Par viru + mozna spyware

[Qw3Rtzui0p]

Virus.Win32.Virut.CE@86480074 C:\System Volume Information\_restore{37B8222D-5387-404B-8290-3A58C7D20899}\RP49\A0008140.dll
Virus.Win32.Virut.CE@86480074 C:\System Volume Information\_restore{37B8222D-5387-404B-8290-3A58C7D20899}\RP61\A0012185.dll
Virus.Win32.Virut.CE@86480074 C:\System Volume Information\_restore{37B8222D-5387-404B-8290-3A58C7D20899}\RP74\A0015327.exe|CTSys.dll
Virus.Win32.Virut.CE@86480074 C:\Documents and Settings\lll\Dokumenty\Downloads\Garena_setup.exe|CTSys.dll
Virus.Win32.Virut.CE@86480074 C:\Documents and Settings\lll\Dokumenty\Downloads\Garena_setup (1).exe|CTSys.dll
Virus.Win32.Virut.CE@86480074 C:\Documents and Settings\lll\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Cache\f_0006be|CTSys.dll
Heur.Dual.Extensions@-1 C:\Documents and Settings\Qw3Rtzui0p\Local Settings\Temp\ubi17B.tmp.exe
Heur.Dual.Extensions@-1 C:\Documents and Settings\Qw3Rtzui0p\Local Settings\Temp\ubi17E.tmp.exe
Heur.Dual.Extensions@-1 C:\Documents and Settings\Qw3Rtzui0p\Local Settings\Temp\ubi12.tmp.exe
Heur.Dual.Extensions@-1 C:\Documents and Settings\Qw3Rtzui0p\Local Settings\Temp\ubiCC.tmp.exe
Heur.Dual.Extensions@-1 C:\Documents and Settings\Qw3Rtzui0p\Local Settings\Temp\ubi79.tmp.exe
Heur.Dual.Extensions@-1 C:\Documents and Settings\Qw3Rtzui0p\Local Settings\Temp\ubiB8.tmp.exe
Heur.Dual.Extensions@-1 C:\Documents and Settings\Qw3Rtzui0p\Local Settings\Temp\ubiE6.tmp.exe
Heur.Dual.Extensions@-1 C:\Documents and Settings\Qw3Rtzui0p\Local Settings\Temp\ubiE8.tmp.exe
Heur.Dual.Extensions@-1 C:\Documents and Settings\Qw3Rtzui0p\Local Settings\Temp\ubiDE.tmp.exe
Heur.Dual.Extensions@-1 C:\Documents and Settings\Qw3Rtzui0p\Local Settings\Temp\ubiE1.tmp.exe
Heur.Dual.Extensions@-1 C:\Documents and Settings\Qw3Rtzui0p\Local Settings\Temp\ubiEB.tmp.exe
Heur.Dual.Extensions@-1 C:\Documents and Settings\Qw3Rtzui0p\Local Settings\Temp\ubiF7.tmp.exe
Heur.Dual.Extensions@-1 C:\Documents and Settings\Qw3Rtzui0p\Local Settings\Temp\ubiFC.tmp.exe
Heur.Dual.Extensions@-1 C:\Documents and Settings\Qw3Rtzui0p\Local Settings\Temp\ubiE4.tmp.exe


protokol z antiviru
ten ubisoft je asi pro hrani assassins creed 2 pres net,Garena je platforma pro hrani her

[motji]

Hezké odpoledne
Obávám se, že nejde o pár virů , ale uvidíme, co najde Avptool.

Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe
-uložte ho na plochu a spustte soubor OTL.exe.
-do bílého okna dole skopírujte tento skript:

Kód: Vybrat vše

netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
tcpip.sys
cryptsvc.dll
Changer.sys
JakNDis.sys
isapnp.sys
cdrom.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
CREATERESTOREPOINT 

- zaškrtněte okénko Pro všechny uživatele.
-označte okénka Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
- Klikněte na tlačítko Prohledat
-po dokončení skenu se objeví logy OTL.Txt a Extras.txt, vložte je zde




Stahněte z mého podpisu AVPTOOl http://www.viry.cz/forum/viewtopic.php?f=29&t=58179

-Podle návodu nainstalujte a proveďte sken
-co najde nechejte léčit, mazat
-sken může trvat několik hodin
-vložte zde log z výsledky

[Qw3Rtzui0p]

OTL logfile created on: 28.10.2010 16:20:43 - Run 1
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Documents and Settings\Qw3Rtzui0p\Plocha
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 57,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111,78 Gb Total Space | 52,11 Gb Free Space | 46,61% Space Free | Partition Type: NTFS
Drive D: | 306,42 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: DOMINIK | User Name: Qw3Rtzui0p | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010.10.28 16:19:35 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Qw3Rtzui0p\Plocha\OTL.exe
PRC - [2010.10.22 16:23:21 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozzila\plugin-container.exe
PRC - [2010.10.22 16:23:18 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozzila\firefox.exe
PRC - [2010.10.19 18:24:20 | 002,078,720 | ---- | M] () -- C:\Poker\BetMost Poker\casino.exe
PRC - [2010.10.12 08:37:00 | 000,974,904 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2010.09.10 23:41:42 | 001,901,056 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2010.09.10 23:41:20 | 002,500,552 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2010.07.09 18:08:04 | 002,712,920 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
PRC - [2010.06.26 02:15:32 | 001,311,312 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
PRC - [2010.06.22 21:09:20 | 000,112,208 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
PRC - [2010.05.28 16:50:34 | 005,801,936 | ---- | M] (QIP) -- C:\Program Files\QIP Infium\infium.exe
PRC - [2009.09.08 09:48:55 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe
PRC - [2009.09.08 09:47:07 | 004,513,792 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
PRC - [2009.06.17 13:44:11 | 000,085,160 | ---- | M] (Elaborate Bytes AG) -- C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
PRC - [2006.09.25 09:12:20 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2005.12.21 11:51:04 | 000,139,264 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
PRC - [2005.12.21 11:48:04 | 000,127,035 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
PRC - [2005.12.21 11:47:48 | 000,061,503 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
PRC - [2005.09.23 10:04:38 | 000,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
PRC - [2005.05.12 11:02:24 | 000,437,760 | ---- | M] (Stardock Systems, Inc) -- C:\Program Files\AlienGUIse\wbload.exe
PRC - [2004.08.18 14:00:00 | 001,032,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2002.10.15 18:00:20 | 001,818,624 | ---- | M] (C-Media Electronic Inc. (www.cmedia.com.tw)) -- C:\WINDOWS\mixer.exe


========== Modules (SafeList) ==========

MOD - [2010.10.28 16:19:35 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Qw3Rtzui0p\Plocha\OTL.exe
MOD - [2010.09.10 23:41:40 | 000,285,480 | ---- | M] (COMODO) -- C:\WINDOWS\system32\guard32.dll
MOD - [2006.08.08 14:09:54 | 000,501,821 | ---- | M] (Stardock.Net, Inc) -- C:\Program Files\AlienGUIse\wblind.dll
MOD - [2004.08.18 14:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
MOD - [2003.02.26 22:24:32 | 000,028,740 | ---- | M] (Stardock.Net, Inc) -- C:\Program Files\AlienGUIse\wbhelp.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010.10.03 17:14:24 | 000,185,640 | ---- | M] () [On_Demand | Stopped] -- C:\Documents and Settings\Qw3Rtzui0p\Data aplikací\Mikogo\B-Service.exe -- (B-Service)
SRV - [2010.09.10 23:41:42 | 001,901,056 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2010.05.06 11:29:12 | 000,293,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009.09.08 09:48:55 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe -- (postgresql-8.4)
SRV - [2005.12.21 11:51:04 | 000,139,264 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV - [2005.12.21 11:48:04 | 000,127,035 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -- (nSvcIp)
SRV - [2005.12.21 11:47:48 | 000,061,503 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -- (nSvcLog)
SRV - [2005.09.23 10:04:38 | 000,020,543 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe -- (ForcewareWebInterface)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Garena\plugins\UI\safedrv.sys -- (GGSAFERDriver)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\QW3RTZ~1\LOCALS~1\Temp\ALSysIO.sys -- (ALSysIO)
DRV - [2010.10.03 00:32:40 | 000,436,792 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010.09.10 23:40:54 | 000,091,560 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect)
DRV - [2010.09.10 23:40:52 | 000,239,240 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2010.09.10 23:40:52 | 000,025,240 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2010.09.10 23:40:48 | 000,015,592 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmderd.sys -- (cmderd)
DRV - [2010.03.18 11:02:32 | 000,028,624 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2010.03.18 11:02:08 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2010.03.18 11:01:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2010.03.18 11:01:12 | 000,010,448 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2010.02.11 17:03:56 | 000,114,952 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\keyscrambler.sys -- (KeyScrambler)
DRV - [2009.12.18 00:25:12 | 000,026,024 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2009.08.09 23:25:56 | 000,029,696 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VClone.sys -- (VClone)
DRV - [2007.04.16 21:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2006.12.17 04:50:29 | 001,918,464 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006.04.24 17:52:28 | 000,100,736 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2006.04.14 20:09:06 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006.04.14 20:09:04 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006.04.14 20:08:56 | 000,101,888 | ---- | M] (NVIDIA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\nvtcp.sys -- (NVTCP)
DRV - [2005.08.18 17:52:06 | 000,093,568 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys -- (nvatabus)
DRV - [2004.08.03 23:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2002.11.18 15:51:40 | 000,377,358 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmaudio.sys -- (cmpci) C-Media PCI Audio Driver (WDM)
DRV - [2001.08.17 23:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-606747145-1035525444-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
IE - HKU\S-1-5-21-606747145-1035525444-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
IE - HKU\S-1-5-21-606747145-1035525444-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
IE - HKU\S-1-5-21-606747145-1035525444-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://qip.ru
IE - HKU\S-1-5-21-606747145-1035525444-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
IE - HKU\S-1-5-21-606747145-1035525444-682003330-1004\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-606747145-1035525444-682003330-1004\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\Qw3Rtzui0p\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
IE - HKU\S-1-5-21-606747145-1035525444-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "QIP Search"
FF - prefs.js..browser.search.selectedEngine: "QIP Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: keyscrambler@qfx.software.corporation:2.7.0.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {32a1fd71-835e-4b11-8e54-886fda0b4c89}:1.1
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.8.0.12304
FF - prefs.js..keyword.URL: "http://search.qip.ru/search?from=FF&query="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files\Mozzila\components [2010.10.22 16:23:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files\Mozzila\plugins [2010.10.22 16:23:29 | 000,000,000 | ---D | M]

[2010.09.19 22:40:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Qw3Rtzui0p\Data aplikací\Mozilla\Extensions
[2010.10.28 08:28:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Qw3Rtzui0p\Data aplikací\Mozilla\Firefox\Profiles\doiq9hxf.default\extensions
[2010.09.30 20:06:28 | 000,000,000 | ---D | M] (QipAuthorizer) -- C:\Documents and Settings\Qw3Rtzui0p\Data aplikací\Mozilla\Firefox\Profiles\doiq9hxf.default\extensions\{32a1fd71-835e-4b11-8e54-886fda0b4c89}
[2010.10.17 17:30:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Qw3Rtzui0p\Data aplikací\Mozilla\Firefox\Profiles\doiq9hxf.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010.09.20 18:32:45 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Qw3Rtzui0p\Data aplikací\Mozilla\Firefox\Profiles\doiq9hxf.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.09.20 18:32:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Qw3Rtzui0p\Data aplikací\Mozilla\Firefox\Profiles\doiq9hxf.default\extensions\keyscrambler@qfx.software.corporation
[2010.10.28 08:28:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Qw3Rtzui0p\Data aplikací\Mozilla\Firefox\Profiles\doiq9hxf.default\extensions\toolbar@ask.com
[2010.09.30 20:06:28 | 000,002,062 | ---- | M] () -- C:\Documents and Settings\Qw3Rtzui0p\Data aplikací\Mozilla\Firefox\Profiles\doiq9hxf.default\searchplugins\qip-search.xml

O1 HOSTS File: ([2004.08.18 14:00:00 | 000,000,737 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (QIPBHO Class) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\Qw3Rtzui0p\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
O2 - BHO: (Softonic Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [C-Media Mixer] C:\WINDOWS\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw))
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [SmartDefrag] C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe (IObit)
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKU\S-1-5-21-606747145-1035525444-682003330-1004..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe File not found
O4 - HKU\S-1-5-21-606747145-1035525444-682003330-1004..\Run: [Mikogo] C:\Documents and Settings\Qw3Rtzui0p\Data aplikací\Mikogo\Mikogo-Host.exe (Mikogo)
O4 - Startup: C:\Documents and Settings\Qw3Rtzui0p\Nabídka Start\Programy\Po spuštění\My_AutoWarkey_Script.lnk = C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-606747145-1035525444-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-606747145-1035525444-682003330-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... mv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.194.204.126 85.132.148.70
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (wbsys.dll) - C:\WINDOWS\System32\wbsys.dll (Stardock.Net, Inc)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\WB: DllName - C:\Program Files\AlienGUIse\fastload.dll - C:\Program Files\AlienGUIse\fastload.dll (Stardock)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\AW_XenoMorph1280.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\AW_XenoMorph1280.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.09.19 22:16:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003.10.18 19:28:32 | 000,000,062 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{8ef4ebc1-c439-11df-af8b-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{8ef4ebc1-c439-11df-af8b-806d6172696f}\Shell\AutoRun\command - "" = D:\Msetup4.exe -- [2004.05.27 18:44:54 | 000,360,448 | R--- | M] (CANON INC.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (62501055581126656)

========== Files/Folders - Created Within 30 Days ==========

[2010.10.28 16:19:34 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Qw3Rtzui0p\Plocha\OTL.exe
[2010.10.27 22:52:32 | 000,000,000 | ---D | C] -- C:\Program Files\Managed DirectX (0901)
[2010.10.27 22:48:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Qw3Rtzui0p\Plocha\Call of duty
[2010.10.27 19:48:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Qw3Rtzui0p\Plocha\w3
[2010.10.27 19:38:22 | 000,139,264 | ---- | C] (Blizzard Entertainment) -- C:\WINDOWS\War3Unin.exe
[2010.10.27 19:35:13 | 000,000,000 | ---D | C] -- C:\Warcraft III 2
[2010.10.27 19:29:16 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010.10.27 19:23:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Qw3Rtzui0p\Plocha\Warcraft RoC + TFT + Keygens + Patch 1.24c ONLINE WORKING
[2010.10.27 16:24:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Qw3Rtzui0p\Local Settings\Data aplikací\DFX
[2010.10.27 16:24:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\DFX
[2010.10.27 16:24:01 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2010.10.27 16:23:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DFX
[2010.10.27 16:23:56 | 000,000,000 | ---D | C] -- C:\Program Files\DFX
[2010.10.27 16:23:39 | 003,035,312 | ---- | C] (Power Technology) -- C:\Documents and Settings\Qw3Rtzui0p\Plocha\dfx9Setup-Winamp.exe
[2010.10.27 16:23:39 | 002,944,904 | ---- | C] (Ask) -- C:\Documents and Settings\Qw3Rtzui0p\Plocha\askToolbarInstaller-1.8.0.0.exe
[2010.10.27 15:13:06 | 000,000,000 | ---D | C] -- C:\Program Files\Warkeys
[2010.10.22 15:54:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Google
[2010.10.22 15:48:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Temp
[2010.10.21 22:25:33 | 000,116,736 | ---- | C] (CANON INC.) -- C:\WINDOWS\System32\CNMLM66.DLL
[2010.10.21 22:25:28 | 000,086,016 | R--- | C] (CANON INC.) -- C:\WINDOWS\System32\CNMCP66.exe
[2010.10.21 22:25:07 | 000,000,000 | -H-D | C] -- C:\BJPrinter
[2010.10.21 22:23:37 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbprint.sys
[2010.10.19 18:24:18 | 000,000,000 | ---D | C] -- C:\Poker
[2010.10.17 01:00:18 | 000,000,000 | ---D | C] -- C:\Warcraft III
[2010.10.10 16:57:12 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010.10.10 16:57:12 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010.10.03 20:02:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Qw3Rtzui0p\Local Settings\Data aplikací\TechSmith
[2010.10.03 19:57:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Qw3Rtzui0p\Dokumenty\Camtasia Studio
[2010.10.03 19:56:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\QuickTime
[2010.10.03 19:56:49 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010.10.03 19:56:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TechSmith Shared
[2010.10.03 19:56:34 | 000,000,000 | ---D | C] -- C:\Program Files\TechSmith
[2010.10.03 19:56:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\TechSmith
[2010.10.03 00:56:27 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_5.dll
[2010.10.03 00:56:27 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_5.dll
[2010.10.03 00:56:26 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_42.dll
[2010.10.03 00:56:26 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_42.dll
[2010.10.03 00:56:25 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_42.dll
[2010.10.03 00:56:25 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_42.dll
[2010.10.03 00:56:25 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_42.dll
[2010.10.03 00:56:24 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_41.dll
[2010.10.03 00:56:24 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_41.dll
[2010.10.03 00:56:24 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_41.dll
[2010.10.03 00:56:23 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_4.dll
[2010.10.03 00:56:23 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_4.dll
[2010.10.03 00:56:23 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_3.dll
[2010.10.03 00:56:23 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_6.dll
[2010.10.03 00:56:22 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_40.dll
[2010.10.03 00:56:22 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_40.dll
[2010.10.03 00:56:22 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_3.dll
[2010.10.03 00:56:22 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_40.dll
[2010.10.03 00:56:22 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_2.dll
[2010.10.03 00:56:21 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_2.dll
[2010.10.03 00:56:21 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_3.dll
[2010.10.03 00:56:21 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_1.dll
[2010.10.03 00:56:21 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_5.dll
[2010.10.03 00:56:20 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_39.dll
[2010.10.03 00:56:20 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_39.dll
[2010.10.03 00:56:20 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_2.dll
[2010.10.03 00:56:19 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_39.dll
[2010.10.03 00:56:19 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_1.dll
[2010.10.03 00:56:19 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_0.dll
[2010.10.03 00:56:18 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_38.dll
[2010.10.03 00:56:18 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_38.dll
[2010.10.03 00:56:18 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_1.dll
[2010.10.03 00:56:18 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_4.dll
[2010.10.03 00:56:17 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_38.dll
[2010.10.03 00:56:17 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_0.dll
[2010.10.03 00:56:16 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_0.dll
[2010.10.03 00:56:15 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_37.dll
[2010.10.03 00:56:15 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx10_37.dll
[2010.10.03 00:56:15 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_3.dll
[2010.10.03 00:56:14 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DX9_37.dll
[2010.10.03 00:55:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2010.10.03 00:47:48 | 000,000,000 | ---D | C] -- C:\Program Files\Elaborate Bytes
[2010.10.03 00:43:24 | 000,000,000 | ---D | C] -- C:\Program Files\Alcohol Soft
[2010.10.03 00:35:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Qw3Rtzui0p\Data aplikací\DAEMON Tools Pro
[2010.10.03 00:28:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Pro
[2010.10.01 22:21:31 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2010.10.01 22:18:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Qw3Rtzui0p\Dokumenty\Mikogo
[2010.10.01 22:18:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Qw3Rtzui0p\Data aplikací\Mikogo
[2010.10.01 19:28:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Qw3Rtzui0p\Plocha\poker
[2010.10.01 19:18:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Qw3Rtzui0p\Data aplikací\Leadertech
[2010.10.01 19:17:41 | 000,016,400 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\drivers\LNonPnP.sys
[2010.10.01 19:17:37 | 000,016,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsgXP_2k3.dll
[2010.10.01 19:17:05 | 000,010,448 | ---- | C] (Logitech, Inc.) -- C:\WINDOWS\System32\drivers\LBeepKE.sys
[2010.10.01 19:17:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dokumenty\LogiShrd
[2010.10.01 19:16:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Logishrd
[2010.10.01 19:16:52 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2010.10.01 19:16:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LogiShrd
[2010.10.01 19:16:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Qw3Rtzui0p\Data aplikací\Logitech
[2010.10.01 19:16:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Qw3Rtzui0p\Data aplikací\Logishrd
[2010.10.01 19:08:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Qw3Rtzui0p\Local Settings\Data aplikací\Stardock
[2010.10.01 19:07:48 | 000,036,864 | ---- | C] (Stardock.Net, Inc) -- C:\WINDOWS\System32\wbsys.dll
[2010.10.01 19:07:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Stardock
[2010.10.01 19:07:48 | 000,000,000 | ---D | C] -- C:\Program Files\AlienGUIse
[2010.10.01 18:32:34 | 000,045,056 | ---- | C] (Stardust Software) -- C:\WINDOWS\System32\sstunst3.exe
[2010.10.01 18:32:31 | 000,564,736 | ---- | C] (Stardust Software) -- C:\WINDOWS\System32\ah.scr
[2010.09.30 20:06:18 | 000,000,000 | ---D | C] -- C:\Program Files\QIP Infium
[2010.09.29 18:42:46 | 000,032,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msonpmon.dll
[2010.09.29 18:42:00 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2010.09.29 18:41:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2010.09.29 18:41:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010.09.29 18:41:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010.09.29 18:39:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2010.09.29 18:39:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\SHELLNEW
[2010.09.29 18:38:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Qw3Rtzui0p\Local Settings\Data aplikací\Microsoft Help
[2010.09.29 18:38:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010.09.29 18:38:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
[2010.09.29 18:38:37 | 000,000,000 | RH-D | C] -- C:\MSOCache
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.10.28 16:24:57 | 001,474,832 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2010.10.28 16:19:35 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Qw3Rtzui0p\Plocha\OTL.exe
[2010.10.28 16:01:00 | 000,000,244 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010.10.28 15:54:00 | 000,000,944 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.10.28 15:54:00 | 000,000,940 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.10.28 08:25:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.10.27 22:53:09 | 000,000,766 | ---- | M] () -- C:\WINDOWS\CoD.INI
[2010.10.27 20:01:20 | 000,001,055 | ---- | M] () -- C:\Documents and Settings\Qw3Rtzui0p\Nabídka Start\Programy\Po spuštění\My_AutoWarkey_Script.lnk
[2010.10.27 19:55:22 | 000,063,906 | ---- | M] () -- C:\WINDOWS\War3Unin.dat
[2010.10.27 19:53:37 | 000,001,449 | ---- | M] () -- C:\Documents and Settings\Qw3Rtzui0p\Plocha\Frozen Throne.lnk
[2010.10.27 19:53:27 | 000,139,264 | ---- | M] (Blizzard Entertainment) -- C:\WINDOWS\War3Unin.exe
[2010.10.27 19:53:27 | 000,002,829 | ---- | M] () -- C:\WINDOWS\War3Unin.pif
[2010.10.27 19:39:02 | 000,001,442 | ---- | M] () -- C:\Documents and Settings\Qw3Rtzui0p\Plocha\Warcraft III.lnk
[2010.10.27 19:29:12 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.10.27 19:20:34 | 000,016,400 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\System32\drivers\LNonPnP.sys
[2010.10.27 16:23:47 | 002,944,904 | ---- | M] (Ask) -- C:\Documents and Settings\Qw3Rtzui0p\Plocha\askToolbarInstaller-1.8.0.0.exe
[2010.10.27 16:23:42 | 003,035,312 | ---- | M] (Power Technology) -- C:\Documents and Settings\Qw3Rtzui0p\Plocha\dfx9Setup-Winamp.exe
[2010.10.27 16:23:05 | 000,007,680 | ---- | M] () -- C:\Documents and Settings\Qw3Rtzui0p\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.10.27 15:13:09 | 000,001,903 | ---- | M] () -- C:\Documents and Settings\Qw3Rtzui0p\Plocha\AutoWarkey.lnk
[2010.10.27 15:13:09 | 000,001,825 | ---- | M] () -- C:\Documents and Settings\Qw3Rtzui0p\Plocha\Warkeys.lnk
[2010.10.27 15:13:09 | 000,000,666 | ---- | M] () -- C:\Documents and Settings\Qw3Rtzui0p\Plocha\Warkeys Help.lnk
[2010.10.27 15:01:21 | 000,000,673 | ---- | M] () -- C:\Documents and Settings\Qw3Rtzui0p\Plocha\Call of Duty Single Player.lnk
[2010.10.27 15:01:21 | 000,000,673 | ---- | M] () -- C:\Documents and Settings\Qw3Rtzui0p\Plocha\Call of Duty Multiplayer.lnk
[2010.10.27 01:29:46 | 000,004,887 | ---- | M] () -- C:\Documents and Settings\Qw3Rtzui0p\Plocha\dlouhe-bidlo.jpg
[2010.10.26 21:39:59 | 000,164,818 | ---- | M] () -- C:\Documents and Settings\Qw3Rtzui0p\Plocha\wiz.JPG
[2010.10.25 17:53:26 | 000,015,903 | ---- | M] () -- C:\Documents and Settings\Qw3Rtzui0p\Plocha\DisplayGrapho.png
[2010.10.25 17:51:50 | 000,020,269 | ---- | M] () -- C:\Documents and Settings\Qw3Rtzui0p\Plocha\DisplayGraph3.png
[2010.10.25 17:51:17 | 000,017,275 | ---- | M] () -- C:\Documents and Settings\Qw3Rtzui0p\Plocha\DisplayGraph1.png
[2010.10.24 20:43:54 | 000,011,618 | ---- | M] () -- C:\Seminární práce,Vaňková 1.PDA.docx
[2010.10.23 12:54:59 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Google Chrome.lnk
[2010.10.22 19:00:22 | 000,071,532 | ---- | M] () -- C:\Documents and Settings\Qw3Rtzui0p\Plocha\tt.jpg
[2010.10.19 18:24:21 | 000,000,631 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\BetMost Poker.lnk
[2010.10.19 16:38:46 | 000,000,745 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Switch to Gaming Mode.lnk
[2010.10.19 16:38:46 | 000,000,737 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Game Booster.lnk
[2010.10.17 05:58:42 | 003,932,214 | ---- | M] () -- C:\WINDOWS\AW_XenoMorph1280.bmp
[2010.10.15 16:03:01 | 000,001,653 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\COMODO Internet Security.lnk
[2010.10.13 21:04:05 | 000,001,990 | ---- | M] () -- C:\Documents and Settings\Qw3Rtzui0p\Plocha\TableNinja.lnk
[2010.10.11 23:49:01 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\Qw3Rtzui0p\Plocha\Garena.lnk
[2010.10.10 17:20:16 | 000,001,821 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Assassin's Creed II.lnk
[2010.10.10 16:57:23 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Adobe Reader 9.lnk
[2010.10.09 23:11:43 | 005,760,054 | ---- | M] () -- C:\WINDOWS\ALX_1600x1200.bmp
[2010.10.07 21:11:01 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Smart Defrag.lnk
[2010.10.06 16:48:19 | 000,435,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.10.06 16:48:19 | 000,432,004 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2010.10.06 16:48:19 | 000,079,062 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2010.10.06 16:48:19 | 000,068,156 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.10.04 21:57:33 | 005,760,054 | ---- | M] () -- C:\WINDOWS\AW_1600x1200.bmp
[2010.10.04 17:43:29 | 000,013,031 | ---- | M] () -- C:\Documents and Settings\Qw3Rtzui0p\Plocha\posilka.xlsx
[2010.10.04 17:38:15 | 003,932,214 | ---- | M] () -- C:\WINDOWS\InvaderDark1280.bmp
[2010.10.03 22:15:16 | 000,000,036 | ---- | M] () -- C:\WINDOWS\CMMPLAY.INI
[2010.10.03 22:08:33 | 395,882,526 | ---- | M] () -- C:\Documents and Settings\Qw3Rtzui0p\Plocha\SNGiz.avi
[2010.10.03 21:30:11 | 896,277,828 | ---- | M] () -- C:\Documents and Settings\Qw3Rtzui0p\Plocha\Session.avi
[2010.10.03 19:56:59 | 000,000,893 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Camtasia Studio 7.lnk
[2010.10.03 19:56:47 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010.10.03 17:26:27 | 000,000,101 | ---- | M] () -- C:\WINDOWS\CMMIXER.INI
[2010.10.03 17:21:24 | 000,000,040 | ---- | M] () -- C:\WINDOWS\CMCDPLAY.INI
[2010.10.03 11:03:07 | 000,002,283 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Skype.lnk
[2010.10.03 00:48:25 | 000,000,903 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Virtual CloneDrive.lnk
[2010.10.03 00:32:40 | 000,436,792 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010.10.01 22:18:09 | 000,001,903 | ---- | M] () -- C:\Documents and Settings\Qw3Rtzui0p\Plocha\Mikogo.lnk
[2010.10.01 19:17:41 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2010.10.01 19:07:58 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\Qw3Rtzui0p\Plocha\AlienGUIse.lnk
[2010.10.01 19:07:48 | 000,000,056 | ---- | M] () -- C:\WINDOWS\wb.ini
[2010.10.01 18:32:34 | 000,045,056 | ---- | M] (Stardust Software) -- C:\WINDOWS\System32\sstunst3.exe
[2010.10.01 18:32:31 | 001,061,188 | ---- | M] () -- C:\WINDOWS\System32\ah.mx1
[2010.10.01 18:32:31 | 000,564,736 | ---- | M] (Stardust Software) -- C:\WINDOWS\System32\ah.scr
[2010.10.01 18:32:31 | 000,020,610 | ---- | M] () -- C:\WINDOWS\System32\ah.ibx
[2010.09.30 15:47:36 | 000,269,392 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.10.27 22:47:58 | 1201,478,500 | ---- | C] () -- C:\Documents and Settings\Qw3Rtzui0p\Plocha\Call of duty.rar
[2010.10.27 20:01:20 | 000,001,055 | ---- | C] () -- C:\Documents and Settings\Qw3Rtzui0p\Nabídka Start\Programy\Po spuštění\My_AutoWarkey_Script.lnk
[2010.10.27 19:53:37 | 000,001,449 | ---- | C] () -- C:\Documents and Settings\Qw3Rtzui0p\Plocha\Frozen Throne.lnk
[2010.10.27 19:39:02 | 000,001,442 | ---- | C] () -- C:\Documents and Settings\Qw3Rtzui0p\Plocha\Warcraft III.lnk
[2010.10.27 19:38:23 | 000,063,906 | ---- | C] () -- C:\WINDOWS\War3Unin.dat
[2010.10.27 19:38:22 | 000,002,829 | ---- | C] () -- C:\WINDOWS\War3Unin.pif
[2010.10.27 19:23:16 | 000,004,585 | ---- | C] () -- C:\Documents and Settings\Qw3Rtzui0p\Plocha\VAŇKOVÁ_JANA.p12
[2010.10.27 16:24:08 | 000,000,244 | ---- | C] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010.10.27 15:13:09 | 000,001,903 | ---- | C] () -- C:\Documents and Settings\Qw3Rtzui0p\Plocha\AutoWarkey.lnk
[2010.10.27 15:13:09 | 000,001,825 | ---- | C] () -- C:\Documents and Settings\Qw3Rtzui0p\Plocha\Warkeys.lnk
[2010.10.27 15:13:09 | 000,000,666 | ---- | C] () -- C:\Documents and Settings\Qw3Rtzui0p\Plocha\Warkeys Help.lnk
[2010.10.27 15:01:21 | 000,000,673 | ---- | C] () -- C:\Documents and Settings\Qw3Rtzui0p\Plocha\Call of Duty Single Player.lnk
[2010.10.27 15:01:21 | 000,000,673 | ---- | C] () -- C:\Documents and Settings\Qw3Rtzui0p\Plocha\Call of Duty Multiplayer.lnk
[2010.10.27 14:55:44 | 000,000,766 | ---- | C] () -- C:\WINDOWS\CoD.INI
[2010.10.27 01:29:45 | 000,004,887 | ---- | C] () -- C:\Documents and Settings\Qw3Rtzui0p\Plocha\dlouhe-bidlo.jpg
[2010.10.26 21:39:59 | 000,164,818 | ---- | C] () -- C:\Documents and Settings\Qw3Rtzui0p\Plocha\wiz.JPG
[2010.10.25 17:53:26 | 000,015,903 | ---- | C] () -- C:\Documents and Settings\Qw3Rtzui0p\Plocha\DisplayGrapho.png
[2010.10.25 17:51:50 | 000,020,269 | ---- | C] () -- C:\Documents and Settings\Qw3Rtzui0p\Plocha\DisplayGraph3.png
[2010.10.25 17:51:16 | 000,017,275 | ---- | C] () -- C:\Documents and Settings\Qw3Rtzui0p\Plocha\DisplayGraph1.png
[2010.10.24 20:43:54 | 000,011,618 | ---- | C] () -- C:\Seminární práce,Vaňková 1.PDA.docx
[2010.10.22 19:00:22 | 000,071,532 | ---- | C] () -- C:\Documents and Settings\Qw3Rtzui0p\Plocha\tt.jpg
[2010.10.22 15:49:15 | 000,000,940 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.10.21 22:25:33 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS66.DLL
[2010.10.19 18:24:21 | 000,000,631 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\BetMost Poker.lnk
[2010.10.15 16:03:01 | 000,001,653 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\COMODO Internet Security.lnk
[2010.10.13 21:04:05 | 000,001,990 | ---- | C] () -- C:\Documents and Settings\Qw3Rtzui0p\Plocha\TableNinja.lnk
[2010.10.11 23:49:01 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\Qw3Rtzui0p\Plocha\Garena.lnk
[2010.10.10 17:20:16 | 000,001,821 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Assassin's Creed II.lnk
[2010.10.10 16:57:23 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Adobe Reader 9.lnk
[2010.10.09 23:13:24 | 003,932,214 | ---- | C] () -- C:\WINDOWS\AW_XenoMorph1280.bmp
[2010.10.09 23:11:43 | 005,760,054 | ---- | C] () -- C:\WINDOWS\ALX_1600x1200.bmp
[2010.10.07 21:11:01 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Smart Defrag.lnk
[2010.10.04 21:57:33 | 005,760,054 | ---- | C] () -- C:\WINDOWS\AW_1600x1200.bmp
[2010.10.04 17:38:15 | 003,932,214 | ---- | C] () -- C:\WINDOWS\InvaderDark1280.bmp
[2010.10.04 16:40:28 | 005,760,056 | ---- | C] () -- C:\WINDOWS\Darkstar.bmp
[2010.10.03 22:09:14 | 395,882,526 | ---- | C] () -- C:\Documents and Settings\Qw3Rtzui0p\Plocha\SNGiz.avi
[2010.10.03 21:30:46 | 896,277,828 | ---- | C] () -- C:\Documents and Settings\Qw3Rtzui0p\Plocha\Session.avi
[2010.10.03 19:56:59 | 000,000,893 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Camtasia Studio 7.lnk
[2010.10.03 17:26:26 | 000,000,101 | ---- | C] () -- C:\WINDOWS\CMMIXER.INI
[2010.10.03 17:21:22 | 000,000,036 | ---- | C] () -- C:\WINDOWS\CMMPLAY.INI
[2010.10.03 00:48:25 | 000,000,903 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Virtual CloneDrive.lnk
[2010.10.02 21:11:53 | 000,013,031 | ---- | C] () -- C:\Documents and Settings\Qw3Rtzui0p\Plocha\posilka.xlsx
[2010.10.01 22:18:09 | 000,001,903 | ---- | C] () -- C:\Documents and Settings\Qw3Rtzui0p\Plocha\Mikogo.lnk
[2010.10.01 19:17:41 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2010.10.01 19:08:37 | 000,068,673 | ---- | C] () -- C:\WINDOWS\AW_XenoMorph1280.jpg
[2010.10.01 19:07:58 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\Qw3Rtzui0p\Plocha\AlienGUIse.lnk
[2010.10.01 19:07:48 | 000,000,056 | ---- | C] () -- C:\WINDOWS\wb.ini
[2010.10.01 18:32:31 | 001,061,188 | ---- | C] () -- C:\WINDOWS\System32\ah.mx1
[2010.10.01 18:32:31 | 000,020,610 | ---- | C] () -- C:\WINDOWS\System32\ah.ibx
[2010.09.26 21:43:39 | 000,436,792 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010.09.25 17:41:04 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\Qw3Rtzui0p\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.21 17:25:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HMHud.INI
[2010.09.20 18:59:57 | 000,000,045 | ---- | C] () -- C:\Documents and Settings\Qw3Rtzui0p\Local Settings\Data aplikací\machpro.dat
[2010.09.20 18:58:58 | 000,068,246 | ---- | C] () -- C:\Program Files\hminstalllog.txt
[2010.09.20 00:05:55 | 000,004,249 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010.09.19 22:35:59 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2010.09.19 22:35:55 | 000,004,333 | ---- | C] () -- C:\WINDOWS\mixerdef.ini
[2010.09.19 22:35:11 | 000,028,238 | ---- | C] () -- C:\WINDOWS\cmijack.ini
[2010.09.19 22:35:11 | 000,018,210 | ---- | C] () -- C:\WINDOWS\cmaudio.ini
[2010.09.19 22:35:01 | 000,000,411 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2010.09.19 22:35:00 | 000,000,040 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI

========== LOP Check ==========

[2010.09.26 21:43:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
[2010.10.03 00:28:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Pro
[2010.10.27 16:24:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\DFX
[2010.10.03 19:56:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TechSmith
[2010.10.03 00:58:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Ubisoft
[2010.09.21 16:27:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\XHEO INC
[2010.10.03 00:28:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lll\Data aplikací\DAEMON Tools Pro
[2010.10.07 21:11:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lll\Data aplikací\IObit
[2010.10.03 00:58:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lll\Data aplikací\Ubisoft
[2010.10.10 16:54:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mamka\Data aplikací\IObit
[2010.09.26 21:52:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Qw3Rtzui0p\Data aplikací\DAEMON Tools Lite
[2010.10.03 00:35:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Qw3Rtzui0p\Data aplikací\DAEMON Tools Pro
[2010.09.20 22:13:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Qw3Rtzui0p\Data aplikací\HEM Data
[2010.10.19 16:38:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Qw3Rtzui0p\Data aplikací\IObit
[2010.10.01 19:18:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Qw3Rtzui0p\Data aplikací\Leadertech
[2010.10.03 17:14:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Qw3Rtzui0p\Data aplikací\Mikogo
[2010.09.20 22:38:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Qw3Rtzui0p\Data aplikací\Ubisoft
[2010.10.28 16:01:00 | 000,000,244 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========



========== Custom Scans ==========


< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"CTFMON.EXE" = C:\WINDOWS\system32\ctfmon.exe -- [2004.08.18 14:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation)
"Skype" = "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized -- [2010.09.01 16:39:54 | 014,709,640 | R--- | M] (Skype Technologies S.A.)
"DAEMON Tools Lite" = "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun -- File not found
"Mikogo" = "C:\Documents and Settings\Qw3Rtzui0p\Data aplikací\Mikogo\Mikogo-Host.exe" -- [2010.10.01 22:18:09 | 002,748,416 | ---- | M] (Mikogo)

< c:\windows\*.* /U >
[3 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2010.09.23 19:32:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Qw3Rtzui0p\Data aplikací\Adobe
[2010.09.19 23:28:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Qw3Rtzui0p\Data aplikací\ATI
[2010.09.26 21:52:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Qw3Rtzui0p\Data aplikací\DAEMON Tools Lite
[2010.10.03 00:35:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Qw3Rtzui0p\Data aplikací\DAEMON Tools Pro
[2010.09.20 22:13:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Qw3Rtzui0p\Data aplikací\HEM Data
[2010.09.19 22:21:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Qw3Rtzui0p\Data aplikací\Identities
[2010.09.20 22:19:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Qw3Rtzui0p\Data aplikací\InstallShield
[2010.10.19 16:38:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Qw3Rtzui0p\Data aplikací\IObit
[2010.10.01 19:18:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Qw3Rtzui0p\Data aplikací\Leadertech
[2010.10.01 19:16:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Qw3Rtzui0p\Data aplikací\Logishrd
[2010.10.01 19:18:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Qw3Rtzui0p\Data aplikací\Logitech
[2010.09.19 23:23:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Qw3Rtzui0p\Data aplikací\Macromedia
[2010.10.10 16:48:40 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Qw3Rtzui0p\Data aplikací\Microsoft
[2010.10.03 17:14:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Qw3Rtzui0p\Data aplikací\Mikogo
[2010.09.19 22:40:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Qw3Rtzui0p\Data aplikací\Mozilla
[2010.10.28 15:35:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Qw3Rtzui0p\Data aplikací\Skype
[2010.10.28 15:28:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Qw3Rtzui0p\Data aplikací\skypePM
[2010.09.27 18:39:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Qw3Rtzui0p\Data aplikací\Sun
[2010.09.20 22:38:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Qw3Rtzui0p\Data aplikací\Ubisoft
[2010.10.03 19:59:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Qw3Rtzui0p\Data aplikací\vlc
[2010.09.24 21:26:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Qw3Rtzui0p\Data aplikací\Winamp
[2010.09.19 23:03:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Qw3Rtzui0p\Data aplikací\WinRAR

< %APPDATA%\*.exe /s >
[2010.10.01 19:18:10 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Documents and Settings\Qw3Rtzui0p\Data aplikací\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
[2010.10.13 21:04:05 | 000,013,406 | R--- | M] () -- C:\Documents and Settings\Qw3Rtzui0p\Data aplikací\Microsoft\Installer\{8220D118-F173-4383-8FC4-65259B92B8EE}\_8FA7DD9B5B75EA7DB16B4B.exe
[2010.10.13 21:04:05 | 000,013,406 | R--- | M] () -- C:\Documents and Settings\Qw3Rtzui0p\Data aplikací\Microsoft\Installer\{8220D118-F173-4383-8FC4-65259B92B8EE}\_C56DF32C395BC76E47946E.exe
[2010.10.03 17:14:27 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Qw3Rtzui0p\Data aplikací\Mikogo\B-Capture.exe
[2010.10.03 17:14:24 | 000,185,640 | ---- | M] () -- C:\Documents and Settings\Qw3Rtzui0p\Data aplikací\Mikogo\B-Service.exe
[2010.10.01 22:18:09 | 002,748,416 | ---- | M] (Mikogo) -- C:\Documents and Settings\Qw3Rtzui0p\Data aplikací\Mikogo\Mikogo-Host.exe
[2010.10.01 22:18:09 | 000,144,688 | ---- | M] (Mikogo) -- C:\Documents and Settings\Qw3Rtzui0p\Data aplikací\Mikogo\remover.exe
[2010.10.01 22:18:09 | 001,249,280 | ---- | M] (BeamYourScreen) -- C:\Documents and Settings\Qw3Rtzui0p\Data aplikací\Mikogo\SessionPlayer.exe


< MD5 for: AGP440.SYS >
[2004.08.18 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\agp440.sys

< MD5 for: ATAPI.SYS >
[2004.08.18 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\atapi.sys
[2004.08.18 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.18 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys
[2004.08.18 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys
[2004.08.18 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
[2004.08.18 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\atapi.sys

< MD5 for: CDROM.SYS >
[2004.08.18 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\cdrom.sys
[2004.08.18 14:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\system32\drivers\cdrom.sys

< MD5 for: CRYPTSVC.DLL >
[2004.08.18 14:00:00 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\system32\cryptsvc.dll
[2004.08.18 14:00:00 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\system32\dllcache\cryptsvc.dll
[2008.04.14 05:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\cryptsvc.dll

[Qw3Rtzui0p]

< MD5 for: EVENTLOG.DLL >
[2008.04.14 05:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\eventlog.dll
[2004.08.18 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004.08.18 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\explorer.exe
[2004.08.18 14:00:00 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\explorer.exe
[2004.08.18 14:00:00 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: HAL.DLL >
[2004.08.18 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2008.04.13 20:31:32 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\hal.dll
[2004.08.18 14:00:00 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=DFCE51FD96909D1B97D4A1A72D060D77 -- C:\WINDOWS\system32\hal.dll

< MD5 for: CHANGER.SYS >
[2004.08.18 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2008.04.13 20:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\changer.sys

< MD5 for: ISAPNP.SYS >
[2004.08.18 14:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\system32\drivers\isapnp.sys
[2008.04.14 04:27:53 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\isapnp.sys

< MD5 for: LSASS.EXE >
[2004.08.18 14:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\system32\dllcache\lsass.exe
[2004.08.18 14:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\system32\lsass.exe
[2008.04.14 05:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\lsass.exe

< MD5 for: NDIS.SYS >
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\ndis.sys
[2004.08.18 14:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\dllcache\ndis.sys
[2004.08.18 14:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\drivers\ndis.sys

< MD5 for: NETLOGON.DLL >
[2009.02.06 20:47:20 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=1F43B8C0F4C767FBED89711C30E704D9 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009.02.06 20:47:20 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=1F43B8C0F4C767FBED89711C30E704D9 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004.08.18 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2004.08.18 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\system32\netlogon.dll
[2008.04.14 05:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\netlogon.dll

< MD5 for: NVATA.SYS >
[2005.08.18 17:52:06 | 000,093,568 | ---- | M] (NVIDIA Corporation) MD5=0344AA9113DC16EEC379F4652020849D -- C:\NVIDIA\nForceWin2KXP\8.22\IDE\Win2K\sata_ide\nvata.sys
[2005.08.18 17:52:06 | 000,093,568 | ---- | M] (NVIDIA Corporation) MD5=0344AA9113DC16EEC379F4652020849D -- C:\NVIDIA\nForceWin2KXP\8.22\IDE\WinXP\sata_ide\nvata.sys
[2006.04.24 17:52:28 | 000,100,736 | ---- | M] (NVIDIA Corporation) MD5=C03E15101F6D9E82CD9B0E7D715F5DE3 -- C:\NVIDIA\nForceWin2KXP\6.86\IDE\Win2K\sata_ide\nvata.sys
[2006.04.24 17:52:28 | 000,100,736 | ---- | M] (NVIDIA Corporation) MD5=C03E15101F6D9E82CD9B0E7D715F5DE3 -- C:\NVIDIA\nForceWin2KXP\6.86\IDE\WinXP\sata_ide\nvata.sys
[2006.04.24 17:52:28 | 000,100,736 | ---- | M] (NVIDIA Corporation) MD5=C03E15101F6D9E82CD9B0E7D715F5DE3 -- C:\Program Files\zakladovka\IDE\Win2K\sata_ide\nvata.sys
[2006.04.24 17:52:28 | 000,100,736 | ---- | M] (NVIDIA Corporation) MD5=C03E15101F6D9E82CD9B0E7D715F5DE3 -- C:\Program Files\zakladovka\IDE\WinXP\sata_ide\nvata.sys
[2006.04.24 17:52:28 | 000,100,736 | ---- | M] (NVIDIA Corporation) MD5=C03E15101F6D9E82CD9B0E7D715F5DE3 -- C:\WINDOWS\system32\drivers\nvata.sys

< MD5 for: NVATABUS.SYS >
[2005.08.18 17:52:06 | 000,093,568 | ---- | M] (NVIDIA Corporation) MD5=0344AA9113DC16EEC379F4652020849D -- C:\NVIDIA\nForceWin2KXP\8.22\IDE\Win2K\legacy\nvatabus.sys
[2005.08.18 17:52:06 | 000,093,568 | ---- | M] (NVIDIA Corporation) MD5=0344AA9113DC16EEC379F4652020849D -- C:\NVIDIA\nForceWin2KXP\8.22\IDE\Win2K\sataraid\nvatabus.sys
[2005.08.18 17:52:06 | 000,093,568 | ---- | M] (NVIDIA Corporation) MD5=0344AA9113DC16EEC379F4652020849D -- C:\NVIDIA\nForceWin2KXP\8.22\IDE\WinXP\legacy\nvatabus.sys
[2005.08.18 17:52:06 | 000,093,568 | ---- | M] (NVIDIA Corporation) MD5=0344AA9113DC16EEC379F4652020849D -- C:\NVIDIA\nForceWin2KXP\8.22\IDE\WinXP\sataraid\nvatabus.sys
[2005.08.18 17:52:06 | 000,093,568 | ---- | M] (NVIDIA Corporation) MD5=0344AA9113DC16EEC379F4652020849D -- C:\WINDOWS\system32\drivers\nvatabus.sys
[2005.08.18 17:52:06 | 000,093,568 | ---- | M] (NVIDIA Corporation) MD5=0344AA9113DC16EEC379F4652020849D -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\nvatabus.sys
[2006.04.24 17:52:28 | 000,100,736 | ---- | M] (NVIDIA Corporation) MD5=C03E15101F6D9E82CD9B0E7D715F5DE3 -- C:\NVIDIA\nForceWin2KXP\6.86\IDE\Win2K\legacy\nvatabus.sys
[2006.04.24 17:52:28 | 000,100,736 | ---- | M] (NVIDIA Corporation) MD5=C03E15101F6D9E82CD9B0E7D715F5DE3 -- C:\NVIDIA\nForceWin2KXP\6.86\IDE\Win2K\sataraid\nvatabus.sys
[2006.04.24 17:52:28 | 000,100,736 | ---- | M] (NVIDIA Corporation) MD5=C03E15101F6D9E82CD9B0E7D715F5DE3 -- C:\NVIDIA\nForceWin2KXP\6.86\IDE\WinXP\legacy\nvatabus.sys
[2006.04.24 17:52:28 | 000,100,736 | ---- | M] (NVIDIA Corporation) MD5=C03E15101F6D9E82CD9B0E7D715F5DE3 -- C:\NVIDIA\nForceWin2KXP\6.86\IDE\WinXP\sataraid\nvatabus.sys
[2006.04.24 17:52:28 | 000,100,736 | ---- | M] (NVIDIA Corporation) MD5=C03E15101F6D9E82CD9B0E7D715F5DE3 -- C:\Program Files\zakladovka\IDE\Win2K\legacy\nvatabus.sys
[2006.04.24 17:52:28 | 000,100,736 | ---- | M] (NVIDIA Corporation) MD5=C03E15101F6D9E82CD9B0E7D715F5DE3 -- C:\Program Files\zakladovka\IDE\Win2K\sataraid\nvatabus.sys
[2006.04.24 17:52:28 | 000,100,736 | ---- | M] (NVIDIA Corporation) MD5=C03E15101F6D9E82CD9B0E7D715F5DE3 -- C:\Program Files\zakladovka\IDE\WinXP\legacy\nvatabus.sys
[2006.04.24 17:52:28 | 000,100,736 | ---- | M] (NVIDIA Corporation) MD5=C03E15101F6D9E82CD9B0E7D715F5DE3 -- C:\Program Files\zakladovka\IDE\WinXP\sataraid\nvatabus.sys

< MD5 for: NVRAID.SYS >
[2005.08.18 17:52:08 | 000,077,056 | ---- | M] (NVIDIA Corporation) MD5=A4F2A29B9D40F9FFBBB54E56CE483797 -- C:\NVIDIA\nForceWin2KXP\8.22\IDE\Win2K\legacy\nvraid.sys
[2005.08.18 17:52:08 | 000,077,056 | ---- | M] (NVIDIA Corporation) MD5=A4F2A29B9D40F9FFBBB54E56CE483797 -- C:\NVIDIA\nForceWin2KXP\8.22\IDE\Win2K\sataraid\nvraid.sys
[2005.08.18 17:52:08 | 000,077,056 | ---- | M] (NVIDIA Corporation) MD5=A4F2A29B9D40F9FFBBB54E56CE483797 -- C:\NVIDIA\nForceWin2KXP\8.22\IDE\WinXP\legacy\nvraid.sys
[2005.08.18 17:52:08 | 000,077,056 | ---- | M] (NVIDIA Corporation) MD5=A4F2A29B9D40F9FFBBB54E56CE483797 -- C:\NVIDIA\nForceWin2KXP\8.22\IDE\WinXP\sataraid\nvraid.sys
[2006.04.24 17:52:36 | 000,082,944 | ---- | M] (NVIDIA Corporation) MD5=B65CE56C36F573113FF2F6D0F07B7563 -- C:\NVIDIA\nForceWin2KXP\6.86\IDE\Win2K\legacy\nvraid.sys
[2006.04.24 17:52:36 | 000,082,944 | ---- | M] (NVIDIA Corporation) MD5=B65CE56C36F573113FF2F6D0F07B7563 -- C:\NVIDIA\nForceWin2KXP\6.86\IDE\Win2K\sataraid\nvraid.sys
[2006.04.24 17:52:36 | 000,082,944 | ---- | M] (NVIDIA Corporation) MD5=B65CE56C36F573113FF2F6D0F07B7563 -- C:\NVIDIA\nForceWin2KXP\6.86\IDE\WinXP\legacy\nvraid.sys
[2006.04.24 17:52:36 | 000,082,944 | ---- | M] (NVIDIA Corporation) MD5=B65CE56C36F573113FF2F6D0F07B7563 -- C:\NVIDIA\nForceWin2KXP\6.86\IDE\WinXP\sataraid\nvraid.sys
[2006.04.24 17:52:36 | 000,082,944 | ---- | M] (NVIDIA Corporation) MD5=B65CE56C36F573113FF2F6D0F07B7563 -- C:\Program Files\zakladovka\IDE\Win2K\legacy\nvraid.sys
[2006.04.24 17:52:36 | 000,082,944 | ---- | M] (NVIDIA Corporation) MD5=B65CE56C36F573113FF2F6D0F07B7563 -- C:\Program Files\zakladovka\IDE\Win2K\sataraid\nvraid.sys
[2006.04.24 17:52:36 | 000,082,944 | ---- | M] (NVIDIA Corporation) MD5=B65CE56C36F573113FF2F6D0F07B7563 -- C:\Program Files\zakladovka\IDE\WinXP\legacy\nvraid.sys
[2006.04.24 17:52:36 | 000,082,944 | ---- | M] (NVIDIA Corporation) MD5=B65CE56C36F573113FF2F6D0F07B7563 -- C:\Program Files\zakladovka\IDE\WinXP\sataraid\nvraid.sys

< MD5 for: SCECLI.DLL >
[2004.08.18 14:00:00 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004.08.18 14:00:00 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\system32\scecli.dll
[2008.04.14 05:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\scecli.dll

< MD5 for: SMSS.EXE >
[2004.08.18 14:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\system32\dllcache\smss.exe
[2004.08.18 14:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\system32\smss.exe
[2008.04.14 05:22:47 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\smss.exe

< MD5 for: SVCHOST.EXE >
[2008.04.14 05:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\svchost.exe
[2004.08.18 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\system32\dllcache\svchost.exe
[2004.08.18 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\system32\svchost.exe

< MD5 for: TCPIP.SYS >
[2008.06.20 12:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 12:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\system32\drivers\tcpip.sys
[2008.06.20 12:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[2008.04.13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[2004.08.18 14:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\userinit.exe
[2004.08.18 14:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\system32\dllcache\userinit.exe
[2004.08.18 14:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004.08.18 14:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2004.08.18 14:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\system32\winlogon.exe
[2008.04.14 05:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\winlogon.exe

< MD5 for: WS2_32.DLL >
[2004.08.18 14:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\system32\dllcache\ws2_32.dll
[2004.08.18 14:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\system32\ws2_32.dll
[2008.04.14 05:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2006.12.17 04:16:06 | 000,303,104 | ---- | M] (ATI Technologies Inc.) Unable to obtain MD5 -- C:\WINDOWS\system32\ATIDEMGR.dll
[2010.04.16 17:38:07 | 000,357,888 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2010.04.16 17:38:07 | 000,205,312 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010.10.03 00:32:40 | 000,436,792 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys

< %systemroot%\System32\config\*.sav >
[2010.09.20 00:01:24 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010.09.20 00:01:24 | 000,638,976 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010.09.20 00:01:24 | 000,475,136 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >
[2006.12.17 04:16:06 | 000,303,104 | ---- | M] (ATI Technologies Inc.) Unable to obtain MD5 -- C:\WINDOWS\system32\ATIDEMGR.dll
[2010.04.16 17:38:07 | 000,357,888 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2010.04.16 17:38:07 | 000,205,312 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs

< %systemroot%\system32\drivers\*.sys /3 >
[2010.10.27 19:20:34 | 000,016,400 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\LNonPnP.sys
[2010.10.27 14:45:59 | 000,012,528 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys

< %systemroot%\system32\*.* /3 >
[2010.10.28 16:34:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\system32\nmp.log
[2010.10.27 19:29:12 | 000,013,646 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
[2010.10.28 08:25:26 | 000,000,000 | ---- | M] () -- C:\WINDOWS\system32\_nvidia_xxx_.log
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< End of report >

OTL Extras logfile created on: 28.10.2010 16:20:43 - Run 1
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Documents and Settings\Qw3Rtzui0p\Plocha
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 57,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111,78 Gb Total Space | 52,11 Gb Free Space | 46,61% Space Free | Partition Type: NTFS
Drive D: | 306,42 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: DOMINIK | User Name: Qw3Rtzui0p | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-606747145-1035525444-682003330-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozzila\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5432:TCP" = 5432:TCP:*:Enabled:postgres
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe" = C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9 -- (Ubisoft)
"C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe" = C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10 -- (Ubisoft)
"C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe" = C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update -- (Ubisoft)
"C:\Program Files\cod\CoDMP.exe" = C:\Program Files\cod\CoDMP.exe:*:Enabled:CoDMP -- ()
"C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe" = C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)
"C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe" = C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher -- (Ubisoft)
"C:\Program Files\Ubisoft\Assassin's Creed II\AssassinsCreedIIGame.exe" = C:\Program Files\Ubisoft\Assassin's Creed II\AssassinsCreedIIGame.exe:*:Enabled:Assassin's Creed II -- ()
"C:\Program Files\Ubisoft\Assassin's Creed II\AssassinsCreedII.exe" = C:\Program Files\Ubisoft\Assassin's Creed II\AssassinsCreedII.exe:*:Enabled:Assassin's Creed II Update -- (Ubisoft)
"C:\Program Files\Ubisoft\Assassin's Creed II\UPlayBrowser.exe" = C:\Program Files\Ubisoft\Assassin's Creed II\UPlayBrowser.exe:*:Enabled:Assassin's Creed II Uplay -- (Ubisoft Entertainment)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37B03AA0-B125-4649-900C-F26E1081F163}" = Camtasia Studio 7
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{546C143E-68DC-314D-97BC-1E454E3BA429}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - CSY
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7F34A21F-2DEB-4598-BB19-611D6BD24271}" = Managed DirectX (0901)
"{8220D118-F173-4383-8FC4-65259B92B8EE}" = TableNinja
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{90120000-0010-0405-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Czech) 12
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2007
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2C9CD1B-2551-3AED-B244-6698FB929FA6}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - CSY
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1029-7B44-A94000000001}" = Adobe Reader 9.4.0 - Czech
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{B7777E08-1344-42E8-975B-6F541F9ADBD8}" = ATI Catalyst Control Center
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DD73CA82-EA82-38AA-863D-9A24A018DC96}" = Microsoft .NET Framework 3.5 Language Pack SP1 - csy
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{FD8E178D-8B4E-42DA-B434-EFF270329B1C}" = COMODO Internet Security
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ah" = ah Screen Saver
"AlienGUIse Theme Manager" = AlienGUIse Theme Manager
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"BetMost Poker" = BetMost Poker
"Call of Duty" = Call of Duty
"CANONBJ_Deinstall_CNMCP66.DLL" = Canon PIXMA iP2000
"DFX for Winamp" = DFX for Winamp
"DXTXTRA" = Microsoft DirectX Transform optional components
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Eurobattle.net2.0" = Eurobattle.net
"Game Booster_is1" = Game Booster
"Google Chrome" = Google Chrome
"HoldemManager" = Holdem Manager
"InstallShield_{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"KeyScrambler" = KeyScrambler
"Microsoft .NET Framework 3.5 Language Pack SP1 - csy" = Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mikogo" = Mikogo
"Mozilla Firefox (3.6.11)" = Mozilla Firefox (3.6.11)
"NVIDIA Drivers" = NVIDIA Drivers
"PCI Audio Applications" = PCI Audio Applications
"PCI Audio Driver" = PCI Audio Driver
"PokerStars" = PokerStars
"PostgreSQL 8.4" = PostgreSQL 8.4
"SitNGoWizard" = SitNGo Wizard
"Smart Defrag_is1" = Smart Defrag
"SP6" = Logitech SetPoint 6.15
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.1.4
"Warkeys" = Warkeys 1.17.1.0b
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"WinRAR archiver" = WinRAR
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-606747145-1035525444-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"QIP Infium" = QIP Infium 2.0.9036
"Warcraft III" = Warcraft III: All Products
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 27.10.2010 8:55:19 | Computer Name = DOMINIK | Source = Application Error | ID = 1000
Description = Chybující aplikace codmp.exe, verze 0.0.0.0, chybující modul codmp.exe,
verze 0.0.0.0, adresa chyby 0x0004b1aa.

Error - 27.10.2010 9:02:16 | Computer Name = DOMINIK | Source = Application Error | ID = 1000
Description = Chybující aplikace codmp.exe, verze 0.0.0.0, chybující modul codmp.exe,
verze 0.0.0.0, adresa chyby 0x0004b1aa.

Error - 27.10.2010 9:02:36 | Computer Name = DOMINIK | Source = Application Error | ID = 1000
Description = Chybující aplikace codmp.exe, verze 0.0.0.0, chybující modul codmp.exe,
verze 0.0.0.0, adresa chyby 0x0004b1aa.

Error - 27.10.2010 9:03:53 | Computer Name = DOMINIK | Source = Application Error | ID = 1000
Description = Chybující aplikace codmp.exe, verze 0.0.0.0, chybující modul codmp.exe,
verze 0.0.0.0, adresa chyby 0x0004b1aa.

Error - 27.10.2010 9:05:06 | Computer Name = DOMINIK | Source = Application Error | ID = 1000
Description = Chybující aplikace codmp.exe, verze 0.0.0.0, chybující modul codmp.exe,
verze 0.0.0.0, adresa chyby 0x0004b1aa.

Error - 27.10.2010 13:20:18 | Computer Name = DOMINIK | Source = PostgreSQL | ID = 0
Description = 2010-10-27 19:20:18 CESTFATAL: the database system is starting up


Error - 27.10.2010 13:46:28 | Computer Name = DOMINIK | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace war3_install.exe, verze 1.5.0.0, zablokovaný
modul hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 28.10.2010 1:38:08 | Computer Name = DOMINIK | Source = PerfNet | ID = 2004
Description = Nelze otevřít službu serveru. Data o výkonu serveru nejsou k dispozici.
Vrácený chybový kód je v datech DWORD 0.

Error - 28.10.2010 1:38:45 | Computer Name = DOMINIK | Source = PostgreSQL | ID = 0
Description = 2010-10-28 07:38:45 CESTFATAL: the database system is starting up


Error - 28.10.2010 2:25:27 | Computer Name = DOMINIK | Source = PostgreSQL | ID = 0
Description = 2010-10-28 08:25:27 CESTFATAL: the database system is starting up


[ SitNGoWizard Events ]
Error - 15.10.2010 12:40:17 | Computer Name = DOMINIK | Source = SitNGoWizard | ID = 1
Description = v System.Windows.Forms.Control.MarshaledInvoke(Control caller,
Delegate method, Object[] args, Boolean synchronous) v System.Windows.Forms.Control.Invoke(Delegate
method, Object[] args) v System.Windows.Forms.Control.Invoke(Delegate method)

v SitNGoWizard.MainForm.OnPokerSiteTimerTick(Object sender, EventArgs e) v
System.Windows.Forms.Timer.OnTick(EventArgs e) v System.Windows.Forms.Timer.TimerNativeWindow.WndProc(Message&
m) v System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr
wparam, IntPtr lparam)

Error - 15.10.2010 12:40:27 | Computer Name = DOMINIK | Source = SitNGoWizard | ID = 1
Description = Nelze volat funkci Invoke nebo BeginInvoke pro ovládací prvek, dokud
není vytvořen popisovač okna.

Error - 15.10.2010 12:40:27 | Computer Name = DOMINIK | Source = SitNGoWizard | ID = 1
Description = v System.Windows.Forms.Control.MarshaledInvoke(Control caller,
Delegate method, Object[] args, Boolean synchronous) v System.Windows.Forms.Control.Invoke(Delegate
method, Object[] args) v System.Windows.Forms.Control.Invoke(Delegate method)

v SitNGoWizard.MainForm.OnPokerSiteTimerTick(Object sender, EventArgs e) v
System.Windows.Forms.Timer.OnTick(EventArgs e) v System.Windows.Forms.Timer.TimerNativeWindow.WndProc(Message&
m) v System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr
wparam, IntPtr lparam)

Error - 16.10.2010 18:37:32 | Computer Name = DOMINIK | Source = SitNGoWizard | ID = 1
Description = Nelze volat funkci Invoke nebo BeginInvoke pro ovládací prvek, dokud
není vytvořen popisovač okna.

Error - 16.10.2010 18:37:32 | Computer Name = DOMINIK | Source = SitNGoWizard | ID = 1
Description = v System.Windows.Forms.Control.MarshaledInvoke(Control caller,
Delegate method, Object[] args, Boolean synchronous) v System.Windows.Forms.Control.Invoke(Delegate
method, Object[] args) v System.Windows.Forms.Control.Invoke(Delegate method)

v SitNGoWizard.MainForm.OnPokerSiteTimerTick(Object sender, EventArgs e) v
System.Windows.Forms.Timer.OnTick(EventArgs e) v System.Windows.Forms.Timer.TimerNativeWindow.WndProc(Message&
m) v System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr
wparam, IntPtr lparam)

Error - 22.10.2010 12:59:30 | Computer Name = DOMINIK | Source = SitNGoWizard | ID = 1
Description = Nelze volat funkci Invoke nebo BeginInvoke pro ovládací prvek, dokud
není vytvořen popisovač okna.

Error - 22.10.2010 12:59:30 | Computer Name = DOMINIK | Source = SitNGoWizard | ID = 1
Description = v System.Windows.Forms.Control.MarshaledInvoke(Control caller,
Delegate method, Object[] args, Boolean synchronous) v System.Windows.Forms.Control.Invoke(Delegate
method, Object[] args) v System.Windows.Forms.Control.Invoke(Delegate method)

v SitNGoWizard.MainForm.OnPokerSiteTimerTick(Object sender, EventArgs e) v
System.Windows.Forms.Timer.OnTick(EventArgs e) v System.Windows.Forms.Timer.TimerNativeWindow.WndProc(Message&
m) v System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr
wparam, IntPtr lparam)

Error - 22.10.2010 12:59:40 | Computer Name = DOMINIK | Source = SitNGoWizard | ID = 1
Description = Nelze volat funkci Invoke nebo BeginInvoke pro ovládací prvek, dokud
není vytvořen popisovač okna.

Error - 22.10.2010 12:59:40 | Computer Name = DOMINIK | Source = SitNGoWizard | ID = 1
Description = v System.Windows.Forms.Control.MarshaledInvoke(Control caller,
Delegate method, Object[] args, Boolean synchronous) v System.Windows.Forms.Control.Invoke(Delegate
method, Object[] args) v System.Windows.Forms.Control.Invoke(Delegate method)

v SitNGoWizard.MainForm.OnPokerSiteTimerTick(Object sender, EventArgs e) v
System.Windows.Forms.Timer.OnTick(EventArgs e) v System.Windows.Forms.Timer.TimerNativeWindow.WndProc(Message&
m) v System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr
wparam, IntPtr lparam)

Error - 26.10.2010 13:19:51 | Computer Name = DOMINIK | Source = SitNGoWizard | ID = 1
Description = Nelze volat funkci Invoke nebo BeginInvoke pro ovládací prvek, dokud
není vytvořen popisovač okna.

[ System Events ]
Error - 17.10.2010 7:50:59 | Computer Name = DOMINIK | Source = ipnathlp | ID = 32003
Description = Služba NAT (Network Address Translator) nemohla požádat o operaci překládacího
modulu režimu jádra. To může znamenat špatnou konfiguraci, nedostatek prostředků
nebo vnitřní chybu. Uvedený údaj je kód chyby.

Error - 17.10.2010 10:35:26 | Computer Name = DOMINIK | Source = DCOM | ID = 10016
Description = Nastavení omezení výchozí pro počítač neuděluje oprávnění typu Místní
- Aktivace k aplikaci COM Server s identifikátorem CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

uživateli DOMINIK\postgres (SID S-1-5-21-606747145-1035525444-682003330-1006).
Toto oprávnění zabezpečení lze upravit pomocí nástroje správy Služba komponent.

Error - 23.10.2010 19:42:02 | Computer Name = DOMINIK | Source = DCOM | ID = 10016
Description = Nastavení omezení výchozí pro počítač neuděluje oprávnění typu Místní
- Aktivace k aplikaci COM Server s identifikátorem CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

uživateli DOMINIK\postgres (SID S-1-5-21-606747145-1035525444-682003330-1006).
Toto oprávnění zabezpečení lze upravit pomocí nástroje správy Služba komponent.

Error - 25.10.2010 9:24:35 | Computer Name = DOMINIK | Source = DCOM | ID = 10016
Description = Nastavení omezení výchozí pro počítač neuděluje oprávnění typu Místní
- Aktivace k aplikaci COM Server s identifikátorem CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

uživateli DOMINIK\postgres (SID S-1-5-21-606747145-1035525444-682003330-1006).
Toto oprávnění zabezpečení lze upravit pomocí nástroje správy Služba komponent.

Error - 27.10.2010 7:05:08 | Computer Name = DOMINIK | Source = DCOM | ID = 10016
Description = Nastavení omezení výchozí pro počítač neuděluje oprávnění typu Místní
- Aktivace k aplikaci COM Server s identifikátorem CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

uživateli DOMINIK\postgres (SID S-1-5-21-606747145-1035525444-682003330-1006).
Toto oprávnění zabezpečení lze upravit pomocí nástroje správy Služba komponent.

Error - 27.10.2010 13:43:15 | Computer Name = DOMINIK | Source = Cdrom | ID = 262151
Description = Zařízení \Device\CdRom1 má chybný blok.

Error - 27.10.2010 13:43:15 | Computer Name = DOMINIK | Source = Cdrom | ID = 262151
Description = Zařízení \Device\CdRom1 má chybný blok.

Error - 27.10.2010 13:43:15 | Computer Name = DOMINIK | Source = Cdrom | ID = 262151
Description = Zařízení \Device\CdRom1 má chybný blok.

Error - 27.10.2010 13:43:15 | Computer Name = DOMINIK | Source = Cdrom | ID = 262151
Description = Zařízení \Device\CdRom1 má chybný blok.

Error - 28.10.2010 1:38:45 | Computer Name = DOMINIK | Source = DCOM | ID = 10016
Description = Nastavení omezení výchozí pro počítač neuděluje oprávnění typu Místní
- Aktivace k aplikaci COM Server s identifikátorem CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}

uživateli DOMINIK\postgres (SID S-1-5-21-606747145-1035525444-682003330-1006).
Toto oprávnění zabezpečení lze upravit pomocí nástroje správy Služba komponent.


< End of report >

[motji]

Co ten Avptool?

[Qw3Rtzui0p]

ten momentalne jeste dojizdi scan,ale muj antivir nasel neco dalsiho.. takze hodim i s AVP protokol z antiviru

[Qw3Rtzui0p]

Automatická kontrola: dokončeno před 4 hod. (události: 2, objekty: 4199, čas: 00:06:30)
28.10.2010 16:46:19 Úloha byla spuštěna
28.10.2010 16:52:49 Úloha byla dokončena
Automatická kontrola: dokončeno před 1 hod. (události: 2, objekty: 332055, čas: 02:56:55)
28.10.2010 17:02:29 Úloha byla spuštěna
28.10.2010 19:59:24 Úloha byla dokončena

[motji]

Tohle je z čeho? Z Avptoolu?

[Qw3Rtzui0p]

Ano jeto log z AVptoolu

zde novej vypis z antiviru




COMODO Internet Security Premium - Prohlížeč událostí záznamy

Tabulka

:

Události antiviru

Datum vytvoření

:

2010-10-28 21:24:37

Počet záznamů

:

48
Datum Umístění Název malware Akce Stav
2010-10-28 17:24:40 C:\Documents and Settings\Qw3Rtzui0p\Local Settings\Temp\ubi12.tmp.exe Heur.Dual.Extensions@-1 Detekce Úspěch
2010-10-28 17:24:41 C:\Documents and Settings\Qw3Rtzui0p\Local Settings\Temp\ubi12.tmp.exe Heur.Dual.Extensions@-1 Zeptat se Úspěch
2010-10-28 17:25:19 C:\Documents and Settings\Qw3Rtzui0p\Local Settings\Temp\ubi17B.tmp.exe Heur.Dual.Extensions@-1 Detekce Úspěch
2010-10-28 17:25:19 C:\Documents and Settings\Qw3Rtzui0p\Local Settings\Temp\ubi17B.tmp.exe Heur.Dual.Extensions@-1 Zeptat se Úspěch
2010-10-28 17:25:20 C:\Documents and Settings\Qw3Rtzui0p\Local Settings\Temp\ubi12.tmp.exe Heur.Dual.Extensions@-1 Do karantény Úspěch
2010-10-28 17:25:23 C:\Documents and Settings\Qw3Rtzui0p\Local Settings\Temp\ubi17B.tmp.exe Heur.Dual.Extensions@-1 Do karantény Úspěch
2010-10-28 17:25:23 C:\Documents and Settings\Qw3Rtzui0p\Local Settings\Temp\ubi17E.tmp.exe Heur.Dual.Extensions@-1 Detekce Úspěch
2010-10-28 17:25:23 C:\Documents and Settings\Qw3Rtzui0p\Local Settings\Temp\ubi17E.tmp.exe Heur.Dual.Extensions@-1 Zeptat se Úspěch
2010-10-28 17:25:27 C:\Documents and Settings\Qw3Rtzui0p\Local Settings\Temp\ubi79.tmp.exe Heur.Dual.Extensions@-1 Detekce Úspěch
2010-10-28 17:25:28 C:\Documents and Settings\Qw3Rtzui0p\Local Settings\Temp\ubi79.tmp.exe Heur.Dual.Extensions@-1 Zeptat se Úspěch
2010-10-28 17:25:28 C:\Documents and Settings\Qw3Rtzui0p\Local Settings\Temp\ubi17E.tmp.exe Heur.Dual.Extensions@-1 Do karantény Úspěch
2010-10-28 17:25:30 C:\Documents and Settings\Qw3Rtzui0p\Local Settings\Temp\ubiB8.tmp.exe Heur.Dual.Extensions@-1 Detekce Úspěch
2010-10-28 17:25:30 C:\Documents and Settings\Qw3Rtzui0p\Local Settings\Temp\ubiB8.tmp.exe Heur.Dual.Extensions@-1 Zeptat se Úspěch
2010-10-28 17:25:31 C:\Documents and Settings\Qw3Rtzui0p\Local Settings\Temp\ubi79.tmp.exe Heur.Dual.Extensions@-1 Do karantény Úspěch
2010-10-28 17:25:34 C:\Documents and Settings\Qw3Rtzui0p\Local Settings\Temp\ubiB8.tmp.exe Heur.Dual.Extensions@-1 Do karantény Úspěch
2010-10-28 17:25:34 C:\Documents and Settings\Qw3Rtzui0p\Local Settings\Temp\ubiCC.tmp.exe Heur.Dual.Extensions@-1 Detekce Úspěch
2010-10-28 17:25:35 C:\Documents and Settings\Qw3Rtzui0p\Local Settings\Temp\ubiCC.tmp.exe Heur.Dual.Extensions@-1 Zeptat se Úspěch
2010-10-28 17:25:44 C:\Documents and Settings\Qw3Rtzui0p\Local Settings\Temp\ubiCC.tmp.exe Heur.Dual.Extensions@-1 Do karantény Úspěch
2010-10-28 17:25:44 C:\Documents and Settings\Qw3Rtzui0p\Local Settings\Temp\ubiDE.tmp.exe Heur.Dual.Extensions@-1 Detekce Úspěch
2010-10-28 17:25:44 C:\Documents and Settings\Qw3Rtzui0p\Local Settings\Temp\ubiDE.tmp.exe Heur.Dual.Extensions@-1 Zeptat se Úspěch
2010-10-28 17:25:47 C:\Documents and Settings\Qw3Rtzui0p\Local Settings\Temp\ubiE1.tmp.exe Heur.Dual.Extensions@-1 Detekce Úspěch
2010-10-28 17:25:47 C:\Documents and Settings\Qw3Rtzui0p\Local Settings\Temp\ubiE1.tmp.exe Heur.Dual.Extensions@-1 Zeptat se Úspěch
2010-10-28 17:25:48 C:\Documents and Settings\Qw3Rtzui0p\Local Settings\Temp\ubiDE.tmp.exe Heur.Dual.Extensions@-1 Do karantény Úspěch
2010-10-28 17:25:50 C:\Documents and Settings\Qw3Rtzui0p\Local Settings\Temp\ubiE4.tmp.exe Heur.Dual.Extensions@-1 Detekce Úspěch
2010-10-28 17:25:50 C:\Documents and Settings\Qw3Rtzui0p\Local Settings\Temp\ubiE1.tmp.exe Heur.Dual.Extensions@-1 Do karantény Úspěch
2010-10-28 17:25:50 C:\Documents and Settings\Qw3Rtzui0p\Local Settings\Temp\ubiE4.tmp.exe Heur.Dual.Extensions@-1 Zeptat se Úspěch
2010-10-28 17:25:53 C:\Documents and Settings\Qw3Rtzui0p\Local Settings\Temp\ubiE6.tmp.exe Heur.Dual.Extensions@-1 Detekce Úspěch
2010-10-28 17:25:53 C:\Documents and Settings\Qw3Rtzui0p\Local Settings\Temp\ubiE6.tmp.exe Heur.Dual.Extensions@-1 Zeptat se Úspěch
2010-10-28 17:25:54 C:\Documents and Settings\Qw3Rtzui0p\Local Settings\Temp\ubiE4.tmp.exe Heur.Dual.Extensions@-1 Do karantény Úspěch
2010-10-28 17:26:10 C:\Documents and Settings\Qw3Rtzui0p\Local Settings\Temp\ubiE6.tmp.exe Heur.Dual.Extensions@-1 Ignorovat Úspěch
2010-10-28 17:26:11 C:\Documents and Settings\Qw3Rtzui0p\Local Settings\Temp\ubiE8.tmp.exe Heur.Dual.Extensions@-1 Detekce Úspěch
2010-10-28 17:26:11 C:\Documents and Settings\Qw3Rtzui0p\Local Settings\Temp\ubiE8.tmp.exe Heur.Dual.Extensions@-1 Zeptat se Úspěch
2010-10-28 17:26:15 C:\Documents and Settings\Qw3Rtzui0p\Local Settings\Temp\ubiEB.tmp.exe Heur.Dual.Extensions@-1 Detekce Úspěch
2010-10-28 17:26:15 C:\Documents and Settings\Qw3Rtzui0p\Local Settings\Temp\ubiEB.tmp.exe Heur.Dual.Extensions@-1 Zeptat se Úspěch
2010-10-28 17:26:16 C:\Documents and Settings\Qw3Rtzui0p\Local Settings\Temp\ubiE8.tmp.exe Heur.Dual.Extensions@-1 Do karantény Úspěch
2010-10-28 17:26:18 C:\Documents and Settings\Qw3Rtzui0p\Local Settings\Temp\ubiEB.tmp.exe Heur.Dual.Extensions@-1 Do karantény Úspěch
2010-10-28 17:26:18 C:\Documents and Settings\Qw3Rtzui0p\Local Settings\Temp\ubiF7.tmp.exe Heur.Dual.Extensions@-1 Detekce Úspěch
2010-10-28 17:26:18 C:\Documents and Settings\Qw3Rtzui0p\Local Settings\Temp\ubiF7.tmp.exe Heur.Dual.Extensions@-1 Zeptat se Úspěch
2010-10-28 17:26:36 C:\Documents and Settings\Qw3Rtzui0p\Local Settings\Temp\ubiFC.tmp.exe Heur.Dual.Extensions@-1 Detekce Úspěch
2010-10-28 17:26:36 C:\Documents and Settings\Qw3Rtzui0p\Local Settings\Temp\ubiFC.tmp.exe Heur.Dual.Extensions@-1 Zeptat se Úspěch
2010-10-28 17:26:37 C:\Documents and Settings\Qw3Rtzui0p\Local Settings\Temp\ubiF7.tmp.exe Heur.Dual.Extensions@-1 Do karantény Úspěch
2010-10-28 17:26:39 C:\Documents and Settings\Qw3Rtzui0p\Local Settings\Temp\ubiFC.tmp.exe Heur.Dual.Extensions@-1 Do karantény Úspěch
2010-10-28 19:14:43 C:\System Volume Information\_restore{37B8222D-5387-404B-8290-3A58C7D20899}\RP49\A0008140.dll Virus.Win32.Virut.CE@86480074 Detekce Úspěch
2010-10-28 19:14:44 C:\System Volume Information\_restore{37B8222D-5387-404B-8290-3A58C7D20899}\RP49\A0008140.dll Virus.Win32.Virut.CE@86480074 Zeptat se Úspěch
2010-10-28 19:16:21 C:\System Volume Information\_restore{37B8222D-5387-404B-8290-3A58C7D20899}\RP49\A0008140.dll Virus.Win32.Virut.CE@86480074 Do karantény Úspěch
2010-10-28 19:19:36 C:\System Volume Information\_restore{37B8222D-5387-404B-8290-3A58C7D20899}\RP61\A0012185.dll Virus.Win32.Virut.CE@86480074 Detekce Úspěch
2010-10-28 19:19:36 C:\System Volume Information\_restore{37B8222D-5387-404B-8290-3A58C7D20899}\RP61\A0012185.dll Virus.Win32.Virut.CE@86480074 Zeptat se Úspěch
2010-10-28 19:19:47 C:\System Volume Information\_restore{37B8222D-5387-404B-8290-3A58C7D20899}\RP61\A0012185.dll Virus.Win32.Virut.CE@86480074 Do karantény Úspěch
Konec výpisu

[motji]

tak nevím, AVPtool by viruta našel

Spustte OTL
-do bílého okna dole skopírujte tento skript:

Kód: Vybrat vše

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

:files
C:\WINDOWS\system32\*.tmp.dll /s
C:\WINDOWS\system32\SET*.tmp /s
C:\WINDOWS\*.tmp /s
C:\Documents and Settings\Qw3Rtzui0p\Local Settings\Temp\*.tmp.exe  /s

:commands
[resethosts]
[emptytemp]
[EMPTYFLASH]

-klikněte na tlačítko opravit.
-Následně se pc restartuje.
- Log vložte zde



Spusťte combofix podle tohoto návodu
http://www.bleepingcomputer.com/combofi ... t-combofix

[Qw3Rtzui0p]

ComboFix 10-10-27.A3 - Qw3Rtzui0p 29.10.2010 1:49.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1250.420.1029.18.2046.1553 [GMT 2:00]
Spuštěný z: c:\download\ComboFix.exe
AV: COMODO Antivirus *On-access scanning enabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: ActiveArmor Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-09-28 do 2010-10-28 )))))))))))))))))))))))))))))))
.

2010-10-28 22:45 . 2010-10-28 22:45 -------- d-----w- C:\_OTL
2010-10-27 20:52 . 2010-10-27 20:52 -------- d-----w- c:\program files\Managed DirectX (0901)
2010-10-27 17:38 . 2010-10-27 17:53 2829 ----a-w- c:\windows\War3Unin.pif
2010-10-27 17:38 . 2010-10-27 17:53 139264 ----a-w- c:\windows\War3Unin.exe
2010-10-27 17:35 . 2010-10-28 05:34 -------- d-----w- C:\Warcraft III 2
2010-10-27 17:29 . 2010-10-27 17:29 -------- d--h--w- c:\windows\PIF
2010-10-27 14:24 . 2010-10-27 14:24 -------- d-----w- c:\documents and settings\Qw3Rtzui0p\Local Settings\Data aplikací\DFX
2010-10-27 14:24 . 2010-10-27 14:24 -------- d-----w- c:\documents and settings\HelpAssistant
2010-10-27 14:24 . 2010-10-27 14:24 -------- d-----w- c:\documents and settings\Guest
2010-10-27 14:24 . 2010-10-27 14:24 -------- d-----w- c:\documents and settings\Administrator
2010-10-27 14:24 . 2010-10-27 14:24 -------- d-----w- c:\documents and settings\postgres\Data aplikací\Winamp
2010-10-27 14:24 . 2010-10-27 14:24 -------- d-----w- c:\documents and settings\Mamka\Data aplikací\Winamp
2010-10-27 14:24 . 2010-10-27 14:24 -------- d-----w- c:\documents and settings\SUPPORT_388945a0
2010-10-27 14:24 . 2010-10-27 14:24 -------- d-----w- c:\program files\Ask.com
2010-10-27 14:24 . 2010-10-27 14:24 -------- d-----w- c:\documents and settings\All Users\Data aplikací\DFX
2010-10-27 14:23 . 2010-10-27 14:23 -------- d-----w- c:\program files\Common Files\DFX
2010-10-27 14:23 . 2010-10-27 14:24 -------- d-----w- c:\program files\DFX
2010-10-27 13:13 . 2010-10-27 13:13 -------- d-----w- c:\program files\Warkeys
2010-10-22 13:54 . 2010-10-22 13:54 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Data aplikací\Google
2010-10-22 13:48 . 2010-10-22 13:48 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\Temp
2010-10-21 20:25 . 2004-05-21 06:00 7680 ----a-w- c:\windows\system32\CNMVS66.DLL
2010-10-21 20:25 . 2004-05-21 06:00 54272 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPP66.DLL
2010-10-21 20:25 . 2004-05-21 06:00 17920 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPD66.DLL
2010-10-21 20:25 . 2004-05-21 06:00 116736 ----a-w- c:\windows\system32\CNMLM66.DLL
2010-10-21 20:25 . 2004-03-11 17:06 86016 ----a-r- c:\windows\system32\CNMCP66.exe
2010-10-21 20:25 . 2010-10-21 20:25 -------- d-----w- C:\BJPrinter
2010-10-21 20:23 . 2004-08-03 21:01 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2010-10-21 20:23 . 2004-08-03 21:01 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-10-19 16:24 . 2010-10-26 18:13 -------- d-----w- C:\Poker
2010-10-17 15:30 . 2010-10-17 15:30 -------- d-----w- c:\windows\system32\wbem\Repository
2010-10-16 23:00 . 2010-10-27 13:31 -------- d-----w- C:\Warcraft III
2010-10-10 14:57 . 2010-10-10 14:57 -------- d-----w- c:\program files\Common Files\Adobe
2010-10-10 14:54 . 2010-10-10 14:54 -------- d-----w- c:\documents and settings\Mamka\Data aplikací\Logitech
2010-10-10 14:54 . 2010-10-10 14:54 -------- d-----w- c:\documents and settings\Mamka\Data aplikací\IObit
2010-10-07 19:11 . 2010-10-07 19:11 -------- d-----w- c:\documents and settings\lll\Data aplikací\IObit
2010-10-03 18:02 . 2010-10-03 18:02 -------- d-----w- c:\documents and settings\Qw3Rtzui0p\Local Settings\Data aplikací\TechSmith
2010-10-03 17:56 . 2010-10-03 17:56 -------- d-----w- c:\windows\system32\QuickTime
2010-10-03 17:56 . 2010-10-03 17:56 -------- d-----w- c:\program files\QuickTime
2010-10-03 17:56 . 2010-10-03 17:56 -------- d-----w- c:\program files\Common Files\TechSmith Shared
2010-10-03 17:56 . 2010-10-03 17:56 -------- d-----w- c:\documents and settings\All Users\Data aplikací\TechSmith
2010-10-03 17:56 . 2010-10-03 17:56 -------- d-----w- c:\program files\TechSmith
2010-10-03 12:00 . 2010-10-03 12:00 -------- d-----w- c:\documents and settings\lll\Data aplikací\InstallShield
2010-10-02 22:55 . 2010-10-02 22:55 -------- d-----w- c:\windows\Logs
2010-10-02 22:47 . 2010-10-02 22:47 -------- d-----w- c:\program files\Elaborate Bytes
2010-10-02 22:43 . 2010-10-02 22:43 -------- d-----w- c:\program files\Alcohol Soft
2010-10-02 22:35 . 2010-10-02 22:35 -------- d-----w- c:\documents and settings\Qw3Rtzui0p\Data aplikací\DAEMON Tools Pro
2010-10-02 22:28 . 2010-10-02 22:28 -------- d-----w- c:\documents and settings\All Users\Data aplikací\DAEMON Tools Pro
2010-10-02 22:28 . 2010-10-02 22:28 -------- d-----w- c:\documents and settings\lll\Data aplikací\DAEMON Tools Pro
2010-10-01 21:01 . 2010-10-01 21:01 -------- d-----w- c:\documents and settings\lll\Data aplikací\Logitech
2010-10-01 20:21 . 2010-10-01 20:21 -------- d-----w- c:\program files\COMODO
2010-10-01 20:18 . 2010-10-03 15:14 -------- d-----w- c:\documents and settings\Qw3Rtzui0p\Data aplikací\Mikogo
2010-10-01 17:18 . 2010-10-01 17:18 -------- d-----w- c:\documents and settings\Qw3Rtzui0p\Data aplikací\Leadertech
2010-10-01 17:18 . 2010-10-01 17:18 53248 ----a-r- c:\documents and settings\Qw3Rtzui0p\Data aplikací\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2010-10-01 17:17 . 2010-10-27 17:20 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2010-10-01 17:17 . 2008-11-07 16:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2010-10-01 17:17 . 2010-03-18 09:01 10448 ----a-w- c:\windows\system32\drivers\LBeepKE.sys
2010-10-01 17:16 . 2010-10-01 17:18 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Logishrd
2010-10-01 17:16 . 2010-10-01 17:17 -------- d-----w- c:\program files\Logitech
2010-10-01 17:16 . 2010-10-01 17:18 -------- d-----w- c:\program files\Common Files\LogiShrd
2010-10-01 17:16 . 2010-10-01 17:18 -------- d-----w- c:\documents and settings\Qw3Rtzui0p\Data aplikací\Logitech
2010-10-01 17:16 . 2010-10-01 17:16 -------- d-----w- c:\documents and settings\Qw3Rtzui0p\Data aplikací\Logishrd
2010-10-01 17:08 . 2010-10-01 17:08 -------- d-----w- c:\documents and settings\Qw3Rtzui0p\Local Settings\Data aplikací\Stardock
2010-10-01 17:07 . 2010-10-09 21:11 -------- d-----w- c:\program files\AlienGUIse
2010-10-01 17:07 . 2010-10-01 17:07 -------- d-----w- c:\program files\Common Files\Stardock
2010-10-01 17:07 . 2003-02-26 20:27 36864 ----a-w- c:\windows\system32\wbsys.dll
2010-10-01 16:32 . 2010-10-01 16:32 45056 ----a-w- c:\windows\system32\sstunst3.exe
2010-10-01 16:32 . 2010-10-01 16:32 564736 ----a-w- c:\windows\system32\ah.scr
2010-09-30 18:06 . 2010-10-02 19:29 -------- d-----w- c:\program files\QIP Infium
2010-09-29 16:42 . 2006-10-26 17:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2010-09-29 16:42 . 2006-10-26 17:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2010-09-29 16:42 . 2010-09-29 16:42 -------- d-----w- c:\program files\Microsoft Works
2010-09-29 16:41 . 2010-09-29 16:41 -------- d-----w- c:\program files\Microsoft.NET
2010-09-29 16:39 . 2010-09-29 16:39 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-09-29 16:39 . 2010-09-29 16:39 -------- d-----w- c:\windows\SHELLNEW
2010-09-29 16:38 . 2010-09-29 16:38 -------- d-----w- c:\documents and settings\Qw3Rtzui0p\Local Settings\Data aplikací\Microsoft Help
2010-09-29 16:38 . 2010-09-29 16:42 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Microsoft Help
2010-09-29 16:38 . 2010-09-29 16:38 -------- d-----r- C:\MSOCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-27 12:45 . 2004-08-18 12:00 12528 ----a-w- c:\windows\system32\drivers\secdrv.sys
2010-10-02 22:32 . 2010-09-26 19:43 436792 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-09-27 16:40 . 2010-09-27 16:40 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-27 16:40 . 2010-09-27 16:40 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-19 20:35 . 2010-09-19 20:35 4608 ----a-w- c:\windows\system32\w95inf32.dll
2010-09-19 20:35 . 2010-09-19 20:35 2272 ----a-w- c:\windows\system32\w95inf16.dll
2010-09-10 21:41 . 2010-09-10 21:41 285480 ----a-w- c:\windows\system32\guard32.dll
2010-09-10 21:40 . 2010-09-10 21:40 91560 ----a-w- c:\windows\system32\drivers\inspect.sys
2010-09-10 21:40 . 2010-09-10 21:40 25240 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-09-10 21:40 . 2010-09-10 21:40 239240 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2010-09-10 21:40 . 2010-09-10 21:40 15592 ----a-w- c:\windows\system32\drivers\cmderd.sys
2010-09-10 12:11 . 2010-09-19 21:03 149968 ----a-w- c:\documents and settings\Qw3Rtzui0p\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 13:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-09-01 14709640]
"Mikogo"="c:\documents and settings\Qw3Rtzui0p\Data aplikací\Mikogo\Mikogo-Host.exe" [2010-10-01 2748416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C-Media Mixer"="Mixer.exe" [2002-10-15 1818624]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
"nTrayFw"="c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2005-12-21 270336]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-06-26 1311312]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-09-10 2500552]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"SmartDefrag"="c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" [2010-07-09 2712920]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-18 15360]

c:\documents and settings\Qw3Rtzui0p\Nabˇdka Start\Programy\Po spuçtŘnˇ\
My_AutoWarkey_Script.lnk - c:\program files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe [2009-9-25 245248]

c:\documents and settings\Qw3Rtzui0p\Nabˇdka Start\Programy\Po spuçtŘnˇ\
My_AutoWarkey_Script.lnk - c:\program files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe [2009-9-25 245248]

c:\documents and settings\Qw3Rtzui0p\Nabˇdka Start\Programy\Po spuçtŘnˇ\
My_AutoWarkey_Script.lnk - c:\program files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe [2009-9-25 245248]

c:\documents and settings\Qw3Rtzui0p\Nabˇdka Start\Programy\Po spuçtŘnˇ\
My_AutoWarkey_Script.lnk - c:\program files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe [2009-9-25 245248]

c:\documents and settings\Qw3Rtzui0p\Nabˇdka Start\Programy\Po spuçtŘnˇ\
My_AutoWarkey_Script.lnk - c:\program files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe [2009-9-25 245248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-05-06 09:29 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 21:34 24576 ----a-w- c:\program files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wbsys.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\cod\\CoDMP.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed II\\AssassinsCreedIIGame.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed II\\AssassinsCreedII.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed II\\UPlayBrowser.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5432:TCP"= 5432:TCP:postgres

R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [10.9.2010 23:40 15592]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [10.9.2010 23:40 239240]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [10.9.2010 23:40 25240]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [1.10.2010 19:17 10448]
R2 postgresql-8.4;PostgreSQL Server 8.4;C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "C:/Program Files/PostgreSQL/8.4/data" -w --> C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 [?]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [20.9.2010 18:31 114952]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [21.9.2010 20:11 136176]
S3 ALSysIO;ALSysIO;\??\c:\docume~1\QW3RTZ~1\LOCALS~1\Temp\ALSysIO.sys --> c:\docume~1\QW3RTZ~1\LOCALS~1\Temp\ALSysIO.sys [?]
S3 B-Service;B-Service;c:\documents and settings\Qw3Rtzui0p\Data aplikací\Mikogo\B-Service.exe [3.10.2010 17:14 185640]
S3 GGSAFERDriver;GGSAFER Driver;\??\c:\program files\Garena\plugins\UI\safedrv.sys --> c:\program files\Garena\plugins\UI\safedrv.sys [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [26.9.2010 21:43 436792]
.
Obsah adresáře 'Naplánované úlohy'

2010-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-21 18:11]

2010-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-21 18:11]

2010-10-28 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-05-26 13:23]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://qip.ru
uDefault_Search_URL = hxxp://search.qip.ru
uSearchAssistant = hxxp://search.qip.ru/ie
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
FF - ProfilePath - c:\documents and settings\Qw3Rtzui0p\Data aplikací\Mozilla\Firefox\Profiles\doiq9hxf.default\
FF - prefs.js: browser.search.selectedEngine - QIP Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - component: c:\documents and settings\Qw3Rtzui0p\Data aplikací\Mozilla\Firefox\Profiles\doiq9hxf.default\extensions\{32a1fd71-835e-4b11-8e54-886fda0b4c89}\components\qippipe.dll
FF - component: c:\documents and settings\Qw3Rtzui0p\Data aplikací\Mozilla\Firefox\Profiles\doiq9hxf.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozzila\plugins\npwachk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozzila\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozzila\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozzila\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozzila\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozzila\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozzila\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozzila\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozzila\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozzila\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozzila\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozzila\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozzila\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-DAEMON Tools Lite - c:\program files\DAEMON Tools Lite\DTLite.exe



**************************************************************************
skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory:

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\postgresql-8.4]
"ImagePath"="C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files/PostgreSQL/8.4/data\" -w"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\postgresql-8.4]
"ImagePath"="C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files/PostgreSQL/8.4/data\" -w"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-606747145-1035525444-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)

[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(828)
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\AlienGUIse\fastload.dll

- - - - - - - > 'lsass.exe'(884)
c:\windows\system32\MPR.dll
c:\windows\system32\guard32.dll
c:\windows\system32\nvappfilter.dll
.
Celkový čas: 2010-10-29 01:56:27
ComboFix-quarantined-files.txt 2010-10-28 23:56

Před spuštěním: Volných bajtů: 59 431 157 760
Po spuštění: Volných bajtů: 59 953 664 000

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 9396F8B9A4A2609A25DE7BA7244D9B8F






Log z OTL sem nejaksi pokazil,ze jde spustit jen v OTL souboru,tak nevim jak z toho ven

[motji]

Tento port máte povolený záměrně, víte o co jde?
"5432:TCP"= 5432:TCP:postgres

Spustíte OTL a do toho spodního okénka zkopírujete zelený text a potvrdíte run fix. Co Vám na tom nejde?

Otestujte na www.virustotal.com

"c:\documents and settings\Qw3Rtzui0p\Data aplikací\Mikogo\Mikogo-Host.exe


-Do okénka zkopírujte cestu k souboru , pokud napíše, že soubor byl už testován, dejte otestovat znovu.
-Sem vložte link s výsledky.


Jak to vypadá s počítačem?

[Qw3Rtzui0p]

Antivirus Version Last Update Result
AhnLab-V3 2010.10.29.00 2010.10.28 -
AntiVir 7.10.13.70 2010.10.29 -
Antiy-AVL 2.0.3.7 2010.10.29 -
Authentium 5.2.0.5 2010.10.29 -
Avast 4.8.1351.0 2010.10.29 -
Avast5 5.0.594.0 2010.10.29 -
AVG 9.0.0.851 2010.10.28 -
BitDefender 7.2 2010.10.29 -
CAT-QuickHeal 11.00 2010.10.26 -
ClamAV 0.96.2.0-git 2010.10.29 -
Comodo 6550 2010.10.29 -
DrWeb 5.0.2.03300 2010.10.29 -
eSafe 7.0.17.0 2010.10.28 -
eTrust-Vet 36.1.7942 2010.10.29 -
F-Prot 4.6.2.117 2010.10.28 -
F-Secure 9.0.16160.0 2010.10.29 -
Fortinet 4.2.249.0 2010.10.29 -
GData 21 2010.10.29 -
Ikarus T3.1.1.90.0 2010.10.29 -
Jiangmin 13.0.900 2010.10.29 -
K7AntiVirus 9.67.2856 2010.10.28 -
McAfee 5.400.0.1158 2010.10.29 -
McAfee-GW-Edition 2010.1C 2010.10.29 -
Microsoft 1.6301 2010.10.29 -
NOD32 5574 2010.10.29 -
Norman 6.06.10 2010.10.29 -
nProtect 2010-10-29.01 2010.10.29 -
Panda 10.0.2.7 2010.10.29 -
PCTools 7.0.3.5 2010.10.29 -
Prevx 3.0 2010.10.29 -
Rising 22.71.03.02 2010.10.29 -
Sophos 4.59.0 2010.10.29 -
Sunbelt 7163 2010.10.29 -
SUPERAntiSpyware 4.40.0.1006 2010.10.29 -
Symantec 20101.2.0.161 2010.10.29 -
TheHacker 6.7.0.1.073 2010.10.28 -
TrendMicro 9.120.0.1004 2010.10.28 -
TrendMicro-HouseCall 9.120.0.1004 2010.10.29 -
VBA32 3.12.14.1 2010.10.28 -
ViRobot 2010.10.25.4110 2010.10.29 -
VirusBuster 12.70.10.0 2010.10.28 -
Additional information
Show all
MD5 : f115aec9ee4c94c4ac99da27a92faf9e
SHA1 : e1afaf0fd2e3ceaed8481a4ff4937ce84f06c40a
SHA256: cd716821127e7e474b7134be0881929feb18bc369c9cf26b89d99dfed61d27d6
ssdeep: 49152:E8udJmwbI5CAcwHQSu+Tk9yu32wDUlEVgxRvrVvr3:E9d5LAPw7RZn0L
File size : 2748416 bytes
First seen: 2009-09-17 20:16:51
Last seen : 2010-10-29 11:45:18
TrID:
Win32 Executable MS Visual C++ (generic) (31.2%)
UPX compressed Win32 Executable (25.3%)
Win32 EXE Yoda's Crypter (22.0%)
Windows Screen Saver (10.8%)
Win32 Executable Generic (7.0%)
sigcheck:
publisher....: Mikogo
copyright....: Copyright 2009
product......: Mikogo
description..: Mikogo
original name: Mikogo.exe
internal name: BYSProvider
file version.: 3, 0, 2, 0
comments.....:
signers......: -
signing date.: -
verified.....: Unsigned
PEiD: Armadillo v1.71
packers (F-Prot): UPX
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0xC1DA1
timedatestamp....: 0x4AADE44C (Mon Sep 14 06:35:56 2009)
machinetype......: 0x14c (I386)

[[ 5 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x10AD72, 0x10B000, 6.56, a45f3548743f909cc5ad2b8c20203a02
.rdata, 0x10C000, 0x31120, 0x32000, 4.86, e24dedf06141fdde4b2a3a9e165bcd2f
.data, 0x13E000, 0xC3328, 0x11000, 4.78, 26848f04583a4b0ed3880572d51d27da
.tls, 0x202000, 0xC, 0x1000, 0.00, 620f0b67a91f7f74151bc5be745b7110
.rsrc, 0x203000, 0x14E114, 0x14F000, 7.14, 9e8318e51f4d2124013a171db74ca791

[[ 13 import(s) ]]
KERNEL32.dll: SetEnvironmentVariableA, CompareStringW, CompareStringA, IsBadCodePtr, IsBadReadPtr, GetStringTypeW, GetStringTypeA, LCMapStringW, LCMapStringA, IsBadWritePtr, VirtualAlloc, InitializeCriticalSection, VirtualFree, HeapCreate, HeapDestroy, GetEnvironmentVariableA, GetEnvironmentStringsW, GetEnvironmentStrings, FreeEnvironmentStringsW, FreeEnvironmentStringsA, UnhandledExceptionFilter, InterlockedExchange, GetProfileStringA, ReleaseMutex, OpenMutexA, GetExitCodeThread, TerminateThread, QueryPerformanceFrequency, SetHandleCount, SetUnhandledExceptionFilter, HeapSize, HeapReAlloc, GetACP, TerminateProcess, GetSystemTimeAsFileTime, SetStdHandle, GetDriveTypeA, HeapAlloc, HeapFree, GetFileType, CreateThread, ExitProcess, GetCommandLineA, GetStartupInfoA, GetLocalTime, GetSystemTime, GetTimeZoneInformation, RaiseException, RtlUnwind, SetErrorMode, FindResourceExA, SetFileTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetFileTime, GetFileSize, GetOEMCP, GetCPInfo, TlsGetValue, LocalReAlloc, TlsSetValue, GlobalReAlloc, TlsFree, GlobalHandle, TlsAlloc, GetProcessVersion, GetThreadLocale, GetFullPathNameA, GetVolumeInformationA, MoveFileA, UnlockFile, LockFile, ReadFile, GlobalFlags, FileTimeToLocalFileTime, FileTimeToSystemTime, VirtualProtect, WritePrivateProfileStringA, GetPrivateProfileStringA, SuspendThread, lstrcmpA, lstrcmpiA, GetModuleHandleA, GlobalGetAtomNameA, OpenEventA, LocalAlloc, QueryPerformanceCounter, CreateFileA, WriteFile, CreateDirectoryA, lstrcpynA, CreateMutexA, UnmapViewOfFile, CreateFileMappingA, MapViewOfFile, lstrcatA, lstrlenA, WinExec, lstrcpyA, GetWindowsDirectoryA, GlobalSize, GlobalAddAtomA, GlobalFindAtomA, GlobalDeleteAtom, GetTickCount, MulDiv, FormatMessageA, LocalFree, GetVersion, LockResource, InterlockedExchangeAdd, GetStdHandle, FlushFileBuffers, SetFilePointer, SetEndOfFile, SetFileAttributesA, RemoveDirectoryA, GetCurrentDirectoryA, FindClose, GetFileAttributesA, FindFirstFileA, SetThreadPriority, ResetEvent, ResumeThread, GetCurrentProcess, GetCurrentThread, DuplicateHandle, ExitThread, GetCurrentThreadId, WaitForSingleObject, CreateEventA, GetVersionExA, GlobalLock, GlobalUnlock, GetTimeFormatA, Sleep, DeleteFileA, SetLastError, MultiByteToWideChar, CloseHandle, LoadLibraryA, GetProcAddress, GetLastError, GetModuleFileNameA, GlobalAlloc, GlobalFree, SetEvent, EnterCriticalSection, InterlockedIncrement, InterlockedDecrement, LeaveCriticalSection, FindResourceA, SizeofResource, LoadResource, FreeLibrary, WideCharToMultiByte, DeleteCriticalSection
USER32.dll: GetMenuCheckMarkDimensions, SetMenuItemBitmaps, GetMessageA, TranslateMessage, ValidateRect, ShowOwnedPopups, LoadStringA, SendDlgItemMessageA, MapWindowPoints, DispatchMessageA, DeferWindowPos, GetScrollInfo, SetScrollInfo, GetScrollRange, GetScrollPos, GetTopWindow, GetWindowTextLengthA, GetMessageTime, GetWindowPlacement, UnpackDDElParam, ReuseDDElParam, WinHelpA, GetClassInfoA, GetWindow, PeekMessageA, LoadAcceleratorsA, wsprintfA, DefMDIChildProcA, TranslateAcceleratorA, TranslateMDISysAccel, DefFrameProcA, AdjustWindowRectEx, InvertRect, GetKeyState, EndDialog, CreateDialogIndirectParamA, GetDlgItem, BeginDeferWindowPos, EndDeferWindowPos, GetDlgCtrlID, SetRectEmpty, GetLastActivePopup, ShowWindow, EndPaint, PostQuitMessage, DefWindowProcA, SetFocus, RegisterClassA, CreateWindowExA, DestroyWindow, ShowScrollBar, DrawIconEx, GetCursorInfo, SendInput, GetUserObjectInformationA, EnumDisplaySettingsA, OpenInputDesktop, SetThreadDesktop, CloseDesktop, GetClassLongA, GetForegroundWindow, GetWindowRgn, GetThreadDesktop, BringWindowToTop, SetScrollPos, EqualRect, GetNextDlgGroupItem, GetCapture, GetAsyncKeyState, CreateIconIndirect, TrackPopupMenuEx, WindowFromPoint, GetActiveWindow, GetNextDlgTabItem, DestroyCursor, ScreenToClient, IsWindowEnabled, FrameRect, SetParent, FindWindowA, TrackPopupMenu, RegisterWindowMessageA, MessageBeep, CopyIcon, GetClipboardData, SetClipboardViewer, GetSysColorBrush, ChangeClipboardChain, CopyAcceleratorTableA, RegisterClassExA, UnregisterHotKey, RegisterHotKey, HideCaret, ShowCaret, ExcludeUpdateRgn, DefDlgProcA, IsWindowUnicode, SetMenu, DrawMenuBar, GetClassNameA, GetWindowLongA, SetPropA, CallWindowProcA, GetPropA, RemovePropA, SetWindowLongA, IntersectRect, RemoveMenu, IsRectEmpty, GetMenuState, LoadMenuA, GetMenuStringA, ModifyMenuA, GetMenuDefaultItem, DrawEdge, DrawFocusRect, GrayStringA, DrawTextA, TabbedTextOutA, GetMessagePos, DrawStateA, InflateRect, WindowFromDC, CopyRect, GetIconInfo, FillRect, IsDialogMessageA, SetWindowTextA, MoveWindow, SetWindowContextHelpId, MapDialogRect, wvsprintfA, CharUpperA, GetDCEx, EnumWindows, CharNextA, MessageBoxA, GetMenuItemRect, GetMenuItemInfoA, IsMenu, GetWindowDC, ClientToScreen, PtInRect, LoadCursorA, ReleaseCapture, SetCapture, SetCursor, SetWindowsHookExA, UnhookWindowsHookEx, CallNextHookEx, DestroyIcon, SetWindowRgn, ReleaseDC, SetRect, OpenClipboard, EmptyClipboard, SetClipboardData, CloseClipboard, GetParent, SetActiveWindow, LockWindowUpdate, SetWindowPos, IsWindow, UpdateWindow, SystemParametersInfoA, RedrawWindow, LoadImageA, OffsetRect, GetWindowTextA, GetWindowThreadProcessId, InsertMenuA, DeleteMenu, CheckMenuItem, SetMenuDefaultItem, EnableMenuItem, EnableWindow, GetMenuItemCount, GetSubMenu, GetMenuItemID, GetDC, SetForegroundWindow, IsIconic, GetSystemMetrics, GetClientRect, DrawIcon, AppendMenuA, SetTimer, LoadIconA, CopyImage, GetSysColor, LoadBitmapA, GetWindowRect, PostThreadMessageA, InvalidateRect, IsWindowVisible, GetDesktopWindow, PostMessageA, GetFocus, IsChild, RegisterClipboardFormatA, UnregisterClassA, MenuItemFromPoint, GetCursorPos, SendMessageA, KillTimer, GetMenu, DestroyMenu, GetSystemMenu, BeginPaint
GDI32.dll: GetViewportExtEx, GetWindowExtEx, PatBlt, GetMapMode, DPtoLP, StretchDIBits, GetCharWidthA, GetTextColor, GetBkColor, LPtoDP, EnumFontFamiliesExA, GetTextExtentPointA, SetTextAlign, IntersectClipRect, ExcludeClipRect, ScaleWindowExtEx, SetWindowExtEx, SetWindowOrgEx, ScaleViewportExtEx, SetViewportExtEx, OffsetViewportOrgEx, SetViewportOrgEx, SetMapMode, StretchBlt, RestoreDC, SaveDC, GetTextMetricsA, GetClipBox, MoveToEx, LineTo, SetBkMode, CreateFontA, GetBitmapDimensionEx, SetStretchBltMode, CreateDCA, ExtEscape, GetRegionData, SetRectRgn, GetDIBColorTable, SetDIBColorTable, CreateDIBSection, OffsetRgn, GdiFlush, Arc, SetPixelV, SetBitmapDimensionEx, CreateDIBitmap, SetBkColor, SetTextColor, GetStockObject, GetCurrentObject, SetDIBits, DeleteDC, BitBlt, GetDIBits, SelectClipRgn, CreateRectRgnIndirect, CreateHatchBrush, Escape, ExtTextOutA, TextOutA, UnrealizeObject, SetBrushOrgEx, RectVisible, PtVisible, GetTextExtentPoint32A, RoundRect, GetNearestColor, CreateFontIndirectA, CreatePatternBrush, CreatePen, Rectangle, FloodFill, Ellipse, GetDeviceCaps, CreateCompatibleBitmap, CreateSolidBrush, FillRgn, CreatePolygonRgn, CreateEllipticRgn, SetPixel, GetObjectA, CreateCompatibleDC, DeleteObject, GetPixel, CombineRgn, CreateRectRgn, SelectObject, CreateBitmap
comdlg32.dll: ChooseColorA, GetFileTitleA, GetOpenFileNameA, GetSaveFileNameA
WINSPOOL.DRV: ClosePrinter, DocumentPropertiesA, OpenPrinterA
ADVAPI32.dll: LogonUserA, RegQueryValueExA, RegOpenKeyExA, RegCloseKey, RegFlushKey, RegCreateKeyExA, RegDeleteKeyA, RegDeleteValueA, RegSetValueExA, RegQueryValueA, CloseServiceHandle, CreateServiceA, OpenSCManagerA, OpenServiceA, StartServiceA, ControlService, QueryServiceStatus, DeleteService, QueryServiceConfigA, RegCreateKeyA, SetSecurityDescriptorDacl, InitializeSecurityDescriptor, GetUserNameA
SHELL32.dll: DragAcceptFiles, Shell_NotifyIconA, ExtractAssociatedIconA, DragQueryFileA, DragFinish, ShellExecuteExA, -, SHBrowseForFolderA, SHGetPathFromIDListA, ShellExecuteA, SHGetFolderPathA
COMCTL32.dll: ImageList_AddMasked, ImageList_GetImageCount, ImageList_GetIconSize, ImageList_Replace, ImageList_Add, ImageList_ReplaceIcon, ImageList_GetIcon, ImageList_Draw, _TrackMouseEvent, ImageList_SetBkColor, ImageList_GetBkColor, ImageList_GetImageInfo, -, ImageList_Destroy, ImageList_Create, ImageList_LoadImageA, PropertySheetA, DestroyPropertySheetPage, CreatePropertySheetPageA, ImageList_DrawIndirect
oledlg.dll: -
ole32.dll: OleUninitialize, CoFreeUnusedLibraries, CoRegisterMessageFilter, CoGetClassObject, CLSIDFromString, CLSIDFromProgID, CreateStreamOnHGlobal, CoTaskMemAlloc, CoTaskMemFree, CoRevokeClassObject, OleFlushClipboard, OleIsCurrentClipboard, CreateILockBytesOnHGlobal, StgCreateDocfileOnILockBytes, OleInitialize, StgOpenStorageOnILockBytes
OLEPRO32.DLL: -, -
OLEAUT32.dll: -, -, -, -, -, -, -, -, -
WSOCK32.dll: -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -
ExifTool:
file metadata
CharacterSet: Unicode
CodeSize: 1093632
Comments:
CompanyName: Mikogo
EntryPoint: 0xc1da1
FileDescription: Mikogo
FileFlagsMask: 0x003f
FileOS: Win32
FileSize: 2.6 MB
FileSubtype: 0
FileType: Win32 EXE
FileVersion: 3, 0, 2, 0
FileVersionNumber: 3.0.2.0
ImageVersion: 0.0
InitializedDataSize: 1650688
InternalName: BYSProvider
LanguageCode: English (U.S.)
LegalCopyright: Copyright 2009
LegalTrademarks: Mikogo
LinkerVersion: 6.0
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 4.0
ObjectFileType: Executable application
OriginalFilename: Mikogo.exe
PEType: PE32
PrivateBuild:
ProductName: Mikogo
ProductVersion: 3, 0, 2, 0
ProductVersionNumber: 3.0.2.0
SpecialBuild:
Subsystem: Windows GUI
SubsystemVersion: 4.0
TimeStamp: 2009:09:14 08:35:56+02:00
UninitializedDataSize: 0



Ano ten port mam povolen,kvuli importovani odehranych her z pokeru do poker programu



Udelal jsem to podle vaseho navodu,PC se resetl a hledal sem soubor fix.txt. Nasel sem ho a nevim proc,asi sem se pomatl nebo nevim,ale dal sem aby se ten soubor oteviral pres OTL a ne jako txt soubor,tudiz nemuzu otevrit ten log soubor,protoze se mi otevre otl.

Jinak sem dneska po prvnim zapnuti PC dostal modrou smrt

[motji]

Dobře, a nemůžete to změnit, aby se to zase otvíralo jako txt? .
Podívejte se po složce c:\windows\minidump, jestli tam nemáte nějaký soubor. Pokud ano, vložte ho zde jako přílohu.
Nějaké hlášení antiviru? Jak se chová počítač?

[Qw3Rtzui0p]

Ten fix.txt nemuzu porad z toho programu dostat,nevim kolikrat muzu onen ukon resetovani PC udelat,ale kdyz to udelam,tak me pak skoci modra smrt a musim znovu resetovat PC