Dobrý den, prosím Vás o radu, jelikož tomuto problému moc nerozumím. Můj comp napadl nějaký vir, který mi pouští iexplorer buďto skrytě v pozadí a je vidět jen ve správci systému a nebo otevřeně otevírá reklamy a jako vedlejšák si vzal vypínání audia a mazání adresy na DNS server. Prosím pomozte. Zde je log z combofixu:
ComboFix 10-06-29.02 - Karel IV 30.06.2010 16:30:46.2.1 - x86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1023.829 [GMT 2:00]
Spuštěný z: E:\ComboFix.exe
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-05-28 do 2010-06-30 )))))))))))))))))))))))))))))))
.
2010-06-29 22:48 . 2010-06-29 22:48 -------- d-----w- c:\documents and settings\LocalService\Plocha
2010-06-29 22:25 . 2010-06-29 22:25 -------- d-----w- c:\program files\BillP Studios
2010-06-29 21:02 . 2010-06-29 21:02 389632 ----a-w- c:\windows\system32\CF31605.exe
2010-06-29 07:37 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-29 07:37 . 2010-06-29 22:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-29 07:37 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-29 07:35 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-06-29 03:00 . 2010-06-28 23:13 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-06-28 23:13 . 2010-06-28 23:13 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-06-28 23:08 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 23:08 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-28 23:08 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 23:08 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 23:08 . 2010-06-28 20:32 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-28 23:08 . 2010-06-28 20:32 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-28 23:08 . 2010-06-28 20:32 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-06-28 23:07 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 23:07 . 2010-06-28 23:07 -------- d-----w- c:\program files\Alwil Software
2010-06-28 16:14 . 2010-06-29 21:51 -------- d-s---w- c:\documents and settings\NetworkService\Oblíbené položky
2010-06-28 16:14 . 2010-06-28 16:14 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-06-28 15:58 . 2010-06-28 15:58 -------- d-----w- c:\windows\system32\wbem\Repository
2010-06-28 08:46 . 2010-06-28 08:46 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2010-06-28 08:44 . 2010-06-29 21:51 -------- d-s---w- c:\documents and settings\LocalService\Oblíbené položky
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-29 22:18 . 2009-11-12 23:29 -------- d-----w- c:\program files\CentrumczToolbar
2010-06-28 23:12 . 2009-05-17 05:33 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-06-28 23:04 . 2009-05-17 05:32 -------- d-----w- c:\program files\Lavasoft
2010-06-23 20:52 . 2009-05-26 05:15 -------- d-----w- c:\program files\Opera 10 Preview
2010-06-12 17:51 . 2009-09-30 17:14 -------- d-----w- c:\program files\VirtualDJ
2010-06-10 05:10 . 2010-04-26 19:21 -------- d-----w- c:\program files\ICQ7.1
2010-05-30 09:06 . 2010-05-24 15:15 -------- d-----w- c:\program files\NCH Software
.
------- Sigcheck -------
[-] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\ERDNT\cache\mshtml.dll
[-] 2004-08-17 . 292A052A6AE36CC512419DDCE6A9DD2F . 3444224 . . [6.00.2900.2180] . . c:\windows\ServicePackFiles\i386\mshtml.dll
[-] 2004-08-17 . 292A052A6AE36CC512419DDCE6A9DD2F . 3444224 . . [6.00.2900.2180] . . c:\windows\system32\mshtml.dll
[-] 2002-09-20 . 876417092E5341E0A2287D06D3DC27F2 . 2833920 . . [6.00.2800.1106] . . c:\windows\$NtServicePackUninstall$\mshtml.dll
[-] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\ERDNT\cache\wininet.dll
[-] 2004-08-17 . 321E734A0B91C43725463C509056B2AA . 691712 . . [6.00.2900.2180] . . c:\windows\ServicePackFiles\i386\wininet.dll
[-] 2004-08-17 . 321E734A0B91C43725463C509056B2AA . 691712 . . [6.00.2900.2180] . . c:\windows\system32\wininet.dll
[-] 2002-09-20 . D1A616D5337E344A0DD6C6DF7733A6C3 . 600064 . . [6.00.2800.1106] . . c:\windows\$NtServicePackUninstall$\wininet.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-06-29_21.24.19 )))))))))))))))))))))))))))))))))))))))))
.
+ 2002-09-20 18:04 . 2004-08-17 13:49 59392 c:\windows\system32\url.dll
+ 2002-09-20 18:04 . 2004-08-17 13:49 39424 c:\windows\system32\pngfilt.dll
+ 2002-09-20 18:01 . 2004-08-17 13:48 56832 c:\windows\system32\mshtmler.dll
+ 2001-10-25 14:00 . 2004-08-17 13:49 29184 c:\windows\system32\mshta.exe
+ 2002-09-20 18:04 . 2004-08-17 13:49 22016 c:\windows\system32\licmgr10.dll
+ 2001-10-25 14:00 . 2004-08-17 13:49 15872 c:\windows\system32\jsproxy.dll
+ 2002-09-20 18:04 . 2004-08-17 13:49 96768 c:\windows\system32\inseng.dll
+ 2002-09-20 18:03 . 2004-08-17 13:49 35840 c:\windows\system32\imgutil.dll
+ 2002-09-20 18:03 . 2004-08-17 13:49 62976 c:\windows\system32\iesetup.dll
+ 2001-10-25 14:00 . 2004-08-17 13:49 48640 c:\windows\system32\iernonce.dll
+ 2009-06-15 18:52 . 2004-08-17 13:49 81920 c:\windows\system32\ieencode.dll
+ 2002-09-20 18:05 . 2004-08-17 13:49 34304 c:\windows\system32\ie4uinit.exe
+ 2001-10-25 14:00 . 2004-08-17 13:49 35328 c:\windows\system32\corpol.dll
+ 2009-05-17 05:14 . 2010-06-30 14:30 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-05-17 05:14 . 2010-06-29 21:23 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-05-17 05:14 . 2010-06-30 14:30 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-05-17 05:14 . 2010-06-29 21:23 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-05-17 05:14 . 2010-06-30 14:30 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-05-17 05:14 . 2010-06-29 21:23 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2001-10-25 14:00 . 2004-08-17 13:49 61440 c:\windows\system32\admparse.dll
+ 2002-09-20 18:05 . 2004-08-17 13:49 439808 c:\windows\system32\webcheck.dll
+ 2002-09-20 18:04 . 2004-08-17 13:49 417792 c:\windows\system32\vbscript.dll
+ 2002-09-20 18:04 . 2004-08-17 13:49 675328 c:\windows\system32\urlmon.dll
+ 2002-09-20 18:04 . 2004-08-17 13:49 498176 c:\windows\system32\shlwapi.dll
+ 2001-10-25 14:00 . 2004-08-17 13:49 147456 c:\windows\system32\occache.dll
+ 2002-09-20 18:04 . 2004-08-17 13:49 530432 c:\windows\system32\mstime.dll
+ 2002-09-20 18:04 . 2004-08-17 13:49 146432 c:\windows\system32\msrating.dll
+ 2001-10-25 14:00 . 2001-10-25 14:00 146432 c:\windows\system32\msls31.dll
+ 2002-09-20 18:04 . 2004-08-17 13:49 448512 c:\windows\system32\mshtmled.dll
+ 2001-10-25 14:00 . 2004-08-17 13:49 450560 c:\windows\system32\jscript.dll
+ 2002-09-20 18:03 . 2004-08-17 13:49 249344 c:\windows\system32\iepeers.dll
+ 2002-09-20 18:03 . 2004-08-17 13:49 323584 c:\windows\system32\iedkcs32.dll
+ 2001-10-25 14:00 . 2001-10-25 14:00 225280 c:\windows\system32\ieakui.dll
+ 2002-09-20 18:03 . 2004-08-17 13:49 219136 c:\windows\system32\ieaksie.dll
+ 2002-09-20 18:03 . 2004-08-17 13:49 139264 c:\windows\system32\ieakeng.dll
+ 2002-09-20 18:03 . 2004-08-17 13:49 201728 c:\windows\system32\dxtrans.dll
+ 2002-09-20 18:03 . 2004-08-17 13:49 357888 c:\windows\system32\dxtmsft.dll
+ 2001-10-25 14:00 . 2001-10-25 14:00 146432 c:\windows\system32\dllcache\msls31.dll
+ 2001-10-25 14:00 . 2001-10-25 14:00 225280 c:\windows\system32\dllcache\ieakui.dll
+ 2002-09-20 18:03 . 2004-08-17 13:49 100352 c:\windows\system32\advpack.dll
+ 2002-09-20 18:04 . 2004-08-17 13:49 1763328 c:\windows\system32\shdocvw.dll
+ 2009-10-22 07:57 . 2010-06-29 22:49 6175708 c:\windows\system32\Restore\rstrlog.dat
+ 2002-09-20 18:03 . 2004-08-17 13:49 1015296 c:\windows\system32\browseui.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ICQ"="c:\program files\ICQ7.1\ICQ.exe" [2010-06-08 133368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AudioDeck"="c:\program files\VIAudioi\SBADeck\ADeck.exe" [2005-03-04 512000]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-10-25 77824]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^McAfee Security Scan.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\McAfee Security Scan.lnk
backup=c:\windows\pss\McAfee Security Scan.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Karel IV^Nabídka Start^Programy^Po spuštění^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\Karel IV\Nabídka Start\Programy\Po spuštění\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Karel IV^Nabídka Start^Programy^Po spuštění^RocketDock.lnk]
path=c:\documents and settings\Karel IV\Nabídka Start\Programy\Po spuštění\RocketDock.lnk
backup=c:\windows\pss\RocketDock.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Karel IV^Nabídka Start^Programy^Po spuštění^TransBar.lnk]
path=c:\documents and settings\Karel IV\Nabídka Start\Programy\Po spuštění\TransBar.lnk
backup=c:\windows\pss\TransBar.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Karel IV^Nabídka Start^Programy^Po spuštění^UberIcon.lnk]
path=c:\documents and settings\Karel IV\Nabídka Start\Programy\Po spuštění\UberIcon.lnk
backup=c:\windows\pss\UberIcon.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Karel IV^Nabídka Start^Programy^Po spuštění^Y'z Shadow.lnk]
path=c:\documents and settings\Karel IV\Nabídka Start\Programy\Po spuštění\Y'z Shadow.lnk
backup=c:\windows\pss\Y'z Shadow.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
2010-06-28 23:12 864112 ----a-w- c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 21:16 39792 -c--a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2004-08-17 13:49 15360 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
2007-07-25 14:02 563984 ----a-w- c:\program files\Common Files\logishrd\LComMgr\Communications_Helper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2007-07-25 14:06 2027792 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2006-10-22 10:22 7700480 ----a-w- c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2006-10-22 10:22 86016 -c--a-w- c:\windows\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2006-10-22 10:22 1622016 -c--a-w- c:\windows\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2009-11-09 03:17 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-10-25 12:20 77824 ----a-w- c:\program files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-04-06 00:27 26102056 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-11-16 23:16 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-05-17 15:34 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ICQ Service"=2 (0x2)
"gusvc"=3 (0x3)
"gupdate"=2 (0x2)
"LVCOMSer"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\VirtualDJ\\virtualdj_trial.exe"=
"c:\\Program Files\\Opera 10 Preview\\opera.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"e:\\share DC++\\BzukosheQ\\Counter-Strike Source\\hl2.exe"=
"c:\\Program Files\\ICQ7.1\\ICQ.exe"=
"c:\\Program Files\\ICQ7.1\\aolload.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [17.5.2009 7:33 64288]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [29.6.2010 1:08 165456]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [29.6.2010 1:08 17744]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [4.2.2010 17:52 1352832]
S4 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6.2.2010 22:43 135664]
S4 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [29.11.2009 13:17 246520]
.
Obsah adresáře 'Naplánované úlohy'
2010-06-30 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 23:12]
2010-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 20:42]
2010-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-06 20:42]
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = iexplore
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
TCP: {DFF07C34-4BC2-479A-8E36-022D8EDDDD8A} = 62.209.237.34,62.84.128.6
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath -
---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
AddRemove-Facebook Plug-In - c:\documents and settings\Karel IV\Data aplikací\Facebook\uninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-30 16:39
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,66,70,8d,0d,41,1d,f8,44,a8,68,f4,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,66,70,8d,0d,41,1d,f8,44,a8,68,f4,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(1436)
c:\windows\system32\msi.dll
.
Celkový čas: 2010-06-30 16:41:08
ComboFix-quarantined-files.txt 2010-06-30 14:41
ComboFix2.txt 2010-06-29 21:29
Před spuštěním: 5 207 429 120
Po spuštění: 5 254 201 344
- - End Of File - - AE5EB4D06065F2C24754BB0E08D7DC2E
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
samovolné spouštění iexplorer a jiných, vypínaní zvuku?!
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119418
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: samovolné spouštění iexplorer a jiných, vypínaní zvuku?!
Dejte log z ComboFix.
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: samovolné spouštění iexplorer a jiných, vypínaní zvuku?!
Dobry vecer, log z combofixu jsem prilozil k zadosti o pomoc. Pokud chcete novy, udelam jej.
-
Rudy
- Site Admin
- Příspěvky: 119418
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: samovolné spouštění iexplorer a jiných, vypínaní zvuku?!
OK. Tyto soubory:
Otestujte online na www.virustotal.com . Výsledek oznamte.c:\windows\system32\mshtml.dll
c:\windows\system32\wininet.dll
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: samovolné spouštění iexplorer a jiných, vypínaní zvuku?!
Dekuji, nasel jsem je, ale nejdou smazat ani v nouzovym?! Jak je prosim smazu?
Re: samovolné spouštění iexplorer a jiných, vypínaní zvuku?!
Omlouvam se, prehlidl jsem posledni radek, tak vyhodilo mi to tyhle linky:
http://www.virustotal.com/analisis/f23c ... 1257793406
http://www.virustotal.com/analisis/5edb ... 1257790284
http://www.virustotal.com/analisis/f23c ... 1257793406
http://www.virustotal.com/analisis/5edb ... 1257790284
-
Rudy
- Site Admin
- Příspěvky: 119418
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: samovolné spouštění iexplorer a jiných, vypínaní zvuku?!
Nic nemažte, jsou to systémové soubory!!! Šlo mi jen o to zjistit, zda jsou čisté. Jsou OK. Jinak anmi v logu nic nebezpečného není vidět. Udělejte ještě sken AVPTool: http://www.viry.cz/forum/viewtopic.php?f=29&t=58179 .
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: samovolné spouštění iexplorer a jiných, vypínaní zvuku?!
Tak mi to 8hodin projizdelo a vysledek je takovy:
Autoscan: completed 1 minute ago (events: 16, objects: 260786, time: 08:13:08)
2.7.2010 0:50:25 Task started
2.7.2010 3:35:59 Detected: MultiPacked.Multi.Generic E:\share DC++\Games\games\atomica.deluxe.2.52.keygen-tsrh.zip/atomica.deluxe.2.52.keygen-tsrh.exe/ExeStealth
2.7.2010 3:36:03 Detected: MultiPacked.Multi.Generic E:\share DC++\Games\games\LOMALKA[1].RU-Seven_Seas_Deluxe_v1.13.zip/seven.seas.deluxe.1.13.keygen-tsrh.exe/ExeStealth
2.7.2010 4:05:01 Detected: Trojan.Win32.Genome.ijwp E:\System Volume Information\_restore{23F9C02A-F9FB-4CC0-BD94-8EEBDE0EEC45}\RP16\A0004625.exe/data0001
2.7.2010 4:20:56 Detected: not-a-virus:AdWare.Win32.NewDotNet E:\System Volume Information\_restore{E7B7A71D-1FC8-40C6-9DDD-3394BB9BB1BE}\RP69\A0034134.exe/data0016
2.7.2010 8:57:05 Deleted: not-a-virus:AdWare.Win32.NewDotNet E:\System Volume Information\_restore{E7B7A71D-1FC8-40C6-9DDD-3394BB9BB1BE}\RP69\A0034134.exe
2.7.2010 8:57:08 Deleted: MultiPacked.Multi.Generic E:\share DC++\Games\games\atomica.deluxe.2.52.keygen-tsrh.zip/atomica.deluxe.2.52.keygen-tsrh.exe
2.7.2010 8:57:08 Deleted: MultiPacked.Multi.Generic E:\share DC++\Games\games\LOMALKA[1].RU-Seven_Seas_Deluxe_v1.13.zip/seven.seas.deluxe.1.13.keygen-tsrh.exe
2.7.2010 8:57:10 Detected: MultiPacked.Multi.Generic E:\share DC++\Games\games\mummy.maze.deluxe.1.1.keygen-tsrh.zip/mummy.maze.deluxe.1.1.keygen-tsrh.exe/ExeStealth
2.7.2010 8:57:10 Deleted: Trojan.Win32.Genome.ijwp E:\System Volume Information\_restore{23F9C02A-F9FB-4CC0-BD94-8EEBDE0EEC45}\RP16\A0004625.exe
2.7.2010 8:57:17 Detected: MultiPacked.Multi.Generic E:\share DC++\Games\games\rocket.mania.deluxe.1.0.keygen-tsrh.zip/rocket.mania.deluxe.1.0.keygen-tsrh.exe/ExeStealth
2.7.2010 8:57:26 Deleted: MultiPacked.Multi.Generic E:\share DC++\Games\games\mummy.maze.deluxe.1.1.keygen-tsrh.zip/mummy.maze.deluxe.1.1.keygen-tsrh.exe
2.7.2010 8:57:27 Detected: MultiPacked.Multi.Generic E:\share DC++\Games\games\tiptop.deluxe.1.1.keygen-tsrh.zip/tiptop.deluxe.1.1.keygen-tsrh.exe/ExeStealth
2.7.2010 8:57:34 Deleted: MultiPacked.Multi.Generic E:\share DC++\Games\games\rocket.mania.deluxe.1.0.keygen-tsrh.zip/rocket.mania.deluxe.1.0.keygen-tsrh.exe
2.7.2010 8:57:42 Deleted: MultiPacked.Multi.Generic E:\share DC++\Games\games\tiptop.deluxe.1.1.keygen-tsrh.zip/tiptop.deluxe.1.1.keygen-tsrh.exe
2.7.2010 9:03:34 Task completed
Autoscan: completed 1 minute ago (events: 16, objects: 260786, time: 08:13:08)
2.7.2010 0:50:25 Task started
2.7.2010 3:35:59 Detected: MultiPacked.Multi.Generic E:\share DC++\Games\games\atomica.deluxe.2.52.keygen-tsrh.zip/atomica.deluxe.2.52.keygen-tsrh.exe/ExeStealth
2.7.2010 3:36:03 Detected: MultiPacked.Multi.Generic E:\share DC++\Games\games\LOMALKA[1].RU-Seven_Seas_Deluxe_v1.13.zip/seven.seas.deluxe.1.13.keygen-tsrh.exe/ExeStealth
2.7.2010 4:05:01 Detected: Trojan.Win32.Genome.ijwp E:\System Volume Information\_restore{23F9C02A-F9FB-4CC0-BD94-8EEBDE0EEC45}\RP16\A0004625.exe/data0001
2.7.2010 4:20:56 Detected: not-a-virus:AdWare.Win32.NewDotNet E:\System Volume Information\_restore{E7B7A71D-1FC8-40C6-9DDD-3394BB9BB1BE}\RP69\A0034134.exe/data0016
2.7.2010 8:57:05 Deleted: not-a-virus:AdWare.Win32.NewDotNet E:\System Volume Information\_restore{E7B7A71D-1FC8-40C6-9DDD-3394BB9BB1BE}\RP69\A0034134.exe
2.7.2010 8:57:08 Deleted: MultiPacked.Multi.Generic E:\share DC++\Games\games\atomica.deluxe.2.52.keygen-tsrh.zip/atomica.deluxe.2.52.keygen-tsrh.exe
2.7.2010 8:57:08 Deleted: MultiPacked.Multi.Generic E:\share DC++\Games\games\LOMALKA[1].RU-Seven_Seas_Deluxe_v1.13.zip/seven.seas.deluxe.1.13.keygen-tsrh.exe
2.7.2010 8:57:10 Detected: MultiPacked.Multi.Generic E:\share DC++\Games\games\mummy.maze.deluxe.1.1.keygen-tsrh.zip/mummy.maze.deluxe.1.1.keygen-tsrh.exe/ExeStealth
2.7.2010 8:57:10 Deleted: Trojan.Win32.Genome.ijwp E:\System Volume Information\_restore{23F9C02A-F9FB-4CC0-BD94-8EEBDE0EEC45}\RP16\A0004625.exe
2.7.2010 8:57:17 Detected: MultiPacked.Multi.Generic E:\share DC++\Games\games\rocket.mania.deluxe.1.0.keygen-tsrh.zip/rocket.mania.deluxe.1.0.keygen-tsrh.exe/ExeStealth
2.7.2010 8:57:26 Deleted: MultiPacked.Multi.Generic E:\share DC++\Games\games\mummy.maze.deluxe.1.1.keygen-tsrh.zip/mummy.maze.deluxe.1.1.keygen-tsrh.exe
2.7.2010 8:57:27 Detected: MultiPacked.Multi.Generic E:\share DC++\Games\games\tiptop.deluxe.1.1.keygen-tsrh.zip/tiptop.deluxe.1.1.keygen-tsrh.exe/ExeStealth
2.7.2010 8:57:34 Deleted: MultiPacked.Multi.Generic E:\share DC++\Games\games\rocket.mania.deluxe.1.0.keygen-tsrh.zip/rocket.mania.deluxe.1.0.keygen-tsrh.exe
2.7.2010 8:57:42 Deleted: MultiPacked.Multi.Generic E:\share DC++\Games\games\tiptop.deluxe.1.1.keygen-tsrh.zip/tiptop.deluxe.1.1.keygen-tsrh.exe
2.7.2010 9:03:34 Task completed
-
Rudy
- Site Admin
- Příspěvky: 119418
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: samovolné spouštění iexplorer a jiných, vypínaní zvuku?!
Máte PC plný keygenů a jiných utilit, sloužících k porušování autorského zákona, jejichž součástí bývá virus. Celou řadu jich AVP smazal. Máte-li tam ještě nějaké, smažte je rovněž. Změnilo se něco?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: samovolné spouštění iexplorer a jiných, vypínaní zvuku?!
Dobry vecer, nezmenilo se nic. Stale mi ve spravci uloh vyskakuje iexplorer, unsecapp, wmiprvse a jine veci ktere predtim nebyly. Iexplorer, kdyz dam ukoncit okamzite vybehne novy, stale se pta na to zda se ma stat hlavnim prohlizecem a pousti reklamy na telefony, stastny zivot a podobne. Krom tohoto, vypinani zvuku, mazani DNS adresy mi jeste smazal panel pro snadne spusteni a vypina mi Avast a zrusil bod obnoveni. 
No zvlada toho sikula radne nasekat.
No zvlada toho sikula radne nasekat.-
Rudy
- Site Admin
- Příspěvky: 119418
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: samovolné spouštění iexplorer a jiných, vypínaní zvuku?!
Stáhněte a spusťte OTL: http://oldtimer.geekstogo.com/OTL.exe . Do spodního okna vložte:
Zaškrtněte kontrola na "Lop" a "Purity", "Pro všechny uživatele" a klikněte na "Prohledat". Po akci sem vložte oba logy.netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
tcpip.sys
cryptsvc.dll
Changer.sys
JakNDis.sys
isapnp.sys
cdrom.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
CREATERESTOREPOINT
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: samovolné spouštění iexplorer a jiných, vypínaní zvuku?!
OTL logfile created on: 2.7.2010 21:38:24 - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = E:\
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
1 023,00 Mb Total Physical Memory | 444,00 Mb Available Physical Memory | 43,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): C:\pagefile.sys 1500 2000 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 14,65 Gb Total Space | 3,22 Gb Free Space | 21,98% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 171,66 Gb Total Space | 20,85 Gb Free Space | 12,14% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: KAREL-20BTTPBU8
Current User Name: Karel IV
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010.07.02 21:24:29 | 000,574,464 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
PRC - [2010.07.02 01:13:40 | 001,352,832 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010.06.29 09:33:29 | 002,701,416 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\Setup\avast.setup
PRC - [2010.06.29 01:12:46 | 000,864,112 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010.06.28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010.06.16 11:57:22 | 000,835,952 | ---- | M] (Opera Software) -- C:\Program Files\Opera 10 Preview\opera.exe
PRC - [2010.06.08 13:39:01 | 000,133,368 | ---- | M] (ICQ, LLC.) -- C:\Program Files\ICQ7.1\ICQ.exe
PRC - [2005.01.18 06:50:00 | 000,825,380 | ---- | M] (C. Ghisler & Co.) -- C:\totalcmd\TOTALCMD.EXE
PRC - [2004.08.17 15:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2001.10.25 16:00:00 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sndvol32.exe
========== Modules (SafeList) ==========
MOD - [2010.07.02 21:24:29 | 000,574,464 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
MOD - [2004.08.17 15:49:04 | 000,059,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cabinet.dll
MOD - [2004.08.17 15:48:02 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2004.08.03 23:01:18 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - [2010.07.02 01:13:40 | 001,352,832 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010.06.28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010.06.28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010.06.28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010.01.03 17:07:48 | 000,246,520 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2007.07.20 00:42:30 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\logishrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2007.07.20 00:40:48 | 000,137,752 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2007.07.20 00:38:54 | 000,186,904 | ---- | M] (Logitech Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
========== Driver Services (SafeList) ==========
DRV - [2010.06.29 01:12:55 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010.06.28 22:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010.06.28 22:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2010.06.28 22:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010.06.28 22:32:45 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010.06.28 22:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010.06.28 22:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009.11.09 05:21:18 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009.10.22 13:54:18 | 000,037,392 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\10271622.sys -- (10271622)
DRV - [2009.09.25 17:59:42 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\10271621.sys -- (10271621)
DRV - [2007.07.20 00:39:50 | 002,142,488 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2007.07.20 00:37:56 | 002,109,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2007.07.19 02:44:00 | 000,041,752 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007.07.19 02:39:38 | 000,490,776 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928)
DRV - [2007.07.18 17:42:42 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2006.10.22 12:22:00 | 003,994,624 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2005.02.01 16:39:04 | 000,176,128 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vinyl97.sys -- (VIAudio) Vinyl AC'97 Audio Controller (WDM)
========== Standard Registry (All) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... R}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/ ... chcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/ ... chasst.htm
IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,DefaultScope = {A3B1A68E-51A6-4355-BBD8-4F9F33248A0A}
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
IE - HKU\.DEFAULT\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\..\URLSearchHook: *{855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,DefaultScope = {A3B1A68E-51A6-4355-BBD8-4F9F33248A0A}
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
IE - HKU\S-1-5-18\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\..\URLSearchHook: *{855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-682003330-515967899-2147268071-1003\SOFTWARE\Microsoft\Internet Explorer\Main,DefaultScope = {A3B1A68E-51A6-4355-BBD8-4F9F33248A0A}
IE - HKU\S-1-5-21-682003330-515967899-2147268071-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-682003330-515967899-2147268071-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKU\S-1-5-21-682003330-515967899-2147268071-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-682003330-515967899-2147268071-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-682003330-515967899-2147268071-1003\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-682003330-515967899-2147268071-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Centrum.cz Search"
FF - prefs.js..browser.search.selectedEngine: "Centrum.cz Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17
FF - prefs.js..extensions.enabledItems: Cetrumcz@igeared:1.202.012.001
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.10
FF - prefs.js..keyword.URL: "http://search.centrum.cz/index.php?tool ... m-1.0.0&q="
FF - HKLM\software\mozilla\Firefox\Extensions\\Cetrumcz@igeared: C:\Program Files\CentrumczToolbar\Firefox\Cetrumcz@igeared [2010.03.09 21:15:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009.11.17 01:16:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.06.30 17:39:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.06.23 20:41:31 | 000,000,000 | ---D | M]
[2010.06.30 17:39:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karel IV\Data aplikací\Mozilla\Extensions
[2010.06.30 17:39:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Karel IV\Data aplikací\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010.06.30 17:39:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karel IV\Data aplikací\Mozilla\Firefox\Profiles\6b4rkohn.default\extensions
[2010.06.30 17:39:41 | 000,000,694 | ---- | M] () -- C:\Documents and Settings\Karel IV\Data aplikací\Mozilla\Firefox\Profiles\6b4rkohn.default\searchplugins\icq-search.xml
[2008.03.31 11:52:00 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\Karel IV\Data aplikací\Mozilla\Firefox\Profiles\6b4rkohn.default\searchplugins\icqplugin.gif
[2009.10.27 11:10:54 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Karel IV\Data aplikací\Mozilla\Firefox\Profiles\6b4rkohn.default\searchplugins\icqplugin.src
[2010.06.30 10:34:08 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009.11.29 13:17:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.06.23 20:41:31 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009.11.17 01:16:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010.06.23 20:41:24 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010.06.23 20:41:24 | 000,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2007.04.10 18:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
[2009.11.17 01:16:06 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2010.06.23 20:41:27 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2010.02.22 22:01:12 | 000,098,304 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2010.02.22 22:01:12 | 000,098,304 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2010.02.22 22:01:12 | 000,098,304 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2010.02.22 22:01:12 | 000,098,304 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2010.02.22 22:01:12 | 000,098,304 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2010.02.22 22:01:12 | 000,098,304 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2010.04.18 12:33:44 | 000,001,497 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\avg_igeared.xml
[2009.10.21 04:10:38 | 000,001,425 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\Cetrumcz_igeared.xml
[2009.08.24 21:07:44 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009.08.24 21:07:44 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2009.08.24 21:07:44 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2009.08.24 21:07:44 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2009.08.24 21:07:44 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2009.08.24 21:07:44 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml
O1 HOSTS File: ([2010.06.29 23:24:06 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Adresa) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Odkazy) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll File not found
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Centrum.cz Toolbar) - {D5D47440-0750-463D-BAEF-A47D02414806} - C:\Program Files\CentrumczToolbar\IEToolbar.dll File not found
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Adresa) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Odkazy) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll File not found
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Centrum.cz Toolbar) - {D5D47440-0750-463D-BAEF-A47D02414806} - C:\Program Files\CentrumczToolbar\IEToolbar.dll File not found
O3 - HKU\S-1-5-21-682003330-515967899-2147268071-1003\..\Toolbar\ShellBrowser: (&Adresa) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O3 - HKU\S-1-5-21-682003330-515967899-2147268071-1003\..\Toolbar\WebBrowser: (&Adresa) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O3 - HKU\S-1-5-21-682003330-515967899-2147268071-1003\..\Toolbar\WebBrowser: (&Odkazy) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-682003330-515967899-2147268071-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll File not found
O3 - HKU\S-1-5-21-682003330-515967899-2147268071-1003\..\Toolbar\WebBrowser: (Centrum.cz Toolbar) - {D5D47440-0750-463D-BAEF-A47D02414806} - C:\Program Files\CentrumczToolbar\IEToolbar.dll File not found
O4 - HKLM..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe (VIA Technologies, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKU\.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-682003330-515967899-2147268071-1003..\Run: [ICQ] C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-682003330-515967899-2147268071-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-682003330-515967899-2147268071-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-682003330-515967899-2147268071-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-682003330-515967899-2147268071-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-682003330-515967899-2147268071-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/sh ... wflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Proces mezipaměti kategorií součástí - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Nebe.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Nebe.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.05.17 07:11:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009.05.17 07:11:15 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
Drivers32: msacm.ac3acm - C:\WINDOWS\System32\AC3ACM.acm (fccHandler)
Drivers32: msacm.alf2cd - C:\WINDOWS\System32\alf2cd.acm (NCT Company)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.scg726 - C:\WINDOWS\System32\Scg726.acm (SHARP Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\divx.dll (DivXNetworks, Inc.)
Drivers32: vidc.dvsd - C:\WINDOWS\System32\mcdvd_32.dll (MainConcept)
Drivers32: VIDC.FPS1 - C:\WINDOWS\System32\frapsvid.dll (Beepa P/L)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.mp42 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mp43 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mpg4 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.xvid - C:\WINDOWS\System32\xvidvfw.dll ()
OTL by OldTimer - Version 3.2.7.0 Folder = E:\
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
1 023,00 Mb Total Physical Memory | 444,00 Mb Available Physical Memory | 43,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): C:\pagefile.sys 1500 2000 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 14,65 Gb Total Space | 3,22 Gb Free Space | 21,98% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 171,66 Gb Total Space | 20,85 Gb Free Space | 12,14% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: KAREL-20BTTPBU8
Current User Name: Karel IV
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010.07.02 21:24:29 | 000,574,464 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
PRC - [2010.07.02 01:13:40 | 001,352,832 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010.06.29 09:33:29 | 002,701,416 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\Setup\avast.setup
PRC - [2010.06.29 01:12:46 | 000,864,112 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010.06.28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010.06.16 11:57:22 | 000,835,952 | ---- | M] (Opera Software) -- C:\Program Files\Opera 10 Preview\opera.exe
PRC - [2010.06.08 13:39:01 | 000,133,368 | ---- | M] (ICQ, LLC.) -- C:\Program Files\ICQ7.1\ICQ.exe
PRC - [2005.01.18 06:50:00 | 000,825,380 | ---- | M] (C. Ghisler & Co.) -- C:\totalcmd\TOTALCMD.EXE
PRC - [2004.08.17 15:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2001.10.25 16:00:00 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sndvol32.exe
========== Modules (SafeList) ==========
MOD - [2010.07.02 21:24:29 | 000,574,464 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
MOD - [2004.08.17 15:49:04 | 000,059,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cabinet.dll
MOD - [2004.08.17 15:48:02 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2004.08.03 23:01:18 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
========== Win32 Services (SafeList) ==========
SRV - [2010.07.02 01:13:40 | 001,352,832 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010.06.28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010.06.28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010.06.28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010.01.03 17:07:48 | 000,246,520 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2007.07.20 00:42:30 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\logishrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2007.07.20 00:40:48 | 000,137,752 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2007.07.20 00:38:54 | 000,186,904 | ---- | M] (Logitech Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
========== Driver Services (SafeList) ==========
DRV - [2010.06.29 01:12:55 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010.06.28 22:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010.06.28 22:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2010.06.28 22:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010.06.28 22:32:45 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010.06.28 22:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010.06.28 22:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009.11.09 05:21:18 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009.10.22 13:54:18 | 000,037,392 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\10271622.sys -- (10271622)
DRV - [2009.09.25 17:59:42 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\10271621.sys -- (10271621)
DRV - [2007.07.20 00:39:50 | 002,142,488 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2007.07.20 00:37:56 | 002,109,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2007.07.19 02:44:00 | 000,041,752 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007.07.19 02:39:38 | 000,490,776 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928)
DRV - [2007.07.18 17:42:42 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2006.10.22 12:22:00 | 003,994,624 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2005.02.01 16:39:04 | 000,176,128 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vinyl97.sys -- (VIAudio) Vinyl AC'97 Audio Controller (WDM)
========== Standard Registry (All) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... R}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/ ... chcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/ ... chasst.htm
IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,DefaultScope = {A3B1A68E-51A6-4355-BBD8-4F9F33248A0A}
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
IE - HKU\.DEFAULT\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\..\URLSearchHook: *{855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,DefaultScope = {A3B1A68E-51A6-4355-BBD8-4F9F33248A0A}
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
IE - HKU\S-1-5-18\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\..\URLSearchHook: *{855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-682003330-515967899-2147268071-1003\SOFTWARE\Microsoft\Internet Explorer\Main,DefaultScope = {A3B1A68E-51A6-4355-BBD8-4F9F33248A0A}
IE - HKU\S-1-5-21-682003330-515967899-2147268071-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-682003330-515967899-2147268071-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKU\S-1-5-21-682003330-515967899-2147268071-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-682003330-515967899-2147268071-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-682003330-515967899-2147268071-1003\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-682003330-515967899-2147268071-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Centrum.cz Search"
FF - prefs.js..browser.search.selectedEngine: "Centrum.cz Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17
FF - prefs.js..extensions.enabledItems: Cetrumcz@igeared:1.202.012.001
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.10
FF - prefs.js..keyword.URL: "http://search.centrum.cz/index.php?tool ... m-1.0.0&q="
FF - HKLM\software\mozilla\Firefox\Extensions\\Cetrumcz@igeared: C:\Program Files\CentrumczToolbar\Firefox\Cetrumcz@igeared [2010.03.09 21:15:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009.11.17 01:16:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.06.30 17:39:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.06.23 20:41:31 | 000,000,000 | ---D | M]
[2010.06.30 17:39:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karel IV\Data aplikací\Mozilla\Extensions
[2010.06.30 17:39:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Karel IV\Data aplikací\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010.06.30 17:39:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karel IV\Data aplikací\Mozilla\Firefox\Profiles\6b4rkohn.default\extensions
[2010.06.30 17:39:41 | 000,000,694 | ---- | M] () -- C:\Documents and Settings\Karel IV\Data aplikací\Mozilla\Firefox\Profiles\6b4rkohn.default\searchplugins\icq-search.xml
[2008.03.31 11:52:00 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\Karel IV\Data aplikací\Mozilla\Firefox\Profiles\6b4rkohn.default\searchplugins\icqplugin.gif
[2009.10.27 11:10:54 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Karel IV\Data aplikací\Mozilla\Firefox\Profiles\6b4rkohn.default\searchplugins\icqplugin.src
[2010.06.30 10:34:08 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009.11.29 13:17:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.06.23 20:41:31 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009.11.17 01:16:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010.06.23 20:41:24 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010.06.23 20:41:24 | 000,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2007.04.10 18:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
[2009.11.17 01:16:06 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2010.06.23 20:41:27 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2010.02.22 22:01:12 | 000,098,304 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2010.02.22 22:01:12 | 000,098,304 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2010.02.22 22:01:12 | 000,098,304 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2010.02.22 22:01:12 | 000,098,304 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2010.02.22 22:01:12 | 000,098,304 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2010.02.22 22:01:12 | 000,098,304 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2010.04.18 12:33:44 | 000,001,497 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\avg_igeared.xml
[2009.10.21 04:10:38 | 000,001,425 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\Cetrumcz_igeared.xml
[2009.08.24 21:07:44 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009.08.24 21:07:44 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2009.08.24 21:07:44 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2009.08.24 21:07:44 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2009.08.24 21:07:44 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2009.08.24 21:07:44 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml
O1 HOSTS File: ([2010.06.29 23:24:06 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Adresa) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Odkazy) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll File not found
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Centrum.cz Toolbar) - {D5D47440-0750-463D-BAEF-A47D02414806} - C:\Program Files\CentrumczToolbar\IEToolbar.dll File not found
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Adresa) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Odkazy) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll File not found
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Centrum.cz Toolbar) - {D5D47440-0750-463D-BAEF-A47D02414806} - C:\Program Files\CentrumczToolbar\IEToolbar.dll File not found
O3 - HKU\S-1-5-21-682003330-515967899-2147268071-1003\..\Toolbar\ShellBrowser: (&Adresa) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O3 - HKU\S-1-5-21-682003330-515967899-2147268071-1003\..\Toolbar\WebBrowser: (&Adresa) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O3 - HKU\S-1-5-21-682003330-515967899-2147268071-1003\..\Toolbar\WebBrowser: (&Odkazy) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-682003330-515967899-2147268071-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll File not found
O3 - HKU\S-1-5-21-682003330-515967899-2147268071-1003\..\Toolbar\WebBrowser: (Centrum.cz Toolbar) - {D5D47440-0750-463D-BAEF-A47D02414806} - C:\Program Files\CentrumczToolbar\IEToolbar.dll File not found
O4 - HKLM..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe (VIA Technologies, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKU\.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-682003330-515967899-2147268071-1003..\Run: [ICQ] C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-682003330-515967899-2147268071-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-682003330-515967899-2147268071-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-682003330-515967899-2147268071-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-682003330-515967899-2147268071-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-682003330-515967899-2147268071-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/sh ... wflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Proces mezipaměti kategorií součástí - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Nebe.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Nebe.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.05.17 07:11:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009.05.17 07:11:15 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
Drivers32: msacm.ac3acm - C:\WINDOWS\System32\AC3ACM.acm (fccHandler)
Drivers32: msacm.alf2cd - C:\WINDOWS\System32\alf2cd.acm (NCT Company)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.scg726 - C:\WINDOWS\System32\Scg726.acm (SHARP Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\divx.dll (DivXNetworks, Inc.)
Drivers32: vidc.dvsd - C:\WINDOWS\System32\mcdvd_32.dll (MainConcept)
Drivers32: VIDC.FPS1 - C:\WINDOWS\System32\frapsvid.dll (Beepa P/L)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.mp42 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mp43 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.mpg4 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.xvid - C:\WINDOWS\System32\xvidvfw.dll ()
Re: samovolné spouštění iexplorer a jiných, vypínaní zvuku?!
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (54619756233228288)
========== Files/Folders - Created Within 30 Days ==========
[2010.07.02 21:05:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Karel IV\Local Settings\Data aplikací\GHISLER
[2010.07.02 00:43:16 | 000,315,408 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\1027162.sys
[2010.07.02 00:43:16 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\10271621.sys
[2010.07.02 00:43:16 | 000,037,392 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\10271622.sys
[2010.07.02 00:43:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Karel IV\Plocha\Virus Removal Tool
[2010.07.01 22:48:39 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010.06.30 17:40:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Karel IV\Data aplikací\Adobe
[2010.06.30 17:39:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Karel IV\Local Settings\Data aplikací\Centrum.cz Toolbar
[2010.06.30 17:39:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Karel IV\Local Settings\Data aplikací\Mozilla
[2010.06.30 17:39:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Karel IV\Data aplikací\Mozilla
[2010.06.30 16:44:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Karel IV\Local Settings\Data aplikací\AOL
[2010.06.30 16:43:11 | 006,291,456 | -H-- | C] () -- C:\Documents and Settings\Karel IV\Local Settings\Data aplikací\IconCache.db
[2010.06.30 16:41:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010.06.30 16:21:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Karel IV\Local Settings\Data aplikací\Opera
[2010.06.30 16:21:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Karel IV\Data aplikací\Opera
[2010.06.30 00:49:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Data aplikací\Google
[2010.06.30 00:48:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Data aplikací\Google
[2010.06.30 00:48:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Data aplikací\Adobe
[2010.06.30 00:25:31 | 000,000,000 | ---D | C] -- C:\Program Files\BillP Studios
[2010.06.29 23:05:04 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010.06.29 23:05:04 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010.06.29 23:05:04 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010.06.29 23:02:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010.06.29 23:02:55 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF31605.exe
[2010.06.29 23:02:52 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.06.29 09:37:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Karel IV\Data aplikací\Malwarebytes
[2010.06.29 09:37:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.06.29 09:37:11 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.06.29 09:37:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.06.29 09:37:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
[2010.06.29 09:35:57 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010.06.29 01:13:27 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010.06.29 01:08:12 | 000,165,456 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010.06.29 01:08:12 | 000,017,744 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010.06.29 01:08:11 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010.06.29 01:08:10 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010.06.29 01:08:08 | 000,100,176 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010.06.29 01:08:08 | 000,094,544 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010.06.29 01:08:07 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010.06.29 01:07:42 | 000,165,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010.06.29 01:07:28 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010.06.29 01:07:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
[2010.06.29 01:04:52 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Data aplikací\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010.06.29 01:04:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Lavasoft
[2010.06.28 10:46:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Data aplikací\Macromedia
[2010.06.26 13:08:35 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Karel IV\Plocha\BzukosheQ
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010.07.02 21:31:05 | 000,000,940 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.07.02 21:06:05 | 000,000,936 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.07.02 21:04:52 | 000,001,317 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2010.07.02 14:39:09 | 000,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010.07.02 13:18:51 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010.07.02 13:16:16 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.07.02 13:16:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.07.02 13:16:08 | 1073,270,784 | -HS- | M] () -- C:\hiberfil.sys
[2010.07.02 08:56:41 | 000,000,204 | -HS- | M] () -- C:\WINDOWS\setup_9.0.0.722_01.07.2010_23-49drv.spi
[2010.07.01 22:49:34 | 003,973,120 | ---- | M] () -- C:\Documents and Settings\Karel IV\ntuser.dat
[2010.07.01 22:49:34 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Karel IV\ntuser.ini
[2010.07.01 22:49:32 | 006,291,456 | -H-- | M] () -- C:\Documents and Settings\Karel IV\Local Settings\Data aplikací\IconCache.db
[2010.07.01 22:42:51 | 000,000,382 | ---- | M] () -- C:\Documents and Settings\Karel IV\Plocha\Zástupce - ComboFix.lnk
[2010.07.01 19:16:39 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.06.30 16:39:08 | 000,000,262 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.06.29 23:57:55 | 000,000,487 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.06.29 23:57:55 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2010.06.29 23:24:06 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.06.29 23:02:50 | 000,389,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF31605.exe
[2010.06.29 09:37:16 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2010.06.29 09:35:59 | 000,002,553 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010.06.29 01:13:21 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010.06.29 01:13:18 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2010.06.29 01:12:55 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010.06.29 01:08:12 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\avast! Free Antivirus.lnk
[2010.06.29 01:04:49 | 000,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Ad-Aware.lnk
[2010.06.28 22:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010.06.28 22:57:12 | 000,165,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010.06.28 22:37:52 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010.06.28 22:37:30 | 000,165,456 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010.06.28 22:33:13 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010.06.28 22:32:45 | 000,100,176 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010.06.28 22:32:42 | 000,094,544 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010.06.28 22:32:33 | 000,017,744 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010.06.28 22:32:16 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010.06.23 22:52:13 | 000,000,651 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Opera.lnk
[2010.06.21 00:53:12 | 000,000,058 | ---- | M] () -- C:\Documents and Settings\Karel IV\Data aplikací\AVSDVDPlayer.m3u
[2010.06.15 21:23:57 | 000,002,283 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Skype.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010.07.02 08:56:41 | 000,000,204 | -HS- | C] () -- C:\WINDOWS\setup_9.0.0.722_01.07.2010_23-49drv.spi
[2010.07.01 22:50:23 | 1073,270,784 | -HS- | C] () -- C:\hiberfil.sys
[2010.07.01 22:42:51 | 000,000,382 | ---- | C] () -- C:\Documents and Settings\Karel IV\Plocha\Zástupce - ComboFix.lnk
[2010.06.29 23:05:04 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010.06.29 23:05:04 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010.06.29 23:05:04 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010.06.29 23:05:04 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010.06.29 23:05:04 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010.06.29 09:37:16 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2010.06.29 05:00:35 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010.06.29 01:14:57 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010.06.29 01:08:12 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\avast! Free Antivirus.lnk
[2010.06.29 01:04:49 | 000,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Ad-Aware.lnk
[2009.08.16 14:34:18 | 000,058,163 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009.06.22 20:26:41 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009.06.15 20:52:46 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2009.06.06 10:49:09 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009.06.01 11:53:05 | 000,000,272 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2009.05.27 14:36:53 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009.05.17 07:21:37 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\UnAudioNT.dll
[2009.05.17 07:20:26 | 000,001,317 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2007.07.18 17:42:42 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2006.10.22 12:22:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006.10.22 12:22:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006.10.22 12:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006.10.22 12:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006.10.22 12:22:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006.10.22 12:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006.10.22 12:22:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2005.10.14 11:56:50 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005.10.14 11:56:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005.10.14 11:56:50 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005.10.14 11:56:50 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005.10.14 11:56:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005.10.14 11:56:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005.10.14 11:56:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2002.03.25 22:02:14 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
========== LOP Check ==========
[2010.06.29 01:07:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
[2010.06.28 10:46:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\CentrumczToolbar
[2010.04.26 21:23:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ICQ
[2010.06.30 00:48:44 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010.07.02 00:39:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karel IV\Data aplikací\ICQ
[2009.05.25 23:47:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karel IV\Data aplikací\OpenOffice.org
[2010.06.30 16:21:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karel IV\Data aplikací\Opera
[2010.07.02 13:18:51 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
========== Purity Check ==========
========== Custom Scans ==========
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"ICQ" = "C:\Program Files\ICQ7.1\ICQ.exe" silent loginmode=4 -- [2010.06.08 13:39:01 | 000,133,368 | ---- | M] (ICQ, LLC.)
< c:\windows\*.* /U >
[4 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2010.06.30 17:40:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karel IV\Data aplikací\Adobe
[2010.07.02 00:39:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karel IV\Data aplikací\ICQ
[2009.05.17 12:54:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karel IV\Data aplikací\Macromedia
[2010.06.29 09:37:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karel IV\Data aplikací\Malwarebytes
[2010.06.29 01:04:34 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Karel IV\Data aplikací\Microsoft
[2010.06.30 17:39:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karel IV\Data aplikací\Mozilla
[2009.05.25 23:47:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karel IV\Data aplikací\OpenOffice.org
[2010.06.30 16:21:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karel IV\Data aplikací\Opera
< %APPDATA%\*.exe /s >
< MD5 for: AGP440.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2004.08.03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2004.08.03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2004.08.03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\agp440.sys
< MD5 for: ATAPI.SYS >
[2002.09.20 20:17:54 | 010,174,968 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2002.08.29 03:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
< MD5 for: CDROM.SYS >
[2002.09.20 20:17:54 | 010,174,968 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:cdrom.sys
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:cdrom.sys
[2002.08.29 03:27:56 | 000,047,488 | ---- | M] (Microsoft Corporation) MD5=6506E033AD04CFEC9EE56DBEFD1083DD -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys
[2004.08.03 22:59:54 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2004.08.03 22:59:54 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\system32\drivers\cdrom.sys
< MD5 for: CRYPTSVC.DLL >
[2002.09.20 20:03:40 | 000,053,248 | ---- | M] (Microsoft Corporation) MD5=031E7FF41B13B658CAE7D6C98086F76A -- C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll
[2004.08.17 15:49:04 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\ERDNT\cache\cryptsvc.dll
[2004.08.17 15:49:04 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[2004.08.17 15:49:04 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\system32\cryptsvc.dll
< MD5 for: EVENTLOG.DLL >
[2004.08.17 15:49:08 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2004.08.17 15:49:08 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2004.08.17 15:49:08 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\system32\eventlog.dll
[2002.09.20 20:03:50 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=E8508E7F865490D8AE71D00C8DF4D227 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
< MD5 for: EXPLORER.EXE >
[2002.09.20 20:05:24 | 001,004,544 | ---- | M] (Microsoft Corporation) MD5=11D80755545CFB5EB9659EE88440EAE2 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004.08.17 15:49:24 | 000,974,848 | ---- | M] (Microsoft Corporation) MD5=4D32D7FFC2F583FE21EF0A4F99EABB12 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004.08.17 15:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2004.08.17 15:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\explorer.exe
< MD5 for: HAL.DLL >
[2002.09.20 20:17:54 | 010,174,968 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:hal.dll
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:hal.dll
[2004.08.03 22:59:20 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=C321C95318495909A0066FB0EDC97287 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll
[2002.08.29 03:05:04 | 000,127,872 | ---- | M] (Microsoft Corporation) MD5=E8D2B5D5186A9B93D7019D7A74D77A1E -- C:\WINDOWS\$NtServicePackUninstall$\hal.dll
[2004.08.03 22:59:10 | 000,131,968 | ---- | M] (Microsoft Corporation) MD5=F9A0F579FC18036FFDD9E26E0D268CCD -- C:\WINDOWS\system32\HAL.DLL
< MD5 for: CHANGER.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:Changer.sys
[2004.08.03 23:00:14 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=DAF1A8193B6CAF0FB858CADCC5C4AF4A -- C:\WINDOWS\ServicePackFiles\i386\changer.sys
< MD5 for: ISAPNP.SYS >
[2001.10.25 16:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\system32\drivers\isapnp.sys
< MD5 for: LSASS.EXE >
[2002.09.20 20:05:32 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=32F7074BAC9A5F899CCA9C046C9FA6EB -- C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
[2004.08.17 15:49:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\ERDNT\cache\lsass.exe
[2004.08.17 15:49:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[2004.08.17 15:49:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\system32\lsass.exe
< MD5 for: NDIS.SYS >
[2002.08.29 04:09:26 | 000,167,552 | ---- | M] (Microsoft Corporation) MD5=3B350E5A2A5E951453F3993275A4523A -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
[2004.08.03 23:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\ERDNT\cache\ndis.sys
[2004.08.03 23:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2004.08.03 23:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\drivers\ndis.sys
< MD5 for: NETLOGON.DLL >
[2004.08.17 15:49:14 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2004.08.17 15:49:14 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2004.08.17 15:49:14 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\system32\netlogon.dll
[2002.09.20 20:04:34 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=CF03E300B5CEEFFEFBE6F67532BD0EF1 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
< MD5 for: SCECLI.DLL >
[2004.08.17 15:49:18 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2004.08.17 15:49:18 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2004.08.17 15:49:18 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\system32\scecli.dll
[2002.09.20 20:04:42 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B2666CAB5E8C8A741D63F18D551A47FB -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
< MD5 for: SMSS.EXE >
[2004.08.17 15:49:28 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\ServicePackFiles\i386\smss.exe
[2004.08.17 15:49:28 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\system32\smss.exe
[2002.09.20 20:05:44 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=7763D73255AD4046FA999D42EAF22C26 -- C:\WINDOWS\$NtServicePackUninstall$\smss.exe
< MD5 for: SVCHOST.EXE >
[2001.10.25 16:00:00 | 000,012,800 | ---- | M] (Microsoft Corporation) MD5=329945887A0C684C38A4845330BC9100 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
[2004.08.17 15:49:28 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2004.08.17 15:49:28 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2004.08.17 15:49:28 | 000,014,336 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\svchost.exe
< MD5 for: TCPIP.SYS >
[2002.08.29 03:58:12 | 000,332,928 | ---- | M] (Microsoft Corporation) MD5=244A2F9816BC9B593957281EF577D976 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2004.08.03 23:14:42 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\ERDNT\cache\tcpip.sys
[2004.08.03 23:14:42 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2004.08.03 23:14:42 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\system32\drivers\tcpip.sys
< MD5 for: USERINIT.EXE >
[2004.08.17 15:49:28 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2004.08.17 15:49:28 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2004.08.17 15:49:28 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\system32\userinit.exe
[2002.09.20 20:05:48 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B26871B5CE92F9D95AE6E62119799EB9 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
< MD5 for: WINLOGON.EXE >
[2004.08.17 15:49:28 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2004.08.17 15:49:28 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2004.08.17 15:49:28 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\system32\winlogon.exe
[2002.09.20 20:05:50 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=FF8857D1AF59071F172C0FAD0FD33E87 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
< MD5 for: WS2_32.DLL >
[2004.08.17 15:49:22 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\ERDNT\cache\ws2_32.dll
[2004.08.17 15:49:22 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2001.10.25 16:00:00 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=748494B94A871A828C64D1D5C738D2B7 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
[2004.08.17 15:49:22 | 000,082,944 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ws2_32.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2004.08.17 15:49:12 | 000,071,680 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msacm32.dll
[2001.10.25 16:00:00 | 000,146,432 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msls31.dll
[2004.08.17 15:49:16 | 000,236,544 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\rasapi32.dll
[2004.08.17 15:49:16 | 000,061,440 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\rasman.dll
[2004.08.17 15:49:18 | 000,431,616 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\riched20.dll
[2004.08.17 15:49:18 | 000,044,032 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\rtutils.dll
[2004.08.17 15:49:18 | 000,006,656 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\sensapi.dll
[2004.08.17 15:49:20 | 000,713,728 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\sxs.dll
[2004.08.17 15:49:20 | 000,181,760 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\tapi32.dll
[2004.08.17 15:49:22 | 000,024,576 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\wsock32.dll
[2004.08.17 15:48:44 | 002,927,616 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\xpsp2res.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2009.05.17 09:02:26 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009.05.17 09:02:26 | 000,630,784 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009.05.17 09:02:26 | 000,397,312 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemroot%\system32\*.dll /lockedfiles >
[2004.08.17 15:49:12 | 000,071,680 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msacm32.dll
[2001.10.25 16:00:00 | 000,146,432 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msls31.dll
[2004.08.17 15:49:16 | 000,236,544 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\rasapi32.dll
[2004.08.17 15:49:16 | 000,061,440 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\rasman.dll
[2004.08.17 15:49:18 | 000,431,616 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\riched20.dll
[2004.08.17 15:49:18 | 000,044,032 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\rtutils.dll
[2004.08.17 15:49:18 | 000,006,656 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\sensapi.dll
[2004.08.17 15:49:20 | 000,713,728 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\sxs.dll
[2004.08.17 15:49:20 | 000,181,760 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\tapi32.dll
[2004.08.17 15:49:22 | 000,024,576 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\wsock32.dll
[2004.08.17 15:48:44 | 002,927,616 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\xpsp2res.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs
< %systemroot%\system32\drivers\*.sys /3 >
< %systemroot%\system32\*.* /3 >
[2010.06.29 23:02:50 | 000,389,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\CF31605.exe
[2010.07.02 14:39:09 | 000,088,566 | ---- | M] () -- C:\WINDOWS\system32\nvapps.xml
[2010.07.01 19:16:39 | 000,002,206 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< End of report >
Restore point Set: OTL Restore Point (54619756233228288)
========== Files/Folders - Created Within 30 Days ==========
[2010.07.02 21:05:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Karel IV\Local Settings\Data aplikací\GHISLER
[2010.07.02 00:43:16 | 000,315,408 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\1027162.sys
[2010.07.02 00:43:16 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\10271621.sys
[2010.07.02 00:43:16 | 000,037,392 | ---- | C] (Kaspersky Lab) -- C:\WINDOWS\System32\drivers\10271622.sys
[2010.07.02 00:43:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Karel IV\Plocha\Virus Removal Tool
[2010.07.01 22:48:39 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010.06.30 17:40:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Karel IV\Data aplikací\Adobe
[2010.06.30 17:39:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Karel IV\Local Settings\Data aplikací\Centrum.cz Toolbar
[2010.06.30 17:39:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Karel IV\Local Settings\Data aplikací\Mozilla
[2010.06.30 17:39:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Karel IV\Data aplikací\Mozilla
[2010.06.30 16:44:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Karel IV\Local Settings\Data aplikací\AOL
[2010.06.30 16:43:11 | 006,291,456 | -H-- | C] () -- C:\Documents and Settings\Karel IV\Local Settings\Data aplikací\IconCache.db
[2010.06.30 16:41:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010.06.30 16:21:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Karel IV\Local Settings\Data aplikací\Opera
[2010.06.30 16:21:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Karel IV\Data aplikací\Opera
[2010.06.30 00:49:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Data aplikací\Google
[2010.06.30 00:48:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Data aplikací\Google
[2010.06.30 00:48:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Data aplikací\Adobe
[2010.06.30 00:25:31 | 000,000,000 | ---D | C] -- C:\Program Files\BillP Studios
[2010.06.29 23:05:04 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010.06.29 23:05:04 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010.06.29 23:05:04 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010.06.29 23:02:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010.06.29 23:02:55 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF31605.exe
[2010.06.29 23:02:52 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.06.29 09:37:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Karel IV\Data aplikací\Malwarebytes
[2010.06.29 09:37:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.06.29 09:37:11 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.06.29 09:37:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.06.29 09:37:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
[2010.06.29 09:35:57 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010.06.29 01:13:27 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010.06.29 01:08:12 | 000,165,456 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010.06.29 01:08:12 | 000,017,744 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010.06.29 01:08:11 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010.06.29 01:08:10 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010.06.29 01:08:08 | 000,100,176 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010.06.29 01:08:08 | 000,094,544 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010.06.29 01:08:07 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010.06.29 01:07:42 | 000,165,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010.06.29 01:07:28 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010.06.29 01:07:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
[2010.06.29 01:04:52 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Data aplikací\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010.06.29 01:04:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Lavasoft
[2010.06.28 10:46:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Data aplikací\Macromedia
[2010.06.26 13:08:35 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Karel IV\Plocha\BzukosheQ
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010.07.02 21:31:05 | 000,000,940 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.07.02 21:06:05 | 000,000,936 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.07.02 21:04:52 | 000,001,317 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2010.07.02 14:39:09 | 000,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010.07.02 13:18:51 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010.07.02 13:16:16 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.07.02 13:16:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.07.02 13:16:08 | 1073,270,784 | -HS- | M] () -- C:\hiberfil.sys
[2010.07.02 08:56:41 | 000,000,204 | -HS- | M] () -- C:\WINDOWS\setup_9.0.0.722_01.07.2010_23-49drv.spi
[2010.07.01 22:49:34 | 003,973,120 | ---- | M] () -- C:\Documents and Settings\Karel IV\ntuser.dat
[2010.07.01 22:49:34 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Karel IV\ntuser.ini
[2010.07.01 22:49:32 | 006,291,456 | -H-- | M] () -- C:\Documents and Settings\Karel IV\Local Settings\Data aplikací\IconCache.db
[2010.07.01 22:42:51 | 000,000,382 | ---- | M] () -- C:\Documents and Settings\Karel IV\Plocha\Zástupce - ComboFix.lnk
[2010.07.01 19:16:39 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.06.30 16:39:08 | 000,000,262 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.06.29 23:57:55 | 000,000,487 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.06.29 23:57:55 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2010.06.29 23:24:06 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.06.29 23:02:50 | 000,389,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF31605.exe
[2010.06.29 09:37:16 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2010.06.29 09:35:59 | 000,002,553 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010.06.29 01:13:21 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010.06.29 01:13:18 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2010.06.29 01:12:55 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010.06.29 01:08:12 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\avast! Free Antivirus.lnk
[2010.06.29 01:04:49 | 000,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Ad-Aware.lnk
[2010.06.28 22:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010.06.28 22:57:12 | 000,165,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010.06.28 22:37:52 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010.06.28 22:37:30 | 000,165,456 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010.06.28 22:33:13 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010.06.28 22:32:45 | 000,100,176 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010.06.28 22:32:42 | 000,094,544 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010.06.28 22:32:33 | 000,017,744 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010.06.28 22:32:16 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010.06.23 22:52:13 | 000,000,651 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Opera.lnk
[2010.06.21 00:53:12 | 000,000,058 | ---- | M] () -- C:\Documents and Settings\Karel IV\Data aplikací\AVSDVDPlayer.m3u
[2010.06.15 21:23:57 | 000,002,283 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Skype.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010.07.02 08:56:41 | 000,000,204 | -HS- | C] () -- C:\WINDOWS\setup_9.0.0.722_01.07.2010_23-49drv.spi
[2010.07.01 22:50:23 | 1073,270,784 | -HS- | C] () -- C:\hiberfil.sys
[2010.07.01 22:42:51 | 000,000,382 | ---- | C] () -- C:\Documents and Settings\Karel IV\Plocha\Zástupce - ComboFix.lnk
[2010.06.29 23:05:04 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010.06.29 23:05:04 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010.06.29 23:05:04 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010.06.29 23:05:04 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010.06.29 23:05:04 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010.06.29 09:37:16 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2010.06.29 05:00:35 | 000,015,880 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2010.06.29 01:14:57 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010.06.29 01:08:12 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\avast! Free Antivirus.lnk
[2010.06.29 01:04:49 | 000,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Ad-Aware.lnk
[2009.08.16 14:34:18 | 000,058,163 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009.06.22 20:26:41 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009.06.15 20:52:46 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2009.06.06 10:49:09 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009.06.01 11:53:05 | 000,000,272 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2009.05.27 14:36:53 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009.05.17 07:21:37 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\UnAudioNT.dll
[2009.05.17 07:20:26 | 000,001,317 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2007.07.18 17:42:42 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2006.10.22 12:22:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006.10.22 12:22:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006.10.22 12:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006.10.22 12:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006.10.22 12:22:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006.10.22 12:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006.10.22 12:22:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2005.10.14 11:56:50 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005.10.14 11:56:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005.10.14 11:56:50 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005.10.14 11:56:50 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005.10.14 11:56:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005.10.14 11:56:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005.10.14 11:56:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2002.03.25 22:02:14 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
========== LOP Check ==========
[2010.06.29 01:07:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
[2010.06.28 10:46:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\CentrumczToolbar
[2010.04.26 21:23:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ICQ
[2010.06.30 00:48:44 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010.07.02 00:39:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karel IV\Data aplikací\ICQ
[2009.05.25 23:47:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karel IV\Data aplikací\OpenOffice.org
[2010.06.30 16:21:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karel IV\Data aplikací\Opera
[2010.07.02 13:18:51 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
========== Purity Check ==========
========== Custom Scans ==========
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"ICQ" = "C:\Program Files\ICQ7.1\ICQ.exe" silent loginmode=4 -- [2010.06.08 13:39:01 | 000,133,368 | ---- | M] (ICQ, LLC.)
< c:\windows\*.* /U >
[4 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2010.06.30 17:40:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karel IV\Data aplikací\Adobe
[2010.07.02 00:39:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karel IV\Data aplikací\ICQ
[2009.05.17 12:54:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karel IV\Data aplikací\Macromedia
[2010.06.29 09:37:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karel IV\Data aplikací\Malwarebytes
[2010.06.29 01:04:34 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Karel IV\Data aplikací\Microsoft
[2010.06.30 17:39:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karel IV\Data aplikací\Mozilla
[2009.05.25 23:47:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karel IV\Data aplikací\OpenOffice.org
[2010.06.30 16:21:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karel IV\Data aplikací\Opera
< %APPDATA%\*.exe /s >
< MD5 for: AGP440.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2004.08.03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2004.08.03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2004.08.03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\agp440.sys
< MD5 for: ATAPI.SYS >
[2002.09.20 20:17:54 | 010,174,968 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2002.08.29 03:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
< MD5 for: CDROM.SYS >
[2002.09.20 20:17:54 | 010,174,968 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:cdrom.sys
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:cdrom.sys
[2002.08.29 03:27:56 | 000,047,488 | ---- | M] (Microsoft Corporation) MD5=6506E033AD04CFEC9EE56DBEFD1083DD -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys
[2004.08.03 22:59:54 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2004.08.03 22:59:54 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\system32\drivers\cdrom.sys
< MD5 for: CRYPTSVC.DLL >
[2002.09.20 20:03:40 | 000,053,248 | ---- | M] (Microsoft Corporation) MD5=031E7FF41B13B658CAE7D6C98086F76A -- C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll
[2004.08.17 15:49:04 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\ERDNT\cache\cryptsvc.dll
[2004.08.17 15:49:04 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[2004.08.17 15:49:04 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\system32\cryptsvc.dll
< MD5 for: EVENTLOG.DLL >
[2004.08.17 15:49:08 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2004.08.17 15:49:08 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2004.08.17 15:49:08 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\system32\eventlog.dll
[2002.09.20 20:03:50 | 000,049,152 | ---- | M] (Microsoft Corporation) MD5=E8508E7F865490D8AE71D00C8DF4D227 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
< MD5 for: EXPLORER.EXE >
[2002.09.20 20:05:24 | 001,004,544 | ---- | M] (Microsoft Corporation) MD5=11D80755545CFB5EB9659EE88440EAE2 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004.08.17 15:49:24 | 000,974,848 | ---- | M] (Microsoft Corporation) MD5=4D32D7FFC2F583FE21EF0A4F99EABB12 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004.08.17 15:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2004.08.17 15:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\explorer.exe
< MD5 for: HAL.DLL >
[2002.09.20 20:17:54 | 010,174,968 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:hal.dll
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:hal.dll
[2004.08.03 22:59:20 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=C321C95318495909A0066FB0EDC97287 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll
[2002.08.29 03:05:04 | 000,127,872 | ---- | M] (Microsoft Corporation) MD5=E8D2B5D5186A9B93D7019D7A74D77A1E -- C:\WINDOWS\$NtServicePackUninstall$\hal.dll
[2004.08.03 22:59:10 | 000,131,968 | ---- | M] (Microsoft Corporation) MD5=F9A0F579FC18036FFDD9E26E0D268CCD -- C:\WINDOWS\system32\HAL.DLL
< MD5 for: CHANGER.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:Changer.sys
[2004.08.03 23:00:14 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=DAF1A8193B6CAF0FB858CADCC5C4AF4A -- C:\WINDOWS\ServicePackFiles\i386\changer.sys
< MD5 for: ISAPNP.SYS >
[2001.10.25 16:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\system32\drivers\isapnp.sys
< MD5 for: LSASS.EXE >
[2002.09.20 20:05:32 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=32F7074BAC9A5F899CCA9C046C9FA6EB -- C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
[2004.08.17 15:49:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\ERDNT\cache\lsass.exe
[2004.08.17 15:49:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[2004.08.17 15:49:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\system32\lsass.exe
< MD5 for: NDIS.SYS >
[2002.08.29 04:09:26 | 000,167,552 | ---- | M] (Microsoft Corporation) MD5=3B350E5A2A5E951453F3993275A4523A -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
[2004.08.03 23:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\ERDNT\cache\ndis.sys
[2004.08.03 23:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2004.08.03 23:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\drivers\ndis.sys
< MD5 for: NETLOGON.DLL >
[2004.08.17 15:49:14 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2004.08.17 15:49:14 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2004.08.17 15:49:14 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\system32\netlogon.dll
[2002.09.20 20:04:34 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=CF03E300B5CEEFFEFBE6F67532BD0EF1 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
< MD5 for: SCECLI.DLL >
[2004.08.17 15:49:18 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2004.08.17 15:49:18 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2004.08.17 15:49:18 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\system32\scecli.dll
[2002.09.20 20:04:42 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B2666CAB5E8C8A741D63F18D551A47FB -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
< MD5 for: SMSS.EXE >
[2004.08.17 15:49:28 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\ServicePackFiles\i386\smss.exe
[2004.08.17 15:49:28 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\system32\smss.exe
[2002.09.20 20:05:44 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=7763D73255AD4046FA999D42EAF22C26 -- C:\WINDOWS\$NtServicePackUninstall$\smss.exe
< MD5 for: SVCHOST.EXE >
[2001.10.25 16:00:00 | 000,012,800 | ---- | M] (Microsoft Corporation) MD5=329945887A0C684C38A4845330BC9100 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
[2004.08.17 15:49:28 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2004.08.17 15:49:28 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2004.08.17 15:49:28 | 000,014,336 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\svchost.exe
< MD5 for: TCPIP.SYS >
[2002.08.29 03:58:12 | 000,332,928 | ---- | M] (Microsoft Corporation) MD5=244A2F9816BC9B593957281EF577D976 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2004.08.03 23:14:42 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\ERDNT\cache\tcpip.sys
[2004.08.03 23:14:42 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2004.08.03 23:14:42 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\system32\drivers\tcpip.sys
< MD5 for: USERINIT.EXE >
[2004.08.17 15:49:28 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2004.08.17 15:49:28 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2004.08.17 15:49:28 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\system32\userinit.exe
[2002.09.20 20:05:48 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B26871B5CE92F9D95AE6E62119799EB9 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
< MD5 for: WINLOGON.EXE >
[2004.08.17 15:49:28 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2004.08.17 15:49:28 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2004.08.17 15:49:28 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\system32\winlogon.exe
[2002.09.20 20:05:50 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=FF8857D1AF59071F172C0FAD0FD33E87 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
< MD5 for: WS2_32.DLL >
[2004.08.17 15:49:22 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\ERDNT\cache\ws2_32.dll
[2004.08.17 15:49:22 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2001.10.25 16:00:00 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=748494B94A871A828C64D1D5C738D2B7 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
[2004.08.17 15:49:22 | 000,082,944 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ws2_32.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2004.08.17 15:49:12 | 000,071,680 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msacm32.dll
[2001.10.25 16:00:00 | 000,146,432 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msls31.dll
[2004.08.17 15:49:16 | 000,236,544 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\rasapi32.dll
[2004.08.17 15:49:16 | 000,061,440 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\rasman.dll
[2004.08.17 15:49:18 | 000,431,616 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\riched20.dll
[2004.08.17 15:49:18 | 000,044,032 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\rtutils.dll
[2004.08.17 15:49:18 | 000,006,656 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\sensapi.dll
[2004.08.17 15:49:20 | 000,713,728 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\sxs.dll
[2004.08.17 15:49:20 | 000,181,760 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\tapi32.dll
[2004.08.17 15:49:22 | 000,024,576 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\wsock32.dll
[2004.08.17 15:48:44 | 002,927,616 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\xpsp2res.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2009.05.17 09:02:26 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009.05.17 09:02:26 | 000,630,784 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009.05.17 09:02:26 | 000,397,312 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemroot%\system32\*.dll /lockedfiles >
[2004.08.17 15:49:12 | 000,071,680 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msacm32.dll
[2001.10.25 16:00:00 | 000,146,432 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msls31.dll
[2004.08.17 15:49:16 | 000,236,544 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\rasapi32.dll
[2004.08.17 15:49:16 | 000,061,440 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\rasman.dll
[2004.08.17 15:49:18 | 000,431,616 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\riched20.dll
[2004.08.17 15:49:18 | 000,044,032 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\rtutils.dll
[2004.08.17 15:49:18 | 000,006,656 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\sensapi.dll
[2004.08.17 15:49:20 | 000,713,728 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\sxs.dll
[2004.08.17 15:49:20 | 000,181,760 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\tapi32.dll
[2004.08.17 15:49:22 | 000,024,576 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\wsock32.dll
[2004.08.17 15:48:44 | 002,927,616 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\xpsp2res.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs
< %systemroot%\system32\drivers\*.sys /3 >
< %systemroot%\system32\*.* /3 >
[2010.06.29 23:02:50 | 000,389,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\CF31605.exe
[2010.07.02 14:39:09 | 000,088,566 | ---- | M] () -- C:\WINDOWS\system32\nvapps.xml
[2010.07.01 19:16:39 | 000,002,206 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< End of report >
Re: samovolné spouštění iexplorer a jiných, vypínaní zvuku?!
A DRUHY
OTL Extras logfile created on: 2.7.2010 21:38:24 - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = E:\
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
1 023,00 Mb Total Physical Memory | 444,00 Mb Available Physical Memory | 43,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): C:\pagefile.sys 1500 2000 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 14,65 Gb Total Space | 3,22 Gb Free Space | 21,98% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 171,66 Gb Total Space | 20,85 Gb Free Space | 12,14% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: KAREL-20BTTPBU8
Current User Name: Karel IV
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_USERS\S-1-5-21-682003330-515967899-2147268071-1003\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Opera 10 Preview\opera.exe" "%1" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\ICQ7.1\ICQ.exe" = C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1 -- (ICQ, LLC.)
"C:\Program Files\ICQ7.1\aolload.exe" = C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\VirtualDJ\virtualdj_trial.exe" = C:\Program Files\VirtualDJ\virtualdj_trial.exe:*:Enabled:VirtualDJ -- (Atomix Productions)
"C:\Program Files\Opera 10 Preview\opera.exe" = C:\Program Files\Opera 10 Preview\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Java\jre6\launch4j-tmp\frd.exe" = C:\Program Files\Java\jre6\launch4j-tmp\frd.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies)
"E:\share DC++\BzukosheQ\Counter-Strike Source\hl2.exe" = E:\share DC++\BzukosheQ\Counter-Strike Source\hl2.exe:*:Enabled:hl2 -- ()
"C:\Program Files\ICQ7.1\ICQ.exe" = C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1 -- (ICQ, LLC.)
"C:\Program Files\ICQ7.1\aolload.exe" = C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{364EC092-93CF-4DDC-9D7A-7278452028E0}" = Logitech QuickCam
"{3F50AF3B-8997-4916-0095-99D63DDB785A}" = Harry Potter TM
"{564D0000-547B-4ED8-8070-85286CC8C9BF}" = OpenOffice.org 3.0
"{616DA8BE-76C7-4B95-9DD3-BD529244F0F9}_is1" = Vtipálci - Hektická Dovolená
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{99E2EE14-31E5-40E9-8A76-53529E84854A}" = Hejbejte se kosti moje
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1029-7B44-A81200000003}" = Adobe Reader 8 - Czech
"{C441297F-C9F2-4177-9D5F-1B10F0358E32}" = Opera 10.54
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{EA9FAF16-0E5C-42C4-9742-9AF8D5F6D69B}" = ATI Catalyst Control Center
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0 CE" = Adobe Photoshop 7.0 CE
"AIDA32_is1" = AIDA32 v3.80
"avast5" = avast! Free Antivirus
"AVS DVD Player_is1" = AVS DVD Player version 2.4
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"Centrum.cz Toolbar_is1" = Centrum.cz Toolbar 1.110.021.004
"ClocX" = ClocX (1.5b2)
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0
"Counter-Strike: Source" = Counter-Strike: Source
"FastStone Capture" = FastStone Capture 5.3
"FLV Player & Downloader_is1" = Flv Player 1.0
"ICQToolbar" = ICQ Toolbar
"Icy Tower v1.4_is1" = Icy Tower v1.4
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.5.10)" = Mozilla Firefox (3.5.10)
"MV2Player" = MV2Player (remove only)
"NVIDIA Drivers" = NVIDIA Drivers
"PhotoFiltre" = PhotoFiltre
"PowerISO" = PowerISO
"QuickTime" = QuickTime
"Totalcmd" = Total Commander (Remove or Repair)
"VIA Vinyl Audio Codecs Driver Setup Program" = VIA Vinyl Audio Codecs Driver Setup Program
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinRAR archiver" = WinRAR
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 2.7.2010 10:44:49 | Computer Name = KAREL-20BTTPBU8 | Source = Userenv | ID = 1041
Description = Systém Windows se nemůže dotazovat na položku registru DllName pro
{7B849a69-220F-451E-B3FE-2CB811AF94AE} a nebude načtena. Příčinou je zřejmě chybná
registrace.
Error - 2.7.2010 10:44:49 | Computer Name = KAREL-20BTTPBU8 | Source = Userenv | ID = 1041
Description = Systém Windows se nemůže dotazovat na položku registru DllName pro
{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} a nebude načtena. Příčinou je zřejmě chybná
registrace.
Error - 2.7.2010 12:17:49 | Computer Name = KAREL-20BTTPBU8 | Source = Userenv | ID = 1041
Description = Systém Windows se nemůže dotazovat na položku registru DllName pro
{7B849a69-220F-451E-B3FE-2CB811AF94AE} a nebude načtena. Příčinou je zřejmě chybná
registrace.
Error - 2.7.2010 12:17:49 | Computer Name = KAREL-20BTTPBU8 | Source = Userenv | ID = 1041
Description = Systém Windows se nemůže dotazovat na položku registru DllName pro
{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} a nebude načtena. Příčinou je zřejmě chybná
registrace.
Error - 2.7.2010 12:25:50 | Computer Name = KAREL-20BTTPBU8 | Source = Userenv | ID = 1041
Description = Systém Windows se nemůže dotazovat na položku registru DllName pro
{7B849a69-220F-451E-B3FE-2CB811AF94AE} a nebude načtena. Příčinou je zřejmě chybná
registrace.
Error - 2.7.2010 12:25:50 | Computer Name = KAREL-20BTTPBU8 | Source = Userenv | ID = 1041
Description = Systém Windows se nemůže dotazovat na položku registru DllName pro
{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} a nebude načtena. Příčinou je zřejmě chybná
registrace.
Error - 2.7.2010 14:05:49 | Computer Name = KAREL-20BTTPBU8 | Source = Userenv | ID = 1041
Description = Systém Windows se nemůže dotazovat na položku registru DllName pro
{7B849a69-220F-451E-B3FE-2CB811AF94AE} a nebude načtena. Příčinou je zřejmě chybná
registrace.
Error - 2.7.2010 14:05:49 | Computer Name = KAREL-20BTTPBU8 | Source = Userenv | ID = 1041
Description = Systém Windows se nemůže dotazovat na položku registru DllName pro
{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} a nebude načtena. Příčinou je zřejmě chybná
registrace.
Error - 2.7.2010 14:08:50 | Computer Name = KAREL-20BTTPBU8 | Source = Userenv | ID = 1041
Description = Systém Windows se nemůže dotazovat na položku registru DllName pro
{7B849a69-220F-451E-B3FE-2CB811AF94AE} a nebude načtena. Příčinou je zřejmě chybná
registrace.
Error - 2.7.2010 14:08:50 | Computer Name = KAREL-20BTTPBU8 | Source = Userenv | ID = 1041
Description = Systém Windows se nemůže dotazovat na položku registru DllName pro
{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} a nebude načtena. Příčinou je zřejmě chybná
registrace.
[ System Events ]
Error - 28.6.2010 12:00:45 | Computer Name = KAREL-20BTTPBU8 | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1058 při pokusu o spuštění služby gusvc
s argumenty za účelem spuštění serveru: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}
Error - 28.6.2010 12:01:33 | Computer Name = KAREL-20BTTPBU8 | Source = Service Control Manager | ID = 7034
Description = Služba Process Monitor byla neočekávaně ukončena. Tento stav nastal
již 1krát.
Error - 28.6.2010 12:01:38 | Computer Name = KAREL-20BTTPBU8 | Source = Service Control Manager | ID = 7034
Description = Služba ICQ Service byla neočekávaně ukončena. Tento stav nastal již
1krát.
Error - 28.6.2010 12:01:43 | Computer Name = KAREL-20BTTPBU8 | Source = Service Control Manager | ID = 7034
Description = Služba LVCOMSer byla neočekávaně ukončena. Tento stav nastal již 1krát.
Error - 28.6.2010 12:01:46 | Computer Name = KAREL-20BTTPBU8 | Source = Service Control Manager | ID = 7034
Description = Služba Java Quick Starter byla neočekávaně ukončena. Tento stav nastal
již 1krát.
Error - 28.6.2010 12:01:49 | Computer Name = KAREL-20BTTPBU8 | Source = Service Control Manager | ID = 7034
Description = Služba NVIDIA Display Driver Service byla neočekávaně ukončena. Tento
stav nastal již 1krát.
Error - 28.6.2010 12:01:58 | Computer Name = KAREL-20BTTPBU8 | Source = Service Control Manager | ID = 7034
Description = Služba Windows User Mode Driver Framework byla neočekávaně ukončena.
Tento stav nastal již 1krát.
Error - 28.6.2010 12:02:03 | Computer Name = KAREL-20BTTPBU8 | Source = Service Control Manager | ID = 7031
Description = Služba Vzdálené volání procedur (RPC) byla nečekaně ukončena. Stalo
se to 1 krát. Následující opravná akce bude spuštěna za 60000 milisekund: Restartovat
počítač.
Error - 2.7.2010 15:05:58 | Computer Name = KAREL-20BTTPBU8 | Source = Service Control Manager | ID = 7034
Description = Služba Java Quick Starter byla neočekávaně ukončena. Tento stav nastal
již 1krát.
Error - 2.7.2010 15:06:21 | Computer Name = KAREL-20BTTPBU8 | Source = Service Control Manager | ID = 7034
Description = Služba Process Monitor byla neočekávaně ukončena. Tento stav nastal
již 1krát.
< End of report >
OTL Extras logfile created on: 2.7.2010 21:38:24 - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = E:\
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
1 023,00 Mb Total Physical Memory | 444,00 Mb Available Physical Memory | 43,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): C:\pagefile.sys 1500 2000 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 14,65 Gb Total Space | 3,22 Gb Free Space | 21,98% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 171,66 Gb Total Space | 20,85 Gb Free Space | 12,14% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: KAREL-20BTTPBU8
Current User Name: Karel IV
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_USERS\S-1-5-21-682003330-515967899-2147268071-1003\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Opera 10 Preview\opera.exe" "%1" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\ICQ7.1\ICQ.exe" = C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1 -- (ICQ, LLC.)
"C:\Program Files\ICQ7.1\aolload.exe" = C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\VirtualDJ\virtualdj_trial.exe" = C:\Program Files\VirtualDJ\virtualdj_trial.exe:*:Enabled:VirtualDJ -- (Atomix Productions)
"C:\Program Files\Opera 10 Preview\opera.exe" = C:\Program Files\Opera 10 Preview\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Java\jre6\launch4j-tmp\frd.exe" = C:\Program Files\Java\jre6\launch4j-tmp\frd.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies)
"E:\share DC++\BzukosheQ\Counter-Strike Source\hl2.exe" = E:\share DC++\BzukosheQ\Counter-Strike Source\hl2.exe:*:Enabled:hl2 -- ()
"C:\Program Files\ICQ7.1\ICQ.exe" = C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1 -- (ICQ, LLC.)
"C:\Program Files\ICQ7.1\aolload.exe" = C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{364EC092-93CF-4DDC-9D7A-7278452028E0}" = Logitech QuickCam
"{3F50AF3B-8997-4916-0095-99D63DDB785A}" = Harry Potter TM
"{564D0000-547B-4ED8-8070-85286CC8C9BF}" = OpenOffice.org 3.0
"{616DA8BE-76C7-4B95-9DD3-BD529244F0F9}_is1" = Vtipálci - Hektická Dovolená
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{99E2EE14-31E5-40E9-8A76-53529E84854A}" = Hejbejte se kosti moje
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1029-7B44-A81200000003}" = Adobe Reader 8 - Czech
"{C441297F-C9F2-4177-9D5F-1B10F0358E32}" = Opera 10.54
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{EA9FAF16-0E5C-42C4-9742-9AF8D5F6D69B}" = ATI Catalyst Control Center
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0 CE" = Adobe Photoshop 7.0 CE
"AIDA32_is1" = AIDA32 v3.80
"avast5" = avast! Free Antivirus
"AVS DVD Player_is1" = AVS DVD Player version 2.4
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"Centrum.cz Toolbar_is1" = Centrum.cz Toolbar 1.110.021.004
"ClocX" = ClocX (1.5b2)
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0
"Counter-Strike: Source" = Counter-Strike: Source
"FastStone Capture" = FastStone Capture 5.3
"FLV Player & Downloader_is1" = Flv Player 1.0
"ICQToolbar" = ICQ Toolbar
"Icy Tower v1.4_is1" = Icy Tower v1.4
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.5.10)" = Mozilla Firefox (3.5.10)
"MV2Player" = MV2Player (remove only)
"NVIDIA Drivers" = NVIDIA Drivers
"PhotoFiltre" = PhotoFiltre
"PowerISO" = PowerISO
"QuickTime" = QuickTime
"Totalcmd" = Total Commander (Remove or Repair)
"VIA Vinyl Audio Codecs Driver Setup Program" = VIA Vinyl Audio Codecs Driver Setup Program
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinRAR archiver" = WinRAR
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 2.7.2010 10:44:49 | Computer Name = KAREL-20BTTPBU8 | Source = Userenv | ID = 1041
Description = Systém Windows se nemůže dotazovat na položku registru DllName pro
{7B849a69-220F-451E-B3FE-2CB811AF94AE} a nebude načtena. Příčinou je zřejmě chybná
registrace.
Error - 2.7.2010 10:44:49 | Computer Name = KAREL-20BTTPBU8 | Source = Userenv | ID = 1041
Description = Systém Windows se nemůže dotazovat na položku registru DllName pro
{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} a nebude načtena. Příčinou je zřejmě chybná
registrace.
Error - 2.7.2010 12:17:49 | Computer Name = KAREL-20BTTPBU8 | Source = Userenv | ID = 1041
Description = Systém Windows se nemůže dotazovat na položku registru DllName pro
{7B849a69-220F-451E-B3FE-2CB811AF94AE} a nebude načtena. Příčinou je zřejmě chybná
registrace.
Error - 2.7.2010 12:17:49 | Computer Name = KAREL-20BTTPBU8 | Source = Userenv | ID = 1041
Description = Systém Windows se nemůže dotazovat na položku registru DllName pro
{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} a nebude načtena. Příčinou je zřejmě chybná
registrace.
Error - 2.7.2010 12:25:50 | Computer Name = KAREL-20BTTPBU8 | Source = Userenv | ID = 1041
Description = Systém Windows se nemůže dotazovat na položku registru DllName pro
{7B849a69-220F-451E-B3FE-2CB811AF94AE} a nebude načtena. Příčinou je zřejmě chybná
registrace.
Error - 2.7.2010 12:25:50 | Computer Name = KAREL-20BTTPBU8 | Source = Userenv | ID = 1041
Description = Systém Windows se nemůže dotazovat na položku registru DllName pro
{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} a nebude načtena. Příčinou je zřejmě chybná
registrace.
Error - 2.7.2010 14:05:49 | Computer Name = KAREL-20BTTPBU8 | Source = Userenv | ID = 1041
Description = Systém Windows se nemůže dotazovat na položku registru DllName pro
{7B849a69-220F-451E-B3FE-2CB811AF94AE} a nebude načtena. Příčinou je zřejmě chybná
registrace.
Error - 2.7.2010 14:05:49 | Computer Name = KAREL-20BTTPBU8 | Source = Userenv | ID = 1041
Description = Systém Windows se nemůže dotazovat na položku registru DllName pro
{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} a nebude načtena. Příčinou je zřejmě chybná
registrace.
Error - 2.7.2010 14:08:50 | Computer Name = KAREL-20BTTPBU8 | Source = Userenv | ID = 1041
Description = Systém Windows se nemůže dotazovat na položku registru DllName pro
{7B849a69-220F-451E-B3FE-2CB811AF94AE} a nebude načtena. Příčinou je zřejmě chybná
registrace.
Error - 2.7.2010 14:08:50 | Computer Name = KAREL-20BTTPBU8 | Source = Userenv | ID = 1041
Description = Systém Windows se nemůže dotazovat na položku registru DllName pro
{CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} a nebude načtena. Příčinou je zřejmě chybná
registrace.
[ System Events ]
Error - 28.6.2010 12:00:45 | Computer Name = KAREL-20BTTPBU8 | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1058 při pokusu o spuštění služby gusvc
s argumenty za účelem spuštění serveru: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}
Error - 28.6.2010 12:01:33 | Computer Name = KAREL-20BTTPBU8 | Source = Service Control Manager | ID = 7034
Description = Služba Process Monitor byla neočekávaně ukončena. Tento stav nastal
již 1krát.
Error - 28.6.2010 12:01:38 | Computer Name = KAREL-20BTTPBU8 | Source = Service Control Manager | ID = 7034
Description = Služba ICQ Service byla neočekávaně ukončena. Tento stav nastal již
1krát.
Error - 28.6.2010 12:01:43 | Computer Name = KAREL-20BTTPBU8 | Source = Service Control Manager | ID = 7034
Description = Služba LVCOMSer byla neočekávaně ukončena. Tento stav nastal již 1krát.
Error - 28.6.2010 12:01:46 | Computer Name = KAREL-20BTTPBU8 | Source = Service Control Manager | ID = 7034
Description = Služba Java Quick Starter byla neočekávaně ukončena. Tento stav nastal
již 1krát.
Error - 28.6.2010 12:01:49 | Computer Name = KAREL-20BTTPBU8 | Source = Service Control Manager | ID = 7034
Description = Služba NVIDIA Display Driver Service byla neočekávaně ukončena. Tento
stav nastal již 1krát.
Error - 28.6.2010 12:01:58 | Computer Name = KAREL-20BTTPBU8 | Source = Service Control Manager | ID = 7034
Description = Služba Windows User Mode Driver Framework byla neočekávaně ukončena.
Tento stav nastal již 1krát.
Error - 28.6.2010 12:02:03 | Computer Name = KAREL-20BTTPBU8 | Source = Service Control Manager | ID = 7031
Description = Služba Vzdálené volání procedur (RPC) byla nečekaně ukončena. Stalo
se to 1 krát. Následující opravná akce bude spuštěna za 60000 milisekund: Restartovat
počítač.
Error - 2.7.2010 15:05:58 | Computer Name = KAREL-20BTTPBU8 | Source = Service Control Manager | ID = 7034
Description = Služba Java Quick Starter byla neočekávaně ukončena. Tento stav nastal
již 1krát.
Error - 2.7.2010 15:06:21 | Computer Name = KAREL-20BTTPBU8 | Source = Service Control Manager | ID = 7034
Description = Služba Process Monitor byla neočekávaně ukončena. Tento stav nastal
již 1krát.
< End of report >
-
Rudy
- Site Admin
- Příspěvky: 119418
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: samovolné spouštění iexplorer a jiných, vypínaní zvuku?!
Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu..Collect::
C:\WINDOWS\System32\drivers\1027162.sys
C:\WINDOWS\System32\drivers\10271621.sys
C:\WINDOWS\System32\drivers\10271622.sys
Driver::
1027162
10271621
10271622
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?