Log RSIT
Logfile of random's system information tool 1.08 (written by random/random)
Run by PC at 2010-12-17 19:18:18
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 14 GB (36%) free of 40 GB
Total RAM: 502 MB (36% free)
HijackThis download failed
======Scheduled tasks folder======
C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\videopadShakeIcon.job
C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-12-05 297648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll [2010-12-05 843832]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - Acer eDataSecurity Management - C:\WINDOWS\system32\ToolBand.dll [2005-10-19 94208]
{70DE7956-479D-4eb7-8641-2B45774C350E} -
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-10-27 1049912]
{EEE6C35B-6118-11DC-9C72-001320C79847} -
{07B18EA9-A523-4961-B6BB-170DE4475CCA}
{c2db4fe6-8409-45ce-8010-189a7b5cce86}
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-12-05 297648]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-10-14 49152]
"My Web Search Bar"=rundll32 C:\PROGRA~1\MYWEBS~1\bar\3.bin\MWSBAR.DLL,S []
"MyWebSearch Email Plugin"=C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe [2010-10-05 32849]
"SweetIM"=C:\Program Files\SweetIM\Messenger\SweetIM.exe [2010-05-05 111928]
"UVS11 Preload"=C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe [2007-03-03 341488]
"NVIDIA driver monitor"=c:\windows\nvsvc32.exe [2010-11-20 65024]
"kattoka"=C:\WINDOWS\system32\lepydeha.exe [2010-11-21 201216]
"moocegup"=C:\WINDOWS\system32\tilorehoot.exe [2010-12-11 206848]
"bfwdrv"=C:\DOCUME~1\PC\LOCALS~1\Temp\852.exe [2010-12-15 192512]
"jisude"=C:\WINDOWS\system32\jokypakouh.exe [2010-12-12 188928]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"csrcs"=C:\WINDOWS\system32\csrcs.exe []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-18 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-08-17 1667584]
"MyWebSearch Email Plugin"=C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe [2010-10-05 32849]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2010-08-28 39408]
"NVIDIA driver monitor"=c:\windows\nvsvc32.exe [2010-11-20 65024]
"MSConfig"=C:\Documents and Settings\PC\qiangkj.exe \u []
"Local Security Authentication Server"=C:\Documents and Settings\PC\Data aplikací\lsass.exe [2010-12-02 131072]
"JP595IR86O"=C:\DOCUME~1\PC\LOCALS~1\Temp\Ow4.exe [2010-12-05 195584]
"Z30KYPG3WS"=C:\WINDOWS\Oqozaj.exe [2010-12-15 223232]
"ICQ"=~C:\Program Files\ICQ7.0\ICQ.exe silent loginmode=4 []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACU]
C:\Program Files\Atheros\ACU.exe [2005-01-31 253952]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADMTray.exe]
C:\Acer\Empowering Technology\admtray.exe [2005-10-24 2462208]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
C:\Program Files\Realtek\InstallShield\AzMixerSel.exe [2005-12-21 53248]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
C:\WINDOWS\system32\WLTRAY.exe [2005-11-11 1236992]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe [2004-08-18 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [2005-10-19 69632]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
C:\WINDOWS\system32\hkcmd.exe [2005-11-28 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
C:\WINDOWS\system32\igfxpers.exe [2005-11-28 118784]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
C:\WINDOWS\system32\igfxtray.exe [2005-11-28 98304]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
C:\PROGRA~1\LAUNCH~1\LManager.exe [2005-11-24 589824]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
C:\WINDOWS\RTHDCPL.EXE [2005-12-19 15797248]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2007-12-07 21686568]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^PC^Nabídka Start^Programy^Po spuštění^OpenOffice.org 2.0.lnk]
C:\PROGRA~1\OPENOF~1.0\program\QUICKS~1.EXE [2005-10-15 61440]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"FLEXnet Licensing Service"=3
"wuauserv"=2
"wscsvc"=2
C:\Documents and Settings\PC\Nabídka Start\Programy\Po spuštění
0i4jekb.exe
0jzf2lb.exe
0pvfbwx.exe
0w3ittj.exe
1pp0lrc.exe
1sty81k.exe
1vwridj.exe
1zaglrs.exe
360q3sx.exe
3m30yek.exe
3n0o0k5.exe
3no970k.exe
3p0lrcn.exe
3w7nizz.exe
3ww3ii3.exe
5eekplg.exe
5wr03i6.exe
65hxnez.exe
66u3q1m.exe
6mhhytt.exe
6s81epq.exe
6vgwh0s.exe
703uzk8.exe
70pfl2r.exe
86ittjk.exe
86u81gr.exe
93si6ez.exe
975sjep.exe
9eflh1i.exe
9f0bw16.exe
9fk86mx.exe
aqbwxxyy.exe
av0brisyek3.exe
avgw9nyo3.exe
bbmsook0a3.exe
bbsnnezaqlr.exe
bmxxitk1a.exe
c3dypuag.exe
c5d0jpa5b0.exe
c8ozp81g.exe
cc5d0jpa5b.exe
cdi3e1abmr.exe
de0uaw0c1.exe
dezu6q87.exe
djk0aww86i8.exe
e6u81rmns.exe
e81q3cxd2jz.exe
eeuavlmh.exe
ekplghm86y.exe
eqg1875d.exe
ez0qqgw1.exe
ezavwhm8.exe
fgb0xxie.exe
fk86w81itu.exe
g0sdtuuagr.exe
ggcsnjee3qq.exe
grrhy1oup.exe
gw0m3yy3ak.exe
h70dtz2fvw.exe
hcdi8upfgb.exe
hddy6uk1.exe
hidj86a81mx.exe
hm0ttzpvwr8.exe
hm2noj081q.exe
hs4tef6ww5x.exe
hxdzp81gr.exe
hxxnt66k8.exe
i1y3kfl2r.exe
i1yep5fb.exe
it03u1qrw8.exe
itejufgbr.exe
iyezpqlr66.exe
iyjf05wns8.exe
j6vgbbrs.exe
javvmhhyi1.exe
jkvvlmhn.exe
k0a3mxno.exe
k5g1wxc8.exe
kfbwcc3o.exe
kgw0m3yy3a.exe
l3m30yek.exe
lgbh0dyezf1.exe
lqwmsnt60f.exe
lrss9tu0qq.exe
m1cdi81u.exe
m9ns86e8.exe
mcs0tjp6.exe
mdttkffwwsi.exe
ms1009lm.exe
n2tjkfgb.exe
n70uua8bcc.exe
niy1uk1bw1.exe
Notification de cadeaux MSN.lnk - C:\Documents and Settings\PC\Data aplikací\Microsoft\Notification de cadeaux MSN\lsnfier.exe
ooju3q86sd.exe
ooua5r16s.exe
ou0vgbbsni.exe
p0wxx81o3fg.exe
p60bwm3i6.exe
pf0bw163j0.exe
pkfgbm3otjk.exe
pkgw9nyo32.exe
pkqlhhdttp.exe
pplb66c9.exe
pqlr2xnojp6.exe
pqrw9nje.exe
pqwbcn0o.exe
qg0sdtuua.exe
qllrs0i3.exe
qvq3xxoo0.exe
rmns3o1av0.exe
rsndep5fbwm.exe
rw3ittjk.exe
rwc11ukvb.exe
rx2o5jfa.exe
s3o1klgg.exe
s6j2va86sc.exe
tj8703gmcs1.exe
tu6k3g1cdi.exe
tupv60xdnj.exe
uzpv2m5hdy.exe
v5wcs9tu0q.exe
vg70dyee4lg.exe
w1xsty81k.exe
w81i3upvwwm.exe
wcc3eeuvaw.exe
wciyeuuvq.exe
wnddzppl.exe
xinjefkglb.exe
xsjzzpv66m.exe
xtt2zpqlr66.exe
ydozavlm.exe
yepkaqmm.exe
yyopu86whs.exe
ze3a1wxc87.exe
zpplq870ndj.exe
zq1gw1ni1zf.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-11-28 135168]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\oumzbfqe]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\oumzbfqe]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe"="C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server"
"C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe"="C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server"
"C:\Documents and Settings\Guest\Data aplikací\ICQ\Application\ICQ7.0\ICQ.exe"="C:\Documents and Settings\Guest\Data aplikací\ICQ\Application\ICQ7.0\ICQ.exe:*:Disabled:ICQ"
"C:\Documents and Settings\Guest\Local Settings\Data aplikací\Skype\Phone\Skype.exe"="C:\Documents and Settings\Guest\Local Settings\Data aplikací\Skype\Phone\Skype.exe:*:Disabled:Skype "
"C:\Documents and Settings\Guest\Data aplikací\ICQ\Application\ICQ7.1\ICQ.exe"="C:\Documents and Settings\Guest\Data aplikací\ICQ\Application\ICQ7.1\ICQ.exe:*:Disabled:ICQ"
"C:\Program Files\IncrediMail\Bin\IncMail.exe"="C:\Program Files\IncrediMail\Bin\IncMail.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\Bin\ImApp.exe"="C:\Program Files\IncrediMail\Bin\ImApp.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\Bin\ImpCnt.exe"="C:\Program Files\IncrediMail\Bin\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\Documents and Settings\PC\Local Settings\Temp\ImInstaller\3d_magic_installer.exe"="C:\Documents and Settings\PC\Local Settings\Temp\ImInstaller\3d_magic_installer.exe:*:Enabled:IncrediMail Installer"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Documents and Settings\PC\Data aplikací\IMVUClient\1VivoxVoice.exe"="C:\Documents and Settings\PC\Data aplikací\IMVUClient\1VivoxVoice.exe:*:Enabled:1VivoxVoice"
"C:\Documents and Settings\PC\Local Settings\Temporary Internet Files\Content.IE5\MLQP6LWJ\SweetImSetup[1].exe"="C:\Documents and Settings\PC\Local Settings\Temporary Internet Files\Content.IE5\MLQP6LWJ\SweetImSetup[1].exe:*:Enabled:SweetIM Installer"
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe"
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe"="C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Documents and Settings\All Users\Data aplikací\SweetIM\Messenger\update\sweetimsetup.exe"="C:\Documents and Settings\All Users\Data aplikací\SweetIM\Messenger\update\sweetimsetup.exe:*:Enabled:SweetIM Installer"
"C:\Documents and Settings\PC\Dokumenty\Downloads\IMAGE53892731.JPG-www.facebook.exe"="c:\windows\nvsvc32.exe:*:Enabled:NVIDIA driver monitor"
"C:\DOCUME~1\PC\LOCALS~1\Temp\1444.exe"="C:\DOCUME~1\PC\LOCALS~1\Temp\1444.exe:*:Enabled:Microsoft Office"
"C:\Documents and Settings\PC\Data aplikací\lsass.exe"="C:\Documents and Settings\PC\Data aplikací\lsass.exe:*:Enabled:Local Security Authentication Server"
"C:\Program Files\ICQ7.0\ICQ.exe"="C:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"C:\Program Files\ICQ7.0\aolload.exe"="C:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe"
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe"="C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe"
"C:\Program Files\ICQ7.0\ICQ.exe"="C:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7"
"C:\Program Files\ICQ7.0\aolload.exe"="C:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe"
======List of files/folders created in the last 1 months======
2010-12-17 19:18:19 ----D---- C:\Program Files\trend micro
2010-12-17 19:18:18 ----D---- C:\rsit
2010-12-17 19:15:11 ----A---- C:\WINDOWS\system32\lygoufou.exe
2010-12-17 19:12:27 ----D---- C:\WINDOWS\CSC
2010-12-17 16:45:22 ----A---- C:\WINDOWS\ntbtlog.txt
2010-12-16 07:08:58 ----A---- C:\WINDOWS\Oqozaj.exe
2010-12-12 18:25:24 ----A---- C:\WINDOWS\system32\wejovood.exe
2010-12-12 08:58:16 ----RA---- C:\Documents and Settings\PC\Data aplikací\MlDE06imkg.txt
2010-12-12 08:58:14 ----A---- C:\WINDOWS\system32\jokypakouh.exe
2010-12-12 08:57:11 ----A---- C:\WINDOWS\system32\vydarook.exe
2010-12-10 21:21:34 ----RA---- C:\Documents and Settings\PC\Data aplikací\KgHbLk68N1.txt
2010-12-10 21:11:56 ----D---- C:\Documents and Settings\PC\Data aplikací\ICQ
2010-12-10 21:11:21 ----D---- C:\Program Files\ICQ7.0
2010-12-10 16:18:21 ----A---- C:\WINDOWS\Oqozai.exe
2010-12-10 13:52:12 ----A---- C:\WINDOWS\Oqozah.exe
2010-12-10 07:25:29 ----A---- C:\WINDOWS\Oqozag.exe
2010-12-09 22:09:15 ----A---- C:\WINDOWS\system32\davy.exe
2010-12-09 21:59:30 ----A---- C:\WINDOWS\Oqozaf.exe
2010-12-08 15:08:01 ----RA---- C:\Documents and Settings\PC\Data aplikací\idgGK7ljd7.txt
2010-12-08 15:07:55 ----A---- C:\WINDOWS\system32\tilorehoot.exe
2010-12-07 16:53:25 ----A---- C:\WINDOWS\Oqozae.exe
2010-12-07 14:54:12 ----A---- C:\WINDOWS\Oqozad.exe
2010-12-06 16:24:08 ----A---- C:\WINDOWS\Oqozac.exe
2010-12-05 14:45:18 ----A---- C:\WINDOWS\Oqozab.exe
2010-12-02 14:23:40 ----A---- C:\WINDOWS\Oqozaa.exe
2010-12-02 14:23:19 ----A---- C:\WINDOWS\system32\sshnas21.dll
2010-12-02 14:10:49 ----A---- C:\Documents and Settings\PC\Data aplikací\lsass.exe
2010-11-26 16:33:17 ----A---- C:\cy.exe
2010-11-24 12:46:01 ----D---- C:\Program Files\csWord
2010-11-22 14:20:05 ----RA---- C:\Documents and Settings\PC\Data aplikací\BG0Ai.txt
2010-11-21 23:09:01 ----A---- C:\HDTV.exe
2010-11-21 19:09:30 ----A---- C:\wifi32.exe
2010-11-21 07:10:01 ----A---- C:\WINDOWS\system32\drivers\oumzbfqe.sys
2010-11-21 00:04:06 ----A---- C:\WINDOWS\system32\boohoulo.exe
2010-11-21 00:03:52 ----A---- C:\WINDOWS\system32\lepydeha.exe
2010-11-20 23:54:30 ----RSH---- C:\Documents and Settings\PC\Data aplikací\juzjf.exe
2010-11-20 23:11:16 ----D---- C:\Program Files\ConduitEngine
2010-11-20 23:11:16 ----A---- C:\WINDOWS\system32\ConduitEngine.tmp
2010-11-20 23:08:32 ----RSH---- C:\WINDOWS\nvsvc32.exe
======List of files/folders modified in the last 1 months======
2010-12-17 19:18:19 ----RD---- C:\Program Files
2010-12-17 19:17:52 ----D---- C:\WINDOWS\system32
2010-12-17 19:17:52 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-12-17 19:17:11 ----AD---- C:\WINDOWS\Temp
2010-12-17 19:16:43 ----D---- C:\WINDOWS\system32\CatRoot2
2010-12-17 19:16:40 ----AD---- C:\WINDOWS
2010-12-17 19:11:43 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-12-17 16:46:04 ----D---- C:\Documents and Settings
2010-12-17 10:20:03 ----SD---- C:\WINDOWS\Tasks
2010-12-16 15:54:53 ----D---- C:\WINDOWS\system32\drivers
2010-12-15 22:25:18 ----D---- C:\Documents and Settings\PC\Data aplikací\OpenOffice.org2
2010-12-15 18:04:00 ----RSHD---- C:\RECYCLER
2010-12-14 06:44:03 ----D---- C:\Program Files\ICQ6Toolbar
2010-12-13 15:11:27 ----D---- C:\Documents and Settings\All Users\Data aplikací\ICQ
2010-12-12 10:54:15 ----D---- C:\Program Files\Mozilla Firefox
2010-12-09 22:54:52 ----A---- C:\WINDOWS\IE4 Error Log.txt
2010-12-05 12:46:41 ----D---- C:\Documents and Settings\PC\Data aplikací\Audacity
2010-11-28 18:43:59 ----SHD---- C:\WINDOWS\Installer
2010-11-28 18:43:33 ----HD---- C:\Config.Msi
2010-11-28 18:43:15 ----D---- C:\Program Files\PC Connectivity Solution
2010-11-28 15:21:16 ----D---- C:\Program Files\Hry.cz
2010-11-23 18:42:59 ----D---- C:\Program Files\Burn4Free
2010-11-22 15:08:59 ----D---- C:\Program Files\SM
2010-11-22 15:08:58 ----D---- C:\Program Files\NCH
2010-11-20 23:14:26 ----D---- C:\Documents and Settings\PC\Data aplikací\HPAppData
2010-11-20 23:08:31 ----D---- C:\WINDOWS\Prefetch
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-03-30 96104]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-18 39936]
R1 OsaFsLoc;OsaFsLoc; \??\C:\WINDOWS\system32\drivers\OsaFsLoc.sys []
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-04 8832]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.9.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2009-08-14 21275]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-03-24 56816]
R2 EpmPsd;Acer EPM Power Scheme Driver; \??\C:\WINDOWS\system32\drivers\epm-psd.sys []
R2 EpmShd;Acer EPM System Hardware Driver; \??\C:\WINDOWS\system32\drivers\epm-shd.sys []
R2 osaio;osaio; \??\C:\WINDOWS\system32\drivers\osaio.sys []
R2 osanbm;osanbm; \??\C:\WINDOWS\system32\drivers\osanbm.sys []
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2005-11-02 424320]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2005-10-31 45312]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\WINDOWS\system32\DRIVERS\DKbFltr.sys [2004-12-08 16896]
R3 EMSCR;EMSCR; C:\WINDOWS\system32\DRIVERS\EMS7SK.sys [2005-11-17 60928]
R3 ESDCR;ESDCR; C:\WINDOWS\system32\DRIVERS\ESD7SK.sys [2005-11-17 37888]
R3 ESMCR;ESMCR; C:\WINDOWS\system32\DRIVERS\ESM7SK.sys [2005-11-17 74624]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-11-28 1353820]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-12-19 4127232]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2004-08-18 67584]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-18 20480]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
S2 oumzbfqe;oumzbfqe; C:\WINDOWS\system32\drivers\oumzbfqe.sys [2010-11-21 82944]
S3 bfyysyfw;bfyysyfw; \??\C:\WINDOWS\System32\Drivers\bfyysyfw.sys []
S3 cbzlxymo;cbzlxymo; \??\C:\WINDOWS\System32\Drivers\cbzlxymo.sys []
S3 cprhihdf;cprhihdf; \??\C:\WINDOWS\System32\Drivers\cprhihdf.sys []
S3 enrpwjry;enrpwjry; \??\C:\WINDOWS\System32\Drivers\enrpwjry.sys []
S3 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS []
S3 gcycjyif;gcycjyif; \??\C:\WINDOWS\System32\Drivers\gcycjyif.sys []
S3 gtfpfvkl;gtfpfvkl; \??\C:\WINDOWS\System32\Drivers\gtfpfvkl.sys []
S3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-18 9600]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-12-06 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-12-06 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-12-06 21568]
S3 hqvubosm;hqvubosm; \??\C:\WINDOWS\System32\Drivers\hqvubosm.sys []
S3 jcwxeuyh;jcwxeuyh; \??\C:\WINDOWS\System32\Drivers\jcwxeuyh.sys []
S3 jwmuouzk;jwmuouzk; \??\C:\WINDOWS\System32\Drivers\jwmuouzk.sys []
S3 jwqoxcwx;jwqoxcwx; \??\C:\WINDOWS\System32\Drivers\jwqoxcwx.sys []
S3 lcwzqgkv;lcwzqgkv; \??\C:\WINDOWS\System32\Drivers\lcwzqgkv.sys []
S3 lflgovjj;lflgovjj; \??\C:\WINDOWS\System32\Drivers\lflgovjj.sys []
S3 lhrosnog;lhrosnog; \??\C:\WINDOWS\System32\Drivers\lhrosnog.sys []
S3 luwigejm;luwigejm; \??\C:\WINDOWS\System32\Drivers\luwigejm.sys []
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-18 12160]
S3 NdisFilt;OSA NdisFilter Protocol; C:\WINDOWS\System32\Drivers\NdisFilt.sys [2005-09-13 4392]
S3 NETMNT;Acer NetMonitor Protocol; C:\WINDOWS\system32\DRIVERS\NETMNT.sys [2005-05-02 9600]
S3 nkebnopw;nkebnopw; \??\C:\WINDOWS\System32\Drivers\nkebnopw.sys []
S3 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2005-08-03 32512]
S3 obcaitjq;obcaitjq; \??\C:\WINDOWS\System32\Drivers\obcaitjq.sys []
S3 oeaalwhq;oeaalwhq; \??\C:\WINDOWS\System32\Drivers\oeaalwhq.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 pmtgvwmi;pmtgvwmi; \??\C:\WINDOWS\System32\Drivers\pmtgvwmi.sys []
S3 rxqwrobg;rxqwrobg; \??\C:\WINDOWS\System32\Drivers\rxqwrobg.sys []
S3 sfxnpice;sfxnpice; \??\C:\WINDOWS\System32\Drivers\sfxnpice.sys []
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\WINDOWS\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\WINDOWS\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\WINDOWS\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2004-08-04 59264]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-18 31616]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-18 26496]
S3 vlrdfqbz;vlrdfqbz; \??\C:\WINDOWS\System32\Drivers\vlrdfqbz.sys []
S3 vznswyxs;vznswyxs; \??\C:\WINDOWS\System32\Drivers\vznswyxs.sys []
S3 yzhsvgxh;yzhsvgxh; \??\C:\WINDOWS\System32\Drivers\yzhsvgxh.sys []
S3 zaiacpja;zaiacpja; \??\C:\WINDOWS\System32\Drivers\zaiacpja.sys []
S4 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ACS;Atheros Configuration Service; C:\WINDOWS\system32\acs.exe [2004-12-27 36864]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-07-21 185089]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-06-10 144176]
R2 AWService;AdminWorks Agent X6; C:\Acer\Empowering Technology\admServ.exe [2005-10-24 1314816]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-05-18 345376]
R2 Capture Device Service;Capture Device Service; C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe [2007-03-06 198168]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\WINDOWS\system32\svchost.exe [2004-08-18 14336]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-18 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2004-08-18 14336]
R2 SSHNAS;SSHNAS; C:\WINDOWS\system32\svchost.exe [2004-08-18 14336]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2007-03-03 67056]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2004-08-18 14336]
R2 wltrysvc;Broadcom Wireless LAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2005-11-11 18944]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2004-08-18 14336]
S2 eitdaee2u9rxoaii;Network Connectivity Service; C:\WINDOWS\system32\lygoufou.exe [2010-12-12 188928]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-08-28 135664]
S2 MyWebSearchService;My Web Search Service; C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwssvc.exe [2010-10-05 28762]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe []
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2005-08-03 86016]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-07 430592]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2009-08-12 306432]
S4 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-08-14 654848]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosim o kontrolu, Avira hlasi vir
Moderátor: Moderátoři
Pravidla fóra
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: Prosim o kontrolu, Avira hlasi vir
Zdravím 
Slušná sbírka...
Stáhněte OTL http://oldtimer.geekstogo.com/OTL.exe na plochu
Slušná sbírka...
Stáhněte OTL http://oldtimer.geekstogo.com/OTL.exe na plochu
- Spusťte, poté do spodního políčka vložte následující skript.
Kód: Vybrat vše
netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
tcpip.sys
cryptsvc.dll
Changer.sys
JakNDis.sys
isapnp.sys
cdrom.sys
autochk.exe
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager" /v BootExecute /c
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
CREATERESTOREPOINT
- Označte položku Pro všechny uživatele.
- Označte položky Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
- Klikněte na tlačítko Prohledat
- Po dokončení, sem vložte logy OTL.Txt a Extras.txt
Re: Prosim o kontrolu, Avira hlasi vir
musel jsem to udelat v nouzovem rezimu, v normalnim se me to vzdycky kouslo
vadi to?
OTL logfile created on: 17.12.2010 20:43:30 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Administrator\Plocha
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
502,00 Mb Total Physical Memory | 370,00 Mb Available Physical Memory | 74,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 93,00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39,06 Gb Total Space | 13,94 Gb Free Space | 35,69% Space Free | Partition Type: NTFS
Drive D: | 35,46 Gb Total Space | 25,53 Gb Free Space | 72,00% Space Free | Partition Type: NTFS
Drive F: | 1,96 Gb Total Space | 1,79 Gb Free Space | 91,17% Space Free | Partition Type: FAT
Computer Name: NOTEBOOK | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2010.12.17 19:45:54 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Plocha\OTL.exe
PRC - [2004.08.18 13:00:00 | 001,032,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (SafeList) ==========
MOD - [2010.12.17 19:45:54 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Plocha\OTL.exe
MOD - [2004.08.18 13:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2010.12.12 18:25:25 | 000,188,928 | ---- | M] (Cushofts) [Auto | Stopped] -- C:\WINDOWS\system32\lygoufou.exe -- (eitdaee2u9rxoaii)
SRV - [2010.12.02 14:23:19 | 000,238,592 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Auto | Stopped] -- C:\WINDOWS\system32\sshnas21.dll -- (SSHNAS)
SRV - [2010.10.05 13:32:48 | 000,028,762 | ---- | M] (MyWebSearch.com) [Auto | Stopped] -- C:\Program Files\MyWebSearch\bar\3.bin\MWSSVC.EXE -- (MyWebSearchService)
SRV - [2010.06.10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009.08.14 07:58:19 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.08.12 19:21:16 | 000,306,432 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2009.07.21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.05.13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008.04.07 08:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007.12.20 09:41:56 | 000,029,440 | ---- | M] (TuneUp Software GmbH) [Auto | Stopped] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2007.03.06 09:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service)
SRV - [2007.03.03 12:48:28 | 000,067,056 | ---- | M] (Ulead Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2005.11.14 00:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005.10.24 15:40:52 | 001,314,816 | ---- | M] (Avocent Inc.) [Auto | Stopped] -- C:\Acer\Empowering Technology\admServ.exe -- (AWService)
SRV - [2004.12.27 16:12:16 | 000,036,864 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\acs.exe -- (ACS)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\zaiacpja.sys -- (zaiacpja)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\yzhsvgxh.sys -- (yzhsvgxh)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\vznswyxs.sys -- (vznswyxs)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\vlrdfqbz.sys -- (vlrdfqbz)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\sfxnpice.sys -- (sfxnpice)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\s24trans.sys -- (s24trans)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\rxqwrobg.sys -- (rxqwrobg)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\pmtgvwmi.sys -- (pmtgvwmi)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\oeaalwhq.sys -- (oeaalwhq)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\obcaitjq.sys -- (obcaitjq)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\nkebnopw.sys -- (nkebnopw)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\luwigejm.sys -- (luwigejm)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\lhrosnog.sys -- (lhrosnog)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\lflgovjj.sys -- (lflgovjj)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\lcwzqgkv.sys -- (lcwzqgkv)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\jwqoxcwx.sys -- (jwqoxcwx)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\jwmuouzk.sys -- (jwmuouzk)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\jcwxeuyh.sys -- (jcwxeuyh)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\hqvubosm.sys -- (hqvubosm)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\gtfpfvkl.sys -- (gtfpfvkl)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\gcycjyif.sys -- (gcycjyif)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\enrpwjry.sys -- (enrpwjry)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\cprhihdf.sys -- (cprhihdf)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\cbzlxymo.sys -- (cbzlxymo)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\bfyysyfw.sys -- (bfyysyfw)
DRV - [2010.11.21 07:10:12 | 000,082,944 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\oumzbfqe.sys -- (oumzbfqe)
DRV - [2010.03.24 17:27:58 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.05.11 09:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.03.31 08:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009.03.30 09:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.03.20 09:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2009.03.20 09:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV - [2009.03.20 09:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV - [2009.02.13 11:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2007.09.17 14:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2005.12.19 10:37:42 | 004,127,232 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005.11.17 10:20:12 | 000,037,888 | R--- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2005.11.17 10:20:08 | 000,074,624 | R--- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ESM7SK.sys -- (ESMCR)
DRV - [2005.11.17 10:20:02 | 000,060,928 | R--- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EMS7SK.sys -- (EMSCR)
DRV - [2005.11.02 12:24:24 | 000,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005.10.31 07:17:00 | 000,045,312 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005.10.15 17:20:44 | 000,012,106 | ---- | M] (OSA Technologies) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\OsaFsLoc.sys -- (OsaFsLoc)
DRV - [2005.09.13 14:34:40 | 000,004,392 | ---- | M] (OSA Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NdisFilt.sys -- (NdisFilt)
DRV - [2005.08.03 04:10:14 | 000,032,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2005.06.30 15:58:24 | 000,007,296 | ---- | M] (OSA Technologies, An Avocent Company) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\osaio.sys -- (osaio)
DRV - [2005.05.02 11:13:42 | 000,009,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETMNT.sys -- (NETMNT)
DRV - [2005.04.22 15:57:06 | 000,078,208 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\epm-shd.sys -- (EpmShd)
DRV - [2005.04.22 15:57:06 | 000,004,096 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\epm-psd.sys -- (EpmPsd)
DRV - [2005.01.14 14:57:16 | 000,004,010 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\osanbm.sys -- (osanbm)
DRV - [2005.01.07 16:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004.12.08 07:10:00 | 000,016,896 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DKbFltr.SYS -- (DKbFltr)
DRV - [2004.08.04 00:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) Ovladač zvukové karty USB (WDM)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\.DEFAULT\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\.DEFAULT\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-18\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-583907252-764733703-682003330-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: m3ffxtbr@mywebsearch.com:1.1
FF - HKLM\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\3.bin [2010.11.22 15:08:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.17 16:57:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.12 10:54:01 | 000,000,000 | ---D | M]
[2010.12.17 16:57:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Extensions
[2010.12.17 16:57:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\hptpujhs.default\extensions
[2010.03.24 21:08:30 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.10.29 11:52:45 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.10.29 11:52:45 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.10.29 11:52:45 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.10.29 11:52:45 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.10.29 11:52:45 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml
O1 HOSTS File: ([2004.08.18 13:00:00 | 000,000,737 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\WINDOWS\system32\ToolBand.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {70DE7956-479D-4eb7-8641-2B45774C350E} - No CLSID value found.
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (no name) - {c2db4fe6-8409-45ce-8010-189a7b5cce86} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {70DE7956-479D-4EB7-8641-2B45774C350E} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {70DE7956-479D-4EB7-8641-2B45774C350E} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: [bfwdrv] C:\DOCUME~1\PC\LOCALS~1\Temp\852.exe File not found
O4 - HKLM..\Run: [jisude] C:\WINDOWS\system32\jokypakouh.exe ()
O4 - HKLM..\Run: [kattoka] C:\WINDOWS\system32\lepydeha.exe ()
O4 - HKLM..\Run: [moocegup] C:\WINDOWS\system32\tilorehoot.exe ()
O4 - HKLM..\Run: [My Web Search Bar] C:\PROGRA~1\MYWEBS~1\bar\3.bin\MWSBAR.DLL File not found
O4 - HKLM..\Run: [MyWebSearch Email Plugin] C:\Program Files\MyWebSearch\bar\3.bin\MWSOEMON.EXE (MyWebSearch.com)
O4 - HKLM..\Run: [NVIDIA driver monitor] c:\WINDOWS\nvsvc32.exe ()
O4 - HKLM..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe (InterVideo Digital Technology Corporation)
O4 - HKU\.DEFAULT..\Run: [jisude] C:\Documents and Settings\LocalService\Data aplikací\Microsoft\jokypakouh.exe (Cushofts)
O4 - HKU\.DEFAULT..\Run: [moocegup] C:\Documents and Settings\LocalService\Data aplikací\Microsoft\tilorehoot.exe (Cushofts)
O4 - HKU\S-1-5-18..\Run: [jisude] C:\Documents and Settings\LocalService\Data aplikací\Microsoft\jokypakouh.exe (Cushofts)
O4 - HKU\S-1-5-18..\Run: [moocegup] C:\Documents and Settings\LocalService\Data aplikací\Microsoft\tilorehoot.exe (Cushofts)
O4 - Startup: C:\Documents and Settings\Guest\Nabídka Start\Programy\Po spuštění\OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: csrcs = C:\WINDOWS\system32\csrcs.exe File not found
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-583907252-764733703-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Signature Manager options - {755B05A7-0770-4185-B5F6-E75A2CA527E2} - C:\Program Files\SM\SubsHelper.dll (SM Technologies)
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\PC\Nabídka Start\Programy\IMVU\Run IMVU.lnk File not found
O9 - Extra Button: HP Chytrý výběr - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - Reg Error: Key error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.20
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (C:\DOCUME~1\PC\LOCALS~1\Temp\852.exe) - C:\DOCUME~1\PC\LOCALS~1\Temp\852.exe File not found
O20 - HKLM Winlogon: UserInit - (C:\DOCUME~1\PC\LOCALS~1\Temp\852.exe) - C:\DOCUME~1\PC\LOCALS~1\Temp\852.exe File not found
O20 - HKLM Winlogon: TaskMan - (C:\Documents and Settings\PC\Data aplikací\juzjf.exe) - C:\Documents and Settings\PC\Data aplikací\juzjf.exe File not found
O20 - HKLM Winlogon: UIHost - (C:\Documents and Settings\All Users\Data aplikací\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe) - C:\Documents and Settings\All Users\Data aplikací\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.07.26 07:21:23 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software GmbH)
NetSvcs: WmdmPmSp - File not found
NetSvcs: SSHNAS - C:\WINDOWS\system32\sshnas21.dll (Windows (R) Codename Longhorn DDK provider)
Drivers32: msacm.ac3acm - C:\WINDOWS\System32\AC3ACM.acm (fccHandler)
Drivers32: msacm.alf2cd - C:\WINDOWS\System32\alf2cd.acm (NCT Company)
Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\VIO\DVACM.acm (InterVideo Digital Technology Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.MPEGacm - C:\Program Files\Common Files\Ulead Systems\MPEG\MPEGACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.scg726 - C:\WINDOWS\System32\Scg726.acm (SHARP Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.ulmp3acm - C:\Program Files\Common Files\Ulead Systems\MPEG\ulmp3acm.acm (Ulead systems)
Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\divx.dll (DivXNetworks, Inc.)
Drivers32: vidc.dscc - C:\Program Files\Tales Animator\dscc.dll ()
Drivers32: vidc.dsfs - C:\Program Files\Tales Animator\dsfs.dll ()
Drivers32: vidc.dsvc - C:\Program Files\Tales Animator\dsvc.dll ()
Drivers32: vidc.dvsd - C:\WINDOWS\System32\mcdvd_32.dll (MainConcept)
Drivers32: vidc.ffds - C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\WINDOWS\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.xvid - C:\WINDOWS\System32\xvidvfw.dll ()
CREATERESTOREPOINT
Error starting restore point: The function was called in safe mode.
Error closing restore point: The sequence number is invalid.
========== Files/Folders - Created Within 30 Days ==========
[2010.12.17 20:42:58 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Plocha\OTL.exe
[2010.12.17 20:32:58 | 000,188,928 | ---- | C] (Cushofts) -- C:\WINDOWS\System32\lygoufou.exe
[2010.12.17 19:18:19 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.12.17 19:18:18 | 000,000,000 | ---D | C] -- C:\rsit
[2010.12.17 19:12:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2010.12.17 16:58:28 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Dokumenty\Obrázky
[2010.12.17 16:57:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Mozilla
[2010.12.17 16:57:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla
[2010.12.17 16:46:05 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Data aplikací\Microsoft
[2010.12.17 16:46:05 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Cookies
[2010.12.17 16:46:05 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\SendTo
[2010.12.17 16:46:05 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Data aplikací
[2010.12.17 16:46:05 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Nabídka Start
[2010.12.17 16:46:05 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Šablony
[2010.12.17 16:46:05 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Recent
[2010.12.17 16:46:05 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Okolní tiskárny
[2010.12.17 16:46:05 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Okolní síť
[2010.12.17 16:46:05 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings
[2010.12.17 16:46:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Plocha
[2010.12.17 16:46:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Oblíbené položky
[2010.12.17 16:46:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Microsoft
[2010.12.17 16:46:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dokumenty
[2010.12.16 07:08:58 | 000,223,232 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\Oqozaj.exe
[2010.12.12 08:57:11 | 000,206,848 | ---- | C] (Cushofts) -- C:\WINDOWS\System32\vydarook.exe
[2010.12.10 21:11:21 | 000,000,000 | ---D | C] -- C:\Program Files\ICQ7.0
[2010.12.10 16:18:21 | 000,195,584 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\Oqozai.exe
[2010.12.07 16:53:25 | 000,194,048 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\Oqozae.exe
[2010.12.07 14:54:12 | 000,194,048 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\Oqozad.exe
[2010.12.06 16:24:08 | 000,194,048 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\Oqozac.exe
[2010.12.05 14:45:18 | 000,184,832 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\Oqozab.exe
[2010.12.02 14:23:19 | 000,238,592 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\System32\sshnas21.dll
[2010.11.24 12:46:01 | 000,000,000 | ---D | C] -- C:\Program Files\csWord
[2010.11.21 23:09:01 | 000,085,504 | ---- | C] (PTGPlRX) -- C:\HDTV.exe
[2010.11.20 23:11:16 | 000,000,000 | ---D | C] -- C:\Program Files\ConduitEngine
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010.12.17 20:45:30 | 000,395,200 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.12.17 20:45:30 | 000,392,918 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2010.12.17 20:45:30 | 000,069,926 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2010.12.17 20:45:30 | 000,059,440 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.12.17 20:42:08 | 000,002,116 | -H-- | M] () -- C:\Documents and Settings\All Users\Data aplikací\common.data
[2010.12.17 20:40:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.12.17 20:39:12 | 000,000,240 | -H-- | M] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010.12.17 20:31:33 | 000,000,928 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.12.17 20:31:33 | 000,000,270 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010.12.17 19:45:54 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Plocha\OTL.exe
[2010.12.17 19:43:06 | 000,000,932 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.12.17 16:59:39 | 000,000,030 | ---- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\AVSDVDPlayer.m3u
[2010.12.17 16:58:29 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010.12.16 16:44:15 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Google Chrome.lnk
[2010.12.15 18:27:29 | 000,223,232 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\Oqozaj.exe
[2010.12.14 19:43:53 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010.12.12 18:25:25 | 000,188,928 | ---- | M] (Cushofts) -- C:\WINDOWS\System32\lygoufou.exe
[2010.12.12 18:25:25 | 000,188,928 | ---- | M] () -- C:\WINDOWS\System32\wejovood.exe
[2010.12.12 18:25:25 | 000,188,928 | ---- | M] () -- C:\WINDOWS\System32\jokypakouh.exe
[2010.12.11 02:56:53 | 000,206,848 | ---- | M] (Cushofts) -- C:\WINDOWS\System32\vydarook.exe
[2010.12.11 02:56:53 | 000,206,848 | ---- | M] () -- C:\WINDOWS\System32\tilorehoot.exe
[2010.12.11 02:56:53 | 000,206,848 | ---- | M] () -- C:\WINDOWS\System32\davy.exe
[2010.12.11 00:14:20 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2010.12.10 21:14:25 | 000,001,487 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\ICQ7.lnk
[2010.12.10 14:03:20 | 000,195,584 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\Oqozai.exe
[2010.12.09 22:29:58 | 000,197,120 | ---- | M] () -- C:\WINDOWS\Oqozah.exe
[2010.12.09 22:29:58 | 000,197,120 | ---- | M] () -- C:\WINDOWS\Oqozag.exe
[2010.12.09 16:09:31 | 000,197,120 | ---- | M] () -- C:\WINDOWS\Oqozaf.exe
[2010.12.09 15:54:33 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.12.07 15:09:25 | 000,194,048 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\Oqozae.exe
[2010.12.06 22:41:49 | 000,194,048 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\Oqozad.exe
[2010.12.06 15:08:46 | 000,194,048 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\Oqozac.exe
[2010.12.05 12:59:48 | 000,184,832 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\Oqozab.exe
[2010.12.02 14:23:19 | 000,238,592 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\System32\sshnas21.dll
[2010.12.02 14:23:18 | 000,195,072 | ---- | M] () -- C:\WINDOWS\Oqozaa.exe
[2010.11.26 16:33:17 | 000,000,258 | ---- | M] () -- C:\cy.exe
[2010.11.22 14:22:38 | 000,045,568 | -H-- | M] () -- C:\WINDOWS\System32\secupdat.dat
[2010.11.21 23:09:01 | 000,085,504 | ---- | M] (PTGPlRX) -- C:\HDTV.exe
[2010.11.21 19:09:30 | 000,000,184 | ---- | M] () -- C:\wifi32.exe
[2010.11.21 07:10:12 | 000,082,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\oumzbfqe.sys
[2010.11.21 00:03:52 | 000,201,216 | ---- | M] () -- C:\WINDOWS\System32\lepydeha.exe
[2010.11.21 00:03:52 | 000,201,216 | ---- | M] () -- C:\WINDOWS\System32\boohoulo.exe
[2010.11.20 23:08:32 | 000,065,024 | RHS- | M] () -- C:\WINDOWS\nvsvc32.exe
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010.12.17 16:59:39 | 000,000,030 | ---- | C] () -- C:\Documents and Settings\Administrator\Data aplikací\AVSDVDPlayer.m3u
[2010.12.17 16:58:29 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010.12.12 18:25:24 | 000,188,928 | ---- | C] () -- C:\WINDOWS\System32\wejovood.exe
[2010.12.12 08:58:14 | 000,188,928 | ---- | C] () -- C:\WINDOWS\System32\jokypakouh.exe
[2010.12.10 21:14:25 | 000,001,487 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\ICQ7.lnk
[2010.12.10 13:52:12 | 000,197,120 | ---- | C] () -- C:\WINDOWS\Oqozah.exe
[2010.12.10 07:25:29 | 000,197,120 | ---- | C] () -- C:\WINDOWS\Oqozag.exe
[2010.12.09 22:09:15 | 000,206,848 | ---- | C] () -- C:\WINDOWS\System32\davy.exe
[2010.12.09 21:59:30 | 000,197,120 | ---- | C] () -- C:\WINDOWS\Oqozaf.exe
[2010.12.08 15:07:55 | 000,206,848 | ---- | C] () -- C:\WINDOWS\System32\tilorehoot.exe
[2010.12.02 14:23:40 | 000,195,072 | ---- | C] () -- C:\WINDOWS\Oqozaa.exe
[2010.12.02 14:23:30 | 000,000,270 | -H-- | C] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010.12.02 14:23:27 | 000,000,240 | -H-- | C] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010.11.26 16:33:17 | 000,000,258 | ---- | C] () -- C:\cy.exe
[2010.11.22 14:22:38 | 000,045,568 | -H-- | C] () -- C:\WINDOWS\System32\secupdat.dat
[2010.11.21 19:09:30 | 000,000,184 | ---- | C] () -- C:\wifi32.exe
[2010.11.21 07:10:01 | 000,082,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\oumzbfqe.sys
[2010.11.21 00:04:06 | 000,201,216 | ---- | C] () -- C:\WINDOWS\System32\boohoulo.exe
[2010.11.21 00:03:52 | 000,201,216 | ---- | C] () -- C:\WINDOWS\System32\lepydeha.exe
[2010.11.20 23:55:39 | 000,002,116 | -H-- | C] () -- C:\Documents and Settings\All Users\Data aplikací\common.data
[2010.11.20 23:08:32 | 000,065,024 | RHS- | C] () -- C:\WINDOWS\nvsvc32.exe
[2010.09.04 09:09:05 | 000,210,456 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2010.09.04 09:09:05 | 000,206,360 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2010.09.04 09:09:05 | 000,198,168 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2010.09.04 09:09:05 | 000,198,168 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2010.09.04 09:09:05 | 000,194,072 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2010.09.04 09:09:05 | 000,026,136 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2010.05.02 16:22:42 | 000,005,320 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\hpzinstall.log
[2010.04.08 17:51:38 | 000,000,056 | -H-- | C] () -- C:\Documents and Settings\All Users\Data aplikací\ezsidmv.dat
[2010.03.24 20:51:48 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\ezsid.dat
[2009.10.23 16:51:03 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2009.10.23 16:51:03 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2009.08.28 17:40:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2009.08.14 08:15:45 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2009.08.14 08:14:51 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2009.08.13 19:38:12 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009.08.13 19:38:12 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009.08.13 19:33:21 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Data aplikací\.zreglib
[2009.08.13 18:59:21 | 000,000,390 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009.08.13 18:47:10 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2009.08.13 18:44:22 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\SC_res.dll
[2009.08.13 18:44:22 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\TC_res.dll
[2009.08.13 18:44:22 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\MSNChatHook.dll
[2009.08.13 18:44:21 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\EN_res.dll
[2009.08.13 18:44:20 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\APISlice.dll
[2009.08.13 15:23:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NT.INI
[2009.08.13 15:05:10 | 000,135,168 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2009.07.26 09:04:02 | 000,004,249 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007.10.25 16:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2005.05.02 11:13:42 | 000,009,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\NETMNT.sys
[2004.08.18 13:00:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004.08.18 13:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2003.12.29 19:45:08 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ServiceControl.dll
[2003.04.09 14:38:04 | 000,005,664 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002.03.17 01:00:00 | 000,007,420 | ---- | C] () -- C:\WINDOWS\UA000079.DLL
========== LOP Check ==========
[2010.10.03 18:34:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\5DFly Software
[2009.08.13 18:44:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Acer
[2010.10.30 22:32:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\AlawarWrapper
[2010.10.29 15:07:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\CasualForge
[2010.12.13 15:11:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ICQ
[2010.05.23 08:03:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\IM
[2010.05.23 08:02:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\IncrediMail
[2010.09.04 09:09:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\InterVideo
[2010.05.25 13:14:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Musicnotes
[2009.10.23 16:54:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\PC Suite
[2010.05.23 08:03:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\PhotoMail
[2009.08.13 19:35:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\SlySoft
[2010.03.27 13:41:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\SweetIM
[2009.08.12 19:21:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TuneUp Software
[2010.09.04 09:10:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Ulead Systems
[2010.07.08 21:27:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010.04.10 20:34:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Data aplikací\ICQ
[2010.12.11 00:14:20 | 000,000,370 | ---- | M] () -- C:\WINDOWS\Tasks\1-Click Maintenance.job
[2010.11.04 14:37:04 | 000,000,274 | ---- | M] () -- C:\WINDOWS\Tasks\videopadShakeIcon.job
[2010.12.17 20:31:33 | 000,000,270 | -H-- | M] () -- C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010.12.17 20:39:12 | 000,000,240 | -H-- | M] () -- C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
========== Purity Check ==========
========== Custom Scans ==========
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"CTFMON.EXE" = C:\WINDOWS\system32\CTFMON.EXE -- [2004.08.18 13:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation)
< c:\windows\*.* /U >
< %SYSTEMDRIVE%\*.exe >
[2010.11.26 16:33:17 | 000,000,258 | ---- | M] () -- C:\cy.exe
[2010.11.21 23:09:01 | 000,085,504 | ---- | M] (PTGPlRX) -- C:\HDTV.exe
[2010.11.21 19:09:30 | 000,000,184 | ---- | M] () -- C:\wifi32.exe
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2009.07.26 07:21:15 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Administrator\Data aplikací\Microsoft
[2010.12.17 16:57:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla
< %APPDATA%\*.exe /s >
< MD5 for: AGP440.SYS >
[2004.08.18 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
< MD5 for: ATAPI.SYS >
[2004.08.18 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004.08.18 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2004.08.18 13:00:00 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=CEA8636EC12F062C1ED8A7CB4E75324F -- C:\WINDOWS\system32\autochk.exe
[2004.08.18 13:00:00 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=CEA8636EC12F062C1ED8A7CB4E75324F -- C:\WINDOWS\system32\dllcache\autochk.exe
< MD5 for: CDROM.SYS >
[2004.08.18 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2004.08.18 13:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\system32\drivers\cdrom.sys
< MD5 for: CRYPTSVC.DLL >
[2004.08.18 13:00:00 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\system32\cryptsvc.dll
[2004.08.18 13:00:00 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\system32\dllcache\cryptsvc.dll
< MD5 for: EVENTLOG.DLL >
[2004.08.18 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004.08.18 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\system32\eventlog.dll
< MD5 for: EXPLORER.EXE >
[2004.08.18 13:00:00 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\explorer.exe
[2004.08.18 13:00:00 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\system32\dllcache\explorer.exe
< MD5 for: HAL.DLL >
[2004.08.18 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2004.08.18 13:00:00 | 000,131,968 | ---- | M] (Microsoft Corporation) MD5=F9A0F579FC18036FFDD9E26E0D268CCD -- C:\WINDOWS\system32\hal.dll
< MD5 for: CHANGER.SYS >
[2004.08.18 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
< MD5 for: ISAPNP.SYS >
[2004.08.18 13:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\system32\drivers\isapnp.sys
< MD5 for: LSASS.EXE >
[2004.08.18 13:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\system32\dllcache\lsass.exe
[2004.08.18 13:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\system32\lsass.exe
< MD5 for: NDIS.SYS >
[2004.08.18 13:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\dllcache\ndis.sys
[2004.08.18 13:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\drivers\ndis.sys
< MD5 for: NETLOGON.DLL >
[2004.08.18 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2004.08.18 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\system32\netlogon.dll
< MD5 for: SCECLI.DLL >
[2004.08.18 13:00:00 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004.08.18 13:00:00 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\system32\scecli.dll
< MD5 for: SMSS.EXE >
[2004.08.18 13:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\system32\dllcache\smss.exe
[2004.08.18 13:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\system32\smss.exe
< MD5 for: SVCHOST.EXE >
[2004.08.18 13:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\system32\dllcache\svchost.exe
[2004.08.18 13:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\system32\svchost.exe
< MD5 for: TCPIP.SYS >
[2004.08.18 13:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2004.08.18 13:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\system32\drivers\tcpip.sys
< MD5 for: USERINIT.EXE >
[2004.08.18 13:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\system32\dllcache\userinit.exe
[2004.08.18 13:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\system32\userinit.exe
< MD5 for: WINLOGON.EXE >
[2004.08.18 13:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2004.08.18 13:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\system32\winlogon.exe
< MD5 for: WS2_32.DLL >
[2004.08.18 13:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\system32\dllcache\ws2_32.dll
[2004.08.18 13:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\system32\ws2_32.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010.11.21 07:10:12 | 000,082,944 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\oumzbfqe.sys
< %systemroot%\System32\config\*.sav >
[2009.07.26 09:01:52 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009.07.26 09:01:51 | 000,663,552 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009.07.26 09:01:51 | 000,487,424 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs
< reg query "HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager" /v BootExecute /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\SESSION MANAGER
BOOTEXECUTE REG_MULTI_SZ autocheck autochk *\0\0
< %systemroot%\system32\drivers\*.sys /3 >
< %systemroot%\system32\*.* /3 >
[2010.12.17 16:58:29 | 000,000,552 | ---- | M] () -- C:\WINDOWS\system32\d3d8caps.dat
[2010.12.17 20:45:30 | 000,069,926 | ---- | M] () -- C:\WINDOWS\system32\perfc005.dat
[2010.12.17 20:45:30 | 000,059,440 | ---- | M] () -- C:\WINDOWS\system32\perfc009.dat
[2010.12.17 20:45:30 | 000,392,918 | ---- | M] () -- C:\WINDOWS\system32\perfh005.dat
[2010.12.17 20:45:30 | 000,395,200 | ---- | M] () -- C:\WINDOWS\system32\perfh009.dat
[2010.12.17 20:45:27 | 000,929,478 | ---- | M] () -- C:\WINDOWS\system32\PerfStringBackup.INI
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
========== Alternate Data Streams ==========
@Alternate Data Stream - 502695 bytes -> C:\WINDOWS\Temp:temp
@Alternate Data Stream - 24 bytes -> C:\WINDOWS:2CAF45856F4A3E42
< End of report >
vadi to?
OTL logfile created on: 17.12.2010 20:43:30 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Administrator\Plocha
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
502,00 Mb Total Physical Memory | 370,00 Mb Available Physical Memory | 74,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 93,00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39,06 Gb Total Space | 13,94 Gb Free Space | 35,69% Space Free | Partition Type: NTFS
Drive D: | 35,46 Gb Total Space | 25,53 Gb Free Space | 72,00% Space Free | Partition Type: NTFS
Drive F: | 1,96 Gb Total Space | 1,79 Gb Free Space | 91,17% Space Free | Partition Type: FAT
Computer Name: NOTEBOOK | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2010.12.17 19:45:54 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Plocha\OTL.exe
PRC - [2004.08.18 13:00:00 | 001,032,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (SafeList) ==========
MOD - [2010.12.17 19:45:54 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Plocha\OTL.exe
MOD - [2004.08.18 13:00:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2010.12.12 18:25:25 | 000,188,928 | ---- | M] (Cushofts) [Auto | Stopped] -- C:\WINDOWS\system32\lygoufou.exe -- (eitdaee2u9rxoaii)
SRV - [2010.12.02 14:23:19 | 000,238,592 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Auto | Stopped] -- C:\WINDOWS\system32\sshnas21.dll -- (SSHNAS)
SRV - [2010.10.05 13:32:48 | 000,028,762 | ---- | M] (MyWebSearch.com) [Auto | Stopped] -- C:\Program Files\MyWebSearch\bar\3.bin\MWSSVC.EXE -- (MyWebSearchService)
SRV - [2010.06.10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009.08.14 07:58:19 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.08.12 19:21:16 | 000,306,432 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2009.07.21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.05.13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008.04.07 08:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007.12.20 09:41:56 | 000,029,440 | ---- | M] (TuneUp Software GmbH) [Auto | Stopped] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2007.03.06 09:35:02 | 000,198,168 | ---- | M] (InterVideo Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service)
SRV - [2007.03.03 12:48:28 | 000,067,056 | ---- | M] (Ulead Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)
SRV - [2005.11.14 00:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005.10.24 15:40:52 | 001,314,816 | ---- | M] (Avocent Inc.) [Auto | Stopped] -- C:\Acer\Empowering Technology\admServ.exe -- (AWService)
SRV - [2004.12.27 16:12:16 | 000,036,864 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\acs.exe -- (ACS)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\zaiacpja.sys -- (zaiacpja)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\yzhsvgxh.sys -- (yzhsvgxh)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\vznswyxs.sys -- (vznswyxs)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\vlrdfqbz.sys -- (vlrdfqbz)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\sfxnpice.sys -- (sfxnpice)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\s24trans.sys -- (s24trans)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\rxqwrobg.sys -- (rxqwrobg)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\pmtgvwmi.sys -- (pmtgvwmi)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\oeaalwhq.sys -- (oeaalwhq)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\obcaitjq.sys -- (obcaitjq)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\nkebnopw.sys -- (nkebnopw)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\luwigejm.sys -- (luwigejm)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\lhrosnog.sys -- (lhrosnog)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\lflgovjj.sys -- (lflgovjj)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\lcwzqgkv.sys -- (lcwzqgkv)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\jwqoxcwx.sys -- (jwqoxcwx)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\jwmuouzk.sys -- (jwmuouzk)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\jcwxeuyh.sys -- (jcwxeuyh)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\hqvubosm.sys -- (hqvubosm)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\gtfpfvkl.sys -- (gtfpfvkl)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\gcycjyif.sys -- (gcycjyif)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\enrpwjry.sys -- (enrpwjry)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\cprhihdf.sys -- (cprhihdf)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\cbzlxymo.sys -- (cbzlxymo)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\bfyysyfw.sys -- (bfyysyfw)
DRV - [2010.11.21 07:10:12 | 000,082,944 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\oumzbfqe.sys -- (oumzbfqe)
DRV - [2010.03.24 17:27:58 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.05.11 09:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.03.31 08:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009.03.30 09:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.03.20 09:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2009.03.20 09:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV - [2009.03.20 09:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV - [2009.02.13 11:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2007.09.17 14:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2005.12.19 10:37:42 | 004,127,232 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005.11.17 10:20:12 | 000,037,888 | R--- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2005.11.17 10:20:08 | 000,074,624 | R--- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ESM7SK.sys -- (ESMCR)
DRV - [2005.11.17 10:20:02 | 000,060,928 | R--- | M] (ENE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EMS7SK.sys -- (EMSCR)
DRV - [2005.11.02 12:24:24 | 000,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005.10.31 07:17:00 | 000,045,312 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2005.10.15 17:20:44 | 000,012,106 | ---- | M] (OSA Technologies) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\OsaFsLoc.sys -- (OsaFsLoc)
DRV - [2005.09.13 14:34:40 | 000,004,392 | ---- | M] (OSA Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NdisFilt.sys -- (NdisFilt)
DRV - [2005.08.03 04:10:14 | 000,032,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2005.06.30 15:58:24 | 000,007,296 | ---- | M] (OSA Technologies, An Avocent Company) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\osaio.sys -- (osaio)
DRV - [2005.05.02 11:13:42 | 000,009,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETMNT.sys -- (NETMNT)
DRV - [2005.04.22 15:57:06 | 000,078,208 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\epm-shd.sys -- (EpmShd)
DRV - [2005.04.22 15:57:06 | 000,004,096 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\epm-psd.sys -- (EpmPsd)
DRV - [2005.01.14 14:57:16 | 000,004,010 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\osanbm.sys -- (osanbm)
DRV - [2005.01.07 16:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)
DRV - [2004.12.08 07:10:00 | 000,016,896 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DKbFltr.SYS -- (DKbFltr)
DRV - [2004.08.04 00:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) Ovladač zvukové karty USB (WDM)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\.DEFAULT\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\.DEFAULT\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-18\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-583907252-764733703-682003330-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: m3ffxtbr@mywebsearch.com:1.1
FF - HKLM\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\3.bin [2010.11.22 15:08:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.17 16:57:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.12 10:54:01 | 000,000,000 | ---D | M]
[2010.12.17 16:57:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Extensions
[2010.12.17 16:57:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\hptpujhs.default\extensions
[2010.03.24 21:08:30 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.10.29 11:52:45 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.10.29 11:52:45 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.10.29 11:52:45 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.10.29 11:52:45 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.10.29 11:52:45 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml
O1 HOSTS File: ([2004.08.18 13:00:00 | 000,000,737 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\WINDOWS\system32\ToolBand.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {70DE7956-479D-4eb7-8641-2B45774C350E} - No CLSID value found.
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (no name) - {c2db4fe6-8409-45ce-8010-189a7b5cce86} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {70DE7956-479D-4EB7-8641-2B45774C350E} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {70DE7956-479D-4EB7-8641-2B45774C350E} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: [bfwdrv] C:\DOCUME~1\PC\LOCALS~1\Temp\852.exe File not found
O4 - HKLM..\Run: [jisude] C:\WINDOWS\system32\jokypakouh.exe ()
O4 - HKLM..\Run: [kattoka] C:\WINDOWS\system32\lepydeha.exe ()
O4 - HKLM..\Run: [moocegup] C:\WINDOWS\system32\tilorehoot.exe ()
O4 - HKLM..\Run: [My Web Search Bar] C:\PROGRA~1\MYWEBS~1\bar\3.bin\MWSBAR.DLL File not found
O4 - HKLM..\Run: [MyWebSearch Email Plugin] C:\Program Files\MyWebSearch\bar\3.bin\MWSOEMON.EXE (MyWebSearch.com)
O4 - HKLM..\Run: [NVIDIA driver monitor] c:\WINDOWS\nvsvc32.exe ()
O4 - HKLM..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe (InterVideo Digital Technology Corporation)
O4 - HKU\.DEFAULT..\Run: [jisude] C:\Documents and Settings\LocalService\Data aplikací\Microsoft\jokypakouh.exe (Cushofts)
O4 - HKU\.DEFAULT..\Run: [moocegup] C:\Documents and Settings\LocalService\Data aplikací\Microsoft\tilorehoot.exe (Cushofts)
O4 - HKU\S-1-5-18..\Run: [jisude] C:\Documents and Settings\LocalService\Data aplikací\Microsoft\jokypakouh.exe (Cushofts)
O4 - HKU\S-1-5-18..\Run: [moocegup] C:\Documents and Settings\LocalService\Data aplikací\Microsoft\tilorehoot.exe (Cushofts)
O4 - Startup: C:\Documents and Settings\Guest\Nabídka Start\Programy\Po spuštění\OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: csrcs = C:\WINDOWS\system32\csrcs.exe File not found
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-583907252-764733703-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Signature Manager options - {755B05A7-0770-4185-B5F6-E75A2CA527E2} - C:\Program Files\SM\SubsHelper.dll (SM Technologies)
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\PC\Nabídka Start\Programy\IMVU\Run IMVU.lnk File not found
O9 - Extra Button: HP Chytrý výběr - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - Reg Error: Key error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.20
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (C:\DOCUME~1\PC\LOCALS~1\Temp\852.exe) - C:\DOCUME~1\PC\LOCALS~1\Temp\852.exe File not found
O20 - HKLM Winlogon: UserInit - (C:\DOCUME~1\PC\LOCALS~1\Temp\852.exe) - C:\DOCUME~1\PC\LOCALS~1\Temp\852.exe File not found
O20 - HKLM Winlogon: TaskMan - (C:\Documents and Settings\PC\Data aplikací\juzjf.exe) - C:\Documents and Settings\PC\Data aplikací\juzjf.exe File not found
O20 - HKLM Winlogon: UIHost - (C:\Documents and Settings\All Users\Data aplikací\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe) - C:\Documents and Settings\All Users\Data aplikací\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.07.26 07:21:23 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: UxTuneUp - C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software GmbH)
NetSvcs: WmdmPmSp - File not found
NetSvcs: SSHNAS - C:\WINDOWS\system32\sshnas21.dll (Windows (R) Codename Longhorn DDK provider)
Drivers32: msacm.ac3acm - C:\WINDOWS\System32\AC3ACM.acm (fccHandler)
Drivers32: msacm.alf2cd - C:\WINDOWS\System32\alf2cd.acm (NCT Company)
Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\VIO\DVACM.acm (InterVideo Digital Technology Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.MPEGacm - C:\Program Files\Common Files\Ulead Systems\MPEG\MPEGACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.scg726 - C:\WINDOWS\System32\Scg726.acm (SHARP Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.ulmp3acm - C:\Program Files\Common Files\Ulead Systems\MPEG\ulmp3acm.acm (Ulead systems)
Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\divx.dll (DivXNetworks, Inc.)
Drivers32: vidc.dscc - C:\Program Files\Tales Animator\dscc.dll ()
Drivers32: vidc.dsfs - C:\Program Files\Tales Animator\dsfs.dll ()
Drivers32: vidc.dsvc - C:\Program Files\Tales Animator\dsvc.dll ()
Drivers32: vidc.dvsd - C:\WINDOWS\System32\mcdvd_32.dll (MainConcept)
Drivers32: vidc.ffds - C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\WINDOWS\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.xvid - C:\WINDOWS\System32\xvidvfw.dll ()
CREATERESTOREPOINT
Error starting restore point: The function was called in safe mode.
Error closing restore point: The sequence number is invalid.
========== Files/Folders - Created Within 30 Days ==========
[2010.12.17 20:42:58 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Plocha\OTL.exe
[2010.12.17 20:32:58 | 000,188,928 | ---- | C] (Cushofts) -- C:\WINDOWS\System32\lygoufou.exe
[2010.12.17 19:18:19 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.12.17 19:18:18 | 000,000,000 | ---D | C] -- C:\rsit
[2010.12.17 19:12:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2010.12.17 16:58:28 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Dokumenty\Obrázky
[2010.12.17 16:57:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Mozilla
[2010.12.17 16:57:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla
[2010.12.17 16:46:05 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Data aplikací\Microsoft
[2010.12.17 16:46:05 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Cookies
[2010.12.17 16:46:05 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\SendTo
[2010.12.17 16:46:05 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Data aplikací
[2010.12.17 16:46:05 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Nabídka Start
[2010.12.17 16:46:05 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Šablony
[2010.12.17 16:46:05 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Recent
[2010.12.17 16:46:05 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Okolní tiskárny
[2010.12.17 16:46:05 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Okolní síť
[2010.12.17 16:46:05 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings
[2010.12.17 16:46:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Plocha
[2010.12.17 16:46:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Oblíbené položky
[2010.12.17 16:46:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Microsoft
[2010.12.17 16:46:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dokumenty
[2010.12.16 07:08:58 | 000,223,232 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\Oqozaj.exe
[2010.12.12 08:57:11 | 000,206,848 | ---- | C] (Cushofts) -- C:\WINDOWS\System32\vydarook.exe
[2010.12.10 21:11:21 | 000,000,000 | ---D | C] -- C:\Program Files\ICQ7.0
[2010.12.10 16:18:21 | 000,195,584 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\Oqozai.exe
[2010.12.07 16:53:25 | 000,194,048 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\Oqozae.exe
[2010.12.07 14:54:12 | 000,194,048 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\Oqozad.exe
[2010.12.06 16:24:08 | 000,194,048 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\Oqozac.exe
[2010.12.05 14:45:18 | 000,184,832 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\Oqozab.exe
[2010.12.02 14:23:19 | 000,238,592 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\System32\sshnas21.dll
[2010.11.24 12:46:01 | 000,000,000 | ---D | C] -- C:\Program Files\csWord
[2010.11.21 23:09:01 | 000,085,504 | ---- | C] (PTGPlRX) -- C:\HDTV.exe
[2010.11.20 23:11:16 | 000,000,000 | ---D | C] -- C:\Program Files\ConduitEngine
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010.12.17 20:45:30 | 000,395,200 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.12.17 20:45:30 | 000,392,918 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2010.12.17 20:45:30 | 000,069,926 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2010.12.17 20:45:30 | 000,059,440 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.12.17 20:42:08 | 000,002,116 | -H-- | M] () -- C:\Documents and Settings\All Users\Data aplikací\common.data
[2010.12.17 20:40:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.12.17 20:39:12 | 000,000,240 | -H-- | M] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010.12.17 20:31:33 | 000,000,928 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.12.17 20:31:33 | 000,000,270 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010.12.17 19:45:54 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Plocha\OTL.exe
[2010.12.17 19:43:06 | 000,000,932 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.12.17 16:59:39 | 000,000,030 | ---- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\AVSDVDPlayer.m3u
[2010.12.17 16:58:29 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010.12.16 16:44:15 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Google Chrome.lnk
[2010.12.15 18:27:29 | 000,223,232 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\Oqozaj.exe
[2010.12.14 19:43:53 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010.12.12 18:25:25 | 000,188,928 | ---- | M] (Cushofts) -- C:\WINDOWS\System32\lygoufou.exe
[2010.12.12 18:25:25 | 000,188,928 | ---- | M] () -- C:\WINDOWS\System32\wejovood.exe
[2010.12.12 18:25:25 | 000,188,928 | ---- | M] () -- C:\WINDOWS\System32\jokypakouh.exe
[2010.12.11 02:56:53 | 000,206,848 | ---- | M] (Cushofts) -- C:\WINDOWS\System32\vydarook.exe
[2010.12.11 02:56:53 | 000,206,848 | ---- | M] () -- C:\WINDOWS\System32\tilorehoot.exe
[2010.12.11 02:56:53 | 000,206,848 | ---- | M] () -- C:\WINDOWS\System32\davy.exe
[2010.12.11 00:14:20 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2010.12.10 21:14:25 | 000,001,487 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\ICQ7.lnk
[2010.12.10 14:03:20 | 000,195,584 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\Oqozai.exe
[2010.12.09 22:29:58 | 000,197,120 | ---- | M] () -- C:\WINDOWS\Oqozah.exe
[2010.12.09 22:29:58 | 000,197,120 | ---- | M] () -- C:\WINDOWS\Oqozag.exe
[2010.12.09 16:09:31 | 000,197,120 | ---- | M] () -- C:\WINDOWS\Oqozaf.exe
[2010.12.09 15:54:33 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.12.07 15:09:25 | 000,194,048 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\Oqozae.exe
[2010.12.06 22:41:49 | 000,194,048 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\Oqozad.exe
[2010.12.06 15:08:46 | 000,194,048 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\Oqozac.exe
[2010.12.05 12:59:48 | 000,184,832 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\Oqozab.exe
[2010.12.02 14:23:19 | 000,238,592 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\System32\sshnas21.dll
[2010.12.02 14:23:18 | 000,195,072 | ---- | M] () -- C:\WINDOWS\Oqozaa.exe
[2010.11.26 16:33:17 | 000,000,258 | ---- | M] () -- C:\cy.exe
[2010.11.22 14:22:38 | 000,045,568 | -H-- | M] () -- C:\WINDOWS\System32\secupdat.dat
[2010.11.21 23:09:01 | 000,085,504 | ---- | M] (PTGPlRX) -- C:\HDTV.exe
[2010.11.21 19:09:30 | 000,000,184 | ---- | M] () -- C:\wifi32.exe
[2010.11.21 07:10:12 | 000,082,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\oumzbfqe.sys
[2010.11.21 00:03:52 | 000,201,216 | ---- | M] () -- C:\WINDOWS\System32\lepydeha.exe
[2010.11.21 00:03:52 | 000,201,216 | ---- | M] () -- C:\WINDOWS\System32\boohoulo.exe
[2010.11.20 23:08:32 | 000,065,024 | RHS- | M] () -- C:\WINDOWS\nvsvc32.exe
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010.12.17 16:59:39 | 000,000,030 | ---- | C] () -- C:\Documents and Settings\Administrator\Data aplikací\AVSDVDPlayer.m3u
[2010.12.17 16:58:29 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010.12.12 18:25:24 | 000,188,928 | ---- | C] () -- C:\WINDOWS\System32\wejovood.exe
[2010.12.12 08:58:14 | 000,188,928 | ---- | C] () -- C:\WINDOWS\System32\jokypakouh.exe
[2010.12.10 21:14:25 | 000,001,487 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\ICQ7.lnk
[2010.12.10 13:52:12 | 000,197,120 | ---- | C] () -- C:\WINDOWS\Oqozah.exe
[2010.12.10 07:25:29 | 000,197,120 | ---- | C] () -- C:\WINDOWS\Oqozag.exe
[2010.12.09 22:09:15 | 000,206,848 | ---- | C] () -- C:\WINDOWS\System32\davy.exe
[2010.12.09 21:59:30 | 000,197,120 | ---- | C] () -- C:\WINDOWS\Oqozaf.exe
[2010.12.08 15:07:55 | 000,206,848 | ---- | C] () -- C:\WINDOWS\System32\tilorehoot.exe
[2010.12.02 14:23:40 | 000,195,072 | ---- | C] () -- C:\WINDOWS\Oqozaa.exe
[2010.12.02 14:23:30 | 000,000,270 | -H-- | C] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010.12.02 14:23:27 | 000,000,240 | -H-- | C] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010.11.26 16:33:17 | 000,000,258 | ---- | C] () -- C:\cy.exe
[2010.11.22 14:22:38 | 000,045,568 | -H-- | C] () -- C:\WINDOWS\System32\secupdat.dat
[2010.11.21 19:09:30 | 000,000,184 | ---- | C] () -- C:\wifi32.exe
[2010.11.21 07:10:01 | 000,082,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\oumzbfqe.sys
[2010.11.21 00:04:06 | 000,201,216 | ---- | C] () -- C:\WINDOWS\System32\boohoulo.exe
[2010.11.21 00:03:52 | 000,201,216 | ---- | C] () -- C:\WINDOWS\System32\lepydeha.exe
[2010.11.20 23:55:39 | 000,002,116 | -H-- | C] () -- C:\Documents and Settings\All Users\Data aplikací\common.data
[2010.11.20 23:08:32 | 000,065,024 | RHS- | C] () -- C:\WINDOWS\nvsvc32.exe
[2010.09.04 09:09:05 | 000,210,456 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2010.09.04 09:09:05 | 000,206,360 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2010.09.04 09:09:05 | 000,198,168 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2010.09.04 09:09:05 | 000,198,168 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2010.09.04 09:09:05 | 000,194,072 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2010.09.04 09:09:05 | 000,026,136 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2010.05.02 16:22:42 | 000,005,320 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\hpzinstall.log
[2010.04.08 17:51:38 | 000,000,056 | -H-- | C] () -- C:\Documents and Settings\All Users\Data aplikací\ezsidmv.dat
[2010.03.24 20:51:48 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\ezsid.dat
[2009.10.23 16:51:03 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2009.10.23 16:51:03 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2009.08.28 17:40:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2009.08.14 08:15:45 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2009.08.14 08:14:51 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2009.08.13 19:38:12 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009.08.13 19:38:12 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009.08.13 19:33:21 | 000,000,040 | -HS- | C] () -- C:\Documents and Settings\All Users\Data aplikací\.zreglib
[2009.08.13 18:59:21 | 000,000,390 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009.08.13 18:47:10 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2009.08.13 18:44:22 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\SC_res.dll
[2009.08.13 18:44:22 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\TC_res.dll
[2009.08.13 18:44:22 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\MSNChatHook.dll
[2009.08.13 18:44:21 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\EN_res.dll
[2009.08.13 18:44:20 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\APISlice.dll
[2009.08.13 15:23:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NT.INI
[2009.08.13 15:05:10 | 000,135,168 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2009.07.26 09:04:02 | 000,004,249 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007.10.25 16:26:10 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2005.05.02 11:13:42 | 000,009,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\NETMNT.sys
[2004.08.18 13:00:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004.08.18 13:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2003.12.29 19:45:08 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ServiceControl.dll
[2003.04.09 14:38:04 | 000,005,664 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002.03.17 01:00:00 | 000,007,420 | ---- | C] () -- C:\WINDOWS\UA000079.DLL
========== LOP Check ==========
[2010.10.03 18:34:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\5DFly Software
[2009.08.13 18:44:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Acer
[2010.10.30 22:32:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\AlawarWrapper
[2010.10.29 15:07:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\CasualForge
[2010.12.13 15:11:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ICQ
[2010.05.23 08:03:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\IM
[2010.05.23 08:02:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\IncrediMail
[2010.09.04 09:09:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\InterVideo
[2010.05.25 13:14:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Musicnotes
[2009.10.23 16:54:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\PC Suite
[2010.05.23 08:03:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\PhotoMail
[2009.08.13 19:35:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\SlySoft
[2010.03.27 13:41:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\SweetIM
[2009.08.12 19:21:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TuneUp Software
[2010.09.04 09:10:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Ulead Systems
[2010.07.08 21:27:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010.04.10 20:34:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Data aplikací\ICQ
[2010.12.11 00:14:20 | 000,000,370 | ---- | M] () -- C:\WINDOWS\Tasks\1-Click Maintenance.job
[2010.11.04 14:37:04 | 000,000,274 | ---- | M] () -- C:\WINDOWS\Tasks\videopadShakeIcon.job
[2010.12.17 20:31:33 | 000,000,270 | -H-- | M] () -- C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010.12.17 20:39:12 | 000,000,240 | -H-- | M] () -- C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
========== Purity Check ==========
========== Custom Scans ==========
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"CTFMON.EXE" = C:\WINDOWS\system32\CTFMON.EXE -- [2004.08.18 13:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation)
< c:\windows\*.* /U >
< %SYSTEMDRIVE%\*.exe >
[2010.11.26 16:33:17 | 000,000,258 | ---- | M] () -- C:\cy.exe
[2010.11.21 23:09:01 | 000,085,504 | ---- | M] (PTGPlRX) -- C:\HDTV.exe
[2010.11.21 19:09:30 | 000,000,184 | ---- | M] () -- C:\wifi32.exe
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2009.07.26 07:21:15 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Administrator\Data aplikací\Microsoft
[2010.12.17 16:57:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla
< %APPDATA%\*.exe /s >
< MD5 for: AGP440.SYS >
[2004.08.18 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
< MD5 for: ATAPI.SYS >
[2004.08.18 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004.08.18 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2004.08.18 13:00:00 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=CEA8636EC12F062C1ED8A7CB4E75324F -- C:\WINDOWS\system32\autochk.exe
[2004.08.18 13:00:00 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=CEA8636EC12F062C1ED8A7CB4E75324F -- C:\WINDOWS\system32\dllcache\autochk.exe
< MD5 for: CDROM.SYS >
[2004.08.18 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2004.08.18 13:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\system32\drivers\cdrom.sys
< MD5 for: CRYPTSVC.DLL >
[2004.08.18 13:00:00 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\system32\cryptsvc.dll
[2004.08.18 13:00:00 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\system32\dllcache\cryptsvc.dll
< MD5 for: EVENTLOG.DLL >
[2004.08.18 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004.08.18 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\system32\eventlog.dll
< MD5 for: EXPLORER.EXE >
[2004.08.18 13:00:00 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\explorer.exe
[2004.08.18 13:00:00 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\system32\dllcache\explorer.exe
< MD5 for: HAL.DLL >
[2004.08.18 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2004.08.18 13:00:00 | 000,131,968 | ---- | M] (Microsoft Corporation) MD5=F9A0F579FC18036FFDD9E26E0D268CCD -- C:\WINDOWS\system32\hal.dll
< MD5 for: CHANGER.SYS >
[2004.08.18 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
< MD5 for: ISAPNP.SYS >
[2004.08.18 13:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\system32\drivers\isapnp.sys
< MD5 for: LSASS.EXE >
[2004.08.18 13:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\system32\dllcache\lsass.exe
[2004.08.18 13:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\system32\lsass.exe
< MD5 for: NDIS.SYS >
[2004.08.18 13:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\dllcache\ndis.sys
[2004.08.18 13:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\drivers\ndis.sys
< MD5 for: NETLOGON.DLL >
[2004.08.18 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2004.08.18 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\system32\netlogon.dll
< MD5 for: SCECLI.DLL >
[2004.08.18 13:00:00 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004.08.18 13:00:00 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\system32\scecli.dll
< MD5 for: SMSS.EXE >
[2004.08.18 13:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\system32\dllcache\smss.exe
[2004.08.18 13:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\system32\smss.exe
< MD5 for: SVCHOST.EXE >
[2004.08.18 13:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\system32\dllcache\svchost.exe
[2004.08.18 13:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\system32\svchost.exe
< MD5 for: TCPIP.SYS >
[2004.08.18 13:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2004.08.18 13:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\system32\drivers\tcpip.sys
< MD5 for: USERINIT.EXE >
[2004.08.18 13:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\system32\dllcache\userinit.exe
[2004.08.18 13:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\system32\userinit.exe
< MD5 for: WINLOGON.EXE >
[2004.08.18 13:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2004.08.18 13:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\system32\winlogon.exe
< MD5 for: WS2_32.DLL >
[2004.08.18 13:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\system32\dllcache\ws2_32.dll
[2004.08.18 13:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\system32\ws2_32.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010.11.21 07:10:12 | 000,082,944 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\oumzbfqe.sys
< %systemroot%\System32\config\*.sav >
[2009.07.26 09:01:52 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009.07.26 09:01:51 | 000,663,552 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009.07.26 09:01:51 | 000,487,424 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs
< reg query "HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager" /v BootExecute /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\SESSION MANAGER
BOOTEXECUTE REG_MULTI_SZ autocheck autochk *\0\0
< %systemroot%\system32\drivers\*.sys /3 >
< %systemroot%\system32\*.* /3 >
[2010.12.17 16:58:29 | 000,000,552 | ---- | M] () -- C:\WINDOWS\system32\d3d8caps.dat
[2010.12.17 20:45:30 | 000,069,926 | ---- | M] () -- C:\WINDOWS\system32\perfc005.dat
[2010.12.17 20:45:30 | 000,059,440 | ---- | M] () -- C:\WINDOWS\system32\perfc009.dat
[2010.12.17 20:45:30 | 000,392,918 | ---- | M] () -- C:\WINDOWS\system32\perfh005.dat
[2010.12.17 20:45:30 | 000,395,200 | ---- | M] () -- C:\WINDOWS\system32\perfh009.dat
[2010.12.17 20:45:27 | 000,929,478 | ---- | M] () -- C:\WINDOWS\system32\PerfStringBackup.INI
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
========== Alternate Data Streams ==========
@Alternate Data Stream - 502695 bytes -> C:\WINDOWS\Temp:temp
@Alternate Data Stream - 24 bytes -> C:\WINDOWS:2CAF45856F4A3E42
< End of report >
Re: Prosim o kontrolu, Avira hlasi vir
OTL Extras logfile created on: 17.12.2010 20:43:30 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Administrator\Plocha
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
502,00 Mb Total Physical Memory | 370,00 Mb Available Physical Memory | 74,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 93,00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39,06 Gb Total Space | 13,94 Gb Free Space | 35,69% Space Free | Partition Type: NTFS
Drive D: | 35,46 Gb Total Space | 25,53 Gb Free Space | 72,00% Space Free | Partition Type: NTFS
Drive F: | 1,96 Gb Total Space | 1,79 Gb Free Space | 91,17% Space Free | Partition Type: FAT
Computer Name: NOTEBOOK | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"24301:TCP" = 24301:TCP:LocalSubNet:Enabled:Local Security Authentication Server
"18454:TCP" = 18454:TCP:LocalSubNet:Enabled:Local Security Authentication Server
"9104:TCP" = 9104:TCP:LocalSubNet:Enabled:Local Security Authentication Server
"23260:TCP" = 23260:TCP:LocalSubNet:Enabled:Local Security Authentication Server
"12414:TCP" = 12414:TCP:LocalSubNet:Enabled:Local Security Authentication Server
"7667:TCP" = 7667:TCP:LocalSubNet:Enabled:Local Security Authentication Server
"11095:TCP" = 11095:TCP:LocalSubNet:Enabled:Local Security Authentication Server
"9066:TCP" = 9066:TCP:LocalSubNet:Enabled:Local Security Authentication Server
"29467:TCP" = 29467:TCP:LocalSubNet:Enabled:Local Security Authentication Server
"22544:TCP" = 22544:TCP:LocalSubNet:Enabled:Local Security Authentication Server
"15357:TCP" = 15357:TCP:LocalSubNet:Enabled:Local Security Authentication Server
"3488:TCP" = 3488:TCP:LocalSubNet:Enabled:Local Security Authentication Server
"33182:TCP" = 33182:TCP:LocalSubNet:Enabled:Local Security Authentication Server
"20528:TCP" = 20528:TCP:LocalSubNet:Enabled:Local Security Authentication Server
"22369:TCP" = 22369:TCP:LocalSubNet:Enabled:Local Security Authentication Server
"2859:TCP" = 2859:TCP:LocalSubNet:Enabled:Local Security Authentication Server
"12629:TCP" = 12629:TCP:LocalSubNet:Enabled:Local Security Authentication Server
"26339:TCP" = 26339:TCP:LocalSubNet:Enabled:Local Security Authentication Server
"27791:TCP" = 27791:TCP:LocalSubNet:Enabled:Local Security Authentication Server
"17730:TCP" = 17730:TCP:LocalSubNet:Enabled:Local Security Authentication Server
"7759:TCP" = 7759:TCP:LocalSubNet:Enabled:Local Security Authentication Server
"11055:TCP" = 11055:TCP:LocalSubNet:Enabled:Local Security Authentication Server
"21875:TCP" = 21875:TCP:LocalSubNet:Enabled:Local Security Authentication Server
"16948:TCP" = 16948:TCP:LocalSubNet:Enabled:Local Security Authentication Server
"33428:TCP" = 33428:TCP:LocalSubNet:Enabled:Local Security Authentication Server
"7061:TCP" = 7061:TCP:LocalSubNet:Enabled:Local Security Authentication Server
"12536:TCP" = 12536:TCP:LocalSubNet:Enabled:Local Security Authentication Server
"22775:TCP" = 22775:TCP:LocalSubNet:Enabled:Local Security Authentication Server
"16854:TCP" = 16854:TCP:LocalSubNet:Enabled:Local Security Authentication Server
"30671:TCP" = 30671:TCP:LocalSubNet:Enabled:Local Security Authentication Server
"20207:TCP" = 20207:TCP:LocalSubNet:Enabled:Local Security Authentication Server
"26446:TCP" = 26446:TCP:LocalSubNet:Enabled:Local Security Authentication Server
"22495:TCP" = 22495:TCP:LocalSubNet:Enabled:Local Security Authentication Server
"26297:TCP" = 26297:TCP:LocalSubNet:Enabled:Local Security Authentication Server
"22101:TCP" = 22101:TCP:LocalSubNet:Enabled:Local Security Authentication Server
"8856:TCP" = 8856:TCP:LocalSubNet:Enabled:Local Security Authentication Server
"18614:TCP" = 18614:TCP:LocalSubNet:Enabled:Local Security Authentication Server
"28224:TCP" = 28224:TCP:LocalSubNet:Enabled:Local Security Authentication Server
"3269:TCP" = 3269:TCP:LocalSubNet:Enabled:Local Security Authentication Server
"2578:TCP" = 2578:TCP:LocalSubNet:Enabled:Local Security Authentication Server
"7730:TCP" = 7730:TCP:LocalSubNet:Enabled:Local Security Authentication Server
"22861:TCP" = 22861:TCP:LocalSubNet:Enabled:Local Security Authentication Server
"19488:TCP" = 19488:TCP:LocalSubNet:Enabled:Local Security Authentication Server
"27486:TCP" = 27486:TCP:LocalSubNet:Enabled:Local Security Authentication Server
"27925:TCP" = 27925:TCP:LocalSubNet:Enabled:Local Security Authentication Server
"32738:TCP" = 32738:TCP:LocalSubNet:Enabled:Local Security Authentication Server
"21872:TCP" = 21872:TCP:LocalSubNet:Enabled:Local Security Authentication Server
"30464:TCP" = 30464:TCP:LocalSubNet:Enabled:Local Security Authentication Server
"21013:TCP" = 21013:TCP:LocalSubNet:Enabled:Local Security Authentication Server
"31079:TCP" = 31079:TCP:LocalSubNet:Enabled:Local Security Authentication Server
"7750:TCP" = 7750:TCP:LocalSubNet:Enabled:Local Security Authentication Server
"31837:TCP" = 31837:TCP:LocalSubNet:Enabled:Local Security Authentication Server
"8410:TCP" = 8410:TCP:LocalSubNet:Enabled:Local Security Authentication Server
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- File not found
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- File not found
"C:\Program Files\ICQ7.0\ICQ.exe" = C:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7 -- (ICQ, LLC.)
"C:\Program Files\ICQ7.0\aolload.exe" = C:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server -- File not found
"C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server -- File not found
"C:\Documents and Settings\Guest\Data aplikací\ICQ\Application\ICQ7.0\ICQ.exe" = C:\Documents and Settings\Guest\Data aplikací\ICQ\Application\ICQ7.0\ICQ.exe:*:Disabled:ICQ -- (ICQ, LLC.)
"C:\Documents and Settings\Guest\Data aplikací\ICQ\Application\ICQ7.1\ICQ.exe" = C:\Documents and Settings\Guest\Data aplikací\ICQ\Application\ICQ7.1\ICQ.exe:*:Disabled:ICQ -- (ICQ, LLC.)
"C:\Program Files\IncrediMail\Bin\IncMail.exe" = C:\Program Files\IncrediMail\Bin\IncMail.exe:*:Enabled:IncrediMail -- File not found
"C:\Program Files\IncrediMail\Bin\ImApp.exe" = C:\Program Files\IncrediMail\Bin\ImApp.exe:*:Enabled:IncrediMail -- File not found
"C:\Program Files\IncrediMail\Bin\ImpCnt.exe" = C:\Program Files\IncrediMail\Bin\ImpCnt.exe:*:Enabled:IncrediMail -- File not found
"C:\Documents and Settings\PC\Local Settings\Temp\ImInstaller\3d_magic_installer.exe" = C:\Documents and Settings\PC\Local Settings\Temp\ImInstaller\3d_magic_installer.exe:*:Enabled:IncrediMail Installer -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Documents and Settings\PC\Data aplikací\IMVUClient\1VivoxVoice.exe" = C:\Documents and Settings\PC\Data aplikací\IMVUClient\1VivoxVoice.exe:*:Enabled:1VivoxVoice -- File not found
"C:\Documents and Settings\PC\Local Settings\Temporary Internet Files\Content.IE5\MLQP6LWJ\SweetImSetup[1].exe" = C:\Documents and Settings\PC\Local Settings\Temporary Internet Files\Content.IE5\MLQP6LWJ\SweetImSetup[1].exe:*:Enabled:SweetIM Installer -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- File not found
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- File not found
"C:\Documents and Settings\All Users\Data aplikací\SweetIM\Messenger\update\sweetimsetup.exe" = C:\Documents and Settings\All Users\Data aplikací\SweetIM\Messenger\update\sweetimsetup.exe:*:Enabled:SweetIM Installer -- (SweetIM Technologies, Ltd.)
"C:\Documents and Settings\PC\Dokumenty\Downloads\IMAGE53892731.JPG-www.facebook.exe" = c:\windows\nvsvc32.exe:*:Enabled:NVIDIA driver monitor -- ()
"C:\DOCUME~1\PC\LOCALS~1\Temp\1444.exe" = C:\DOCUME~1\PC\LOCALS~1\Temp\1444.exe:*:Enabled:Microsoft Office -- File not found
"C:\Documents and Settings\PC\Data aplikací\lsass.exe" = C:\Documents and Settings\PC\Data aplikací\lsass.exe:*:Enabled:Local Security Authentication Server -- File not found
"C:\Program Files\ICQ7.0\ICQ.exe" = C:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7 -- (ICQ, LLC.)
"C:\Program Files\ICQ7.0\aolload.exe" = C:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{15382D89-6EF6-4D21-9484-B500F2B10E46}" = PhotoMail Maker
"{15B70821-7893-4607-805A-BB80F3EA8279}" = Acer Empowering Technology framework
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1DAEF119-493B-11D5-AE90-00D0590FFE27}" = Wireless Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20CCA435-1465-4567-885C-4A0AFCD0EB05}" = F2100_Help
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23C7348E-131C-4BFF-9763-2C804D6B87AE}" = TIxx21/x515
"{242BCCDC-B37B-4792-A52C-BCDDB1030AF9}" = Zoo Empire
"{24557DC0-0839-496f-82F9-C4EB72EFE4FA}" = HP Deskjet All-In-One Software 8.0
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}" = Adobe Photoshop CS3
"{4B83D37C-0B99-4E71-B6DB-95F41510BD89}" = SudoCue
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}" = InterVideo DeviceService
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6
"{5EFDFC8B-D438-4792-A298-E87AA9ADA816}" = Acer eDataSecurity Management
"{654986E1-B6C9-4CA4-A478-B13025E739DE}_is1" = SM
"{657F8B33-CBBB-45F4-9087-274F22C89400}" = DJ_AIO_ProductContext
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6CA897D0-67F5-4F75-8261-DC8BFCA6DA42}" = Acer eLock Management
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90110405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{92F31257-15BA-46EE-887D-3C18C0790ACE}" = Atheros Client Installation Program
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9ECB4705-B9CB-405A-B6D4-33BDF707308E}" = DJ_AIO_Software
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1029-7B44-A91000000001}" = Adobe Reader 9.1 - Czech
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{DA95E878-B181-4366-A433-6145592707A8}" = SweetIM for Messenger 3.1
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DC83F417-8068-4074-BA2F-C4F8AB872556}" = DJ_AIO_Software_min
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E431C518-2EE2-471E-9234-BE995C36D513}" = Acer eDataSecurity Management 1.00.23
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F6B0E67F-598C-4318-AE93-420E93CAA47C}" = OpenOffice.org 2.0
"{F6F90406-4726-4559-B6F7-3A96529CDD45}" = F2100
"{F93D2591-8201-4692-BD8D-67A0BFAC9C14}" = SweetIM Toolbar for Internet Explorer 3.9
"{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}" = VideoStudio
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FB2E0508-0DED-411B-B6AA-B9851AEBF1FF}" = 5DFly Photo Design
"{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}" = Adobe Setup
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Balíček ovladače systému Windows - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"6194C28A8F62DD817EA1B918E6E46E806A21B452" = Balíček ovladače systému Windows - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
"65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Balíček ovladače systému Windows - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_719d6f144d0c086a0dfa7ff76bb9ac1" = Adobe Photoshop CS3
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.11 (Unicode)
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVS DVD Player_is1" = AVS DVD Player version 2.4
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Network Adapter
"Burn4Free" = Burn4Free CD and DVD
"Burn4Free Toolbar" = Burn4Free Toolbar
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-09-21 16:18
"Crosswords - ITPro CZ_is1" = Crosswords 1.81
"csWord_is1" = csWord v.3
"ePresentation" = Acer ePresentation Management
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.01
"Google Chrome" = Google Chrome
"GridVista" = Acer GridVista
"Hello Kitty_is1" = Hello Kitty
"HP Smart Web Printing" = HP Smart Web Printing
"ICQToolbar" = ICQ Toolbar
"InstallShield_{15B70821-7893-4607-805A-BB80F3EA8279}" = Acer Empowering Technology framework
"InstallShield_{23C7348E-131C-4BFF-9763-2C804D6B87AE}" = Texas Instruments PCIxx21/x515 drivers.
"InstallShield_{242BCCDC-B37B-4792-A52C-BCDDB1030AF9}" = Zoo Empire
"InstallShield_{6CA897D0-67F5-4F75-8261-DC8BFCA6DA42}" = Acer eLock Management
"InstallShield_{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}" = Ulead VideoStudio 11
"InterActual Player" = InterActual Player
"LManager" = Launch Manager
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"NCH Toolbar" = NCH Toolbar
"PhotoFiltre Studio" = PhotoFiltre Studio
"PhotoMail" = PhotoMail Maker
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"Shop for HP Supplies" = Shop for HP Supplies
"Tales Animator_is1" = Tales Animator 2.0
"VideoPad" = VideoPad Video Editor
"WinRAR archiver" = WinRAR
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 16.12.2010 15:28:03 | Computer Name = NOTEBOOK | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2000
Error - 16.12.2010 15:28:06 | Computer Name = NOTEBOOK | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 16.12.2010 15:28:06 | Computer Name = NOTEBOOK | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4969
Error - 16.12.2010 15:28:06 | Computer Name = NOTEBOOK | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4969
Error - 17.12.2010 11:53:40 | Computer Name = NOTEBOOK | Source = Application Error | ID = 1000
Description = Chybující aplikace rockxp4_.exe, verze 4.0.0.0, chybující modul kernel32.dll,
verze 5.1.2600.2180, adresa chyby 0x0001eb33.
Error - 17.12.2010 15:28:29 | Computer Name = NOTEBOOK | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace OTL.exe, verze 3.2.17.3, zablokovaný modul hungapp,
verze 0.0.0.0, adresa bloku 0x00000000.
Error - 17.12.2010 15:28:58 | Computer Name = NOTEBOOK | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace OTL.exe, verze 3.2.17.3, zablokovaný modul hungapp,
verze 0.0.0.0, adresa bloku 0x00000000.
Error - 17.12.2010 15:29:18 | Computer Name = NOTEBOOK | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace OTL.exe, verze 3.2.17.3, zablokovaný modul hungapp,
verze 0.0.0.0, adresa bloku 0x00000000.
Error - 17.12.2010 15:34:02 | Computer Name = NOTEBOOK | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace 852.exe, verze 6.1.33.0, zablokovaný modul hungapp,
verze 0.0.0.0, adresa bloku 0x00000000.
Error - 17.12.2010 15:38:53 | Computer Name = NOTEBOOK | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace OTL.exe, verze 3.2.17.3, zablokovaný modul hungapp,
verze 0.0.0.0, adresa bloku 0x00000000.
[ System Events ]
Error - 17.12.2010 15:42:15 | Computer Name = NOTEBOOK | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1084 při pokusu o spuštění služby StiSvc
s argumenty za účelem spuštění serveru: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 17.12.2010 15:42:16 | Computer Name = NOTEBOOK | Source = Service Control Manager | ID = 7000
Description = Služba oumzbfqe neuspěla při spuštění v důsledku následující chyby:
%%1
Error - 17.12.2010 15:42:16 | Computer Name = NOTEBOOK | Source = Service Control Manager | ID = 7001
Description = Služba Klient DHCP závisí na službě Rozhraní NetBios nad protokolem
TCP/IP, která neuspěla při spuštění v důsledku následující chyby: %%31
Error - 17.12.2010 15:42:16 | Computer Name = NOTEBOOK | Source = Service Control Manager | ID = 7001
Description = Služba Klient DNS závisí na službě Ovladač protokolu TCP/IP, která
neuspěla při spuštění v důsledku následující chyby: %%31
Error - 17.12.2010 15:42:16 | Computer Name = NOTEBOOK | Source = Service Control Manager | ID = 7001
Description = Služba Podpora rozhraní NetBIOS nad protokolem TCP/IP závisí na službě
AFD, která neuspěla při spuštění v důsledku následující chyby: %%31
Error - 17.12.2010 15:42:16 | Computer Name = NOTEBOOK | Source = Service Control Manager | ID = 7001
Description = Služba Apple Mobile Device závisí na službě Ovladač protokolu TCP/IP,
která neuspěla při spuštění v důsledku následující chyby: %%31
Error - 17.12.2010 15:42:16 | Computer Name = NOTEBOOK | Source = Service Control Manager | ID = 7001
Description = Služba Bonjour Service závisí na službě Ovladač protokolu TCP/IP,
která neuspěla při spuštění v důsledku následující chyby: %%31
Error - 17.12.2010 15:42:16 | Computer Name = NOTEBOOK | Source = Service Control Manager | ID = 7001
Description = Služba Služby IPSEC závisí na službě Ovladač IPSEC, která neuspěla
při spuštění v důsledku následující chyby: %%31
Error - 17.12.2010 15:42:16 | Computer Name = NOTEBOOK | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: AFD avgio avipbb Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss ssmdrv
Tcpip
Error - 17.12.2010 15:42:50 | Computer Name = NOTEBOOK | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1084 při pokusu o spuštění služby StiSvc
s argumenty za účelem spuštění serveru: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
< End of report >
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Administrator\Plocha
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
502,00 Mb Total Physical Memory | 370,00 Mb Available Physical Memory | 74,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 93,00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39,06 Gb Total Space | 13,94 Gb Free Space | 35,69% Space Free | Partition Type: NTFS
Drive D: | 35,46 Gb Total Space | 25,53 Gb Free Space | 72,00% Space Free | Partition Type: NTFS
Drive F: | 1,96 Gb Total Space | 1,79 Gb Free Space | 91,17% Space Free | Partition Type: FAT
Computer Name: NOTEBOOK | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"24301:TCP" = 24301:TCP:LocalSubNet:Enabled:Local Security Authentication Server
"18454:TCP" = 18454:TCP:LocalSubNet:Enabled:Local Security Authentication Server
"9104:TCP" = 9104:TCP:LocalSubNet:Enabled:Local Security Authentication Server
"23260:TCP" = 23260:TCP:LocalSubNet:Enabled:Local Security Authentication Server
"12414:TCP" = 12414:TCP:LocalSubNet:Enabled:Local Security Authentication Server
"7667:TCP" = 7667:TCP:LocalSubNet:Enabled:Local Security Authentication Server
"11095:TCP" = 11095:TCP:LocalSubNet:Enabled:Local Security Authentication Server
"9066:TCP" = 9066:TCP:LocalSubNet:Enabled:Local Security Authentication Server
"29467:TCP" = 29467:TCP:LocalSubNet:Enabled:Local Security Authentication Server
"22544:TCP" = 22544:TCP:LocalSubNet:Enabled:Local Security Authentication Server
"15357:TCP" = 15357:TCP:LocalSubNet:Enabled:Local Security Authentication Server
"3488:TCP" = 3488:TCP:LocalSubNet:Enabled:Local Security Authentication Server
"33182:TCP" = 33182:TCP:LocalSubNet:Enabled:Local Security Authentication Server
"20528:TCP" = 20528:TCP:LocalSubNet:Enabled:Local Security Authentication Server
"22369:TCP" = 22369:TCP:LocalSubNet:Enabled:Local Security Authentication Server
"2859:TCP" = 2859:TCP:LocalSubNet:Enabled:Local Security Authentication Server
"12629:TCP" = 12629:TCP:LocalSubNet:Enabled:Local Security Authentication Server
"26339:TCP" = 26339:TCP:LocalSubNet:Enabled:Local Security Authentication Server
"27791:TCP" = 27791:TCP:LocalSubNet:Enabled:Local Security Authentication Server
"17730:TCP" = 17730:TCP:LocalSubNet:Enabled:Local Security Authentication Server
"7759:TCP" = 7759:TCP:LocalSubNet:Enabled:Local Security Authentication Server
"11055:TCP" = 11055:TCP:LocalSubNet:Enabled:Local Security Authentication Server
"21875:TCP" = 21875:TCP:LocalSubNet:Enabled:Local Security Authentication Server
"16948:TCP" = 16948:TCP:LocalSubNet:Enabled:Local Security Authentication Server
"33428:TCP" = 33428:TCP:LocalSubNet:Enabled:Local Security Authentication Server
"7061:TCP" = 7061:TCP:LocalSubNet:Enabled:Local Security Authentication Server
"12536:TCP" = 12536:TCP:LocalSubNet:Enabled:Local Security Authentication Server
"22775:TCP" = 22775:TCP:LocalSubNet:Enabled:Local Security Authentication Server
"16854:TCP" = 16854:TCP:LocalSubNet:Enabled:Local Security Authentication Server
"30671:TCP" = 30671:TCP:LocalSubNet:Enabled:Local Security Authentication Server
"20207:TCP" = 20207:TCP:LocalSubNet:Enabled:Local Security Authentication Server
"26446:TCP" = 26446:TCP:LocalSubNet:Enabled:Local Security Authentication Server
"22495:TCP" = 22495:TCP:LocalSubNet:Enabled:Local Security Authentication Server
"26297:TCP" = 26297:TCP:LocalSubNet:Enabled:Local Security Authentication Server
"22101:TCP" = 22101:TCP:LocalSubNet:Enabled:Local Security Authentication Server
"8856:TCP" = 8856:TCP:LocalSubNet:Enabled:Local Security Authentication Server
"18614:TCP" = 18614:TCP:LocalSubNet:Enabled:Local Security Authentication Server
"28224:TCP" = 28224:TCP:LocalSubNet:Enabled:Local Security Authentication Server
"3269:TCP" = 3269:TCP:LocalSubNet:Enabled:Local Security Authentication Server
"2578:TCP" = 2578:TCP:LocalSubNet:Enabled:Local Security Authentication Server
"7730:TCP" = 7730:TCP:LocalSubNet:Enabled:Local Security Authentication Server
"22861:TCP" = 22861:TCP:LocalSubNet:Enabled:Local Security Authentication Server
"19488:TCP" = 19488:TCP:LocalSubNet:Enabled:Local Security Authentication Server
"27486:TCP" = 27486:TCP:LocalSubNet:Enabled:Local Security Authentication Server
"27925:TCP" = 27925:TCP:LocalSubNet:Enabled:Local Security Authentication Server
"32738:TCP" = 32738:TCP:LocalSubNet:Enabled:Local Security Authentication Server
"21872:TCP" = 21872:TCP:LocalSubNet:Enabled:Local Security Authentication Server
"30464:TCP" = 30464:TCP:LocalSubNet:Enabled:Local Security Authentication Server
"21013:TCP" = 21013:TCP:LocalSubNet:Enabled:Local Security Authentication Server
"31079:TCP" = 31079:TCP:LocalSubNet:Enabled:Local Security Authentication Server
"7750:TCP" = 7750:TCP:LocalSubNet:Enabled:Local Security Authentication Server
"31837:TCP" = 31837:TCP:LocalSubNet:Enabled:Local Security Authentication Server
"8410:TCP" = 8410:TCP:LocalSubNet:Enabled:Local Security Authentication Server
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- File not found
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- File not found
"C:\Program Files\ICQ7.0\ICQ.exe" = C:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7 -- (ICQ, LLC.)
"C:\Program Files\ICQ7.0\aolload.exe" = C:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server -- File not found
"C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe" = C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server -- File not found
"C:\Documents and Settings\Guest\Data aplikací\ICQ\Application\ICQ7.0\ICQ.exe" = C:\Documents and Settings\Guest\Data aplikací\ICQ\Application\ICQ7.0\ICQ.exe:*:Disabled:ICQ -- (ICQ, LLC.)
"C:\Documents and Settings\Guest\Data aplikací\ICQ\Application\ICQ7.1\ICQ.exe" = C:\Documents and Settings\Guest\Data aplikací\ICQ\Application\ICQ7.1\ICQ.exe:*:Disabled:ICQ -- (ICQ, LLC.)
"C:\Program Files\IncrediMail\Bin\IncMail.exe" = C:\Program Files\IncrediMail\Bin\IncMail.exe:*:Enabled:IncrediMail -- File not found
"C:\Program Files\IncrediMail\Bin\ImApp.exe" = C:\Program Files\IncrediMail\Bin\ImApp.exe:*:Enabled:IncrediMail -- File not found
"C:\Program Files\IncrediMail\Bin\ImpCnt.exe" = C:\Program Files\IncrediMail\Bin\ImpCnt.exe:*:Enabled:IncrediMail -- File not found
"C:\Documents and Settings\PC\Local Settings\Temp\ImInstaller\3d_magic_installer.exe" = C:\Documents and Settings\PC\Local Settings\Temp\ImInstaller\3d_magic_installer.exe:*:Enabled:IncrediMail Installer -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Documents and Settings\PC\Data aplikací\IMVUClient\1VivoxVoice.exe" = C:\Documents and Settings\PC\Data aplikací\IMVUClient\1VivoxVoice.exe:*:Enabled:1VivoxVoice -- File not found
"C:\Documents and Settings\PC\Local Settings\Temporary Internet Files\Content.IE5\MLQP6LWJ\SweetImSetup[1].exe" = C:\Documents and Settings\PC\Local Settings\Temporary Internet Files\Content.IE5\MLQP6LWJ\SweetImSetup[1].exe:*:Enabled:SweetIM Installer -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- File not found
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- File not found
"C:\Documents and Settings\All Users\Data aplikací\SweetIM\Messenger\update\sweetimsetup.exe" = C:\Documents and Settings\All Users\Data aplikací\SweetIM\Messenger\update\sweetimsetup.exe:*:Enabled:SweetIM Installer -- (SweetIM Technologies, Ltd.)
"C:\Documents and Settings\PC\Dokumenty\Downloads\IMAGE53892731.JPG-www.facebook.exe" = c:\windows\nvsvc32.exe:*:Enabled:NVIDIA driver monitor -- ()
"C:\DOCUME~1\PC\LOCALS~1\Temp\1444.exe" = C:\DOCUME~1\PC\LOCALS~1\Temp\1444.exe:*:Enabled:Microsoft Office -- File not found
"C:\Documents and Settings\PC\Data aplikací\lsass.exe" = C:\Documents and Settings\PC\Data aplikací\lsass.exe:*:Enabled:Local Security Authentication Server -- File not found
"C:\Program Files\ICQ7.0\ICQ.exe" = C:\Program Files\ICQ7.0\ICQ.exe:*:Enabled:ICQ7 -- (ICQ, LLC.)
"C:\Program Files\ICQ7.0\aolload.exe" = C:\Program Files\ICQ7.0\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{15382D89-6EF6-4D21-9484-B500F2B10E46}" = PhotoMail Maker
"{15B70821-7893-4607-805A-BB80F3EA8279}" = Acer Empowering Technology framework
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1DAEF119-493B-11D5-AE90-00D0590FFE27}" = Wireless Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20CCA435-1465-4567-885C-4A0AFCD0EB05}" = F2100_Help
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23C7348E-131C-4BFF-9763-2C804D6B87AE}" = TIxx21/x515
"{242BCCDC-B37B-4792-A52C-BCDDB1030AF9}" = Zoo Empire
"{24557DC0-0839-496f-82F9-C4EB72EFE4FA}" = HP Deskjet All-In-One Software 8.0
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}" = Adobe Photoshop CS3
"{4B83D37C-0B99-4E71-B6DB-95F41510BD89}" = SudoCue
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}" = InterVideo DeviceService
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6
"{5EFDFC8B-D438-4792-A298-E87AA9ADA816}" = Acer eDataSecurity Management
"{654986E1-B6C9-4CA4-A478-B13025E739DE}_is1" = SM
"{657F8B33-CBBB-45F4-9087-274F22C89400}" = DJ_AIO_ProductContext
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6CA897D0-67F5-4F75-8261-DC8BFCA6DA42}" = Acer eLock Management
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90110405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{92F31257-15BA-46EE-887D-3C18C0790ACE}" = Atheros Client Installation Program
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9ECB4705-B9CB-405A-B6D4-33BDF707308E}" = DJ_AIO_Software
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1029-7B44-A91000000001}" = Adobe Reader 9.1 - Czech
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{DA95E878-B181-4366-A433-6145592707A8}" = SweetIM for Messenger 3.1
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DC83F417-8068-4074-BA2F-C4F8AB872556}" = DJ_AIO_Software_min
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E431C518-2EE2-471E-9234-BE995C36D513}" = Acer eDataSecurity Management 1.00.23
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F6B0E67F-598C-4318-AE93-420E93CAA47C}" = OpenOffice.org 2.0
"{F6F90406-4726-4559-B6F7-3A96529CDD45}" = F2100
"{F93D2591-8201-4692-BD8D-67A0BFAC9C14}" = SweetIM Toolbar for Internet Explorer 3.9
"{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}" = VideoStudio
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FB2E0508-0DED-411B-B6AA-B9851AEBF1FF}" = 5DFly Photo Design
"{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}" = Adobe Setup
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Balíček ovladače systému Windows - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"6194C28A8F62DD817EA1B918E6E46E806A21B452" = Balíček ovladače systému Windows - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
"65B6FE5418CE28F4D72543FB2D964C3CEC83F161" = Balíček ovladače systému Windows - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_719d6f144d0c086a0dfa7ff76bb9ac1" = Adobe Photoshop CS3
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.11 (Unicode)
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVS DVD Player_is1" = AVS DVD Player version 2.4
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Network Adapter
"Burn4Free" = Burn4Free CD and DVD
"Burn4Free Toolbar" = Burn4Free Toolbar
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-09-21 16:18
"Crosswords - ITPro CZ_is1" = Crosswords 1.81
"csWord_is1" = csWord v.3
"ePresentation" = Acer ePresentation Management
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.01
"Google Chrome" = Google Chrome
"GridVista" = Acer GridVista
"Hello Kitty_is1" = Hello Kitty
"HP Smart Web Printing" = HP Smart Web Printing
"ICQToolbar" = ICQ Toolbar
"InstallShield_{15B70821-7893-4607-805A-BB80F3EA8279}" = Acer Empowering Technology framework
"InstallShield_{23C7348E-131C-4BFF-9763-2C804D6B87AE}" = Texas Instruments PCIxx21/x515 drivers.
"InstallShield_{242BCCDC-B37B-4792-A52C-BCDDB1030AF9}" = Zoo Empire
"InstallShield_{6CA897D0-67F5-4F75-8261-DC8BFCA6DA42}" = Acer eLock Management
"InstallShield_{F99F9E24-EE2F-47FD-AEB0-FDB82859B5C9}" = Ulead VideoStudio 11
"InterActual Player" = InterActual Player
"LManager" = Launch Manager
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"NCH Toolbar" = NCH Toolbar
"PhotoFiltre Studio" = PhotoFiltre Studio
"PhotoMail" = PhotoMail Maker
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"Shop for HP Supplies" = Shop for HP Supplies
"Tales Animator_is1" = Tales Animator 2.0
"VideoPad" = VideoPad Video Editor
"WinRAR archiver" = WinRAR
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 16.12.2010 15:28:03 | Computer Name = NOTEBOOK | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2000
Error - 16.12.2010 15:28:06 | Computer Name = NOTEBOOK | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 16.12.2010 15:28:06 | Computer Name = NOTEBOOK | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4969
Error - 16.12.2010 15:28:06 | Computer Name = NOTEBOOK | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4969
Error - 17.12.2010 11:53:40 | Computer Name = NOTEBOOK | Source = Application Error | ID = 1000
Description = Chybující aplikace rockxp4_.exe, verze 4.0.0.0, chybující modul kernel32.dll,
verze 5.1.2600.2180, adresa chyby 0x0001eb33.
Error - 17.12.2010 15:28:29 | Computer Name = NOTEBOOK | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace OTL.exe, verze 3.2.17.3, zablokovaný modul hungapp,
verze 0.0.0.0, adresa bloku 0x00000000.
Error - 17.12.2010 15:28:58 | Computer Name = NOTEBOOK | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace OTL.exe, verze 3.2.17.3, zablokovaný modul hungapp,
verze 0.0.0.0, adresa bloku 0x00000000.
Error - 17.12.2010 15:29:18 | Computer Name = NOTEBOOK | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace OTL.exe, verze 3.2.17.3, zablokovaný modul hungapp,
verze 0.0.0.0, adresa bloku 0x00000000.
Error - 17.12.2010 15:34:02 | Computer Name = NOTEBOOK | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace 852.exe, verze 6.1.33.0, zablokovaný modul hungapp,
verze 0.0.0.0, adresa bloku 0x00000000.
Error - 17.12.2010 15:38:53 | Computer Name = NOTEBOOK | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace OTL.exe, verze 3.2.17.3, zablokovaný modul hungapp,
verze 0.0.0.0, adresa bloku 0x00000000.
[ System Events ]
Error - 17.12.2010 15:42:15 | Computer Name = NOTEBOOK | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1084 při pokusu o spuštění služby StiSvc
s argumenty za účelem spuštění serveru: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 17.12.2010 15:42:16 | Computer Name = NOTEBOOK | Source = Service Control Manager | ID = 7000
Description = Služba oumzbfqe neuspěla při spuštění v důsledku následující chyby:
%%1
Error - 17.12.2010 15:42:16 | Computer Name = NOTEBOOK | Source = Service Control Manager | ID = 7001
Description = Služba Klient DHCP závisí na službě Rozhraní NetBios nad protokolem
TCP/IP, která neuspěla při spuštění v důsledku následující chyby: %%31
Error - 17.12.2010 15:42:16 | Computer Name = NOTEBOOK | Source = Service Control Manager | ID = 7001
Description = Služba Klient DNS závisí na službě Ovladač protokolu TCP/IP, která
neuspěla při spuštění v důsledku následující chyby: %%31
Error - 17.12.2010 15:42:16 | Computer Name = NOTEBOOK | Source = Service Control Manager | ID = 7001
Description = Služba Podpora rozhraní NetBIOS nad protokolem TCP/IP závisí na službě
AFD, která neuspěla při spuštění v důsledku následující chyby: %%31
Error - 17.12.2010 15:42:16 | Computer Name = NOTEBOOK | Source = Service Control Manager | ID = 7001
Description = Služba Apple Mobile Device závisí na službě Ovladač protokolu TCP/IP,
která neuspěla při spuštění v důsledku následující chyby: %%31
Error - 17.12.2010 15:42:16 | Computer Name = NOTEBOOK | Source = Service Control Manager | ID = 7001
Description = Služba Bonjour Service závisí na službě Ovladač protokolu TCP/IP,
která neuspěla při spuštění v důsledku následující chyby: %%31
Error - 17.12.2010 15:42:16 | Computer Name = NOTEBOOK | Source = Service Control Manager | ID = 7001
Description = Služba Služby IPSEC závisí na službě Ovladač IPSEC, která neuspěla
při spuštění v důsledku následující chyby: %%31
Error - 17.12.2010 15:42:16 | Computer Name = NOTEBOOK | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: AFD avgio avipbb Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss ssmdrv
Tcpip
Error - 17.12.2010 15:42:50 | Computer Name = NOTEBOOK | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1084 při pokusu o spuštění služby StiSvc
s argumenty za účelem spuštění serveru: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
< End of report >
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: Prosim o kontrolu, Avira hlasi vir
V nouzovém režimu OTL a do spodního okna vložte následující skript.
Kód: Vybrat vše
:Commands
[EMPTYTEMP]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
:OTL
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2010.12.12 18:25:25 | 000,188,928 | ---- | M] (Cushofts) [Auto | Stopped] -- C:\WINDOWS\system32\lygoufou.exe -- (eitdaee2u9rxoaii)
SRV - [2010.12.02 14:23:19 | 000,238,592 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Auto | Stopped] -- C:\WINDOWS\system32\sshnas21.dll -- (SSHNAS)
SRV - [2010.10.05 13:32:48 | 000,028,762 | ---- | M] (MyWebSearch.com) [Auto | Stopped] -- C:\Program Files\MyWebSearch\bar\3.bin\MWSSVC.EXE -- (MyWebSearchService)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\zaiacpja.sys -- (zaiacpja)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\yzhsvgxh.sys -- (yzhsvgxh)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\vznswyxs.sys -- (vznswyxs)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\vlrdfqbz.sys -- (vlrdfqbz)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\sfxnpice.sys -- (sfxnpice)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\s24trans.sys -- (s24trans)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\rxqwrobg.sys -- (rxqwrobg)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\pmtgvwmi.sys -- (pmtgvwmi)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\oeaalwhq.sys -- (oeaalwhq)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\obcaitjq.sys -- (obcaitjq)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\nkebnopw.sys -- (nkebnopw)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\luwigejm.sys -- (luwigejm)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\lhrosnog.sys -- (lhrosnog)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\lflgovjj.sys -- (lflgovjj)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\lcwzqgkv.sys -- (lcwzqgkv)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\jwqoxcwx.sys -- (jwqoxcwx)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\jwmuouzk.sys -- (jwmuouzk)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\jcwxeuyh.sys -- (jcwxeuyh)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\hqvubosm.sys -- (hqvubosm)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\gtfpfvkl.sys -- (gtfpfvkl)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\gcycjyif.sys -- (gcycjyif)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\enrpwjry.sys -- (enrpwjry)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\cprhihdf.sys -- (cprhihdf)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\cbzlxymo.sys -- (cbzlxymo)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\bfyysyfw.sys -- (bfyysyfw)
DRV - [2010.11.21 07:10:12 | 000,082,944 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\oumzbfqe.sys -- (oumzbfqe)
IE - HKU\.DEFAULT\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\..\URLSearchHook: - Reg Error: Key error. File not found
FF - prefs.js..extensions.enabledItems: m3ffxtbr@mywebsearch.com:1.1
FF - HKLM\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\3.bin [2010.11.22 15:08:56 | 000,000,000 | ---D | M]
O3 - HKLM\..\Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {70DE7956-479D-4eb7-8641-2B45774C350E} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {c2db4fe6-8409-45ce-8010-189a7b5cce86} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {70DE7956-479D-4EB7-8641-2B45774C350E} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {70DE7956-479D-4EB7-8641-2B45774C350E} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: [bfwdrv] C:\DOCUME~1\PC\LOCALS~1\Temp\852.exe File not found
O4 - HKLM..\Run: [jisude] C:\WINDOWS\system32\jokypakouh.exe ()
O4 - HKLM..\Run: [kattoka] C:\WINDOWS\system32\lepydeha.exe ()
O4 - HKLM..\Run: [moocegup] C:\WINDOWS\system32\tilorehoot.exe ()
O4 - HKLM..\Run: [My Web Search Bar] C:\PROGRA~1\MYWEBS~1\bar\3.bin\MWSBAR.DLL File not found
O4 - HKLM..\Run: [MyWebSearch Email Plugin] C:\Program Files\MyWebSearch\bar\3.bin\MWSOEMON.EXE (MyWebSearch.com)
O4 - HKLM..\Run: [NVIDIA driver monitor] c:\WINDOWS\nvsvc32.exe ()
O4 - HKU\.DEFAULT..\Run: [jisude] C:\Documents and Settings\LocalService\Data aplikací\Microsoft\jokypakouh.exe (Cushofts)
O4 - HKU\.DEFAULT..\Run: [moocegup] C:\Documents and Settings\LocalService\Data aplikací\Microsoft\tilorehoot.exe (Cushofts)
O4 - HKU\S-1-5-18..\Run: [jisude] C:\Documents and Settings\LocalService\Data aplikací\Microsoft\jokypakouh.exe (Cushofts)
O4 - HKU\S-1-5-18..\Run: [moocegup] C:\Documents and Settings\LocalService\Data aplikací\Microsoft\tilorehoot.exe (Cushofts)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: csrcs = C:\WINDOWS\system32\csrcs.exe File not found
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\PC\Nabídka Start\Programy\IMVU\Run IMVU.lnk File not found
O9 - Extra Button: HP Chytrý výběr - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - Reg Error: Key error. File not found
O20 - HKLM Winlogon: Shell - (C:\DOCUME~1\PC\LOCALS~1\Temp\852.exe) - C:\DOCUME~1\PC\LOCALS~1\Temp\852.exe File not found
O20 - HKLM Winlogon: UserInit - (C:\DOCUME~1\PC\LOCALS~1\Temp\852.exe) - C:\DOCUME~1\PC\LOCALS~1\Temp\852.exe File not found
O20 - HKLM Winlogon: TaskMan - (C:\Documents and Settings\PC\Data aplikací\juzjf.exe) - C:\Documents and Settings\PC\Data aplikací\juzjf.exe File not found
NetSvcs: SSHNAS - C:\WINDOWS\system32\sshnas21.dll (Windows (R) Codename Longhorn DDK provider)
[2010.12.17 20:32:58 | 000,188,928 | ---- | C] (Cushofts) -- C:\WINDOWS\System32\lygoufou.exe
[2010.12.16 07:08:58 | 000,223,232 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\Oqozaj.exe
[2010.12.12 08:57:11 | 000,206,848 | ---- | C] (Cushofts) -- C:\WINDOWS\System32\vydarook.exe
[2010.12.10 16:18:21 | 000,195,584 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\Oqozai.exe
[2010.12.07 16:53:25 | 000,194,048 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\Oqozae.exe
[2010.12.07 14:54:12 | 000,194,048 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\Oqozad.exe
[2010.12.06 16:24:08 | 000,194,048 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\Oqozac.exe
[2010.12.05 14:45:18 | 000,184,832 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\Oqozab.exe
[2010.12.02 14:23:19 | 000,238,592 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\System32\sshnas21.dll
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2010.12.17 20:39:12 | 000,000,240 | -H-- | M] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010.12.17 20:31:33 | 000,000,270 | -H-- | M] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010.12.15 18:27:29 | 000,223,232 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\Oqozaj.exe
[2010.12.12 18:25:25 | 000,188,928 | ---- | M] (Cushofts) -- C:\WINDOWS\System32\lygoufou.exe
[2010.12.12 18:25:25 | 000,188,928 | ---- | M] () -- C:\WINDOWS\System32\wejovood.exe
[2010.12.12 18:25:25 | 000,188,928 | ---- | M] () -- C:\WINDOWS\System32\jokypakouh.exe
[2010.12.11 02:56:53 | 000,206,848 | ---- | M] (Cushofts) -- C:\WINDOWS\System32\vydarook.exe
[2010.12.11 02:56:53 | 000,206,848 | ---- | M] () -- C:\WINDOWS\System32\tilorehoot.exe
[2010.12.11 02:56:53 | 000,206,848 | ---- | M] () -- C:\WINDOWS\System32\davy.exe
[2010.12.10 14:03:20 | 000,195,584 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\Oqozai.exe
[2010.12.09 22:29:58 | 000,197,120 | ---- | M] () -- C:\WINDOWS\Oqozah.exe
[2010.12.09 22:29:58 | 000,197,120 | ---- | M] () -- C:\WINDOWS\Oqozag.exe
[2010.12.09 16:09:31 | 000,197,120 | ---- | M] () -- C:\WINDOWS\Oqozaf.exe
[2010.12.07 15:09:25 | 000,194,048 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\Oqozae.exe
[2010.12.06 22:41:49 | 000,194,048 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\Oqozad.exe
[2010.12.06 15:08:46 | 000,194,048 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\Oqozac.exe
[2010.12.05 12:59:48 | 000,184,832 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\Oqozab.exe
[2010.12.02 14:23:19 | 000,238,592 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\WINDOWS\System32\sshnas21.dll
[2010.12.02 14:23:18 | 000,195,072 | ---- | M] () -- C:\WINDOWS\Oqozaa.exe
[2010.11.26 16:33:17 | 000,000,258 | ---- | M] () -- C:\cy.exe
[2010.11.22 14:22:38 | 000,045,568 | -H-- | M] () -- C:\WINDOWS\System32\secupdat.dat
[2010.11.21 19:09:30 | 000,000,184 | ---- | M] () -- C:\wifi32.exe
[2010.11.21 07:10:12 | 000,082,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\oumzbfqe.sys
[2010.11.21 00:03:52 | 000,201,216 | ---- | M] () -- C:\WINDOWS\System32\lepydeha.exe
[2010.11.21 00:03:52 | 000,201,216 | ---- | M] () -- C:\WINDOWS\System32\boohoulo.exe
[2010.11.20 23:08:32 | 000,065,024 | RHS- | M] () -- C:\WINDOWS\nvsvc32.exe
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2010.12.12 18:25:24 | 000,188,928 | ---- | C] () -- C:\WINDOWS\System32\wejovood.exe
[2010.12.12 08:58:14 | 000,188,928 | ---- | C] () -- C:\WINDOWS\System32\jokypakouh.exe
[2010.12.10 13:52:12 | 000,197,120 | ---- | C] () -- C:\WINDOWS\Oqozah.exe
[2010.12.10 07:25:29 | 000,197,120 | ---- | C] () -- C:\WINDOWS\Oqozag.exe
[2010.12.09 22:09:15 | 000,206,848 | ---- | C] () -- C:\WINDOWS\System32\davy.exe
[2010.12.09 21:59:30 | 000,197,120 | ---- | C] () -- C:\WINDOWS\Oqozaf.exe
[2010.12.08 15:07:55 | 000,206,848 | ---- | C] () -- C:\WINDOWS\System32\tilorehoot.exe
[2010.12.02 14:23:40 | 000,195,072 | ---- | C] () -- C:\WINDOWS\Oqozaa.exe
[2010.12.02 14:23:30 | 000,000,270 | -H-- | C] () -- C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010.12.02 14:23:27 | 000,000,240 | -H-- | C] () -- C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010.11.26 16:33:17 | 000,000,258 | ---- | C] () -- C:\cy.exe
[2010.11.22 14:22:38 | 000,045,568 | -H-- | C] () -- C:\WINDOWS\System32\secupdat.dat
[2010.11.21 19:09:30 | 000,000,184 | ---- | C] () -- C:\wifi32.exe
[2010.11.21 07:10:01 | 000,082,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\oumzbfqe.sys
[2010.11.21 00:04:06 | 000,201,216 | ---- | C] () -- C:\WINDOWS\System32\boohoulo.exe
[2010.11.21 00:03:52 | 000,201,216 | ---- | C] () -- C:\WINDOWS\System32\lepydeha.exe
[2010.11.20 23:55:39 | 000,002,116 | -H-- | C] () -- C:\Documents and Settings\All Users\Data aplikací\common.data
[2010.11.20 23:08:32 | 000,065,024 | RHS- | C] () -- C:\WINDOWS\nvsvc32.exe
[2009.08.13 18:47:10 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2009.08.13 18:44:22 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\SC_res.dll
[2009.08.13 18:44:22 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\TC_res.dll
[2010.07.08 21:27:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010.11.04 14:37:04 | 000,000,274 | ---- | M] () -- C:\WINDOWS\Tasks\videopadShakeIcon.job
[2010.11.21 07:10:12 | 000,082,944 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\oumzbfqe.sys
@Alternate Data Stream - 502695 bytes -> C:\WINDOWS\Temp:temp
@Alternate Data Stream - 24 bytes -> C:\WINDOWS:2CAF45856F4A3E42
:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"24301:TCP" =-
"18454:TCP" =-
"9104:TCP" =-
"23260:TCP" =-
"12414:TCP" =-
"7667:TCP" =-
"11095:TCP" =-
"9066:TCP" =-
"29467:TCP" =-
"22544:TCP" =-
"15357:TCP" =-
"3488:TCP" =-
"33182:TCP" =-
"20528:TCP" =-
"22369:TCP" =-
"2859:TCP" =-
"12629:TCP" =-
"26339:TCP" =-
"27791:TCP" =-
"17730:TCP" =-
"7759:TCP" =-
"11055:TCP" =-
"21875:TCP" =-
"16948:TCP" =-
"33428:TCP" =-
"7061:TCP" =-
"12536:TCP" =-
"22775:TCP" =-
"16854:TCP" =-
"30671:TCP" =-
"20207:TCP" =-
"26446:TCP" =-
"22495:TCP" =-
"26297:TCP" =-
"22101:TCP" =-
"8856:TCP" =-
"18614:TCP" =-
"28224:TCP" =-
"3269:TCP" =-
"2578:TCP" =-
"7730:TCP" =-
"22861:TCP" =-
"19488:TCP" =-
"27486:TCP" =-
"27925:TCP" =-
"32738:TCP" =-
"21872:TCP" =-
"30464:TCP" =-
"21013:TCP" =-
"31079:TCP" =-
"7750:TCP" =-
"31837:TCP" =-
"8410:TCP" =-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe" =-
"C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe" =-
"C:\Program Files\IncrediMail\Bin\IncMail.exe" =-
"C:\Program Files\IncrediMail\Bin\ImApp.exe" =-
"C:\Program Files\IncrediMail\Bin\ImpCnt.exe" =-
"C:\Documents and Settings\PC\Local Settings\Temp\ImInstaller\3d_magic_installer.exe" =-
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" =-
"C:\Documents and Settings\PC\Data aplikací\IMVUClient\1VivoxVoice.exe" =-
"C:\Documents and Settings\PC\Local Settings\Temporary Internet Files\Content.IE5\MLQP6LWJ\SweetImSetup[1].exe" =-
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" =-
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" =-
"C:\Documents and Settings\PC\Dokumenty\Downloads\IMAGE53892731.JPG-www.facebook.exe" =-
"C:\DOCUME~1\PC\LOCALS~1\Temp\1444.exe" =-
"C:\Documents and Settings\PC\Data aplikací\lsass.exe" =-Znáte soubor C:\HDTV.exe
Re: Prosim o kontrolu, Avira hlasi vir
neni to moje PC, ale uzivatel je velky zacatecnik takze nevi co je C:\HDTV.exe
All processes killed
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 3471660 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Guest
->Temp folder emptied: 33165697 bytes
->Temporary Internet Files folder emptied: 259384047 bytes
->FireFox cache emptied: 35628968 bytes
->Flash cache emptied: 23883 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 3091310 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1250569 bytes
User: PC
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 5902 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 45539440 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 364,00 mb
[EMPTYFLASH]
User: Administrator
User: All Users
User: Default User
User: Guest
->Flash cache emptied: 0 bytes
User: LocalService
User: NetworkService
User: PC
Total Flash Files Cleaned = 0,00 mb
Restore points cleared and new OTL Restore Point set!
========== OTL ==========
Service gusvc stopped successfully!
Service gusvc deleted successfully!
File C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe not found.
Service eitdaee2u9rxoaii stopped successfully!
Service eitdaee2u9rxoaii deleted successfully!
C:\WINDOWS\system32\lygoufou.exe moved successfully.
Service SSHNAS stopped successfully!
Service SSHNAS deleted successfully!
C:\WINDOWS\system32\sshnas21.dll moved successfully.
Service MyWebSearchService stopped successfully!
Service MyWebSearchService deleted successfully!
C:\Program Files\MyWebSearch\bar\3.bin\MWSSVC.EXE moved successfully.
Service zaiacpja stopped successfully!
Service zaiacpja deleted successfully!
File C:\WINDOWS\System32\Drivers\zaiacpja.sys not found.
Service yzhsvgxh stopped successfully!
Service yzhsvgxh deleted successfully!
File C:\WINDOWS\System32\Drivers\yzhsvgxh.sys not found.
Service vznswyxs stopped successfully!
Service vznswyxs deleted successfully!
File C:\WINDOWS\System32\Drivers\vznswyxs.sys not found.
Service vlrdfqbz stopped successfully!
Service vlrdfqbz deleted successfully!
File C:\WINDOWS\System32\Drivers\vlrdfqbz.sys not found.
Service sfxnpice stopped successfully!
Service sfxnpice deleted successfully!
File C:\WINDOWS\System32\Drivers\sfxnpice.sys not found.
Service s24trans stopped successfully!
Service s24trans deleted successfully!
File C:\WINDOWS\System32\DRIVERS\s24trans.sys not found.
Service rxqwrobg stopped successfully!
Service rxqwrobg deleted successfully!
File C:\WINDOWS\System32\Drivers\rxqwrobg.sys not found.
Service pmtgvwmi stopped successfully!
Service pmtgvwmi deleted successfully!
File C:\WINDOWS\System32\Drivers\pmtgvwmi.sys not found.
Service oeaalwhq stopped successfully!
Service oeaalwhq deleted successfully!
File C:\WINDOWS\System32\Drivers\oeaalwhq.sys not found.
Service obcaitjq stopped successfully!
Service obcaitjq deleted successfully!
File C:\WINDOWS\System32\Drivers\obcaitjq.sys not found.
Service nkebnopw stopped successfully!
Service nkebnopw deleted successfully!
File C:\WINDOWS\System32\Drivers\nkebnopw.sys not found.
Service luwigejm stopped successfully!
Service luwigejm deleted successfully!
File C:\WINDOWS\System32\Drivers\luwigejm.sys not found.
Service lhrosnog stopped successfully!
Service lhrosnog deleted successfully!
File C:\WINDOWS\System32\Drivers\lhrosnog.sys not found.
Service lflgovjj stopped successfully!
Service lflgovjj deleted successfully!
File C:\WINDOWS\System32\Drivers\lflgovjj.sys not found.
Service lcwzqgkv stopped successfully!
Service lcwzqgkv deleted successfully!
File C:\WINDOWS\System32\Drivers\lcwzqgkv.sys not found.
Service jwqoxcwx stopped successfully!
Service jwqoxcwx deleted successfully!
File C:\WINDOWS\System32\Drivers\jwqoxcwx.sys not found.
Service jwmuouzk stopped successfully!
Service jwmuouzk deleted successfully!
File C:\WINDOWS\System32\Drivers\jwmuouzk.sys not found.
Service jcwxeuyh stopped successfully!
Service jcwxeuyh deleted successfully!
File C:\WINDOWS\System32\Drivers\jcwxeuyh.sys not found.
Service hqvubosm stopped successfully!
Service hqvubosm deleted successfully!
File C:\WINDOWS\System32\Drivers\hqvubosm.sys not found.
Service gtfpfvkl stopped successfully!
Service gtfpfvkl deleted successfully!
File C:\WINDOWS\System32\Drivers\gtfpfvkl.sys not found.
Service gcycjyif stopped successfully!
Service gcycjyif deleted successfully!
File C:\WINDOWS\System32\Drivers\gcycjyif.sys not found.
Service enrpwjry stopped successfully!
Service enrpwjry deleted successfully!
File C:\WINDOWS\System32\Drivers\enrpwjry.sys not found.
Service cprhihdf stopped successfully!
Service cprhihdf deleted successfully!
File C:\WINDOWS\System32\Drivers\cprhihdf.sys not found.
Service cbzlxymo stopped successfully!
Service cbzlxymo deleted successfully!
File C:\WINDOWS\System32\Drivers\cbzlxymo.sys not found.
Service bfyysyfw stopped successfully!
Service bfyysyfw deleted successfully!
File C:\WINDOWS\System32\Drivers\bfyysyfw.sys not found.
Service oumzbfqe stopped successfully!
Service oumzbfqe deleted successfully!
File move failed. C:\WINDOWS\system32\drivers\oumzbfqe.sys scheduled to be moved on reboot.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\ not found.
Prefs.js: m3ffxtbr@mywebsearch.com:1.1 removed from extensions.enabledItems
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\chrome folder moved successfully.
C:\Program Files\MyWebSearch\bar\3.bin folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{07B18EA9-A523-4961-B6BB-170DE4475CCA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{70DE7956-479D-4eb7-8641-2B45774C350E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70DE7956-479D-4eb7-8641-2B45774C350E}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{c2db4fe6-8409-45ce-8010-189a7b5cce86} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c2db4fe6-8409-45ce-8010-189a7b5cce86}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{70DE7956-479D-4EB7-8641-2B45774C350E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70DE7956-479D-4EB7-8641-2B45774C350E}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{70DE7956-479D-4EB7-8641-2B45774C350E} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70DE7956-479D-4EB7-8641-2B45774C350E}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\bfwdrv deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\jisude deleted successfully.
File move failed. C:\WINDOWS\system32\jokypakouh.exe scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\kattoka deleted successfully.
File move failed. C:\WINDOWS\system32\lepydeha.exe scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\moocegup deleted successfully.
File move failed. C:\WINDOWS\system32\tilorehoot.exe scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\My Web Search Bar deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MyWebSearch Email Plugin deleted successfully.
File C:\Program Files\MyWebSearch\bar\3.bin\MWSOEMON.EXE not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NVIDIA driver monitor deleted successfully.
c:\WINDOWS\nvsvc32.exe moved successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\jisude deleted successfully.
C:\Documents and Settings\LocalService\Data aplikací\Microsoft\jokypakouh.exe moved successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\moocegup deleted successfully.
C:\Documents and Settings\LocalService\Data aplikací\Microsoft\tilorehoot.exe moved successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\jisude not found.
File C:\Documents and Settings\LocalService\Data aplikací\Microsoft\jokypakouh.exe not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\moocegup not found.
File C:\Documents and Settings\LocalService\Data aplikací\Microsoft\tilorehoot.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\csrcs deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{d9288080-1baa-4bc4-9cf8-a92d743db949}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d9288080-1baa-4bc4-9cf8-a92d743db949}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{DDE87865-83C5-48c4-8357-2F5B1AA84522}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DDE87865-83C5-48c4-8357-2F5B1AA84522}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\DOCUME~1\PC\LOCALS~1\Temp\852.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\DOCUME~1\PC\LOCALS~1\Temp\852.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\TaskMan:C:\Documents and Settings\PC\Data aplikací\juzjf.exe deleted successfully.
SSHNAS removed from NetSvcs value successfully!
File C:\WINDOWS\system32\sshnas21.dll not found.
File C:\WINDOWS\System32\lygoufou.exe not found.
C:\WINDOWS\Oqozaj.exe moved successfully.
C:\WINDOWS\system32\vydarook.exe moved successfully.
C:\WINDOWS\Oqozai.exe moved successfully.
C:\WINDOWS\Oqozae.exe moved successfully.
C:\WINDOWS\Oqozad.exe moved successfully.
C:\WINDOWS\Oqozac.exe moved successfully.
C:\WINDOWS\Oqozab.exe moved successfully.
File C:\WINDOWS\System32\sshnas21.dll not found.
C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job moved successfully.
C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job moved successfully.
File C:\WINDOWS\Oqozaj.exe not found.
File C:\WINDOWS\System32\lygoufou.exe not found.
File move failed. C:\WINDOWS\system32\wejovood.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\jokypakouh.exe scheduled to be moved on reboot.
File C:\WINDOWS\System32\vydarook.exe not found.
File move failed. C:\WINDOWS\system32\tilorehoot.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\davy.exe scheduled to be moved on reboot.
File C:\WINDOWS\Oqozai.exe not found.
C:\WINDOWS\Oqozah.exe moved successfully.
C:\WINDOWS\Oqozag.exe moved successfully.
C:\WINDOWS\Oqozaf.exe moved successfully.
File C:\WINDOWS\Oqozae.exe not found.
File C:\WINDOWS\Oqozad.exe not found.
File C:\WINDOWS\Oqozac.exe not found.
File C:\WINDOWS\Oqozab.exe not found.
File C:\WINDOWS\System32\sshnas21.dll not found.
C:\WINDOWS\Oqozaa.exe moved successfully.
C:\cy.exe moved successfully.
C:\WINDOWS\system32\secupdat.dat moved successfully.
C:\wifi32.exe moved successfully.
File move failed. C:\WINDOWS\system32\drivers\oumzbfqe.sys scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\lepydeha.exe scheduled to be moved on reboot.
C:\WINDOWS\system32\boohoulo.exe moved successfully.
File C:\WINDOWS\nvsvc32.exe not found.
File move failed. C:\WINDOWS\system32\wejovood.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\jokypakouh.exe scheduled to be moved on reboot.
File C:\WINDOWS\Oqozah.exe not found.
File C:\WINDOWS\Oqozag.exe not found.
File move failed. C:\WINDOWS\system32\davy.exe scheduled to be moved on reboot.
File C:\WINDOWS\Oqozaf.exe not found.
File move failed. C:\WINDOWS\system32\tilorehoot.exe scheduled to be moved on reboot.
File C:\WINDOWS\Oqozaa.exe not found.
File C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job not found.
File C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job not found.
File C:\cy.exe not found.
File C:\WINDOWS\System32\secupdat.dat not found.
File C:\wifi32.exe not found.
File move failed. C:\WINDOWS\system32\drivers\oumzbfqe.sys scheduled to be moved on reboot.
File C:\WINDOWS\System32\boohoulo.exe not found.
File move failed. C:\WINDOWS\system32\lepydeha.exe scheduled to be moved on reboot.
C:\Documents and Settings\All Users\Data aplikací\common.data moved successfully.
File C:\WINDOWS\nvsvc32.exe not found.
C:\WINDOWS\system32\pthreadVC.dll moved successfully.
C:\WINDOWS\system32\SC_res.dll moved successfully.
C:\WINDOWS\system32\TC_res.dll moved successfully.
C:\Documents and Settings\All Users\Data aplikací\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86 folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\{429CAD59-35B1-4DBC-BB6D-1DB246563521} folder moved successfully.
C:\WINDOWS\Tasks\videopadShakeIcon.job moved successfully.
File move failed. C:\WINDOWS\system32\drivers\oumzbfqe.sys scheduled to be moved on reboot.
ADS C:\WINDOWS\Temp:temp deleted successfully.
ADS C:\WINDOWS:2CAF45856F4A3E42 deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\24301:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\18454:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\9104:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\23260:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\12414:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\7667:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\11095:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\9066:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\29467:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\22544:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\15357:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\3488:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\33182:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\20528:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\22369:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2859:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\12629:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\26339:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\27791:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\17730:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\7759:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\11055:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\21875:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\16948:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\33428:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\7061:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\12536:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\22775:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\16854:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\30671:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\20207:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\26446:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\22495:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\26297:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\22101:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\8856:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\18614:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\28224:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\3269:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2578:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\7730:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\22861:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\19488:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\27486:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\27925:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\32738:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\21872:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\30464:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\21013:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\31079:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\7750:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\31837:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\8410:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\IncrediMail\Bin\IncMail.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\IncrediMail\Bin\ImApp.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\IncrediMail\Bin\ImpCnt.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\PC\Local Settings\Temp\ImInstaller\3d_magic_installer.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\PC\Data aplikací\IMVUClient\1VivoxVoice.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\PC\Local Settings\Temporary Internet Files\Content.IE5\MLQP6LWJ\SweetImSetup[1].exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\PC\Dokumenty\Downloads\IMAGE53892731.JPG-www.facebook.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\PC\LOCALS~1\Temp\1444.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\PC\Data aplikací\lsass.exe deleted successfully.
OTL by OldTimer - Version 3.2.17.3 log created on 12172010_214348
Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\system32\drivers\oumzbfqe.sys scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\jokypakouh.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\lepydeha.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\tilorehoot.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\wejovood.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\davy.exe scheduled to be moved on reboot.
Registry entries deleted on Reboot...
All processes killed
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 3471660 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Guest
->Temp folder emptied: 33165697 bytes
->Temporary Internet Files folder emptied: 259384047 bytes
->FireFox cache emptied: 35628968 bytes
->Flash cache emptied: 23883 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 3091310 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1250569 bytes
User: PC
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 5902 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 45539440 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 364,00 mb
[EMPTYFLASH]
User: Administrator
User: All Users
User: Default User
User: Guest
->Flash cache emptied: 0 bytes
User: LocalService
User: NetworkService
User: PC
Total Flash Files Cleaned = 0,00 mb
Restore points cleared and new OTL Restore Point set!
========== OTL ==========
Service gusvc stopped successfully!
Service gusvc deleted successfully!
File C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe not found.
Service eitdaee2u9rxoaii stopped successfully!
Service eitdaee2u9rxoaii deleted successfully!
C:\WINDOWS\system32\lygoufou.exe moved successfully.
Service SSHNAS stopped successfully!
Service SSHNAS deleted successfully!
C:\WINDOWS\system32\sshnas21.dll moved successfully.
Service MyWebSearchService stopped successfully!
Service MyWebSearchService deleted successfully!
C:\Program Files\MyWebSearch\bar\3.bin\MWSSVC.EXE moved successfully.
Service zaiacpja stopped successfully!
Service zaiacpja deleted successfully!
File C:\WINDOWS\System32\Drivers\zaiacpja.sys not found.
Service yzhsvgxh stopped successfully!
Service yzhsvgxh deleted successfully!
File C:\WINDOWS\System32\Drivers\yzhsvgxh.sys not found.
Service vznswyxs stopped successfully!
Service vznswyxs deleted successfully!
File C:\WINDOWS\System32\Drivers\vznswyxs.sys not found.
Service vlrdfqbz stopped successfully!
Service vlrdfqbz deleted successfully!
File C:\WINDOWS\System32\Drivers\vlrdfqbz.sys not found.
Service sfxnpice stopped successfully!
Service sfxnpice deleted successfully!
File C:\WINDOWS\System32\Drivers\sfxnpice.sys not found.
Service s24trans stopped successfully!
Service s24trans deleted successfully!
File C:\WINDOWS\System32\DRIVERS\s24trans.sys not found.
Service rxqwrobg stopped successfully!
Service rxqwrobg deleted successfully!
File C:\WINDOWS\System32\Drivers\rxqwrobg.sys not found.
Service pmtgvwmi stopped successfully!
Service pmtgvwmi deleted successfully!
File C:\WINDOWS\System32\Drivers\pmtgvwmi.sys not found.
Service oeaalwhq stopped successfully!
Service oeaalwhq deleted successfully!
File C:\WINDOWS\System32\Drivers\oeaalwhq.sys not found.
Service obcaitjq stopped successfully!
Service obcaitjq deleted successfully!
File C:\WINDOWS\System32\Drivers\obcaitjq.sys not found.
Service nkebnopw stopped successfully!
Service nkebnopw deleted successfully!
File C:\WINDOWS\System32\Drivers\nkebnopw.sys not found.
Service luwigejm stopped successfully!
Service luwigejm deleted successfully!
File C:\WINDOWS\System32\Drivers\luwigejm.sys not found.
Service lhrosnog stopped successfully!
Service lhrosnog deleted successfully!
File C:\WINDOWS\System32\Drivers\lhrosnog.sys not found.
Service lflgovjj stopped successfully!
Service lflgovjj deleted successfully!
File C:\WINDOWS\System32\Drivers\lflgovjj.sys not found.
Service lcwzqgkv stopped successfully!
Service lcwzqgkv deleted successfully!
File C:\WINDOWS\System32\Drivers\lcwzqgkv.sys not found.
Service jwqoxcwx stopped successfully!
Service jwqoxcwx deleted successfully!
File C:\WINDOWS\System32\Drivers\jwqoxcwx.sys not found.
Service jwmuouzk stopped successfully!
Service jwmuouzk deleted successfully!
File C:\WINDOWS\System32\Drivers\jwmuouzk.sys not found.
Service jcwxeuyh stopped successfully!
Service jcwxeuyh deleted successfully!
File C:\WINDOWS\System32\Drivers\jcwxeuyh.sys not found.
Service hqvubosm stopped successfully!
Service hqvubosm deleted successfully!
File C:\WINDOWS\System32\Drivers\hqvubosm.sys not found.
Service gtfpfvkl stopped successfully!
Service gtfpfvkl deleted successfully!
File C:\WINDOWS\System32\Drivers\gtfpfvkl.sys not found.
Service gcycjyif stopped successfully!
Service gcycjyif deleted successfully!
File C:\WINDOWS\System32\Drivers\gcycjyif.sys not found.
Service enrpwjry stopped successfully!
Service enrpwjry deleted successfully!
File C:\WINDOWS\System32\Drivers\enrpwjry.sys not found.
Service cprhihdf stopped successfully!
Service cprhihdf deleted successfully!
File C:\WINDOWS\System32\Drivers\cprhihdf.sys not found.
Service cbzlxymo stopped successfully!
Service cbzlxymo deleted successfully!
File C:\WINDOWS\System32\Drivers\cbzlxymo.sys not found.
Service bfyysyfw stopped successfully!
Service bfyysyfw deleted successfully!
File C:\WINDOWS\System32\Drivers\bfyysyfw.sys not found.
Service oumzbfqe stopped successfully!
Service oumzbfqe deleted successfully!
File move failed. C:\WINDOWS\system32\drivers\oumzbfqe.sys scheduled to be moved on reboot.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\ not found.
Prefs.js: m3ffxtbr@mywebsearch.com:1.1 removed from extensions.enabledItems
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com deleted successfully.
C:\Program Files\MyWebSearch\bar\3.bin\chrome folder moved successfully.
C:\Program Files\MyWebSearch\bar\3.bin folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{07B18EA9-A523-4961-B6BB-170DE4475CCA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{70DE7956-479D-4eb7-8641-2B45774C350E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70DE7956-479D-4eb7-8641-2B45774C350E}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{c2db4fe6-8409-45ce-8010-189a7b5cce86} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c2db4fe6-8409-45ce-8010-189a7b5cce86}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{70DE7956-479D-4EB7-8641-2B45774C350E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70DE7956-479D-4EB7-8641-2B45774C350E}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{70DE7956-479D-4EB7-8641-2B45774C350E} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70DE7956-479D-4EB7-8641-2B45774C350E}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\bfwdrv deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\jisude deleted successfully.
File move failed. C:\WINDOWS\system32\jokypakouh.exe scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\kattoka deleted successfully.
File move failed. C:\WINDOWS\system32\lepydeha.exe scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\moocegup deleted successfully.
File move failed. C:\WINDOWS\system32\tilorehoot.exe scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\My Web Search Bar deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MyWebSearch Email Plugin deleted successfully.
File C:\Program Files\MyWebSearch\bar\3.bin\MWSOEMON.EXE not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NVIDIA driver monitor deleted successfully.
c:\WINDOWS\nvsvc32.exe moved successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\jisude deleted successfully.
C:\Documents and Settings\LocalService\Data aplikací\Microsoft\jokypakouh.exe moved successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\moocegup deleted successfully.
C:\Documents and Settings\LocalService\Data aplikací\Microsoft\tilorehoot.exe moved successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\jisude not found.
File C:\Documents and Settings\LocalService\Data aplikací\Microsoft\jokypakouh.exe not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\moocegup not found.
File C:\Documents and Settings\LocalService\Data aplikací\Microsoft\tilorehoot.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\csrcs deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{d9288080-1baa-4bc4-9cf8-a92d743db949}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d9288080-1baa-4bc4-9cf8-a92d743db949}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{DDE87865-83C5-48c4-8357-2F5B1AA84522}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DDE87865-83C5-48c4-8357-2F5B1AA84522}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\DOCUME~1\PC\LOCALS~1\Temp\852.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\DOCUME~1\PC\LOCALS~1\Temp\852.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\TaskMan:C:\Documents and Settings\PC\Data aplikací\juzjf.exe deleted successfully.
SSHNAS removed from NetSvcs value successfully!
File C:\WINDOWS\system32\sshnas21.dll not found.
File C:\WINDOWS\System32\lygoufou.exe not found.
C:\WINDOWS\Oqozaj.exe moved successfully.
C:\WINDOWS\system32\vydarook.exe moved successfully.
C:\WINDOWS\Oqozai.exe moved successfully.
C:\WINDOWS\Oqozae.exe moved successfully.
C:\WINDOWS\Oqozad.exe moved successfully.
C:\WINDOWS\Oqozac.exe moved successfully.
C:\WINDOWS\Oqozab.exe moved successfully.
File C:\WINDOWS\System32\sshnas21.dll not found.
C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job moved successfully.
C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job moved successfully.
File C:\WINDOWS\Oqozaj.exe not found.
File C:\WINDOWS\System32\lygoufou.exe not found.
File move failed. C:\WINDOWS\system32\wejovood.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\jokypakouh.exe scheduled to be moved on reboot.
File C:\WINDOWS\System32\vydarook.exe not found.
File move failed. C:\WINDOWS\system32\tilorehoot.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\davy.exe scheduled to be moved on reboot.
File C:\WINDOWS\Oqozai.exe not found.
C:\WINDOWS\Oqozah.exe moved successfully.
C:\WINDOWS\Oqozag.exe moved successfully.
C:\WINDOWS\Oqozaf.exe moved successfully.
File C:\WINDOWS\Oqozae.exe not found.
File C:\WINDOWS\Oqozad.exe not found.
File C:\WINDOWS\Oqozac.exe not found.
File C:\WINDOWS\Oqozab.exe not found.
File C:\WINDOWS\System32\sshnas21.dll not found.
C:\WINDOWS\Oqozaa.exe moved successfully.
C:\cy.exe moved successfully.
C:\WINDOWS\system32\secupdat.dat moved successfully.
C:\wifi32.exe moved successfully.
File move failed. C:\WINDOWS\system32\drivers\oumzbfqe.sys scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\lepydeha.exe scheduled to be moved on reboot.
C:\WINDOWS\system32\boohoulo.exe moved successfully.
File C:\WINDOWS\nvsvc32.exe not found.
File move failed. C:\WINDOWS\system32\wejovood.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\jokypakouh.exe scheduled to be moved on reboot.
File C:\WINDOWS\Oqozah.exe not found.
File C:\WINDOWS\Oqozag.exe not found.
File move failed. C:\WINDOWS\system32\davy.exe scheduled to be moved on reboot.
File C:\WINDOWS\Oqozaf.exe not found.
File move failed. C:\WINDOWS\system32\tilorehoot.exe scheduled to be moved on reboot.
File C:\WINDOWS\Oqozaa.exe not found.
File C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job not found.
File C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job not found.
File C:\cy.exe not found.
File C:\WINDOWS\System32\secupdat.dat not found.
File C:\wifi32.exe not found.
File move failed. C:\WINDOWS\system32\drivers\oumzbfqe.sys scheduled to be moved on reboot.
File C:\WINDOWS\System32\boohoulo.exe not found.
File move failed. C:\WINDOWS\system32\lepydeha.exe scheduled to be moved on reboot.
C:\Documents and Settings\All Users\Data aplikací\common.data moved successfully.
File C:\WINDOWS\nvsvc32.exe not found.
C:\WINDOWS\system32\pthreadVC.dll moved successfully.
C:\WINDOWS\system32\SC_res.dll moved successfully.
C:\WINDOWS\system32\TC_res.dll moved successfully.
C:\Documents and Settings\All Users\Data aplikací\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86 folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\{429CAD59-35B1-4DBC-BB6D-1DB246563521} folder moved successfully.
C:\WINDOWS\Tasks\videopadShakeIcon.job moved successfully.
File move failed. C:\WINDOWS\system32\drivers\oumzbfqe.sys scheduled to be moved on reboot.
ADS C:\WINDOWS\Temp:temp deleted successfully.
ADS C:\WINDOWS:2CAF45856F4A3E42 deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\24301:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\18454:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\9104:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\23260:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\12414:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\7667:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\11095:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\9066:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\29467:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\22544:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\15357:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\3488:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\33182:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\20528:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\22369:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2859:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\12629:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\26339:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\27791:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\17730:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\7759:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\11055:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\21875:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\16948:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\33428:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\7061:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\12536:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\22775:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\16854:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\30671:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\20207:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\26446:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\22495:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\26297:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\22101:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\8856:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\18614:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\28224:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\3269:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\2578:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\7730:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\22861:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\19488:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\27486:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\27925:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\32738:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\21872:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\30464:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\21013:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\31079:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\7750:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\31837:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\8410:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Samsung\Samsung New PC Studio\npsasvr.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Samsung\Samsung New PC Studio\npsvsvr.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\IncrediMail\Bin\IncMail.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\IncrediMail\Bin\ImApp.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\IncrediMail\Bin\ImpCnt.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\PC\Local Settings\Temp\ImInstaller\3d_magic_installer.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\PC\Data aplikací\IMVUClient\1VivoxVoice.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\PC\Local Settings\Temporary Internet Files\Content.IE5\MLQP6LWJ\SweetImSetup[1].exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\PC\Dokumenty\Downloads\IMAGE53892731.JPG-www.facebook.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\PC\LOCALS~1\Temp\1444.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\PC\Data aplikací\lsass.exe deleted successfully.
OTL by OldTimer - Version 3.2.17.3 log created on 12172010_214348
Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\system32\drivers\oumzbfqe.sys scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\jokypakouh.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\lepydeha.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\tilorehoot.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\wejovood.exe scheduled to be moved on reboot.
File move failed. C:\WINDOWS\system32\davy.exe scheduled to be moved on reboot.
Registry entries deleted on Reboot...
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: Prosim o kontrolu, Avira hlasi vir
Pokračujte podle návodu http://www.bleepingcomputer.com/combofi ... t-combofix
Re: Prosim o kontrolu, Avira hlasi vir
uz vic jak pul hodiny se me Combofix sekl na -dokoncena faze2-
mam to restartovat a zkusit v nouzovem rezimu?
mam to restartovat a zkusit v nouzovem rezimu?
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: Prosim o kontrolu, Avira hlasi vir
provedeno v nouzovem rezimu
v normalnim se me Combofix sekl na -dokoncena faze2-
ComboFix 10-12-16.05 - Administrator 18.12.2010 12:51:06.3.1 - x86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.502.365 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\LocalService\Data aplikací\Microsoft\davy.exe
c:\documents and settings\LocalService\Data aplikací\Microsoft\lygoufou.exe
c:\documents and settings\LocalService\Data aplikací\Microsoft\vydarook.exe
c:\documents and settings\LocalService\Data aplikací\Microsoft\wejovood.exe
c:\program files\FunWebProducts
c:\program files\FunWebProducts\ScreenSaver\Images\008DCDE1.urr
c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
c:\program files\FunWebProducts\Shared\Cache\WebfettiBtn.html
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\chrome\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\2.bin\F3HTMLMU.DLL
c:\program files\MyWebSearch\bar\2.bin\chrome\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\2.bin\M3PLUGIN.DLL
c:\program files\MyWebSearch\bar\2.bin\MWSBAR.DLL
c:\program files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\2.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL
c:\program files\MyWebSearch\bar\2.bin\NPMYWEBS.DLL
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Cache\00016462
c:\program files\MyWebSearch\bar\Cache\00016B19
c:\program files\MyWebSearch\bar\Cache\006389EF
c:\program files\MyWebSearch\bar\Cache\00879569
c:\program files\MyWebSearch\bar\Cache\008797DA.bin
c:\program files\MyWebSearch\bar\Cache\00879CAC.bin
c:\program files\MyWebSearch\bar\Cache\00879D77.bin
c:\program files\MyWebSearch\bar\Cache\00879E23.bin
c:\program files\MyWebSearch\bar\Cache\00879F7B.bin
c:\program files\MyWebSearch\bar\Cache\00C20C45.bin
c:\program files\MyWebSearch\bar\Cache\0213D56A.bmp
c:\program files\MyWebSearch\bar\Cache\files.ini
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\History\search3
c:\program files\MyWebSearch\bar\icons\CM.ICO
c:\program files\MyWebSearch\bar\icons\MFC.ICO
c:\program files\MyWebSearch\bar\icons\PSS.ICO
c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Overlay\COMMON.F3S
c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm
c:\program files\MyWebSearch\bar\Settings\s_FeatCk.dat
c:\program files\MyWebSearch\bar\Settings\s_FeatCk.dat.bak
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\WinPCap
c:\program files\WinPCap\daemon_mgm.exe
c:\program files\WinPCap\npf_mgm.exe
c:\program files\WinPCap\rpcapd.exe
c:\windows\system32\autorun.i
c:\windows\system32\autorun.in
c:\windows\system32\drivers\npf.sys
c:\windows\system32\f3PSSavr.scr
c:\windows\system32\Packet.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_NPF
((((((((((((((((((((((((( Soubory vytvořené od 2010-11-18 do 2010-12-18 )))))))))))))))))))))))))))))))
.
2010-12-17 20:43 . 2010-12-17 20:43 -------- d-----w- C:\_OTL
2010-12-17 18:18 . 2010-12-17 18:18 -------- d-----w- c:\program files\trend micro
2010-12-17 18:18 . 2010-12-17 18:18 -------- d-----w- C:\rsit
2010-12-17 15:46 . 2010-12-17 15:46 -------- d-----w- c:\documents and settings\Administrator
2010-12-16 21:24 . 2010-12-16 21:24 57344 ----a-w- c:\documents and settings\PC\VSPVSAVDAG.exe
2010-12-16 21:24 . 2010-12-16 21:24 57344 ----a-w- c:\documents and settings\PC\VJGDJGMJGM.exe
2010-12-12 17:25 . 2010-12-12 17:25 188928 ----a-w- c:\windows\system32\wejovood.exe
2010-12-12 12:42 . 2010-12-12 12:42 56320 ----a-w- c:\documents and settings\PC\SPVSPVSAVD.exe
2010-12-12 12:42 . 2010-12-12 12:42 56320 ----a-w- c:\documents and settings\PC\GDJGDAVDAV.exe
2010-12-12 07:58 . 2010-12-12 17:25 188928 ----a-w- c:\windows\system32\jokypakouh.exe
2010-12-10 20:11 . 2010-12-18 08:52 -------- d-----w- c:\documents and settings\PC\Data aplikací\ICQ
2010-12-10 20:11 . 2010-12-12 09:37 -------- d-----w- c:\program files\ICQ7.0
2010-12-10 13:29 . 2010-12-10 13:29 56320 ----a-w- c:\documents and settings\PC\SPMSPVSAVS.exe
2010-12-10 13:29 . 2010-12-10 13:29 56320 ----a-w- c:\documents and settings\PC\MSVSAVDAVD.exe
2010-12-09 21:09 . 2010-12-11 01:56 206848 ----a-w- c:\windows\system32\davy.exe
2010-12-08 14:07 . 2010-12-11 01:56 206848 ----a-w- c:\windows\system32\tilorehoot.exe
2010-12-02 17:11 . 2010-12-02 17:11 56320 ----a-w- c:\documents and settings\PC\MMGJGSPDAM.exe
2010-12-02 16:45 . 2010-12-02 16:45 56320 ----a-w- c:\documents and settings\PC\GGASDPVVAS.exe
2010-12-02 13:10 . 2004-08-18 12:00 25600 ----a-w- c:\documents and settings\LocalService\Data aplikací\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2010-12-02 13:10 . 2010-12-02 13:10 131072 ----a-w- c:\documents and settings\PC\Data aplikací\lsass.exe
2010-11-25 16:09 . 2010-11-25 16:09 -------- d-----w- c:\documents and settings\PC\Local Settings\Data aplikací\Crazy_Boomerang_Software
2010-11-24 11:46 . 2010-11-24 11:46 -------- d-----w- c:\program files\csWord
2010-11-21 22:09 . 2010-11-21 22:09 85504 ----a-w- C:\HDTV.exe
2010-11-21 06:10 . 2010-11-21 06:10 82944 ----a-w- c:\windows\system32\drivers\oumzbfqe.sys
2010-11-20 23:03 . 2010-11-20 23:03 201216 ----a-w- c:\windows\system32\lepydeha.exe
2010-11-20 22:54 . 2010-11-20 22:54 85504 --sh--r- c:\documents and settings\PC\Data aplikací\juzjf.exe
2010-11-20 22:11 . 2010-11-20 22:11 -------- d-----w- c:\documents and settings\PC\Local Settings\Data aplikací\ConduitEngine
2010-11-20 22:11 . 2010-11-22 14:08 -------- d-----w- c:\program files\ConduitEngine
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-08 14:36 . 2010-10-13 15:28 1512977 ----a-w- c:\windows\Hello Kitty.scr
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2010-06-13 138552]
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-08-28 39408]
"Local Security Authentication Server"="c:\documents and settings\PC\Data aplikací\lsass.exe" [2010-12-02 131072]
"JP595IR86O"="c:\docume~1\PC\LOCALS~1\Temp\Ow4.exe" [2010-12-05 195584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2010-05-05 111928]
"UVS11 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-03-03 341488]
"bfwdrv"="c:\docume~1\PC\LOCALS~1\Temp\852.exe" [2010-12-15 192512]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-18 15360]
c:\documents and settings\Guest\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.0.lnk - c:\program files\OpenOffice.org 2.0\program\quickstart.exe [2005-10-15 61440]
c:\documents and settings\PC\Nabˇdka Start\Programy\Po spuçtŘnˇ\
0i4jekb.exe [2010-12-4 50688]
0jzf2lb.exe [2010-11-24 43008]
0pvfbwx.exe [2010-11-28 50688]
0w3ittj.exe [2010-11-28 50688]
1pp0lrc.exe [2010-11-23 43008]
1sty81k.exe [2010-11-26 50688]
1vwridj.exe [2010-12-5 50688]
1zaglrs.exe [2010-11-30 50688]
360q3sx.exe [2010-11-27 42496]
3m30yek.exe [2010-12-6 50688]
3n0o0k5.exe [2010-12-5 42496]
3no970k.exe [2010-12-6 42496]
3p0lrcn.exe [2010-11-23 43008]
3w7nizz.exe [2010-11-30 42496]
3ww3ii3.exe [2010-12-8 42496]
5eekplg.exe [2010-12-17 42496]
5wr03i6.exe [2010-12-9 50688]
65hxnez.exe [2010-11-27 50688]
66u3q1m.exe [2010-11-29 42496]
6mhhytt.exe [2010-12-6 42496]
6s81epq.exe [2010-11-29 42496]
6vgwh0s.exe [2010-12-4 50688]
703uzk8.exe [2010-12-9 50688]
70pfl2r.exe [2010-11-24 43008]
86ittjk.exe [2010-11-25 43008]
86u81gr.exe [2010-11-26 42496]
93si6ez.exe [2010-11-30 42496]
975sjep.exe [2010-11-29 50688]
9eflh1i.exe [2010-12-2 50688]
9f0bw16.exe [2010-12-7 50688]
9fk86mx.exe [2010-11-25 50688]
aqbwxxyy.exe [2010-11-24 43008]
av0brisyek3.exe [2010-12-6 50688]
avgw9nyo3.exe [2010-12-2 42496]
bbmsook0a3.exe [2010-12-3 50688]
bbsnnezaqlr.exe [2010-12-7 42496]
bmxxitk1a.exe [2010-12-1 50688]
c3dypuag.exe [2010-12-3 42496]
c5d0jpa5b0.exe [2010-12-5 42496]
c8ozp81g.exe [2010-12-10 42496]
cc5d0jpa5b.exe [2010-12-5 42496]
cdi3e1abmr.exe [2010-12-4 42496]
de0uaw0c1.exe [2010-12-6 42496]
dezu6q87.exe [2010-12-6 42496]
djk0aww86i8.exe [2010-12-1 42496]
e6u81rmns.exe [2010-11-20 43008]
e81q3cxd2jz.exe [2010-11-29 50688]
eeuavlmh.exe [2010-12-15 42496]
ekplghm86y.exe [2010-12-8 50688]
eqg1875d.exe [2010-12-9 42496]
ez0qqgw1.exe [2010-12-8 42496]
ezavwhm8.exe [2010-12-1 42496]
fgb0xxie.exe [2010-12-6 50688]
fk86w81itu.exe [2010-12-10 42496]
g0sdtuuagr.exe [2010-12-3 42496]
ggcsnjee3qq.exe [2010-11-27 50688]
grrhy1oup.exe [2010-11-29 42496]
gw0m3yy3ak.exe [2010-11-25 50688]
h70dtz2fvw.exe [2010-11-22 43008]
hcdi8upfgb.exe [2010-11-29 50688]
hddy6uk1.exe [2010-12-6 42496]
hidj86a81mx.exe [2010-11-29 42496]
hm0ttzpvwr8.exe [2010-11-23 43008]
hm2noj081q.exe [2010-12-14 42496]
hs4tef6ww5x.exe [2010-12-5 50688]
hxdzp81gr.exe [2010-12-10 50688]
hxxnt66k8.exe [2010-11-29 50688]
i1y3kfl2r.exe [2010-11-22 43008]
i1yep5fb.exe [2010-12-6 50688]
it03u1qrw8.exe [2010-12-1 50688]
itejufgbr.exe [2010-11-20 43008]
iyezpqlr66.exe [2010-12-15 42496]
iyjf05wns8.exe [2010-12-1 50688]
j6vgbbrs.exe [2010-11-29 50688]
javvmhhyi1.exe [2010-12-6 42496]
jkvvlmhn.exe [2010-12-7 50688]
k0a3mxno.exe [2010-12-3 42496]
k5g1wxc8.exe [2010-11-25 50688]
kfbwcc3o.exe [2010-11-30 42496]
kgw0m3yy3a.exe [2010-11-25 42496]
l3m30yek.exe [2010-12-6 50688]
lgbh0dyezf1.exe [2010-12-6 42496]
lqwmsnt60f.exe [2010-11-28 50688]
lrss9tu0qq.exe [2010-11-24 43008]
m1cdi81u.exe [2010-12-16 42496]
m9ns86e8.exe [2010-12-1 50688]
mcs0tjp6.exe [2010-11-24 43008]
mdttkffwwsi.exe [2010-12-7 42496]
ms1009lm.exe [2010-12-6 42496]
n2tjkfgb.exe [2010-11-28 42496]
n70uua8bcc.exe [2010-12-16 42496]
niy1uk1bw1.exe [2010-12-4 42496]
Notification de cadeaux MSN.lnk - c:\documents and settings\PC\Data aplikacˇ\Microsoft\Notification de cadeaux MSN\lsnfier.exe [2010-6-5 135680]
ooju3q86sd.exe [2010-12-15 42496]
ooua5r16s.exe [2010-11-23 43008]
ou0vgbbsni.exe [2010-11-26 50688]
p0wxx81o3fg.exe [2010-12-6 50688]
p60bwm3i6.exe [2010-12-9 42496]
pf0bw163j0.exe [2010-12-7 50688]
pkfgbm3otjk.exe [2010-12-1 42496]
pkgw9nyo32.exe [2010-12-2 42496]
pkqlhhdttp.exe [2010-12-1 42496]
pplb66c9.exe [2010-11-28 42496]
pqlr2xnojp6.exe [2010-12-14 42496]
pqrw9nje.exe [2010-11-30 50688]
pqwbcn0o.exe [2010-12-4 50688]
qg0sdtuua.exe [2010-12-3 50688]
qllrs0i3.exe [2010-11-30 42496]
qvq3xxoo0.exe [2010-12-5 50688]
rmns3o1av0.exe [2010-12-7 42496]
rsndep5fbwm.exe [2010-11-25 43008]
rw3ittjk.exe [2010-11-28 50688]
rwc11ukvb.exe [2010-12-3 50688]
rx2o5jfa.exe [2010-11-24 43008]
s3o1klgg.exe [2010-12-1 50688]
s6j2va86sc.exe [2010-12-4 42496]
tj8703gmcs1.exe [2010-12-9 42496]
tu6k3g1cdi.exe [2010-11-24 43008]
tupv60xdnj.exe [2010-11-20 43008]
uzpv2m5hdy.exe [2010-12-14 42496]
v5wcs9tu0q.exe [2010-11-24 43008]
vg70dyee4lg.exe [2010-11-24 43008]
w1xsty81k.exe [2010-12-10 42496]
w81i3upvwwm.exe [2010-12-6 50688]
wcc3eeuvaw.exe [2010-12-6 42496]
wciyeuuvq.exe [2010-12-9 50688]
wnddzppl.exe [2010-11-22 43008]
xinjefkglb.exe [2010-11-29 42496]
xsjzzpv66m.exe [2010-11-24 43008]
xtt2zpqlr66.exe [2010-11-22 43008]
ydozavlm.exe [2010-11-20 43008]
yepkaqmm.exe [2010-12-1 42496]
yyopu86whs.exe [2010-12-1 50688]
ze3a1wxc87.exe [2010-11-24 43008]
zpplq870ndj.exe [2010-11-26 42496]
zq1gw1ni1zf.exe [2010-12-1 42496]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\documents and settings\All Users\Data aplikací\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"
[HKLM\~\startupfolder\C:^Documents and Settings^PC^Nabídka Start^Programy^Po spuštění^OpenOffice.org 2.0.lnk]
path=c:\documents and settings\PC\Nabídka Start\Programy\Po spuštění\OpenOffice.org 2.0.lnk
backup=c:\windows\pss\OpenOffice.org 2.0.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACU]
2005-01-31 06:05 253952 ----a-w- c:\program files\Atheros\ACU.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADMTray.exe]
2005-10-24 14:45 2462208 ----a-w- c:\acer\Empowering Technology\admtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
2009-03-02 11:08 209153 ----a-w- c:\program files\Avira\AntiVir Desktop\avgnt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
2005-12-21 07:02 53248 ------w- c:\program files\Realtek\InstallShield\AzMixerSel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2005-11-11 18:40 1236992 ----a-w- c:\windows\system32\WLTRAY.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2004-08-18 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
2005-10-19 07:30 69632 ----a-w- c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-11-28 05:52 77824 ----a-r- c:\windows\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-11-28 05:55 118784 ----a-r- c:\windows\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-11-28 05:55 98304 ----a-r- c:\windows\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2005-11-24 04:45 589824 ----a-w- c:\progra~1\LAUNCH~1\LManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2005-12-19 06:52 15797248 ------r- c:\windows\RTHDCPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2007-12-07 14:08 21686568 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"FLEXnet Licensing Service"=3 (0x3)
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Guest\\Data aplikací\\ICQ\\Application\\ICQ7.0\\ICQ.exe"=
"c:\\Documents and Settings\\Guest\\Local Settings\\Data aplikací\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Guest\\Data aplikací\\ICQ\\Application\\ICQ7.1\\ICQ.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\SweetIM\\Messenger\\update\\sweetimsetup.exe"=
"c:\\Program Files\\ICQ7.0\\ICQ.exe"=
"c:\\Program Files\\ICQ7.0\\aolload.exe"=
"c:\\Documents and Settings\\PC\\Data aplikací\\lsass.exe"=
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [14.8.2009 8:33 108289]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [28.8.2010 8:29 135664]
S2 oumzbfqe;oumzbfqe;c:\windows\system32\drivers\oumzbfqe.sys [21.11.2010 7:10 82944]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [23.10.2009 16:51 36608]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [23.10.2009 16:51 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [23.10.2009 16:51 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [23.10.2009 16:51 121856]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
uxtuneup
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09c89478-9c77-11de-a2a6-0016d4dc7ee9}]
\Shell\AutoRun\command - G:\innyzo.exe
\Shell\explore\Command - G:\innyzo.exe
\Shell\open\Command - G:\innyzo.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0a430c5c-e334-11df-a4b5-0016d4dc7ee9}]
\Shell\AutoRun\command - F:\SETUP.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17bf03d4-79b8-11de-a260-c44d66f39ab7}]
\Shell\AutoRun\command - F:\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5deaf328-173a-11df-a303-0016d4dc7ee9}]
\Shell\AutoRun\command - F:\innyzo.exe
\Shell\explore\Command - F:\innyzo.exe
\Shell\open\Command - F:\innyzo.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7b221e92-d511-11de-a2c1-0016d4dc7ee9}]
\Shell\AutoRun\command - F:\yam.exe
\Shell\explore\command - F:\yam.exe
\Shell\open\command - F:\yam.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d00d165e-30e8-11df-a31d-0016d4dc7ee9}]
\Shell\AutoRun\command - F:\innyzo.exe
\Shell\explore\Command - F:\innyzo.exe
\Shell\open\Command - F:\innyzo.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dd8c66c1-1eb7-11df-a30c-0016d4dc7ee9}]
\Shell\AutoRun\command - innyzo.exe
\Shell\explore\Command - innyzo.exe
\Shell\open\Command - innyzo.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e12c50f1-bb3a-11de-a2b4-0016d4dc7ee9}]
\Shell\AutoRun\command - F:\innyzo.exe
\Shell\explore\Command - F:\innyzo.exe
\Shell\open\Command - F:\innyzo.exe
.
Obsah adresáře 'Naplánované úlohy'
2010-12-10 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2008-01-08 11:31]
2010-12-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]
2010-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-28 07:29]
2010-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-28 07:29]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://googleure.com
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://home.sweetim.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: &Download All using 4shared Desktop - c:\program files\4shared Desktop\down_all.htm
IE: &Sample Toolband Serach - c:\windows\system32\ToolBand.dll/MENUSEARCH.HTM
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {{755B05A7-0770-4185-B5F6-E75A2CA527E2} - {755B05A7-0770-4185-B5F6-E75A2CA527E2} - c:\program files\SM\SubsHelper.dll
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\hptpujhs.default\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
URLSearchHooks-{c2db4fe6-8409-45ce-8010-189a7b5cce86} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
WebBrowser-{C2DB4FE6-8409-45CE-8010-189A7B5CCE86} - (no file)
HKCU-Run-Z30KYPG3WS - c:\windows\Oqozaj.exe
HKCU-Run-ICQ - ~c:\program files\ICQ7.0\ICQ.exe
SafeBoot-oumzbfqe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-18 13:02
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(244)
c:\windows\system32\msi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\system32\acs.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\acer\Empowering Technology\admServ.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\documents and settings\PC\Data aplikací\Microsoft\Notification de cadeaux MSN\lsnfier.exe
c:\windows\system32\wscntfy.exe
c:\\?\c:\windows\system32\WBEM\WMIADAP.EXE
.
**************************************************************************
.
Celkový čas: 2010-12-18 13:05:06 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-12-18 12:05
Před spuštěním: Volných bajtů: 19 699 040 256
Po spuštění: Volných bajtů: 19 888 414 720
- - End Of File - - 6B97C8E3ED713AE07DEB291F041F1E6D
v normalnim se me Combofix sekl na -dokoncena faze2-
ComboFix 10-12-16.05 - Administrator 18.12.2010 12:51:06.3.1 - x86 MINIMAL
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.502.365 [GMT 1:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\LocalService\Data aplikací\Microsoft\davy.exe
c:\documents and settings\LocalService\Data aplikací\Microsoft\lygoufou.exe
c:\documents and settings\LocalService\Data aplikací\Microsoft\vydarook.exe
c:\documents and settings\LocalService\Data aplikací\Microsoft\wejovood.exe
c:\program files\FunWebProducts
c:\program files\FunWebProducts\ScreenSaver\Images\008DCDE1.urr
c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
c:\program files\FunWebProducts\Shared\Cache\WebfettiBtn.html
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\chrome\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\2.bin\F3HTMLMU.DLL
c:\program files\MyWebSearch\bar\2.bin\chrome\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\2.bin\M3PLUGIN.DLL
c:\program files\MyWebSearch\bar\2.bin\MWSBAR.DLL
c:\program files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\2.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL
c:\program files\MyWebSearch\bar\2.bin\NPMYWEBS.DLL
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Cache\00016462
c:\program files\MyWebSearch\bar\Cache\00016B19
c:\program files\MyWebSearch\bar\Cache\006389EF
c:\program files\MyWebSearch\bar\Cache\00879569
c:\program files\MyWebSearch\bar\Cache\008797DA.bin
c:\program files\MyWebSearch\bar\Cache\00879CAC.bin
c:\program files\MyWebSearch\bar\Cache\00879D77.bin
c:\program files\MyWebSearch\bar\Cache\00879E23.bin
c:\program files\MyWebSearch\bar\Cache\00879F7B.bin
c:\program files\MyWebSearch\bar\Cache\00C20C45.bin
c:\program files\MyWebSearch\bar\Cache\0213D56A.bmp
c:\program files\MyWebSearch\bar\Cache\files.ini
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\History\search3
c:\program files\MyWebSearch\bar\icons\CM.ICO
c:\program files\MyWebSearch\bar\icons\MFC.ICO
c:\program files\MyWebSearch\bar\icons\PSS.ICO
c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Overlay\COMMON.F3S
c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm
c:\program files\MyWebSearch\bar\Settings\s_FeatCk.dat
c:\program files\MyWebSearch\bar\Settings\s_FeatCk.dat.bak
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\WinPCap
c:\program files\WinPCap\daemon_mgm.exe
c:\program files\WinPCap\npf_mgm.exe
c:\program files\WinPCap\rpcapd.exe
c:\windows\system32\autorun.i
c:\windows\system32\autorun.in
c:\windows\system32\drivers\npf.sys
c:\windows\system32\f3PSSavr.scr
c:\windows\system32\Packet.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_NPF
((((((((((((((((((((((((( Soubory vytvořené od 2010-11-18 do 2010-12-18 )))))))))))))))))))))))))))))))
.
2010-12-17 20:43 . 2010-12-17 20:43 -------- d-----w- C:\_OTL
2010-12-17 18:18 . 2010-12-17 18:18 -------- d-----w- c:\program files\trend micro
2010-12-17 18:18 . 2010-12-17 18:18 -------- d-----w- C:\rsit
2010-12-17 15:46 . 2010-12-17 15:46 -------- d-----w- c:\documents and settings\Administrator
2010-12-16 21:24 . 2010-12-16 21:24 57344 ----a-w- c:\documents and settings\PC\VSPVSAVDAG.exe
2010-12-16 21:24 . 2010-12-16 21:24 57344 ----a-w- c:\documents and settings\PC\VJGDJGMJGM.exe
2010-12-12 17:25 . 2010-12-12 17:25 188928 ----a-w- c:\windows\system32\wejovood.exe
2010-12-12 12:42 . 2010-12-12 12:42 56320 ----a-w- c:\documents and settings\PC\SPVSPVSAVD.exe
2010-12-12 12:42 . 2010-12-12 12:42 56320 ----a-w- c:\documents and settings\PC\GDJGDAVDAV.exe
2010-12-12 07:58 . 2010-12-12 17:25 188928 ----a-w- c:\windows\system32\jokypakouh.exe
2010-12-10 20:11 . 2010-12-18 08:52 -------- d-----w- c:\documents and settings\PC\Data aplikací\ICQ
2010-12-10 20:11 . 2010-12-12 09:37 -------- d-----w- c:\program files\ICQ7.0
2010-12-10 13:29 . 2010-12-10 13:29 56320 ----a-w- c:\documents and settings\PC\SPMSPVSAVS.exe
2010-12-10 13:29 . 2010-12-10 13:29 56320 ----a-w- c:\documents and settings\PC\MSVSAVDAVD.exe
2010-12-09 21:09 . 2010-12-11 01:56 206848 ----a-w- c:\windows\system32\davy.exe
2010-12-08 14:07 . 2010-12-11 01:56 206848 ----a-w- c:\windows\system32\tilorehoot.exe
2010-12-02 17:11 . 2010-12-02 17:11 56320 ----a-w- c:\documents and settings\PC\MMGJGSPDAM.exe
2010-12-02 16:45 . 2010-12-02 16:45 56320 ----a-w- c:\documents and settings\PC\GGASDPVVAS.exe
2010-12-02 13:10 . 2004-08-18 12:00 25600 ----a-w- c:\documents and settings\LocalService\Data aplikací\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2010-12-02 13:10 . 2010-12-02 13:10 131072 ----a-w- c:\documents and settings\PC\Data aplikací\lsass.exe
2010-11-25 16:09 . 2010-11-25 16:09 -------- d-----w- c:\documents and settings\PC\Local Settings\Data aplikací\Crazy_Boomerang_Software
2010-11-24 11:46 . 2010-11-24 11:46 -------- d-----w- c:\program files\csWord
2010-11-21 22:09 . 2010-11-21 22:09 85504 ----a-w- C:\HDTV.exe
2010-11-21 06:10 . 2010-11-21 06:10 82944 ----a-w- c:\windows\system32\drivers\oumzbfqe.sys
2010-11-20 23:03 . 2010-11-20 23:03 201216 ----a-w- c:\windows\system32\lepydeha.exe
2010-11-20 22:54 . 2010-11-20 22:54 85504 --sh--r- c:\documents and settings\PC\Data aplikací\juzjf.exe
2010-11-20 22:11 . 2010-11-20 22:11 -------- d-----w- c:\documents and settings\PC\Local Settings\Data aplikací\ConduitEngine
2010-11-20 22:11 . 2010-11-22 14:08 -------- d-----w- c:\program files\ConduitEngine
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-08 14:36 . 2010-10-13 15:28 1512977 ----a-w- c:\windows\Hello Kitty.scr
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2010-06-13 138552]
[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-08-28 39408]
"Local Security Authentication Server"="c:\documents and settings\PC\Data aplikací\lsass.exe" [2010-12-02 131072]
"JP595IR86O"="c:\docume~1\PC\LOCALS~1\Temp\Ow4.exe" [2010-12-05 195584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2010-05-05 111928]
"UVS11 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-03-03 341488]
"bfwdrv"="c:\docume~1\PC\LOCALS~1\Temp\852.exe" [2010-12-15 192512]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-18 15360]
c:\documents and settings\Guest\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 2.0.lnk - c:\program files\OpenOffice.org 2.0\program\quickstart.exe [2005-10-15 61440]
c:\documents and settings\PC\Nabˇdka Start\Programy\Po spuçtŘnˇ\
0i4jekb.exe [2010-12-4 50688]
0jzf2lb.exe [2010-11-24 43008]
0pvfbwx.exe [2010-11-28 50688]
0w3ittj.exe [2010-11-28 50688]
1pp0lrc.exe [2010-11-23 43008]
1sty81k.exe [2010-11-26 50688]
1vwridj.exe [2010-12-5 50688]
1zaglrs.exe [2010-11-30 50688]
360q3sx.exe [2010-11-27 42496]
3m30yek.exe [2010-12-6 50688]
3n0o0k5.exe [2010-12-5 42496]
3no970k.exe [2010-12-6 42496]
3p0lrcn.exe [2010-11-23 43008]
3w7nizz.exe [2010-11-30 42496]
3ww3ii3.exe [2010-12-8 42496]
5eekplg.exe [2010-12-17 42496]
5wr03i6.exe [2010-12-9 50688]
65hxnez.exe [2010-11-27 50688]
66u3q1m.exe [2010-11-29 42496]
6mhhytt.exe [2010-12-6 42496]
6s81epq.exe [2010-11-29 42496]
6vgwh0s.exe [2010-12-4 50688]
703uzk8.exe [2010-12-9 50688]
70pfl2r.exe [2010-11-24 43008]
86ittjk.exe [2010-11-25 43008]
86u81gr.exe [2010-11-26 42496]
93si6ez.exe [2010-11-30 42496]
975sjep.exe [2010-11-29 50688]
9eflh1i.exe [2010-12-2 50688]
9f0bw16.exe [2010-12-7 50688]
9fk86mx.exe [2010-11-25 50688]
aqbwxxyy.exe [2010-11-24 43008]
av0brisyek3.exe [2010-12-6 50688]
avgw9nyo3.exe [2010-12-2 42496]
bbmsook0a3.exe [2010-12-3 50688]
bbsnnezaqlr.exe [2010-12-7 42496]
bmxxitk1a.exe [2010-12-1 50688]
c3dypuag.exe [2010-12-3 42496]
c5d0jpa5b0.exe [2010-12-5 42496]
c8ozp81g.exe [2010-12-10 42496]
cc5d0jpa5b.exe [2010-12-5 42496]
cdi3e1abmr.exe [2010-12-4 42496]
de0uaw0c1.exe [2010-12-6 42496]
dezu6q87.exe [2010-12-6 42496]
djk0aww86i8.exe [2010-12-1 42496]
e6u81rmns.exe [2010-11-20 43008]
e81q3cxd2jz.exe [2010-11-29 50688]
eeuavlmh.exe [2010-12-15 42496]
ekplghm86y.exe [2010-12-8 50688]
eqg1875d.exe [2010-12-9 42496]
ez0qqgw1.exe [2010-12-8 42496]
ezavwhm8.exe [2010-12-1 42496]
fgb0xxie.exe [2010-12-6 50688]
fk86w81itu.exe [2010-12-10 42496]
g0sdtuuagr.exe [2010-12-3 42496]
ggcsnjee3qq.exe [2010-11-27 50688]
grrhy1oup.exe [2010-11-29 42496]
gw0m3yy3ak.exe [2010-11-25 50688]
h70dtz2fvw.exe [2010-11-22 43008]
hcdi8upfgb.exe [2010-11-29 50688]
hddy6uk1.exe [2010-12-6 42496]
hidj86a81mx.exe [2010-11-29 42496]
hm0ttzpvwr8.exe [2010-11-23 43008]
hm2noj081q.exe [2010-12-14 42496]
hs4tef6ww5x.exe [2010-12-5 50688]
hxdzp81gr.exe [2010-12-10 50688]
hxxnt66k8.exe [2010-11-29 50688]
i1y3kfl2r.exe [2010-11-22 43008]
i1yep5fb.exe [2010-12-6 50688]
it03u1qrw8.exe [2010-12-1 50688]
itejufgbr.exe [2010-11-20 43008]
iyezpqlr66.exe [2010-12-15 42496]
iyjf05wns8.exe [2010-12-1 50688]
j6vgbbrs.exe [2010-11-29 50688]
javvmhhyi1.exe [2010-12-6 42496]
jkvvlmhn.exe [2010-12-7 50688]
k0a3mxno.exe [2010-12-3 42496]
k5g1wxc8.exe [2010-11-25 50688]
kfbwcc3o.exe [2010-11-30 42496]
kgw0m3yy3a.exe [2010-11-25 42496]
l3m30yek.exe [2010-12-6 50688]
lgbh0dyezf1.exe [2010-12-6 42496]
lqwmsnt60f.exe [2010-11-28 50688]
lrss9tu0qq.exe [2010-11-24 43008]
m1cdi81u.exe [2010-12-16 42496]
m9ns86e8.exe [2010-12-1 50688]
mcs0tjp6.exe [2010-11-24 43008]
mdttkffwwsi.exe [2010-12-7 42496]
ms1009lm.exe [2010-12-6 42496]
n2tjkfgb.exe [2010-11-28 42496]
n70uua8bcc.exe [2010-12-16 42496]
niy1uk1bw1.exe [2010-12-4 42496]
Notification de cadeaux MSN.lnk - c:\documents and settings\PC\Data aplikacˇ\Microsoft\Notification de cadeaux MSN\lsnfier.exe [2010-6-5 135680]
ooju3q86sd.exe [2010-12-15 42496]
ooua5r16s.exe [2010-11-23 43008]
ou0vgbbsni.exe [2010-11-26 50688]
p0wxx81o3fg.exe [2010-12-6 50688]
p60bwm3i6.exe [2010-12-9 42496]
pf0bw163j0.exe [2010-12-7 50688]
pkfgbm3otjk.exe [2010-12-1 42496]
pkgw9nyo32.exe [2010-12-2 42496]
pkqlhhdttp.exe [2010-12-1 42496]
pplb66c9.exe [2010-11-28 42496]
pqlr2xnojp6.exe [2010-12-14 42496]
pqrw9nje.exe [2010-11-30 50688]
pqwbcn0o.exe [2010-12-4 50688]
qg0sdtuua.exe [2010-12-3 50688]
qllrs0i3.exe [2010-11-30 42496]
qvq3xxoo0.exe [2010-12-5 50688]
rmns3o1av0.exe [2010-12-7 42496]
rsndep5fbwm.exe [2010-11-25 43008]
rw3ittjk.exe [2010-11-28 50688]
rwc11ukvb.exe [2010-12-3 50688]
rx2o5jfa.exe [2010-11-24 43008]
s3o1klgg.exe [2010-12-1 50688]
s6j2va86sc.exe [2010-12-4 42496]
tj8703gmcs1.exe [2010-12-9 42496]
tu6k3g1cdi.exe [2010-11-24 43008]
tupv60xdnj.exe [2010-11-20 43008]
uzpv2m5hdy.exe [2010-12-14 42496]
v5wcs9tu0q.exe [2010-11-24 43008]
vg70dyee4lg.exe [2010-11-24 43008]
w1xsty81k.exe [2010-12-10 42496]
w81i3upvwwm.exe [2010-12-6 50688]
wcc3eeuvaw.exe [2010-12-6 42496]
wciyeuuvq.exe [2010-12-9 50688]
wnddzppl.exe [2010-11-22 43008]
xinjefkglb.exe [2010-11-29 42496]
xsjzzpv66m.exe [2010-11-24 43008]
xtt2zpqlr66.exe [2010-11-22 43008]
ydozavlm.exe [2010-11-20 43008]
yepkaqmm.exe [2010-12-1 42496]
yyopu86whs.exe [2010-12-1 50688]
ze3a1wxc87.exe [2010-11-24 43008]
zpplq870ndj.exe [2010-11-26 42496]
zq1gw1ni1zf.exe [2010-12-1 42496]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\documents and settings\All Users\Data aplikací\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"
[HKLM\~\startupfolder\C:^Documents and Settings^PC^Nabídka Start^Programy^Po spuštění^OpenOffice.org 2.0.lnk]
path=c:\documents and settings\PC\Nabídka Start\Programy\Po spuštění\OpenOffice.org 2.0.lnk
backup=c:\windows\pss\OpenOffice.org 2.0.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACU]
2005-01-31 06:05 253952 ----a-w- c:\program files\Atheros\ACU.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADMTray.exe]
2005-10-24 14:45 2462208 ----a-w- c:\acer\Empowering Technology\admtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
2009-03-02 11:08 209153 ----a-w- c:\program files\Avira\AntiVir Desktop\avgnt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
2005-12-21 07:02 53248 ------w- c:\program files\Realtek\InstallShield\AzMixerSel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
2005-11-11 18:40 1236992 ----a-w- c:\windows\system32\WLTRAY.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2004-08-18 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
2005-10-19 07:30 69632 ----a-w- c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-11-28 05:52 77824 ----a-r- c:\windows\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-11-28 05:55 118784 ----a-r- c:\windows\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-11-28 05:55 98304 ----a-r- c:\windows\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2005-11-24 04:45 589824 ----a-w- c:\progra~1\LAUNCH~1\LManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2005-12-19 06:52 15797248 ------r- c:\windows\RTHDCPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2007-12-07 14:08 21686568 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"FLEXnet Licensing Service"=3 (0x3)
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Guest\\Data aplikací\\ICQ\\Application\\ICQ7.0\\ICQ.exe"=
"c:\\Documents and Settings\\Guest\\Local Settings\\Data aplikací\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Guest\\Data aplikací\\ICQ\\Application\\ICQ7.1\\ICQ.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Documents and Settings\\All Users\\Data aplikací\\SweetIM\\Messenger\\update\\sweetimsetup.exe"=
"c:\\Program Files\\ICQ7.0\\ICQ.exe"=
"c:\\Program Files\\ICQ7.0\\aolload.exe"=
"c:\\Documents and Settings\\PC\\Data aplikací\\lsass.exe"=
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [14.8.2009 8:33 108289]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [28.8.2010 8:29 135664]
S2 oumzbfqe;oumzbfqe;c:\windows\system32\drivers\oumzbfqe.sys [21.11.2010 7:10 82944]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [23.10.2009 16:51 36608]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [23.10.2009 16:51 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [23.10.2009 16:51 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [23.10.2009 16:51 121856]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
uxtuneup
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{09c89478-9c77-11de-a2a6-0016d4dc7ee9}]
\Shell\AutoRun\command - G:\innyzo.exe
\Shell\explore\Command - G:\innyzo.exe
\Shell\open\Command - G:\innyzo.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0a430c5c-e334-11df-a4b5-0016d4dc7ee9}]
\Shell\AutoRun\command - F:\SETUP.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17bf03d4-79b8-11de-a260-c44d66f39ab7}]
\Shell\AutoRun\command - F:\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5deaf328-173a-11df-a303-0016d4dc7ee9}]
\Shell\AutoRun\command - F:\innyzo.exe
\Shell\explore\Command - F:\innyzo.exe
\Shell\open\Command - F:\innyzo.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7b221e92-d511-11de-a2c1-0016d4dc7ee9}]
\Shell\AutoRun\command - F:\yam.exe
\Shell\explore\command - F:\yam.exe
\Shell\open\command - F:\yam.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d00d165e-30e8-11df-a31d-0016d4dc7ee9}]
\Shell\AutoRun\command - F:\innyzo.exe
\Shell\explore\Command - F:\innyzo.exe
\Shell\open\Command - F:\innyzo.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dd8c66c1-1eb7-11df-a30c-0016d4dc7ee9}]
\Shell\AutoRun\command - innyzo.exe
\Shell\explore\Command - innyzo.exe
\Shell\open\Command - innyzo.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e12c50f1-bb3a-11de-a2b4-0016d4dc7ee9}]
\Shell\AutoRun\command - F:\innyzo.exe
\Shell\explore\Command - F:\innyzo.exe
\Shell\open\Command - F:\innyzo.exe
.
Obsah adresáře 'Naplánované úlohy'
2010-12-10 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2008-01-08 11:31]
2010-12-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]
2010-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-28 07:29]
2010-12-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-28 07:29]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://googleure.com
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://home.sweetim.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: &Download All using 4shared Desktop - c:\program files\4shared Desktop\down_all.htm
IE: &Sample Toolband Serach - c:\windows\system32\ToolBand.dll/MENUSEARCH.HTM
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {{755B05A7-0770-4185-B5F6-E75A2CA527E2} - {755B05A7-0770-4185-B5F6-E75A2CA527E2} - c:\program files\SM\SubsHelper.dll
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\hptpujhs.default\
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
URLSearchHooks-{c2db4fe6-8409-45ce-8010-189a7b5cce86} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)
WebBrowser-{C2DB4FE6-8409-45CE-8010-189A7B5CCE86} - (no file)
HKCU-Run-Z30KYPG3WS - c:\windows\Oqozaj.exe
HKCU-Run-ICQ - ~c:\program files\ICQ7.0\ICQ.exe
SafeBoot-oumzbfqe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-18 13:02
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(244)
c:\windows\system32\msi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\system32\acs.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\acer\Empowering Technology\admServ.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\documents and settings\PC\Data aplikací\Microsoft\Notification de cadeaux MSN\lsnfier.exe
c:\windows\system32\wscntfy.exe
c:\\?\c:\windows\system32\WBEM\WMIADAP.EXE
.
**************************************************************************
.
Celkový čas: 2010-12-18 13:05:06 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-12-18 12:05
Před spuštěním: Volných bajtů: 19 699 040 256
Po spuštění: Volných bajtů: 19 888 414 720
- - End Of File - - 6B97C8E3ED713AE07DEB291F041F1E6D
Re: Prosim o kontrolu, Avira hlasi vir
ted mosim odjed, zpatky budu okolo 20.00hod
-
Caroprd111
- VIP
- Příspěvky: 13492
- Registrován: 22 bře 2009 20:48
- Bydliště: Třebíč
- Kontaktovat uživatele:
Re: Prosim o kontrolu, Avira hlasi vir
Stáhněte na plochu UsbFix http://pagesperso-orange.fr/NosTools/Ch ... UsbFix.exe
- Spusťte, poté klikněte na Deletion.
- Po dokončení na Vás vyskočí log, vložte mi ho sem, případně ho najdete v C:\UsbFix.txt
Spusťte OTL a do spodního okna vložte následující skript.
Kód: Vybrat vše
:Commands
[EMPTYTEMP]
:Files
c:\documents and settings\PC\Nabídka Start\Programy\Po spuštění\*.exe
c:\windows\system32\drivers\oumzbfqe.sys
c:\windows\Hello Kitty.scr
c:\documents and settings\PC\Data aplikací\*.exe
c:\windows\system32\lepydeha.exe
C:\HDTV.exe
c:\documents and settings\PC\MMGJGSPDAM.exe
c:\documents and settings\PC\GGASDPVVAS.exe
c:\windows\system32\davy.exe
c:\windows\system32\tilorehoot.exe
c:\documents and settings\PC\SPMSPVSAVS.exe
c:\documents and settings\PC\MSVSAVDAVD.exe
c:\documents and settings\PC\VSPVSAVDAG.exe
c:\documents and settings\PC\VJGDJGMJGM.exe
c:\windows\system32\wejovood.exe
c:\documents and settings\PC\SPVSPVSAVD.exe
c:\documents and settings\PC\GDJGDAVDAV.exe
c:\windows\system32\jokypakouh.exe
c:\Documents and Settings\PC\Local Settings\temp
:Reg
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"c:\\Documents and Settings\\PC\\Data aplikací\\lsass.exe"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Local Security Authentication Server"=-
"JP595IR86O"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"bfwdrv"=-
:Services
oumzbfqe
Re: Prosim o kontrolu, Avira hlasi vir
############################## | UsbFix 7.014 | [Deletion]
User: PC (Administrator) # NOTEBOOK [ ]
Updated 24/06/10 by El Desaparecido / C_XX
Started at 20:31:28 | 18/12/2010
Website: http://pagesperso-orange.fr/NosTools/index.html
Contact: FindyKill.Contact@gmail.com
CPU: Intel(R) Celeron(R) M CPU 440 @ 1.86GHz
Systém Microsoft Windows XP Professional (5.1.2600 32-Bit) # Service Pack 2
Internet Explorer 6.0.2900.2180
Windows Firewall: Enabled
Antivirus: AntiVir Desktop 9.0.1.32 [Enabled | (!) Outdated]
RAM -> 502 Mb
C:\ (%systemdrive%) -> Fixed drive # 39 Gb (19 Mb free - 48%) [] # NTFS
D:\ -> Fixed drive # 35 Gb (26 Mb free - 72%) [DATA] # NTFS
E:\ -> CD-ROM
F:\ -> Removable drive # 2 Gb (2 Mb free - 91%) [VLAĎKA] # FAT
G:\ -> Removable drive # 244 Mb (85 Mb free - 35%) [KINGSTON] # FAT
H:\ -> Removable drive # 2 Gb (2 Mb free - 92%) [] # FAT
################## | Files # Infected Folders |
Deleted ! C:\Documents and Settings\PC\GDJGDAVDAV.exe
Deleted ! C:\Documents and Settings\PC\GGASDPVVAS.exe
Deleted ! C:\Documents and Settings\PC\MMGJGSPDAM.exe
Deleted ! C:\Documents and Settings\PC\MSVSAVDAVD.exe
Deleted ! C:\Documents and Settings\PC\SPMSPVSAVS.exe
Deleted ! C:\Documents and Settings\PC\SPVSPVSAVD.exe
Deleted ! C:\Documents and Settings\PC\VJGDJGMJGM.exe
Deleted ! C:\Documents and Settings\PC\VSPVSAVDAG.exe
Deleted ! C:\Documents and Settings\PC\Data aplikací\lsass.exe
Deleted ! C:\Documents and Settings\PC\Nabídka Start\Programy\Po spuštění\pkgw9nyo32.exe
Deleted ! C:\DOCUME~1\PC\LOCALS~1\Temp\852.exe
Deleted ! C:\khv
Deleted ! D:\khv
Deleted ! D:\sys
Deleted ! F:\log.txt
Deleted ! C:\Documents and Settings\PC\Dokumenty\Obrázky\20040818\innyzo.exe
Deleted ! C:\Documents and Settings\PC\Nabídka Start\Programy\Po spuštění\1sty81k.exe
Deleted ! C:\Documents and Settings\PC\Nabídka Start\Programy\Po spuštění\hxxnt66k8.exe
################## | Registry |
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives
Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives
################## | Mountpoints2 |
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{09c89478-9c77-11de-a2a6-0016d4dc7ee9}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{17bf03d4-79b8-11de-a260-c44d66f39ab7}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{5deaf328-173a-11df-a303-0016d4dc7ee9}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{7b221e92-d511-11de-a2c1-0016d4dc7ee9}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{d00d165e-30e8-11df-a31d-0016d4dc7ee9}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{dd8c66c1-1eb7-11df-a30c-0016d4dc7ee9}
################## | Listing |
[13/08/2009 - 18:44:19 | D ] C:\Acer
[26/07/2009 - 07:21:23 | A | 0] C:\AUTOEXEC.BAT
[13/09/2009 - 21:12:35 | A | 389] C:\Boot.bak
[17/12/2010 - 23:25:49 | RASH | 506] C:\boot.ini
[18/08/2004 - 13:00:00 | RASH | 4952] C:\Bootfont.bin
[17/12/2010 - 23:25:49 | RASHD ] C:\cmdcons
[03/08/2004 - 23:00:04 | RASH | 261312] C:\cmldr
[18/12/2010 - 13:05:07 | A | 24251] C:\ComboFix.txt
[28/11/2010 - 18:43:33 | D ] C:\Config.Msi
[26/07/2009 - 07:21:23 | A | 0] C:\CONFIG.SYS
[17/12/2010 - 16:46:04 | D ] C:\Documents and Settings
[21/11/2010 - 23:09:01 | A | 85504] C:\HDTV.exe
[26/07/2009 - 07:21:23 | RASH | 0] C:\IO.SYS
[13/08/2009 - 19:20:57 | A | 6] C:\ISACER.ID
[26/07/2009 - 07:21:23 | RASH | 0] C:\MSDOS.SYS
[13/08/2009 - 18:55:10 | RD ] C:\MSOCache
[18/08/2004 - 13:00:00 | RASH | 47564] C:\NTDETECT.COM
[18/08/2004 - 13:00:00 | RASH | 250048] C:\ntldr
[18/12/2010 - 20:28:54 | ASH | 792723456] C:\pagefile.sys
[18/12/2010 - 12:57:05 | RD ] C:\Program Files
[18/12/2010 - 13:06:43 | D ] C:\Qoobox
[18/12/2010 - 20:43:56 | SHD ] C:\RECYCLER
[17/12/2010 - 19:18:21 | D ] C:\rsit
[13/09/2009 - 20:47:45 | SHD ] C:\System Volume Information
[16/08/2010 - 11:45:56 | D ] C:\temp
[18/12/2010 - 20:43:56 | D ] C:\UsbFix
[18/12/2010 - 20:44:00 | A | 3137] C:\UsbFix.txt
[18/12/2010 - 20:30:41 | AD ] C:\WINDOWS
[17/12/2010 - 21:43:48 | D ] C:\_OTL
[04/02/2010 - 18:27:31 | RD ] D:\DVD
[03/10/2010 - 14:55:34 | RD ] D:\games
[11/02/2010 - 19:25:47 | RD ] D:\Hudba
[18/12/2010 - 20:43:56 | SHD ] D:\RECYCLER
[14/08/2009 - 09:01:12 | RD ] D:\Software
[26/07/2009 - 17:16:32 | SHD ] D:\System Volume Information
[17/11/2010 - 16:56:30 | D ] F:\stmívání
[17/12/2010 - 18:15:36 | A | 3993691] F:\ComboFix.exe
[17/12/2010 - 18:13:30 | A | 339991] F:\RSIT.exe
[10/11/2010 - 20:47:48 | D ] F:\velikonoce
[17/11/2010 - 16:58:04 | D ] F:\Alenka v říši divů
[11/12/2010 - 23:32:28 | A | 15667] F:\finále výsl..odt
[07/12/2010 - 13:08:08 | D ] F:\fotky AE jedn. OP
[17/12/2010 - 18:54:18 | A | 52150856] F:\setup_av_free.exe
[17/12/2010 - 18:16:14 | A | 7622112] F:\mbam-setup-1.50.0.0.exe
[17/12/2010 - 19:41:42 | A | 62] F:\keyDDM.txt
[17/12/2010 - 19:45:54 | A | 575488] F:\OTL.exe
[17/12/2010 - 19:47:58 | A | 1533] F:\script.txt
[17/12/2010 - 20:55:50 | A | 99294] F:\OTL.Txt
[17/12/2010 - 20:56:04 | A | 56664] F:\Extras.Txt
[17/12/2010 - 21:41:04 | A | 14784] F:\script2.txt
[18/12/2010 - 13:00:48 | A | 1378] F:\BOOTEX.LOG
[22/02/2010 - 14:16:38 | SH | 2697] F:\AlbumArtSmall.jpg
[22/02/2010 - 14:16:38 | SH | 8361] F:\Folder.jpg
[17/12/2010 - 22:14:54 | A | 57784] F:\12172010_214348.log
[17/12/2010 - 23:14:58 | A | 4628200] F:\WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[18/12/2010 - 13:05:40 | A | 24251] F:\log2.txt
[18/12/2010 - 20:26:48 | A | 1258] F:\script3.txt
[18/12/2010 - 20:27:40 | A | 1224471] F:\UsbFix.exe
[12/12/2010 - 08:59:52 | D ] F:\tabulky finále
[19/10/2007 - 07:53:14 | D ] G:\letáčky
[19/10/2007 - 07:54:40 | D ] G:\kroužky
[15/01/2008 - 12:07:08 | D ] G:\dotace ZK
[10/01/2008 - 13:10:14 | D ] G:\akce
[04/11/2008 - 12:24:38 | D ] G:\OP
[05/12/2010 - 12:49:48 | A | 26404732] G:\alenka++.wav
[26/11/2008 - 18:23:52 | D ] G:\TOUR
[16/08/2007 - 16:19:42 | ASH | 583168] G:\ehthumbs.db
[15/12/2010 - 14:19:00 | D ] G:\finále aerobic tour - foto
[14/03/2008 - 09:39:48 | D ] G:\Vlaďka
[15/01/2008 - 05:58:48 | RSHD ] G:\Recycled
[10/10/2007 - 08:59:42 | RD ] G:\Obrázky
[19/10/2007 - 07:52:30 | D ] G:\dokumenty
[12/08/2010 - 20:56:06 | A | 131593] H:\josh_groban--broken_vow noty.pdf
[11/08/2010 - 19:29:18 | D ] H:\pro broňka
[07/06/2010 - 23:15:48 | A | 20767750] H:\Celine_Dion_-_Let_s_Talk_About_Love.pdf
[13/08/2010 - 08:40:34 | A | 158431] H:\josh_groban__alejate.pdf
[15/08/2010 - 17:57:38 | A | 310784] H:\i will love again.doc
[17/08/2010 - 10:25:40 | A | 93696] H:\texty lara,celine,josh....doc
[17/08/2010 - 19:56:40 | A | 618494] H:\To love you more (C-e-l-i-n-e D-i-o-n).pdf
[17/08/2010 - 19:41:30 | A | 338539] H:\Broken vow (L-a-r-a- F-a-b-i-a-n - J-o-s-h G-r-o-b-a-n).pdf
[17/08/2010 - 19:49:56 | A | 180083] H:\Je me souviens (Lara Fabian).pdf
[02/05/2010 - 13:06:54 | A | 400962] H:\Il ne manquait que toi (Lara F-a-b-i-a-n).pdf
[18/08/2010 - 08:56:50 | A | 20480] H:\lara je me souviens.doc
[23/08/2010 - 09:25:42 | A | 1145344] H:\where is the love 82.doc
[07/06/2010 - 22:55:06 | A | 197902] H:\30 - I will always love you.pdf
[12/08/2010 - 20:56:26 | A | 326387] H:\Memory (Epica).pdf
[12/08/2010 - 20:55:18 | A | 726202] H:\1250_Lara_Fabian-Je_t_aime.pdf
[02/04/2010 - 16:39:14 | A | 231026] H:\gloria_gaynor--i_will_survive noty.pdf
[01/09/2010 - 12:20:48 | A | 141918] H:\josh_groban__to_where_you_are.pdf
[31/08/2010 - 14:04:22 | A | 5993984] H:\when i need you.doc
[12/08/2010 - 20:56:44 | A | 545038] H:\I surrender - Celine Dion.pdf
[02/04/2010 - 16:31:26 | A | 565193] H:\bonnie_tyler--holding_out_for_an_hero noty.pdf
[07/06/2010 - 22:54:28 | A | 2170521] H:\fame.pdf
[01/09/2010 - 16:19:40 | A | 84392] H:\eric_carmen--all_by_myself.pdf
[01/09/2010 - 16:19:48 | A | 257177] H:\celine_dion--all_by_myself.pdf
[02/09/2010 - 23:22:54 | A | 508416] H:\kníška.doc
[06/09/2010 - 11:03:54 | D ] H:\tisk
[03/10/2010 - 12:28:58 | D ] H:\škola
[26/11/2010 - 17:30:04 | D ] H:\pro mamku
################## | Vaccin |
C:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
D:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
F:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
G:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
H:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
################## | Upload |
Please send the file: C:\UsbFix_Upload_Me_NOTEBOOK.zip
http://chiquitine.changelog.fr/Sample/Upload.php
Thank you for your contribution.
################## | E.O.F |
User: PC (Administrator) # NOTEBOOK [ ]
Updated 24/06/10 by El Desaparecido / C_XX
Started at 20:31:28 | 18/12/2010
Website: http://pagesperso-orange.fr/NosTools/index.html
Contact: FindyKill.Contact@gmail.com
CPU: Intel(R) Celeron(R) M CPU 440 @ 1.86GHz
Systém Microsoft Windows XP Professional (5.1.2600 32-Bit) # Service Pack 2
Internet Explorer 6.0.2900.2180
Windows Firewall: Enabled
Antivirus: AntiVir Desktop 9.0.1.32 [Enabled | (!) Outdated]
RAM -> 502 Mb
C:\ (%systemdrive%) -> Fixed drive # 39 Gb (19 Mb free - 48%) [] # NTFS
D:\ -> Fixed drive # 35 Gb (26 Mb free - 72%) [DATA] # NTFS
E:\ -> CD-ROM
F:\ -> Removable drive # 2 Gb (2 Mb free - 91%) [VLAĎKA] # FAT
G:\ -> Removable drive # 244 Mb (85 Mb free - 35%) [KINGSTON] # FAT
H:\ -> Removable drive # 2 Gb (2 Mb free - 92%) [] # FAT
################## | Files # Infected Folders |
Deleted ! C:\Documents and Settings\PC\GDJGDAVDAV.exe
Deleted ! C:\Documents and Settings\PC\GGASDPVVAS.exe
Deleted ! C:\Documents and Settings\PC\MMGJGSPDAM.exe
Deleted ! C:\Documents and Settings\PC\MSVSAVDAVD.exe
Deleted ! C:\Documents and Settings\PC\SPMSPVSAVS.exe
Deleted ! C:\Documents and Settings\PC\SPVSPVSAVD.exe
Deleted ! C:\Documents and Settings\PC\VJGDJGMJGM.exe
Deleted ! C:\Documents and Settings\PC\VSPVSAVDAG.exe
Deleted ! C:\Documents and Settings\PC\Data aplikací\lsass.exe
Deleted ! C:\Documents and Settings\PC\Nabídka Start\Programy\Po spuštění\pkgw9nyo32.exe
Deleted ! C:\DOCUME~1\PC\LOCALS~1\Temp\852.exe
Deleted ! C:\khv
Deleted ! D:\khv
Deleted ! D:\sys
Deleted ! F:\log.txt
Deleted ! C:\Documents and Settings\PC\Dokumenty\Obrázky\20040818\innyzo.exe
Deleted ! C:\Documents and Settings\PC\Nabídka Start\Programy\Po spuštění\1sty81k.exe
Deleted ! C:\Documents and Settings\PC\Nabídka Start\Programy\Po spuštění\hxxnt66k8.exe
################## | Registry |
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives
Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\explorer|NoDrives
################## | Mountpoints2 |
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{09c89478-9c77-11de-a2a6-0016d4dc7ee9}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{17bf03d4-79b8-11de-a260-c44d66f39ab7}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{5deaf328-173a-11df-a303-0016d4dc7ee9}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{7b221e92-d511-11de-a2c1-0016d4dc7ee9}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{d00d165e-30e8-11df-a31d-0016d4dc7ee9}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{dd8c66c1-1eb7-11df-a30c-0016d4dc7ee9}
################## | Listing |
[13/08/2009 - 18:44:19 | D ] C:\Acer
[26/07/2009 - 07:21:23 | A | 0] C:\AUTOEXEC.BAT
[13/09/2009 - 21:12:35 | A | 389] C:\Boot.bak
[17/12/2010 - 23:25:49 | RASH | 506] C:\boot.ini
[18/08/2004 - 13:00:00 | RASH | 4952] C:\Bootfont.bin
[17/12/2010 - 23:25:49 | RASHD ] C:\cmdcons
[03/08/2004 - 23:00:04 | RASH | 261312] C:\cmldr
[18/12/2010 - 13:05:07 | A | 24251] C:\ComboFix.txt
[28/11/2010 - 18:43:33 | D ] C:\Config.Msi
[26/07/2009 - 07:21:23 | A | 0] C:\CONFIG.SYS
[17/12/2010 - 16:46:04 | D ] C:\Documents and Settings
[21/11/2010 - 23:09:01 | A | 85504] C:\HDTV.exe
[26/07/2009 - 07:21:23 | RASH | 0] C:\IO.SYS
[13/08/2009 - 19:20:57 | A | 6] C:\ISACER.ID
[26/07/2009 - 07:21:23 | RASH | 0] C:\MSDOS.SYS
[13/08/2009 - 18:55:10 | RD ] C:\MSOCache
[18/08/2004 - 13:00:00 | RASH | 47564] C:\NTDETECT.COM
[18/08/2004 - 13:00:00 | RASH | 250048] C:\ntldr
[18/12/2010 - 20:28:54 | ASH | 792723456] C:\pagefile.sys
[18/12/2010 - 12:57:05 | RD ] C:\Program Files
[18/12/2010 - 13:06:43 | D ] C:\Qoobox
[18/12/2010 - 20:43:56 | SHD ] C:\RECYCLER
[17/12/2010 - 19:18:21 | D ] C:\rsit
[13/09/2009 - 20:47:45 | SHD ] C:\System Volume Information
[16/08/2010 - 11:45:56 | D ] C:\temp
[18/12/2010 - 20:43:56 | D ] C:\UsbFix
[18/12/2010 - 20:44:00 | A | 3137] C:\UsbFix.txt
[18/12/2010 - 20:30:41 | AD ] C:\WINDOWS
[17/12/2010 - 21:43:48 | D ] C:\_OTL
[04/02/2010 - 18:27:31 | RD ] D:\DVD
[03/10/2010 - 14:55:34 | RD ] D:\games
[11/02/2010 - 19:25:47 | RD ] D:\Hudba
[18/12/2010 - 20:43:56 | SHD ] D:\RECYCLER
[14/08/2009 - 09:01:12 | RD ] D:\Software
[26/07/2009 - 17:16:32 | SHD ] D:\System Volume Information
[17/11/2010 - 16:56:30 | D ] F:\stmívání
[17/12/2010 - 18:15:36 | A | 3993691] F:\ComboFix.exe
[17/12/2010 - 18:13:30 | A | 339991] F:\RSIT.exe
[10/11/2010 - 20:47:48 | D ] F:\velikonoce
[17/11/2010 - 16:58:04 | D ] F:\Alenka v říši divů
[11/12/2010 - 23:32:28 | A | 15667] F:\finále výsl..odt
[07/12/2010 - 13:08:08 | D ] F:\fotky AE jedn. OP
[17/12/2010 - 18:54:18 | A | 52150856] F:\setup_av_free.exe
[17/12/2010 - 18:16:14 | A | 7622112] F:\mbam-setup-1.50.0.0.exe
[17/12/2010 - 19:41:42 | A | 62] F:\keyDDM.txt
[17/12/2010 - 19:45:54 | A | 575488] F:\OTL.exe
[17/12/2010 - 19:47:58 | A | 1533] F:\script.txt
[17/12/2010 - 20:55:50 | A | 99294] F:\OTL.Txt
[17/12/2010 - 20:56:04 | A | 56664] F:\Extras.Txt
[17/12/2010 - 21:41:04 | A | 14784] F:\script2.txt
[18/12/2010 - 13:00:48 | A | 1378] F:\BOOTEX.LOG
[22/02/2010 - 14:16:38 | SH | 2697] F:\AlbumArtSmall.jpg
[22/02/2010 - 14:16:38 | SH | 8361] F:\Folder.jpg
[17/12/2010 - 22:14:54 | A | 57784] F:\12172010_214348.log
[17/12/2010 - 23:14:58 | A | 4628200] F:\WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[18/12/2010 - 13:05:40 | A | 24251] F:\log2.txt
[18/12/2010 - 20:26:48 | A | 1258] F:\script3.txt
[18/12/2010 - 20:27:40 | A | 1224471] F:\UsbFix.exe
[12/12/2010 - 08:59:52 | D ] F:\tabulky finále
[19/10/2007 - 07:53:14 | D ] G:\letáčky
[19/10/2007 - 07:54:40 | D ] G:\kroužky
[15/01/2008 - 12:07:08 | D ] G:\dotace ZK
[10/01/2008 - 13:10:14 | D ] G:\akce
[04/11/2008 - 12:24:38 | D ] G:\OP
[05/12/2010 - 12:49:48 | A | 26404732] G:\alenka++.wav
[26/11/2008 - 18:23:52 | D ] G:\TOUR
[16/08/2007 - 16:19:42 | ASH | 583168] G:\ehthumbs.db
[15/12/2010 - 14:19:00 | D ] G:\finále aerobic tour - foto
[14/03/2008 - 09:39:48 | D ] G:\Vlaďka
[15/01/2008 - 05:58:48 | RSHD ] G:\Recycled
[10/10/2007 - 08:59:42 | RD ] G:\Obrázky
[19/10/2007 - 07:52:30 | D ] G:\dokumenty
[12/08/2010 - 20:56:06 | A | 131593] H:\josh_groban--broken_vow noty.pdf
[11/08/2010 - 19:29:18 | D ] H:\pro broňka
[07/06/2010 - 23:15:48 | A | 20767750] H:\Celine_Dion_-_Let_s_Talk_About_Love.pdf
[13/08/2010 - 08:40:34 | A | 158431] H:\josh_groban__alejate.pdf
[15/08/2010 - 17:57:38 | A | 310784] H:\i will love again.doc
[17/08/2010 - 10:25:40 | A | 93696] H:\texty lara,celine,josh....doc
[17/08/2010 - 19:56:40 | A | 618494] H:\To love you more (C-e-l-i-n-e D-i-o-n).pdf
[17/08/2010 - 19:41:30 | A | 338539] H:\Broken vow (L-a-r-a- F-a-b-i-a-n - J-o-s-h G-r-o-b-a-n).pdf
[17/08/2010 - 19:49:56 | A | 180083] H:\Je me souviens (Lara Fabian).pdf
[02/05/2010 - 13:06:54 | A | 400962] H:\Il ne manquait que toi (Lara F-a-b-i-a-n).pdf
[18/08/2010 - 08:56:50 | A | 20480] H:\lara je me souviens.doc
[23/08/2010 - 09:25:42 | A | 1145344] H:\where is the love 82.doc
[07/06/2010 - 22:55:06 | A | 197902] H:\30 - I will always love you.pdf
[12/08/2010 - 20:56:26 | A | 326387] H:\Memory (Epica).pdf
[12/08/2010 - 20:55:18 | A | 726202] H:\1250_Lara_Fabian-Je_t_aime.pdf
[02/04/2010 - 16:39:14 | A | 231026] H:\gloria_gaynor--i_will_survive noty.pdf
[01/09/2010 - 12:20:48 | A | 141918] H:\josh_groban__to_where_you_are.pdf
[31/08/2010 - 14:04:22 | A | 5993984] H:\when i need you.doc
[12/08/2010 - 20:56:44 | A | 545038] H:\I surrender - Celine Dion.pdf
[02/04/2010 - 16:31:26 | A | 565193] H:\bonnie_tyler--holding_out_for_an_hero noty.pdf
[07/06/2010 - 22:54:28 | A | 2170521] H:\fame.pdf
[01/09/2010 - 16:19:40 | A | 84392] H:\eric_carmen--all_by_myself.pdf
[01/09/2010 - 16:19:48 | A | 257177] H:\celine_dion--all_by_myself.pdf
[02/09/2010 - 23:22:54 | A | 508416] H:\kníška.doc
[06/09/2010 - 11:03:54 | D ] H:\tisk
[03/10/2010 - 12:28:58 | D ] H:\škola
[26/11/2010 - 17:30:04 | D ] H:\pro mamku
################## | Vaccin |
C:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
D:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
F:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
G:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
H:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
################## | Upload |
Please send the file: C:\UsbFix_Upload_Me_NOTEBOOK.zip
http://chiquitine.changelog.fr/Sample/Upload.php
Thank you for your contribution.
################## | E.O.F |
Přispějete na provoz fóra?