" = Starshine 1.díl
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{8A74DEFD-A224-49CC-AB80-4E88BC730125}" = LogMeIn Hamachi
"{9C5D77B8-24BB-4929-80D4-88E8EF06D809}_is1" = Blitzkrieg Anthology
"{9CD9CD94-76CC-4524-8617-DEB9C2D7C389}" = FIFA 10 - Demo
"{A7123032-A8DA-48AC-9F5D-0A3B14698375}" = Starshine 3.díl
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{E459015D-3DAF-470A-A756-8C0E16B89C6F}_is1" = Blitzkrieg 2
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Ashampoo Burning Studio 2007" = Ashampoo Burning Studio 2007
"avast!" = avast! Antivirus
"AVS DVD Player_is1" = AVS DVD Player version 2.3
"Cartes du Ciel" = Cartes du Ciel
"CCleaner" = CCleaner
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"GameSpy Arcade" = GameSpy Arcade
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Leo's Flight Simulator for iPaq_is1" = Leo's Flight Simulator V1.0
"Loco Mania Demo" = Loco Mania Demo 1.0
"LogMeIn Hamachi" = LogMeIn Hamachi
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Network Play System (Patching)" = Network Play System (Patching)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Registry Clean Expert_is1" = Registry Clean Expert
"Scorpions WinCheater 2.05 (s databází 57)_is1" = Scorpions WinCheater
"The Sims" = The Sims
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-220523388-1035525444-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 18.12.2009 9:12:43 | Computer Name = KAMIL | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace TonyTough.exe, verze 0.0.0.0, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 19.12.2009 9:22:09 | Computer Name = KAMIL | Source = Application Error | ID = 1000
Description = Chybující aplikace metin2.bin, verze 0.0.0.0, chybující modul metin2.bin,
verze 0.0.0.0, adresa chyby 0x001faf94.

Error - 23.12.2009 5:12:32 | Computer Name = KAMIL | Source = ESENT | ID = 474
Description = wuauclt (2044) Ověření načtení stránky databáze ze souboru C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb
na posunu 3215360 (0x0000000000311000) o velikosti 4096 (0x00001000) bajtů se nezdařilo.
Došlo k neshodě kontrolního součtu stránky. Byl očekáván kontrolní součet 3436996739
(0xccdc6883), ale skutečný kontrolní součet byl 609849705 (0x24599169). Operace
čtení se nezdaří a dojde k chybě -1018 (0xfffffc06). Pokud potíže potrvají, obnovte
databázi ze záložní kopie.

Error - 23.12.2009 11:33:21 | Computer Name = KAMIL | Source = ESENT | ID = 474
Description = wuauclt (3672) Ověření načtení stránky databáze ze souboru C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb
na posunu 3354624 (0x0000000000333000) o velikosti 4096 (0x00001000) bajtů se nezdařilo.
Došlo k neshodě kontrolního součtu stránky. Byl očekáván kontrolní součet 3872173934
(0xe6ccaf6e), ale skutečný kontrolní součet byl 3905832828 (0xe8ce477c). Operace
čtení se nezdaří a dojde k chybě -1018 (0xfffffc06). Pokud potíže potrvají, obnovte
databázi ze záložní kopie.

Error - 25.12.2009 5:17:55 | Computer Name = KAMIL | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace SEPCSuite.exe, verze 0.4.0.0, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 25.12.2009 5:30:30 | Computer Name = KAMIL | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace SEPCSuite.exe, verze 6.0.0.0, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 25.12.2009 13:31:09 | Computer Name = KAMIL | Source = Application Error | ID = 1000
Description = Chybující aplikace skype.exe, verze 4.1.0.179, chybující modul unknown,
verze 0.0.0.0, adresa chyby 0x3d656761.

Error - 30.12.2009 12:30:48 | Computer Name = KAMIL | Source = Application Error | ID = 1000
Description = Chybující aplikace metin2.bin, verze 0.0.0.0, chybující modul metin2.bin,
verze 0.0.0.0, adresa chyby 0x001faf94.

Error - 1.1.2010 12:19:26 | Computer Name = KAMIL | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace Skype.exe, verze 4.1.0.179, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 4.1.2010 15:24:24 | Computer Name = KAMIL | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace firefox.exe, verze 1.9.1.3622, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

[ System Events ]
Error - 2.5.2010 3:15:44 | Computer Name = KAMIL | Source = atapi | ID = 262149
Description = Na \Device\Ide\IdePort2 byla zjištěna chyba parity.

Error - 2.5.2010 3:15:44 | Computer Name = KAMIL | Source = Disk | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\Harddisk0\D.

Error - 2.5.2010 4:00:26 | Computer Name = KAMIL | Source = atapi | ID = 262153
Description = Zařízení \Device\Ide\IdePort2 neodpovídá v periodě časového limitu.

Error - 2.5.2010 4:11:14 | Computer Name = KAMIL | Source = Disk | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\Harddisk0\D.

Error - 2.5.2010 4:11:16 | Computer Name = KAMIL | Source = Disk | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\Harddisk0\D.

Error - 2.5.2010 4:11:40 | Computer Name = KAMIL | Source = Disk | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\Harddisk0\D.

Error - 2.5.2010 4:12:11 | Computer Name = KAMIL | Source = Disk | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\Harddisk0\D.

Error - 2.5.2010 4:12:13 | Computer Name = KAMIL | Source = Disk | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\Harddisk0\D.

Error - 2.5.2010 4:12:17 | Computer Name = KAMIL | Source = atapi | ID = 262149
Description = Na \Device\Ide\IdePort2 byla zjištěna chyba parity.

Error - 2.5.2010 4:12:17 | Computer Name = KAMIL | Source = Disk | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\Harddisk0\D.

< End of report >

#6 Příspěvek od **Caroprd111** » 02 kvě 2010 10:14

Ok, ještě log OTL.txt

nijanek · #7 Příspěvek od **nijanek** » 02 kvě 2010 10:14

OTL logfile created on: 2.5.2010 10:49:57 - Run 1
OTL by OldTimer - Version 3.2.4.0 Folder = C:\Documents and Settings\K\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000405 | Country: Czech Republic | Language: CSY | Date Format: d.M.yyyy

1 015,00 Mb Total Physical Memory | 606,00 Mb Available Physical Memory | 60,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 20,57 Gb Total Space | 4,57 Gb Free Space | 22,23% Space Free | Partition Type: NTFS
Drive D: | 107,42 Gb Total Space | 34,84 Gb Free Space | 32,43% Space Free | Partition Type: NTFS
Drive E: | 104,89 Gb Total Space | 104,06 Gb Free Space | 99,20% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KAMIL
Current User Name: K
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.05.02 10:33:48 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\K\Desktop\OTL.exe
PRC - [2010.05.02 08:22:58 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010.03.30 11:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2010.02.19 19:43:34 | 000,380,928 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2009.11.25 00:51:40 | 000,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009.11.25 00:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009.11.25 00:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009.11.25 00:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009.11.25 00:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009.08.16 15:01:16 | 000,222,968 | ---- | M] () -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe
PRC - [2009.04.30 13:23:26 | 000,090,112 | ---- | M] () -- D:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
PRC - [2008.04.14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2010.05.02 10:33:48 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\K\Desktop\OTL.exe
MOD - [2009.11.25 00:50:32 | 000,139,264 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll
MOD - [2008.04.14 02:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - [2010.03.30 11:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2010.02.19 19:43:34 | 000,380,928 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2009.11.25 00:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009.11.25 00:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009.11.25 00:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009.11.25 00:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009.08.16 15:01:16 | 000,222,968 | ---- | M] () [Auto | Running] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2009.04.30 13:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- D:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)

========== Driver Services (SafeList) ==========

DRV - [2010.02.03 15:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2010.01.14 18:59:14 | 000,033,824 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\oreans32.sys -- (oreans32)
DRV - [2009.11.25 00:50:59 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009.11.25 00:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2009.11.25 00:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009.11.25 00:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009.11.25 00:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009.11.25 00:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008.05.16 06:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM)
DRV - [2008.05.16 06:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS)
DRV - [2008.05.16 06:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV - [2008.05.16 06:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mdm.sys -- (s0016mdm)
DRV - [2008.05.16 06:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM)
DRV - [2008.05.16 06:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016obex.sys -- (s0016obex)
DRV - [2008.05.16 06:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM)
DRV - [2008.04.13 20:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008.04.13 18:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008.02.15 13:12:06 | 005,854,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2008.01.09 13:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\seehcri.sys -- (seehcri)
DRV - [2007.05.10 18:28:08 | 004,419,584 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006.03.26 14:22:14 | 000,051,200 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2006.03.13 11:38:23 | 000,006,656 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2004.08.04 00:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004.08.03 22:29:38 | 000,161,020 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2001.08.17 12:49:06 | 000,058,592 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i740nt5.sys -- (i740)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-220523388-1035525444-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
IE - HKU\S-1-5-21-220523388-1035525444-1801674531-1003\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-220523388-1035525444-1801674531-1003\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-220523388-1035525444-1801674531-1003\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-220523388-1035525444-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: youtubedownloader@mybrowserbar.com:1.0
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=green ... =937811&p="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.05.02 08:36:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.05.02 08:23:13 | 000,000,000 | ---D | M]

[2009.10.08 10:00:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\mozilla\Extensions
[2010.05.01 21:31:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\mozilla\Firefox\Profiles\w7rmbwz7.default\extensions
[2010.05.01 21:19:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\mozilla\Firefox\Profiles\w7rmbwz7.default\extensions\DTToolbar@toolbarnet.com
[2010.04.30 06:05:06 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\K\Application Data\Mozilla\FireFox\Profiles\w7rmbwz7.default\searchplugins\icqplugin-1.xml
[2010.04.01 10:19:30 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\K\Application Data\Mozilla\FireFox\Profiles\w7rmbwz7.default\searchplugins\icqplugin-2.xml
[2010.03.27 14:47:56 | 000,000,955 | ---- | M] () -- C:\Documents and Settings\K\Application Data\Mozilla\FireFox\Profiles\w7rmbwz7.default\searchplugins\icqplugin.xml
[2010.05.01 21:31:42 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.02.05 16:22:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.03.30 14:30:50 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.05.02 08:23:05 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.05.02 08:23:05 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.05.02 08:23:06 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.05.02 08:23:06 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.05.02 08:23:06 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2010.04.23 06:29:12 | 000,001,222 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 http://www.sophos.com
O1 - Hosts: 127.0.0.1 http://www.avast.com
O1 - Hosts: 127.0.0.1 http://www.mcafee.com
O1 - Hosts: 127.0.0.1 http://www.f-prot.com
O1 - Hosts: 127.0.0.1 http://www.f-secure.com
O1 - Hosts: 127.0.0.1 http://www.avp.com
O1 - Hosts: 127.0.0.1 http://www.kaspersky.com
O1 - Hosts: 127.0.0.1 http://www.bitdefender.com
O1 - Hosts: 127.0.0.1 http://www.my-etrust.com
O1 - Hosts: 127.0.0.1 http://www.eset.com
O1 - Hosts: 127.0.0.1 http://www.norman.com
O1 - Hosts: 127.0.0.1 http://www.grisoft.com
O1 - Hosts: 127.0.0.1 http://www.google.com
O1 - Hosts: 127.0.0.1 http://www.hotmail.com
O1 - Hosts: 127.0.0.1 mx1.hotmail.com
O1 - Hosts: 127.0.0.1 mx2.hotmail.com
O1 - Hosts: 127.0.0.1 messenger.hotmail.com
O1 - Hosts: 127.0.0.1 http://www.google.co.uk
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - No CLSID value found.
O2 - BHO: (no name) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - No CLSID value found.
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (no name) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - No CLSID value found.
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-220523388-1035525444-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 () - http://www.xxyt2.com/webinc/GetCode.asp
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.10.05 14:42:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009.10.05 14:42:07 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\AC3ACM.acm (fccHandler)
Drivers32: msacm.alf2cd - C:\WINDOWS\System32\alf2cd.acm (NCT Company)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.scg726 - C:\WINDOWS\System32\Scg726.acm (SHARP Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\divx.dll (DivXNetworks, Inc.)
Drivers32: vidc.dvsd - C:\WINDOWS\System32\mcdvd_32.dll (MainConcept)
Drivers32: vidc.ffds - C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.mp42 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mp43 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mpg4 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.xvid - C:\WINDOWS\System32\xvidvfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (55745656140070912)

========== Files/Folders - Created Within 30 Days ==========

[2010.05.02 10:33:40 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\K\Desktop\OTL.exe
[2010.05.02 10:14:39 | 000,396,288 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\K\Desktop\K.exe
[2010.05.02 10:14:38 | 000,000,000 | ---D | C] -- C:\rsit
[2010.05.02 10:11:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010.05.02 09:51:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood.Tmp
[2010.05.02 09:44:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2010.05.02 09:44:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010.05.02 09:44:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2010.05.02 09:44:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2010.05.02 09:07:57 | 000,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010.05.02 09:07:57 | 000,048,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010.05.02 09:07:57 | 000,023,120 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010.05.02 09:07:57 | 000,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010.05.02 09:07:56 | 000,094,160 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010.05.02 09:07:56 | 000,093,424 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010.05.02 09:07:56 | 000,027,408 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010.05.02 09:07:54 | 000,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2010.05.02 09:07:40 | 001,280,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010.05.02 08:47:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\K\Desktop\avast! Professional Edition 4[1].8.1229 Full + Key [XP,Vista]
[2010.05.02 08:43:33 | 000,396,288 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\K\Desktop\hijackthis.exe
[2010.05.02 08:32:59 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010.05.02 08:32:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010.05.02 08:18:49 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010.05.02 08:18:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2010.05.02 08:00:47 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\K\Recent
[2010.05.02 07:59:13 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010.05.01 22:06:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010.05.01 22:04:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\$regcmp$
[2010.05.01 21:55:23 | 000,000,000 | ---D | C] -- C:\Program Files\Registry Clean Expert
[2010.05.01 21:07:33 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010.04.24 13:35:59 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cliconfg.rll
[2010.04.24 13:35:39 | 000,086,016 | ---- | C] (Sipro Lab Telecom Inc.) -- C:\WINDOWS\System32\sl_anet.acm
[2010.04.24 13:35:38 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\sqlsrv32.rll
[2010.04.24 13:34:57 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010.04.20 15:18:46 | 000,000,000 | R--D | C] -- C:\Documents and Settings\K\My Documents\My Videos
[2010.04.19 14:06:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\K\Desktop\písničky
[2010.04.10 12:31:42 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Toolbar
[2010.04.10 12:20:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\K\Application Data\DAEMON Tools Lite
[2010.04.09 22:06:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\K\Local Settings\Application Data\ESET
[2010.04.05 08:01:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\K\Application Data\Facebook
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.05.02 10:33:48 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\K\Desktop\OTL.exe
[2010.05.02 10:32:39 | 004,194,304 | ---- | M] () -- C:\Documents and Settings\K\ntuser.dat
[2010.05.02 10:14:20 | 000,781,909 | ---- | M] () -- C:\Documents and Settings\K\Desktop\RSIT.exe
[2010.05.02 10:13:15 | 000,356,120 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.05.02 10:13:15 | 000,311,604 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.05.02 10:13:15 | 000,039,992 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.05.02 10:11:26 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.05.02 10:11:21 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.05.02 10:11:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.05.02 10:10:54 | 000,118,152 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.05.02 10:10:02 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\K\ntuser.ini
[2010.05.02 10:09:50 | 004,276,454 | -H-- | M] () -- C:\Documents and Settings\K\Local Settings\Application Data\IconCache.db
[2010.05.02 09:31:42 | 000,250,048 | ---- | M] () -- C:\ntldr
[2010.05.02 09:10:51 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010.05.02 08:51:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010.05.02 08:43:34 | 000,396,288 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\K\Desktop\K.exe
[2010.05.02 08:43:34 | 000,396,288 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\K\Desktop\hijackthis.exe
[2010.05.01 22:07:01 | 000,000,530 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.05.01 22:07:01 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.05.01 22:07:01 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010.05.01 11:23:11 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010.04.27 19:51:52 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010.04.23 06:29:12 | 000,000,027 | ---- | M] () -- C:\Documents and Settings\K\My Documents\c
[2010.04.23 06:29:09 | 000,000,007 | ---- | M] () -- C:\31854.bmp
[2010.04.23 06:29:09 | 000,000,007 | ---- | M] () -- C:\30448.bmp
[2010.04.23 06:29:09 | 000,000,007 | ---- | M] () -- C:\27781.bmp
[2010.04.23 06:29:09 | 000,000,007 | ---- | M] () -- C:\19964.bmp
[2010.04.23 06:29:09 | 000,000,007 | ---- | M] () -- C:\1606.bmp
[2010.04.23 06:29:09 | 000,000,006 | ---- | M] () -- C:\25819.bmp
[2010.04.23 06:29:09 | 000,000,006 | ---- | M] () -- C:\20440.bmp
[2010.04.23 06:29:08 | 000,000,007 | ---- | M] () -- C:\8936.bmp
[2010.04.23 06:29:08 | 000,000,007 | ---- | M] () -- C:\6593.bmp
[2010.04.23 06:29:08 | 000,000,007 | ---- | M] () -- C:\24332.bmp
[2010.04.23 06:29:08 | 000,000,007 | ---- | M] () -- C:\23952.bmp
[2010.04.23 06:29:08 | 000,000,007 | ---- | M] () -- C:\18726.bmp
[2010.04.23 06:29:08 | 000,000,007 | ---- | M] () -- C:\14612.bmp
[2010.04.23 06:29:08 | 000,000,007 | ---- | M] () -- C:\1453.bmp
[2010.04.23 06:29:08 | 000,000,007 | ---- | M] () -- C:\1374.bmp
[2010.04.23 06:29:08 | 000,000,007 | ---- | M] () -- C:\11206.bmp
[2010.04.23 06:29:08 | 000,000,007 | ---- | M] () -- C:\10552.bmp
[2010.04.23 06:29:08 | 000,000,006 | ---- | M] () -- C:\8624.bmp
[2010.04.23 06:29:08 | 000,000,006 | ---- | M] () -- C:\6237.bmp
[2010.04.23 06:29:08 | 000,000,006 | ---- | M] () -- C:\30874.bmp
[2010.04.23 06:29:08 | 000,000,006 | ---- | M] () -- C:\30037.bmp
[2010.04.23 06:29:08 | 000,000,006 | ---- | M] () -- C:\28007.bmp
[2010.04.23 06:29:08 | 000,000,006 | ---- | M] () -- C:\25815.bmp
[2010.04.23 06:29:08 | 000,000,006 | ---- | M] () -- C:\2563.bmp
[2010.04.23 06:29:08 | 000,000,006 | ---- | M] () -- C:\25258.bmp
[2010.04.23 06:29:08 | 000,000,006 | ---- | M] () -- C:\25032.bmp
[2010.04.23 06:29:08 | 000,000,006 | ---- | M] () -- C:\22714.bmp
[2010.04.23 06:29:08 | 000,000,006 | ---- | M] () -- C:\16952.bmp
[2010.04.23 06:29:08 | 000,000,006 | ---- | M] () -- C:\1224.bmp
[2010.04.23 06:29:08 | 000,000,005 | ---- | M] () -- C:\32694.bmp
[2010.04.23 06:29:08 | 000,000,005 | ---- | M] () -- C:\32615.bmp
[2010.04.23 06:29:08 | 000,000,005 | ---- | M] () -- C:\24322.bmp
[2010.04.23 06:29:08 | 000,000,005 | ---- | M] () -- C:\11618.bmp
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\9482.20775
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\System32\9453.12256
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\System32\8806.15735
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\System32\8311.12988
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\System32\7972.17652
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\System32\7469.31085
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\7378.24772
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\723.25307
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\6926.4341
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\6423.615
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\System32\5636.24624
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\5371.9682
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\4971.2218
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\System32\4931.20403
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\System32\4728.18670
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\System32\4382.4853
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\3300.4103
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\32542.15983
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\System32\32478.15912
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\32162.21022
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\System32\31735.25758
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\31503.19946
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\System32\30561.9443
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\System32\30293.17923
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\29441.11216
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\System32\28728.7264
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\System32\28541.32004
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\System32\28459.22907
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\28280.9928
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\System32\27508.4699
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\System32\27407.15520
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\27065.29419
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\26994.27374
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\26960.26800
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\26957.16650
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\2631.3726
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\System32\26057.10796
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\System32\25769.7927
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\System32\25740.29879
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\24789.23326
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\24013.10884
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\System32\22894.19275
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\22506.14887
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\21449.26024
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\21310.400
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\20946.13949
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\20442.24549
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\19178.22668
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\System32\18635.18793
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\18277.18278
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\18236.16752
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\System32\18034.11661
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\16507.21496
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\System32\16443.26219
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\System32\15971.15782
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\15269.18333
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\System32\14522.5425
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\System32\14227.1090
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\System32\13533.10760
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\13516.14094
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\System32\12462.31910
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\12083.10755
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\11817.7480
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\11190.27474
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\System32\11158.27713
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\System32\10706.20335
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\System32\105.2718
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\10276.7549
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\System32\10202.8022
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\10169.4312
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\System32\10154.15388
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\System32\10018.9738
[2010.04.18 19:11:38 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.05.02 10:14:19 | 000,781,909 | ---- | C] () -- C:\Documents and Settings\K\Desktop\RSIT.exe
[2010.05.02 08:48:17 | 000,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2010.05.02 08:23:44 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010.04.27 19:51:52 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010.04.27 19:51:52 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010.04.24 13:35:57 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2010.04.24 13:35:33 | 000,265,948 | ---- | C] () -- C:\WINDOWS\System32\locale.nls
[2010.04.24 13:35:32 | 000,023,044 | ---- | C] () -- C:\WINDOWS\System32\sorttbls.nls
[2010.04.24 13:35:24 | 000,250,048 | ---- | C] () -- C:\ntldr
[2010.04.23 06:29:14 | 000,017,719 | ---- | C] () -- C:\WINDOWS\9482.20775
[2010.04.23 06:29:14 | 000,017,719 | ---- | C] () -- C:\WINDOWS\System32\8806.15735
[2010.04.23 06:29:14 | 000,017,719 | ---- | C] () -- C:\WINDOWS\System32\8311.12988
[2010.04.23 06:29:14 | 000,017,719 | ---- | C] () -- C:\WINDOWS\7378.24772
[2010.04.23 06:29:14 | 000,017,719 | ---- | C] () -- C:\WINDOWS\System32\5636.24624
[2010.04.23 06:29:14 | 000,017,719 | ---- | C] () -- C:\WINDOWS\5371.9682
[2010.04.23 06:29:14 | 000,017,719 | ---- | C] () -- C:\WINDOWS\29441.11216
[2010.04.23 06:29:14 | 000,017,719 | ---- | C] () -- C:\WINDOWS\System32\27407.15520
[2010.04.23 06:29:14 | 000,017,719 | ---- | C] () -- C:\WINDOWS\27065.29419
[2010.04.23 06:29:14 | 000,017,719 | ---- | C] () -- C:\WINDOWS\26994.27374
[2010.04.23 06:29:14 | 000,017,719 | ---- | C] () -- C:\WINDOWS\22506.14887
[2010.04.23 06:29:14 | 000,017,719 | ---- | C] () -- C:\WINDOWS\21310.400
[2010.04.23 06:29:14 | 000,017,719 | ---- | C] () -- C:\WINDOWS\18277.18278
[2010.04.23 06:29:14 | 000,017,719 | ---- | C] () -- C:\WINDOWS\System32\18034.11661
[2010.04.23 06:29:14 | 000,017,719 | ---- | C] () -- C:\WINDOWS\System32\15971.15782
[2010.04.23 06:29:14 | 000,017,719 | ---- | C] () -- C:\WINDOWS\15269.18333
[2010.04.23 06:29:14 | 000,017,719 | ---- | C] () -- C:\WINDOWS\System32\12462.31910
[2010.04.23 06:29:14 | 000,017,719 | ---- | C] () -- C:\WINDOWS\11817.7480
[2010.04.23 06:29:14 | 000,017,719 | ---- | C] () -- C:\WINDOWS\System32\11158.27713
[2010.04.23 06:29:14 | 000,017,719 | ---- | C] () -- C:\WINDOWS\System32\105.2718
[2010.04.23 06:29:14 | 000,017,719 | ---- | C] () -- C:\WINDOWS\System32\10154.15388
[2010.04.23 06:29:13 | 000,017,719 | ---- | C] () -- C:\WINDOWS\System32\9453.12256
[2010.04.23 06:29:13 | 000,017,719 | ---- | C] () -- C:\WINDOWS\System32\7972.17652
[2010.04.23 06:29:13 | 000,017,719 | ---- | C] () -- C:\WINDOWS\System32\7469.31085
[2010.04.23 06:29:13 | 000,017,719 | ---- | C] () -- C:\WINDOWS\723.25307
[2010.04.23 06:29:13 | 000,017,719 | ---- | C] () -- C:\WINDOWS\6423.615
[2010.04.23 06:29:13 | 000,017,719 | ---- | C] () -- C:\WINDOWS\4971.2218
[2010.04.23 06:29:13 | 000,017,719 | ---- | C] () -- C:\WINDOWS\System32\4728.18670
[2010.04.23 06:29:13 | 000,017,719 | ---- | C] () -- C:\WINDOWS\System32\4382.4853
[2010.04.23 06:29:13 | 000,017,719 | ---- | C] () -- C:\WINDOWS\3300.4103
[2010.04.23 06:29:13 | 000,017,719 | ---- | C] () -- C:\WINDOWS\32542.15983
[2010.04.23 06:29:13 | 000,017,719 | ---- | C] () -- C:\WINDOWS\System32\32478.15912
[2010.04.23 06:29:13 | 000,017,719 | ---- | C] () -- C:\WINDOWS\System32\31735.25758
[2010.04.23 06:29:13 | 000,017,719 | ---- | C] () -- C:\WINDOWS\31503.19946
[2010.04.23 06:29:13 | 000,017,719 | ---- | C] () -- C:\WINDOWS\System32\30561.9443
[2010.04.23 06:29:13 | 000,017,719 | ---- | C] () -- C:\WINDOWS\System32\28728.7264
[2010.04.23 06:29:13 | 000,017,719 | ---- | C] () -- C:\WINDOWS\System32\28541.32004
[2010.04.23 06:29:13 | 000,017,719 | ---- | C] () -- C:\WINDOWS\System32\27508.4699
[2010.04.23 06:29:13 | 000,017,719 | ---- | C] () -- C:\WINDOWS\26960.26800
[2010.04.23 06:29:13 | 000,017,719 | ---- | C] () -- C:\WINDOWS\26957.16650
[2010.04.23 06:29:13 | 000,017,719 | ---- | C] () -- C:\WINDOWS\2631.3726
[2010.04.23 06:29:13 | 000,017,719 | ---- | C] () -- C:\WINDOWS\System32\26057.10796
[2010.04.23 06:29:13 | 000,017,719 | ---- | C] () -- C:\WINDOWS\System32\25740.29879
[2010.04.23 06:29:13 | 000,017,719 | ---- | C] () -- C:\WINDOWS\24789.23326
[2010.04.23 06:29:13 | 000,017,719 | ---- | C] () -- C:\WINDOWS\24013.10884
[2010.04.23 06:29:13 | 000,017,719 | ---- | C] () -- C:\WINDOWS\System32\22894.19275
[2010.04.23 06:29:13 | 000,017,719 | ---- | C] () -- C:\WINDOWS\21449.26024
[2010.04.23 06:29:13 | 000,017,719 | ---- | C] () -- C:\WINDOWS\20946.13949
[2010.04.23 06:29:13 | 000,017,719 | ---- | C] () -- C:\WINDOWS\20442.24549
[2010.04.23 06:29:13 | 000,017,719 | ---- | C] () -- C:\WINDOWS\18236.16752
[2010.04.23 06:29:13 | 000,017,719 | ---- | C] () -- C:\WINDOWS\16507.21496
[2010.04.23 06:29:13 | 000,017,719 | ---- | C] () -- C:\WINDOWS\System32\14522.5425
[2010.04.23 06:29:13 | 000,017,719 | ---- | C] () -- C:\WINDOWS\System32\14227.1090
[2010.04.23 06:29:13 | 000,017,719 | ---- | C] () -- C:\WINDOWS\System32\13533.10760
[2010.04.23 06:29:13 | 000,017,719 | ---- | C] () -- C:\WINDOWS\13516.14094
[2010.04.23 06:29:13 | 000,017,719 | ---- | C] () -- C:\WINDOWS\11190.27474
[2010.04.23 06:29:13 | 000,017,719 | ---- | C] () -- C:\WINDOWS\System32\10706.20335
[2010.04.23 06:29:13 | 000,017,719 | ---- | C] () -- C:\WINDOWS\10276.7549
[2010.04.23 06:29:13 | 000,017,719 | ---- | C] () -- C:\WINDOWS\System32\10202.8022
[2010.04.23 06:29:13 | 000,017,719 | ---- | C] () -- C:\WINDOWS\System32\10018.9738
[2010.04.23 06:29:12 | 000,017,719 | ---- | C] () -- C:\WINDOWS\6926.4341
[2010.04.23 06:29:12 | 000,017,719 | ---- | C] () -- C:\WINDOWS\System32\4931.20403
[2010.04.23 06:29:12 | 000,017,719 | ---- | C] () -- C:\WINDOWS\32162.21022
[2010.04.23 06:29:12 | 000,017,719 | ---- | C] () -- C:\WINDOWS\System32\30293.17923
[2010.04.23 06:29:12 | 000,017,719 | ---- | C] () -- C:\WINDOWS\System32\28459.22907
[2010.04.23 06:29:12 | 000,017,719 | ---- | C] () -- C:\WINDOWS\28280.9928
[2010.04.23 06:29:12 | 000,017,719 | ---- | C] () -- C:\WINDOWS\System32\25769.7927
[2010.04.23 06:29:12 | 000,017,719 | ---- | C] () -- C:\WINDOWS\19178.22668
[2010.04.23 06:29:12 | 000,017,719 | ---- | C] () -- C:\WINDOWS\System32\18635.18793
[2010.04.23 06:29:12 | 000,017,719 | ---- | C] () -- C:\WINDOWS\System32\16443.26219
[2010.04.23 06:29:12 | 000,017,719 | ---- | C] () -- C:\WINDOWS\12083.10755
[2010.04.23 06:29:12 | 000,017,719 | ---- | C] () -- C:\WINDOWS\10169.4312
[2010.04.23 06:29:12 | 000,000,027 | ---- | C] () -- C:\Documents and Settings\K\My Documents\c
[2010.04.23 06:29:09 | 000,000,007 | ---- | C] () -- C:\31854.bmp
[2010.04.23 06:29:09 | 000,000,007 | ---- | C] () -- C:\30448.bmp
[2010.04.23 06:29:09 | 000,000,007 | ---- | C] () -- C:\27781.bmp
[2010.04.23 06:29:09 | 000,000,007 | ---- | C] () -- C:\19964.bmp
[2010.04.23 06:29:09 | 000,000,007 | ---- | C] () -- C:\1606.bmp
[2010.04.23 06:29:09 | 000,000,006 | ---- | C] () -- C:\25819.bmp
[2010.04.23 06:29:09 | 000,000,006 | ---- | C] () -- C:\20440.bmp
[2010.04.23 06:29:08 | 000,000,007 | ---- | C] () -- C:\8936.bmp
[2010.04.23 06:29:08 | 000,000,007 | ---- | C] () -- C:\6593.bmp
[2010.04.23 06:29:08 | 000,000,007 | ---- | C] () -- C:\24332.bmp
[2010.04.23 06:29:08 | 000,000,007 | ---- | C] () -- C:\23952.bmp
[2010.04.23 06:29:08 | 000,000,007 | ---- | C] () -- C:\18726.bmp
[2010.04.23 06:29:08 | 000,000,007 | ---- | C] () -- C:\14612.bmp
[2010.04.23 06:29:08 | 000,000,007 | ---- | C] () -- C:\1453.bmp
[2010.04.23 06:29:08 | 000,000,007 | ---- | C] () -- C:\1374.bmp
[2010.04.23 06:29:08 | 000,000,007 | ---- | C] () -- C:\11206.bmp
[2010.04.23 06:29:08 | 000,000,007 | ---- | C] () -- C:\10552.bmp
[2010.04.23 06:29:08 | 000,000,006 | ---- | C] () -- C:\8624.bmp
[2010.04.23 06:29:08 | 000,000,006 | ---- | C] () -- C:\6237.bmp
[2010.04.23 06:29:08 | 000,000,006 | ---- | C] () -- C:\30874.bmp
[2010.04.23 06:29:08 | 000,000,006 | ---- | C] () -- C:\30037.bmp
[2010.04.23 06:29:08 | 000,000,006 | ---- | C] () -- C:\28007.bmp
[2010.04.23 06:29:08 | 000,000,006 | ---- | C] () -- C:\25815.bmp
[2010.04.23 06:29:08 | 000,000,006 | ---- | C] () -- C:\2563.bmp
[2010.04.23 06:29:08 | 000,000,006 | ---- | C] () -- C:\25258.bmp
[2010.04.23 06:29:08 | 000,000,006 | ---- | C] () -- C:\25032.bmp
[2010.04.23 06:29:08 | 000,000,006 | ---- | C] () -- C:\22714.bmp
[2010.04.23 06:29:08 | 000,000,006 | ---- | C] () -- C:\16952.bmp
[2010.04.23 06:29:08 | 000,000,006 | ---- | C] () -- C:\1224.bmp
[2010.04.23 06:29:08 | 000,000,005 | ---- | C] () -- C:\32694.bmp
[2010.04.23 06:29:08 | 000,000,005 | ---- | C] () -- C:\32615.bmp
[2010.04.23 06:29:08 | 000,000,005 | ---- | C] () -- C:\24322.bmp
[2010.04.23 06:29:08 | 000,000,005 | ---- | C] () -- C:\11618.bmp
[2010.04.05 21:20:34 | 004,194,304 | ---- | C] () -- C:\Documents and Settings\K\ntuser.dat
[2010.01.14 18:59:14 | 000,033,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\oreans32.sys
[2010.01.14 18:57:09 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010.01.14 18:57:09 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009.11.28 11:33:07 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009.10.17 11:32:11 | 000,000,404 | ---- | C] () -- C:\WINDOWS\level.ini
[2009.10.17 11:25:58 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD-Start.INI
[2009.10.08 11:01:10 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009.10.08 10:31:30 | 000,000,160 | ---- | C] () -- C:\WINDOWS\MyDrivers.ini

========== LOP Check ==========

[2010.05.02 08:32:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2009.10.27 07:05:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ashampoo
[2009.12.25 11:15:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2009.10.08 10:57:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010.02.05 16:22:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ
[2009.12.22 11:58:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009.10.16 11:07:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TrackMania
[2009.10.17 12:32:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Ankh
[2009.10.27 07:06:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Ashampoo
[2010.04.10 12:37:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\DAEMON Tools Lite
[2009.10.08 10:59:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\ESET
[2010.04.05 08:01:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Facebook
[2009.10.08 10:51:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\GetRightToGo
[2010.04.22 11:49:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\ICQ
[2009.12.10 19:04:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\OpenOffice.org
[2009.11.09 21:15:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\můj účet\Application Data\ESET
[2010.02.18 14:38:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\můj účet\Application Data\ICQ
[2010.05.02 08:51:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========

========== Custom Scans ==========

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"ctfmon.exe" = C:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 02:12:16 | 000,015,360 | ---- | M] (Microsoft Corporation)

< c:\windows\*.* /U >
[6 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >
[2010.05.02 08:32:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010.01.18 07:53:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2009.10.15 12:48:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009.10.27 07:05:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ashampoo
[2009.12.25 11:15:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2009.10.08 10:57:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010.02.05 16:22:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ
[2010.05.02 08:51:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2010.04.18 19:11:38 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2009.12.25 12:24:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype
[2009.12.25 11:14:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
[2009.12.22 11:58:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009.10.16 11:07:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TrackMania

< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2009.11.17 18:12:50 | 000,386,304 | ---- | M] (Acresso Software Inc.) -- C:\Documents and Settings\All Users\Application Data\BVRP Software\LiveUpdate\LiveUpdate\Temp\setup.exe

< %APPDATA%\*. >
[2009.10.08 10:22:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Adobe
[2009.10.17 12:32:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Ankh
[2009.10.15 14:21:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Apple Computer
[2009.10.27 07:06:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Ashampoo
[2010.04.10 12:37:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\DAEMON Tools Lite
[2009.10.08 10:59:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\ESET
[2010.04.05 08:01:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Facebook
[2009.10.08 10:51:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\GetRightToGo
[2010.03.31 05:53:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Hamachi
[2010.04.22 11:49:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\ICQ
[2009.10.05 14:47:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Identities
[2009.12.25 11:13:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\InstallShield
[2009.10.08 10:22:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Macromedia
[2009.10.08 11:04:21 | 000,000,000 | --SD | M] -- C:\Documents and Settings\K\Application Data\Microsoft
[2009.10.08 10:00:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Mozilla
[2009.12.10 19:04:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\OpenOffice.org
[2009.10.17 11:37:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\SecuROM
[2010.05.01 21:20:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Skype
[2010.05.01 16:07:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\skypePM
[2009.10.12 18:41:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\Sun
[2009.10.05 14:51:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\K\Application Data\WinRAR

< %APPDATA%\*.exe /s >
[2010.04.05 08:01:40 | 000,050,354 | ---- | M] (Facebook, Inc.) -- C:\Documents and Settings\K\Application Data\Facebook\uninstall.exe

nijanek · #8 Příspěvek od **nijanek** » 02 kvě 2010 10:15

a zbytek otl
< MD5 for: AGP440.SYS >
[2004.08.04 07:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010.04.24 13:34:51 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2010.04.24 13:34:51 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2010.04.24 13:34:51 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sp3.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004.08.04 07:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010.04.24 13:34:51 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2010.04.24 13:34:51 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2010.04.24 13:34:51 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sp3.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.04 04:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: CDROM.SYS >
[2004.08.04 07:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2010.04.24 13:34:51 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2010.04.24 13:34:51 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2010.04.24 13:34:51 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sp3.cab:cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2004.08.04 04:59:54 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys

< MD5 for: CRYPTSVC.DLL >
[2004.08.04 06:56:42 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=10654F9DDCEA9C46CFB77554231BE73B -- C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll
[2008.04.14 02:11:51 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=3D4E199942E29207970E04315D02AD3B -- C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[2008.04.14 02:11:51 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=3D4E199942E29207970E04315D02AD3B -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\cryptsvc.dll
[2008.04.14 02:11:51 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=3D4E199942E29207970E04315D02AD3B -- C:\WINDOWS\system32\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2008.04.14 02:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 02:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\eventlog.dll
[2008.04.14 02:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004.08.04 06:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008.04.14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008.04.14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008.04.14 02:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\explorer.exe
[2004.08.04 06:56:50 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: HAL.DLL >
[2004.08.04 07:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2010.04.24 13:34:51 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2010.04.24 13:34:51 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll
[2010.04.24 13:34:51 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sp3.cab:hal.dll
[2008.04.13 20:31:28 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=4329EE7D502C9113EBA0F9570392F5EE -- C:\WINDOWS\system32\HAL.DLL
[2008.04.13 20:31:32 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll
[2008.04.13 20:31:32 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\hal.dll
[2004.08.04 04:59:14 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=DFCE51FD96909D1B97D4A1A72D060D77 -- C:\WINDOWS\$NtServicePackUninstall$\hal.dll

< MD5 for: CHANGER.SYS >
[2004.08.04 07:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2010.04.24 13:34:51 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
[2010.04.24 13:34:51 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Changer.sys
[2010.04.24 13:34:51 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sp3.cab:Changer.sys
[2008.04.13 20:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\ServicePackFiles\i386\changer.sys
[2008.04.13 20:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\changer.sys

< MD5 for: ISAPNP.SYS >
[2010.04.24 13:34:51 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2010.04.24 13:34:51 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:isapnp.sys
[2010.04.24 13:34:51 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sp3.cab:isapnp.sys
[2008.04.13 20:36:41 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=05A299EC56E52649B1CF2FC52D20F2D7 -- C:\WINDOWS\ServicePackFiles\i386\isapnp.sys
[2008.04.13 20:36:41 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=05A299EC56E52649B1CF2FC52D20F2D7 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\isapnp.sys
[2008.04.13 20:36:41 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=05A299EC56E52649B1CF2FC52D20F2D7 -- C:\WINDOWS\system32\drivers\isapnp.sys
[2001.08.23 18:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=E504F706CCB699C2596E9A3DA1596E87 -- C:\WINDOWS\$NtServicePackUninstall$\isapnp.sys

< MD5 for: LSASS.EXE >
[2004.08.04 06:56:52 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=84885F9B82F4D55C6146EBF6065D75D2 -- C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
[2008.04.14 02:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=BF2466B3E18E970D8A976FB95FC1CA85 -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[2008.04.14 02:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=BF2466B3E18E970D8A976FB95FC1CA85 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\lsass.exe
[2008.04.14 02:12:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=BF2466B3E18E970D8A976FB95FC1CA85 -- C:\WINDOWS\system32\lsass.exe

< MD5 for: NDIS.SYS >
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ndis.sys
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2004.08.04 05:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

< MD5 for: NETLOGON.DLL >
[2008.04.14 02:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 02:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\netlogon.dll
[2008.04.14 02:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2009.02.06 20:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009.02.06 20:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004.08.04 06:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004.08.04 06:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008.04.14 02:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 02:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\scecli.dll
[2008.04.14 02:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SMSS.EXE >
[2008.04.14 02:12:36 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=5F816C1F539266D2D4C78694239DA0B5 -- C:\WINDOWS\ServicePackFiles\i386\smss.exe
[2008.04.14 02:12:36 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=5F816C1F539266D2D4C78694239DA0B5 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\smss.exe
[2008.04.14 02:12:36 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=5F816C1F539266D2D4C78694239DA0B5 -- C:\WINDOWS\system32\smss.exe
[2004.08.04 06:56:58 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=BD7FB0957C716F1A60333AEE04DE2178 -- C:\WINDOWS\$NtServicePackUninstall$\smss.exe

< MD5 for: SVCHOST.EXE >
[2008.04.14 02:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008.04.14 02:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\svchost.exe
[2008.04.14 02:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004.08.04 06:56:58 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: TCPIP.SYS >
[2008.06.20 12:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2008.06.20 12:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[2008.04.13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.04.13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008.04.13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2004.08.04 05:14:42 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys

< MD5 for: USERINIT.EXE >
[2004.08.04 06:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008.04.14 02:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 02:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\userinit.exe
[2008.04.14 02:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004.08.04 06:56:58 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 02:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 02:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\winlogon.exe
[2008.04.14 02:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WS2_32.DLL >
[2008.04.14 02:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008.04.14 02:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ws2_32.dll
[2008.04.14 02:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
[2004.08.04 06:56:48 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009.10.05 16:28:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009.10.05 16:28:48 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009.10.05 16:28:48 | 000,888,832 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2010.05.02 09:10:51 | 000,002,626 | ---- | M] () -- C:\WINDOWS\system32\CONFIG.NT
[2010.05.02 10:10:54 | 000,118,152 | ---- | M] () -- C:\WINDOWS\system32\FNTCACHE.DAT
[2010.05.02 10:13:15 | 000,039,992 | ---- | M] () -- C:\WINDOWS\system32\perfc009.dat
[2010.05.02 10:13:15 | 000,311,604 | ---- | M] () -- C:\WINDOWS\system32\perfh009.dat
[2010.05.02 10:13:15 | 000,356,120 | ---- | M] () -- C:\WINDOWS\system32\PerfStringBackup.INI
[2010.05.02 10:11:44 | 000,000,249 | ---- | M] () -- C:\WINDOWS\system32\spupdwxp.log
[2010.05.02 10:11:21 | 000,002,206 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

========== Files - Unicode (All) ==========
[2010.05.01 12:35:27 | 000,000,000 | R--D | M](C:\Documents and Settings\K\Desktop\??,???Postanschrift?????) -- C:\Documents and Settings\K\Desktop\今晚，我愛她Postanschrift耶扎布科娃
[2009.11.28 11:48:36 | 000,000,000 | R--D | C](C:\Documents and Settings\K\Desktop\??,???Postanschrift?????) -- C:\Documents and Settings\K\Desktop\今晚，我愛她Postanschrift耶扎布科娃

========== Alternate Data Streams ==========

@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:671329E4
< End of report >

#9 Příspěvek od **Caroprd111** » 02 kvě 2010 10:24

Spusťte OTL a do spodního okna vložte následující skript.

Kód: Vybrat vše

:OTL
IE - HKU\S-1-5-21-220523388-1035525444-1801674531-1003\..\URLSearchHook: - Reg Error: Key error. File not found
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - No CLSID value found.
O2 - BHO: (no name) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - No CLSID value found.
IE - HKU\S-1-5-21-220523388-1035525444-1801674531-1003\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - Reg Error: Key error. File not found
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\System32\9453.12256
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\System32\8806.15735
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\System32\8311.12988
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\System32\7972.17652
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\System32\7469.31085
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\7378.24772
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\723.25307
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\6926.4341
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\6423.615
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\System32\5636.24624
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\5371.9682
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\4971.2218
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\System32\4931.20403
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\System32\4728.18670
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\System32\4382.4853
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\3300.4103
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\32542.15983
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\System32\32478.15912
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\32162.21022
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\System32\31735.25758
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\31503.19946
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\System32\30561.9443
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\System32\30293.17923
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\29441.11216
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\System32\28728.7264
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\System32\28541.32004
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\System32\28459.22907
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\28280.9928
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\System32\27508.4699
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\System32\27407.15520
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\27065.29419
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\26994.27374
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\26960.26800
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\26957.16650
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\2631.3726
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\System32\26057.10796
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\System32\25769.7927
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\System32\25740.29879
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\24789.23326
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\24013.10884
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\System32\22894.19275
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\22506.14887
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\21449.26024
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\21310.400
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\20946.13949
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\20442.24549
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\19178.22668
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\System32\18635.18793
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\18277.18278
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\18236.16752
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\System32\18034.11661
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\16507.21496
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\System32\16443.26219
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\System32\15971.15782
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\15269.18333
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\System32\14522.5425
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\System32\14227.1090
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\System32\13533.10760
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\13516.14094
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\System32\12462.31910
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\12083.10755
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\11817.7480
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\11190.27474
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\System32\11158.27713
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\System32\10706.20335
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\System32\105.2718
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\10276.7549
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\System32\10202.8022
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\10169.4312
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\System32\10154.15388
[2010.04.23 06:28:55 | 000,017,719 | ---- | M] () -- C:\WINDOWS\System32\10018.9738
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:671329E4

:Commands
[EMPTYTEMP] 
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[RESETHOSTS] 
[CREATERESTOREPOINT]

Poté klikněte na Opravit, PC se restartuje, log vložte sem.

nijanek · #10 Příspěvek od **nijanek** » 02 kvě 2010 10:30

All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-220523388-1035525444-1801674531-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436a-86E4-9690573BEE8A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3FEE66E-E034-436a-86E4-9690573BEE8A}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3FEE66E-E034-436a-86E4-9690573BEE8A}\ not found.
Registry value HKEY_USERS\S-1-5-21-220523388-1035525444-1801674531-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ not found.
C:\WINDOWS\002862_.tmp deleted successfully.
C:\WINDOWS\005722_.tmp deleted successfully.
C:\WINDOWS\LastGood.Tmp\INF\oem1.inf deleted successfully.
C:\WINDOWS\LastGood.Tmp\INF\oem1.PNF deleted successfully.
C:\WINDOWS\LastGood.Tmp\INF\oem44.inf deleted successfully.
C:\WINDOWS\LastGood.Tmp\INF\oem44.PNF deleted successfully.
C:\WINDOWS\LastGood.Tmp\INF folder deleted successfully.
C:\WINDOWS\LastGood.Tmp folder deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
C:\WINDOWS\System32\asw10.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\System32\SPR004BD.TMP deleted successfully.
C:\WINDOWS\system32\9453.12256 moved successfully.
C:\WINDOWS\system32\8806.15735 moved successfully.
C:\WINDOWS\system32\8311.12988 moved successfully.
C:\WINDOWS\system32\7972.17652 moved successfully.
C:\WINDOWS\system32\7469.31085 moved successfully.
C:\WINDOWS\7378.24772 moved successfully.
C:\WINDOWS\723.25307 moved successfully.
C:\WINDOWS\6926.4341 moved successfully.
C:\WINDOWS\6423.615 moved successfully.
C:\WINDOWS\system32\5636.24624 moved successfully.
C:\WINDOWS\5371.9682 moved successfully.
C:\WINDOWS\4971.2218 moved successfully.
C:\WINDOWS\system32\4931.20403 moved successfully.
C:\WINDOWS\system32\4728.18670 moved successfully.
C:\WINDOWS\system32\4382.4853 moved successfully.
C:\WINDOWS\3300.4103 moved successfully.
C:\WINDOWS\32542.15983 moved successfully.
C:\WINDOWS\system32\32478.15912 moved successfully.
C:\WINDOWS\32162.21022 moved successfully.
C:\WINDOWS\system32\31735.25758 moved successfully.
C:\WINDOWS\31503.19946 moved successfully.
C:\WINDOWS\system32\30561.9443 moved successfully.
C:\WINDOWS\system32\30293.17923 moved successfully.
C:\WINDOWS\29441.11216 moved successfully.
C:\WINDOWS\system32\28728.7264 moved successfully.
C:\WINDOWS\system32\28541.32004 moved successfully.
C:\WINDOWS\system32\28459.22907 moved successfully.
C:\WINDOWS\28280.9928 moved successfully.
C:\WINDOWS\system32\27508.4699 moved successfully.
C:\WINDOWS\system32\27407.15520 moved successfully.
C:\WINDOWS\27065.29419 moved successfully.
C:\WINDOWS\26994.27374 moved successfully.
C:\WINDOWS\26960.26800 moved successfully.
C:\WINDOWS\26957.16650 moved successfully.
C:\WINDOWS\2631.3726 moved successfully.
C:\WINDOWS\system32\26057.10796 moved successfully.
C:\WINDOWS\system32\25769.7927 moved successfully.
C:\WINDOWS\system32\25740.29879 moved successfully.
C:\WINDOWS\24789.23326 moved successfully.
C:\WINDOWS\24013.10884 moved successfully.
C:\WINDOWS\system32\22894.19275 moved successfully.
C:\WINDOWS\22506.14887 moved successfully.
C:\WINDOWS\21449.26024 moved successfully.
C:\WINDOWS\21310.400 moved successfully.
C:\WINDOWS\20946.13949 moved successfully.
C:\WINDOWS\20442.24549 moved successfully.
C:\WINDOWS\19178.22668 moved successfully.
C:\WINDOWS\system32\18635.18793 moved successfully.
C:\WINDOWS\18277.18278 moved successfully.
C:\WINDOWS\18236.16752 moved successfully.
C:\WINDOWS\system32\18034.11661 moved successfully.
C:\WINDOWS\16507.21496 moved successfully.
C:\WINDOWS\system32\16443.26219 moved successfully.
C:\WINDOWS\system32\15971.15782 moved successfully.
C:\WINDOWS\15269.18333 moved successfully.
C:\WINDOWS\system32\14522.5425 moved successfully.
C:\WINDOWS\system32\14227.1090 moved successfully.
C:\WINDOWS\system32\13533.10760 moved successfully.
C:\WINDOWS\13516.14094 moved successfully.
C:\WINDOWS\system32\12462.31910 moved successfully.
C:\WINDOWS\12083.10755 moved successfully.
C:\WINDOWS\11817.7480 moved successfully.
C:\WINDOWS\11190.27474 moved successfully.
C:\WINDOWS\system32\11158.27713 moved successfully.
C:\WINDOWS\system32\10706.20335 moved successfully.
C:\WINDOWS\system32\105.2718 moved successfully.
C:\WINDOWS\10276.7549 moved successfully.
C:\WINDOWS\system32\10202.8022 moved successfully.
C:\WINDOWS\10169.4312 moved successfully.
C:\WINDOWS\system32\10154.15388 moved successfully.
C:\WINDOWS\system32\10018.9738 moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:671329E4 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temporary Internet Files folder emptied: 205106 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: K
->Temp folder emptied: 374433523 bytes
->Temporary Internet Files folder emptied: 116378 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 44312506 bytes
->Flash cache emptied: 3503 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: mùj úèet
->Java cache emptied: 25801297 bytes

User: můj účet
->Temp folder emptied: 2189977 bytes
->Temporary Internet Files folder emptied: 11241789 bytes
->FireFox cache emptied: 46232253 bytes
->Flash cache emptied: 2437 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 999809 bytes

User: TYPHOON

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1390538333 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 145295220 bytes

Total Files Cleaned = 1 947,00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: K
->Flash cache emptied: 0 bytes

User: LocalService

User: mùj úèet

User: můj účet
->Flash cache emptied: 0 bytes

User: NetworkService

User: TYPHOON

Total Flash Files Cleaned = 0,00 mb

Restore points cleared and new OTL Restore Point set!
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

OTL by OldTimer - Version 3.2.4.0 log created on 05022010_112629

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_5d0.dat not found!

Registry entries deleted on Reboot...

#11 Příspěvek od **Caroprd111** » 02 kvě 2010 10:41

Jak to vypadá s PC

nijanek · #12 Příspěvek od **nijanek** » 02 kvě 2010 10:45

tak vypadá,že všechno je ok.Mockrát děkuji a hezký zbytek víkendu

#13 Příspěvek od **Caroprd111** » 02 kvě 2010 10:47

Stáhněte TFC http://oldtimer.geekstogo.com/TFC.exe

Spusťte.
Klikněte na "Start". Potvrďte hlášku kliknutím na "Ok" (Bude následovat restart)

Stáhněte OTC http://oldtimer.geekstogo.com/OTC.exe

Spusťte.
Klikněte na "CleanUp!". Potvrďte hlášky kliknutím na "Yes" (Bude následovat restart)

Stáhněte Ccleaner http://viry.cz/forum/viewtopic.php?t=7478

Nainstalujte a v průběhu instalace odškrtněte, že chcete instalovat yahoo toolbar.

Záložka Čistič
Dejte analyzovat, po dokončení dejte Spustit Ccleaner.

Záložka Registry
Klikněte na Hledej problémy, po dokončení klikněte na Opravit problémy, zálohu dělat nemusíte, potom dejte Opravit všechny problémy.
OK Zavřít

V logu nevidím firewall, doinstalujte

Přehled: http://www.viry.cz/forum/viewtopic.php?f=41&t=6523

Obrázek

Dejte nový log z RSIT.

VIRY.CZ

nefunkčnost některých stránek na internetu

nefunkčnost některých stránek na internetu

Re: nefunkčnost některých stránek na internetu

Re: nefunkčnost některých stránek na internetu

Re: nefunkčnost některých stránek na internetu

Re: nefunkčnost některých stránek na internetu

Re: nefunkčnost některých stránek na internetu

Re: nefunkčnost některých stránek na internetu

Re: nefunkčnost některých stránek na internetu

Re: nefunkčnost některých stránek na internetu

Re: nefunkčnost některých stránek na internetu

Re: nefunkčnost některých stránek na internetu

Re: nefunkčnost některých stránek na internetu

Re: nefunkčnost některých stránek na internetu