dobrý den prosím o kontrolu logu. predem díky.
Logfile of random's system information tool 1.08 (written by random/random)
Run by vasek at 2011-01-03 18:56:46
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 16 GB (31%) free of 50 GB
Total RAM: 3071 MB (82% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:56:51, on 3.1.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\windows\nvsvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\vasek\Plocha\RSIT.exe
C:\Program Files\trend micro\vasek.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [NVIDIA driver monitor] c:\windows\nvsvc32.exe
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstall ... er=9.0.872
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NVIDIA driver monitor] c:\windows\nvsvc32.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 8508448812
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) - http://liveupdate.msi.com.tw/autobios/L ... nstall.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
--
End of file - 8083 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\OGALogon.job
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-343818398-448539723-682003330-1003.job
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-343818398-448539723-682003330-1003.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{DBDF54B3-4DEC-4DED-B3D0-02200A008EA7}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-09-15 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-09-15 79648]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-04-10 16861184]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-02-25 61440]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-10-22 86016]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2006-01-12 155648]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-05-26 413696]
"SsAAD.exe"=C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe [2006-01-07 81920]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-03-27 202256]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
"ATICustomerCare"=C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe [2010-05-04 311296]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2010-12-31 3395600]
"NVIDIA driver monitor"=c:\windows\nvsvc32.exe [2011-01-03 87552]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"=cmd.exe /c start http://www.avg.com/ww.special-uninstall ... er=9.0.872 []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"NVIDIA driver monitor"=c:\windows\nvsvc32.exe [2011-01-03 87552]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2010-09-11 159744]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"D:\GAMES\Counter-Strike Source\hl2.exe"="D:\GAMES\Counter-Strike Source\hl2.exe:*:Enabled:hl2"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"D:\GAMES\FarCry 2\Far Cry 2\bin\FarCry2.exe"="D:\GAMES\FarCry 2\Far Cry 2\bin\FarCry2.exe:*:Enabled:Far Cry 2"
"D:\GAMES\FarCry 2\Far Cry 2\bin\FC2Launcher.exe"="D:\GAMES\FarCry 2\Far Cry 2\bin\FC2Launcher.exe:*:Enabled:Far Cry 2 Updater"
"D:\GAMES\FarCry 2\Far Cry 2\bin\FC2Editor.exe"="D:\GAMES\FarCry 2\Far Cry 2\bin\FC2Editor.exe:*:Enabled:Editor"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"D:\GAMES\Titan quest\Immortal Throne\Tqit.exe"="D:\GAMES\Titan quest\Immortal Throne\Tqit.exe:*:Enabled:Tqit"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"D:\GAMES\TQ\Titan quest - immortal throne\Tqit.exe"="D:\GAMES\TQ\Titan quest - immortal throne\Tqit.exe:*:Enabled:Tqit"
"D:\GAMES\DESCENT\d1x-rebirth-gl.exe"="D:\GAMES\DESCENT\d1x-rebirth-gl.exe:*:Enabled:d1x-rebirth-gl"
"D:\GAMES\NFS U2\speed2.exe"="D:\GAMES\NFS U2\speed2.exe:*:Enabled:speed2"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Garena\Garena.exe"="C:\Program Files\Garena\Garena.exe:*:Enabled:Garena"
"D:\GAMES\Warcraft III\Warcraft III\War3.exe"="D:\GAMES\Warcraft III\Warcraft III\War3.exe:*:Enabled:Warcraft III"
"C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe"="C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe"="C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe:*:Enabled:umi"
"C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe"="C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe:*:Enabled:Pinnacle VideoSpin"
"C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe"="C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher"
"C:\Program Files\Ubisoft\Assassin's Creed II\server.exe"="C:\Program Files\Ubisoft\Assassin's Creed II\server.exe:*:Enabled:server"
"D:\GAMES\Battlefield BC2\BFBC2Updater.exe"="D:\GAMES\Battlefield BC2\BFBC2Updater.exe:*:Enabled:Battlefield: Bad Company™ 2"
"D:\GAMES\WoW\World of Warcraft\Launcher.exe"="D:\GAMES\WoW\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ"
"D:\GAMES\WoW\World of Warcraft\BackgroundDownloader.exe"="D:\GAMES\WoW\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"D:\GAMES\WoW\World of Warcraft\Launcher.patch.exe"="D:\GAMES\WoW\World of Warcraft\Launcher.patch.exe:*:Enabled:Blizzard Launcher"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Documents and Settings\vasek\Local Settings\Apps\2.0\GW2TLZWM.GCP\TZ14CAPT.ONG\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\CurseClient.exe"="C:\Documents and Settings\vasek\Local Settings\Apps\2.0\GW2TLZWM.GCP\TZ14CAPT.ONG\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\CurseClient.exe:*:Enabled:Curse Client 4.0"
"C:\Documents and Settings\vasek\Plocha\facebook-pic00005267.exe"="c:\windows\nvsvc32.exe:*:Enabled:NVIDIA driver monitor"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"
======List of files/folders created in the last 1 months======
2011-01-03 18:56:46 ----D---- C:\rsit
2011-01-03 18:51:04 ----RSH---- C:\WINDOWS\nvsvc32.exe
2011-01-02 17:40:17 ----D---- C:\WINDOWS\system32\drivers\avg
2011-01-02 14:31:25 ----A---- C:\WINDOWS\system32\drivers\aswTdi.sys
2011-01-02 14:31:25 ----A---- C:\WINDOWS\system32\drivers\aswSP.sys
2011-01-02 14:31:25 ----A---- C:\WINDOWS\system32\drivers\aswRdr.sys
2011-01-02 14:31:25 ----A---- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011-01-02 14:31:24 ----A---- C:\WINDOWS\system32\drivers\aswmon2.sys
2011-01-02 14:31:24 ----A---- C:\WINDOWS\system32\drivers\aswmon.sys
2011-01-02 14:31:24 ----A---- C:\WINDOWS\system32\drivers\aavmker4.sys
2011-01-02 14:31:09 ----A---- C:\WINDOWS\system32\aswBoot.exe
2011-01-02 14:31:05 ----D---- C:\Program Files\Alwil Software
2011-01-02 14:31:05 ----D---- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
2010-12-19 17:24:56 ----A---- C:\WINDOWS\system32\ptpusb.dll
2010-12-19 17:24:55 ----A---- C:\WINDOWS\system32\ptpusd.dll
2010-12-19 17:24:55 ----A---- C:\WINDOWS\system32\drivers\usbscan.sys
2010-12-16 00:53:24 ----HDC---- C:\WINDOWS\$NtUninstallKB2296199$
2010-12-16 00:53:21 ----HDC---- C:\WINDOWS\$NtUninstallKB2443105$
2010-12-16 00:53:01 ----HDC---- C:\WINDOWS\$NtUninstallKB2440591$
2010-12-16 00:52:58 ----HDC---- C:\WINDOWS\$NtUninstallKB2443685$
2010-12-16 00:52:55 ----HDC---- C:\WINDOWS\$NtUninstallKB2436673$
2010-12-16 00:52:52 ----HDC---- C:\WINDOWS\$NtUninstallKB2467659$
2010-12-16 00:50:45 ----HDC---- C:\WINDOWS\$NtUninstallKB2423089$
======List of files/folders modified in the last 1 months======
2011-01-03 18:56:47 ----D---- C:\Program Files\trend micro
2011-01-03 18:55:16 ----D---- C:\WINDOWS\Temp
2011-01-03 18:54:07 ----D---- C:\WINDOWS\Prefetch
2011-01-03 18:53:19 ----SD---- C:\WINDOWS\Tasks
2011-01-03 18:51:32 ----D---- C:\WINDOWS\system32
2011-01-03 18:51:04 ----D---- C:\WINDOWS
2011-01-03 18:17:58 ----A---- C:\WINDOWS\NeroDigital.ini
2011-01-03 17:58:43 ----D---- C:\WINDOWS\system32\CatRoot2
2011-01-03 08:19:24 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-01-02 17:40:17 ----D---- C:\WINDOWS\system32\drivers
2011-01-02 14:35:54 ----D---- C:\Documents and Settings\All Users\Data aplikací\avg9
2011-01-02 14:31:20 ----SHD---- C:\WINDOWS\Installer
2011-01-02 14:31:19 ----D---- C:\WINDOWS\WinSxS
2011-01-02 14:31:05 ----RD---- C:\Program Files
2011-01-02 13:26:00 ----D---- C:\Documents and Settings\vasek\Data aplikací\Media Player Classic
2011-01-02 13:25:59 ----D---- C:\WINDOWS\Debug
2011-01-02 12:15:06 ----HD---- C:\$AVG8.VAULT$
2010-12-19 17:25:01 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-12-18 16:39:25 ----D---- C:\Program Files\Microsoft Silverlight
2010-12-16 06:56:29 ----HD---- C:\WINDOWS\inf
2010-12-16 00:53:15 ----D---- C:\Program Files\Internet Explorer
2010-12-16 00:53:05 ----HD---- C:\WINDOWS\$hf_mig$
2010-12-16 00:50:54 ----A---- C:\WINDOWS\system32\MRT.exe
2010-12-16 00:50:47 ----D---- C:\Program Files\Outlook Express
2010-12-12 23:55:11 ----D---- C:\Program Files\USDownloader
2010-12-10 23:10:23 ----D---- C:\Program Files\Mozilla Firefox
2010-12-05 16:38:52 ----D---- C:\Documents and Settings\vasek\Data aplikací\Skype
2010-12-04 22:12:35 ----D---- C:\Documents and Settings\vasek\Data aplikací\skypePM
2010-12-04 15:45:30 ----D---- C:\Documents and Settings\vasek\Data aplikací\ICQ
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 nvata;nvata; C:\WINDOWS\system32\DRIVERS\nvata.sys [2006-08-21 105344]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2005-04-25 20640]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-11-26 691696]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-07-13 91904]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-12-31 29264]
R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 42496]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-12-31 23632]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-12-31 293968]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-12-31 47440]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-12-31 17744]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-12-31 100176]
R2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-14 88192]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2010-09-11 5417472]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-04-17 4707328]
R3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-09-11 57856]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-09-11 19968]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 agx7j1by;agx7j1by; C:\WINDOWS\system32\drivers\agx7j1by.sys []
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
S3 catchme;catchme; \??\C:\DOCUME~1\vasek\LOCALS~1\Temp\catchme.sys []
S3 GarenaPEngine;GarenaPEngine; \??\C:\DOCUME~1\vasek\LOCALS~1\Temp\PKP206.tmp []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2010-02-03 26176]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-04 1389056]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2010-02-26 18176]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2010-02-26 22528]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-10-22 3994624]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2010-02-26 8192]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2010-02-26 8192]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-07-13 132224]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2010-09-11 606208]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-12-31 40384]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-08-16 297752]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-09-15 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2010-06-29 75064]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-02-25 593920]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-22 159810]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [2005-11-24 53337]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2005-11-24 53337]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-06-14 615936]
S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2005-11-24 69718]
S3 SSScsiSV;SonicStage SCSI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe [2006-01-06 69632]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosim o preventivku.
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Prosim o preventivku.
Zdravim a pekny den preji 
Predpokladam ze mate problem s FB - samo si povida s okolim a spamuje Vam ostatni pratele
Pere se Vam tam Avast a AVG, doporucuji dat pryc AVG (slabsi detekce, vysoka zatez OS) - zde je remover http://download.avg.com/filedir/util/su ... 1_1184.exe
Dejte mi chvili nez napisu skript na smazani...
Predpokladam ze mate problem s FB - samo si povida s okolim a spamuje Vam ostatni pratele Pere se Vam tam Avast a AVG, doporucuji dat pryc AVG (slabsi detekce, vysoka zatez OS) - zde je remover http://download.avg.com/filedir/util/su ... 1_1184.exe Dejte mi chvili nez napisu skript na smazani..."Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen
od 1. února 2011.
Člen
od 1. února 2011.Re: Prosim o preventivku.
máte pravdu. omylem se otevrel soubor z FB
tady je odkaz na virustotal kde jsem soubor otestoval
http://www.virustotal.com/file-scan/rep ... 1294077731
moc vám děkuji
tady je odkaz na virustotal kde jsem soubor otestoval
http://www.virustotal.com/file-scan/rep ... 1294077731
moc vám děkuji
Re: Prosim o preventivku.
Stahnete OTM (viz muj podpis)
- Pokud pouzivate Win Vista ci W7, kliknete na OTM pravym a dejte Run As Administrator ci Spustit jako spravce
- Do leveho okna Paste Instructions for Items to be Moved (pod zlutou caru) vlozte obsah, ktery mate nize
Kód: Vybrat vše
:reg [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "TkBellExe"=- "SunJavaUpdateSched"=- "Adobe Reader Speed Launcher"=- "Adobe ARM"=- "NVIDIA driver monitor"=- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce] "AvgUninstallURL"=- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "NVIDIA driver monitor"=- [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\Documents and Settings\vasek\Plocha\facebook-pic00005267.exe"=- :files C:\Documents and Settings\vasek\Plocha\facebook-pic00005267.exe c:\windows\nvsvc32.exe C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-343818398-448539723-682003330-1003.job C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-343818398-448539723-682003330-1003.job C:\WINDOWS\tasks\User_Feed_Synchronization-{DBDF54B3-4DEC-4DED-B3D0-02200A008EA7}.job %windir%\system32\*.tmp.dll /s %windir%\system32\SET*.tmp /s %windir%\*.tmp /s :commands [RESETHOSTS] [EMPTYTEMP] [EMPTYFLASH]- Kliknete na cervene tlacitko MoveIt!
- Budete vyzvani na restart, dejte Yes, log pote najdete C:\_OTM\MovedFiles, obsah sem vlozte
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Prosim o preventivku.
log z OTM:
All processes killed
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\TkBellExe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NVIDIA driver monitor deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\AvgUninstallURL deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\NVIDIA driver monitor deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Documents and Settings\vasek\Plocha\facebook-pic00005267.exe deleted successfully.
========== FILES ==========
C:\Documents and Settings\vasek\Plocha\facebook-pic00005267.exe moved successfully.
c:\windows\nvsvc32.exe moved successfully.
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-343818398-448539723-682003330-1003.job moved successfully.
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-343818398-448539723-682003330-1003.job moved successfully.
C:\WINDOWS\tasks\User_Feed_Synchronization-{DBDF54B3-4DEC-4DED-B3D0-02200A008EA7}.job moved successfully.
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP135.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP150.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1AF.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP209.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP218.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP22F.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP286.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP349.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP6C.tmp folder moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: vasek
->Temp folder emptied: 21449301 bytes
->Temporary Internet Files folder emptied: 1275118 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 54524432 bytes
->Flash cache emptied: 1334 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 33251 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 32392906 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 105,00 mb
OTM by OldTimer - Version 3.1.17.2 log created on 01032011_191425
Files moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.
Registry entries deleted on Reboot...
take se mi ted po otevreni toho souboru pri kazdem restartu PC automaticky v "Centrum zabezpečení systemu Windows" vypnou automaticke aktualizace....da se to nejak odstranit ?
a take AVG jsem jiz odstranoval ručně pomoce CCleaneru...takze avgremover.log byl plny erorru...mas Vám pro jistotu tento log zkopirovat? predem diky
All processes killed
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\TkBellExe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NVIDIA driver monitor deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\AvgUninstallURL deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\NVIDIA driver monitor deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Documents and Settings\vasek\Plocha\facebook-pic00005267.exe deleted successfully.
========== FILES ==========
C:\Documents and Settings\vasek\Plocha\facebook-pic00005267.exe moved successfully.
c:\windows\nvsvc32.exe moved successfully.
C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-343818398-448539723-682003330-1003.job moved successfully.
C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-343818398-448539723-682003330-1003.job moved successfully.
C:\WINDOWS\tasks\User_Feed_Synchronization-{DBDF54B3-4DEC-4DED-B3D0-02200A008EA7}.job moved successfully.
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP135.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP150.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1AF.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP209.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP218.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP22F.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP286.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP349.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP6C.tmp folder moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: vasek
->Temp folder emptied: 21449301 bytes
->Temporary Internet Files folder emptied: 1275118 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 54524432 bytes
->Flash cache emptied: 1334 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 33251 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 32392906 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 105,00 mb
OTM by OldTimer - Version 3.1.17.2 log created on 01032011_191425
Files moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.
Registry entries deleted on Reboot...
take se mi ted po otevreni toho souboru pri kazdem restartu PC automaticky v "Centrum zabezpečení systemu Windows" vypnou automaticke aktualizace....da se to nejak odstranit ?
a take AVG jsem jiz odstranoval ručně pomoce CCleaneru...takze avgremover.log byl plny erorru...mas Vám pro jistotu tento log zkopirovat? predem diky
Re: Prosim o preventivku.
Log z AVG removeru mi poslete na vyosek@forum.viry.cz Stahnete OTL (viz muj podpis) a ulozte jej na plochu
- Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
- Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
- Zaskrtnete okenko Pro vsechny uzivatele
- Zaskrtnete okenko Kontrola na havet "LOP"
- Zaskrtnete okenko Kontrola na havet "Purity"
- Stari souboru zmente z 30 dnu na 7 dnu
- Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize
Kód: Vybrat vše
netsvcs drivers32 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s c:\windows\*.* /U %SYSTEMDRIVE%\*.exe %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s /md5start eventlog.dll scecli.dll netlogon.dll cngaudit.dll sceclt.dll ntelogon.dll logevent.dll iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys nvrd32.sys symmpi.sys adp3132.sys mv61xx.sys nvraid.sys ndis.sys winlogon.exe explorer.exe userinit.exe lsass.exe svchost.exe smss.exe hal.dll ws2_32.dll tcpip.sys cryptsvc.dll Changer.sys JakNDis.sys isapnp.sys cdrom.sys autochk.exe /md5stop %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\system32\*.dll /lockedfiles reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c %systemroot%\system32\drivers\*.sys /3 %systemroot%\system32\*.* /3 CREATERESTOREPOINT- Kliknete na tlacitko Prohledat
- Po dokonceni skenu (cca 5 az 10 min) se objevi logy OTL.txt a Extras.txt, vlozte mi sem jen OTL.txt
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Prosim o preventivku.
Lof z OTL:
OTL logfile created on: 3.1.2011 19:32:28 - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Documents and Settings\vasek\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 84,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 93,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 16,94 Gb Free Space | 34,70% Space Free | Partition Type: NTFS
Drive D: | 137,47 Gb Total Space | 17,50 Gb Free Space | 12,73% Space Free | Partition Type: NTFS
Drive F: | 465,65 Gb Total Space | 86,67 Gb Free Space | 18,61% Space Free | Partition Type: FAT32
Computer Name: JR | User Name: vasek | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
========== Processes (SafeList) ==========
PRC - [2011.01.03 19:30:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\vasek\Plocha\OTL.exe
PRC - [2010.12.31 21:06:35 | 003,395,600 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010.12.31 21:06:34 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010.12.10 23:10:12 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008.04.14 13:00:00 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.01.07 01:36:10 | 000,081,920 | ---- | M] () -- C:\Program Files\Sony\SonicStage\SSAAD.exe
========== Modules (SafeList) ==========
MOD - [2011.01.03 19:30:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\vasek\Plocha\OTL.exe
MOD - [2010.12.31 21:06:33 | 000,187,144 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010.08.23 17:12:33 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010.12.31 21:06:34 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010.06.14 14:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2006.01.06 21:25:12 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2005.11.24 16:03:22 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2005.11.24 15:57:44 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2005.11.24 15:47:30 | 000,069,718 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\vasek\LOCALS~1\Temp\PKP206.tmp -- (GarenaPEngine)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\vasek\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010.12.31 21:00:18 | 000,293,968 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010.12.31 20:59:23 | 000,047,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010.12.31 20:59:11 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010.12.31 20:56:49 | 000,023,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010.12.31 20:56:29 | 000,029,264 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010.12.31 20:56:27 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010.09.11 03:19:16 | 005,417,472 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010.02.26 13:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010.02.26 13:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010.02.26 13:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010.02.26 13:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010.02.03 13:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009.11.26 08:25:44 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.08.05 19:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008.04.17 15:33:26 | 004,707,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008.04.14 13:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2006.10.22 11:22:00 | 003,994,624 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006.09.11 18:45:38 | 000,019,968 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006.09.11 18:45:36 | 000,057,856 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006.08.21 17:24:28 | 000,105,344 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2006.01.04 14:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2005.03.09 14:53:00 | 000,042,496 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2001.08.17 22:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-343818398-448539723-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
IE - HKU\S-1-5-21-343818398-448539723-682003330-1003\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-343818398-448539723-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz"
FF - prefs.js..extensions.enabledItems: npfax@microgaming.co.uk:2.1.0.19
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.732
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_result ... r=1.1.6&q="
FF - HKLM\software\mozilla\Firefox\extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\
FF - HKLM\software\mozilla\Firefox\extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010.08.08 19:14:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.10 23:10:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.10 23:10:16 | 000,000,000 | ---D | M]
[2009.04.13 18:47:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\vasek\Data aplikací\Mozilla\Extensions
[2011.01.03 18:32:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\vasek\Data aplikací\Mozilla\Firefox\Profiles\trtlz84k.default\extensions
[2010.04.27 20:41:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\vasek\Data aplikací\Mozilla\Firefox\Profiles\trtlz84k.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.01.23 10:19:20 | 000,000,000 | ---D | M] (Flash AX Control) -- C:\Documents and Settings\vasek\Data aplikací\Mozilla\Firefox\Profiles\trtlz84k.default\extensions\npfax@microgaming.co.uk
[2009.11.26 08:25:48 | 000,002,059 | ---- | M] () -- C:\Documents and Settings\vasek\Data aplikací\Mozilla\Firefox\Profiles\trtlz84k.default\searchplugins\daemon-search.xml
[2011.01.01 14:31:20 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\vasek\Data aplikací\Mozilla\Firefox\Profiles\trtlz84k.default\searchplugins\icqplugin-1.xml
[2010.09.07 20:37:00 | 000,001,056 | ---- | M] () -- C:\Documents and Settings\vasek\Data aplikací\Mozilla\Firefox\Profiles\trtlz84k.default\searchplugins\icqplugin.xml
[2011.01.03 18:32:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.05.02 14:58:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.13 20:57:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.01 16:34:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\VASEK\DATA APLIKACĂ\MOZILLA\FIREFOX\PROFILES\TRTLZ84K.DEFAULT\EXTENSIONS\{20A82645-C095-46ED-80E3-08825760534B}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\VASEK\DATA APLIKACĂ\MOZILLA\FIREFOX\PROFILES\TRTLZ84K.DEFAULT\EXTENSIONS\NPFAX@MICROGAMING.CO.UK
[2009.04.14 15:12:55 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010.08.08 19:14:13 | 000,000,000 | ---D | M] (PC Sync 2 Synchronisation Extension) -- C:\PROGRAM FILES\NOKIA\NOKIA PC SUITE 7\BKMRKSYNC
[2010.09.15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.07.26 10:56:53 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.07.26 10:56:53 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.07.26 10:56:53 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.07.26 10:56:53 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.07.26 10:56:53 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml
O1 HOSTS File: ([2011.01.03 19:14:38 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O3 - HKU\S-1-5-21-343818398-448539723-682003330-1003\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SsAAD.exe] C:\Program Files\Sony\SonicStage\SSAAD.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 [2010.12.22 17:46:21 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 [2010.12.22 17:46:21 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 [2010.12.22 17:46:21 | 000,000,000 | ---D | M]
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-343818398-448539723-682003330-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-343818398-448539723-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-343818398-448539723-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-343818398-448539723-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O15 - HKU\S-1-5-21-343818398-448539723-682003330-1003\..Trusted Domains: com.tw ([asia.msi] http in Trusted sites)
O15 - HKU\S-1-5-21-343818398-448539723-682003330-1003\..Trusted Domains: com.tw ([global.msi] http in Trusted sites)
O15 - HKU\S-1-5-21-343818398-448539723-682003330-1003\..Trusted Domains: com.tw ([www.msi] http in Trusted sites)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftup ... 8508448812 (MUWebControl Class)
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} http://liveupdate.msi.com.tw/autobios/L ... nstall.cab (WebSDev Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.191.99.9 212.80.66.7
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Nebe.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Nebe.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.03.27 17:08:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{61e6ee87-0de4-11e0-892c-001617d6a149}\Shell - "" = AutoRun
O33 - MountPoints2\{61e6ee87-0de4-11e0-892c-001617d6a149}\Shell\AutoRun\command - "" = F:\DTLplus_Launcher.exe -- File not found
O33 - MountPoints2\{8d1aec6c-e5f8-11df-88d6-001617d6a149}\Shell\AutoRun\command - "" = H:\Web'n'walk_Helper.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\WINDOWS\System32\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)
Unable to start service SrService!
========== Files/Folders - Created Within 7 Days ==========
[2011.01.03 19:30:29 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\vasek\Plocha\OTL.exe
[2011.01.03 19:14:25 | 000,000,000 | ---D | C] -- C:\_OTM
[2011.01.03 18:56:46 | 000,000,000 | ---D | C] -- C:\rsit
[2011.01.02 14:31:25 | 000,293,968 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011.01.02 14:31:25 | 000,047,440 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011.01.02 14:31:25 | 000,023,632 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011.01.02 14:31:25 | 000,017,744 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011.01.02 14:31:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\avast! Free Antivirus
[2011.01.02 14:31:24 | 000,100,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011.01.02 14:31:24 | 000,094,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011.01.02 14:31:24 | 000,029,264 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011.01.02 14:31:09 | 000,188,216 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011.01.02 14:31:09 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011.01.02 14:31:05 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2011.01.02 14:31:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
[2011.01.02 13:26:04 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\vasek\Recent
========== Files - Modified Within 7 Days ==========
[2011.01.03 19:30:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\vasek\Plocha\OTL.exe
[2011.01.03 19:16:10 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.01.03 19:16:01 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2011.01.03 19:15:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.01.03 19:14:38 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011.01.03 18:17:58 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011.01.03 17:57:54 | 000,220,160 | ---- | M] () -- C:\Documents and Settings\vasek\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.01.02 19:26:58 | 000,000,655 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\World of Warcraft.lnk
[2011.01.02 14:43:50 | 000,002,553 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011.01.02 14:31:25 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\avast! Free Antivirus.lnk
[2011.01.02 00:16:45 | 710,163,646 | ---- | M] () -- C:\Documents and Settings\vasek\Plocha\Svědek na zabití.avi
[2010.12.31 21:06:36 | 000,038,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2010.12.31 21:06:33 | 000,188,216 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010.12.31 21:00:18 | 000,293,968 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010.12.31 20:59:23 | 000,047,440 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010.12.31 20:59:11 | 000,100,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010.12.31 20:59:07 | 000,094,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010.12.31 20:56:49 | 000,023,632 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010.12.31 20:56:29 | 000,029,264 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010.12.31 20:56:27 | 000,017,744 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
========== Files Created - No Company Name ==========
[2011.01.02 14:31:25 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\avast! Free Antivirus.lnk
[2011.01.02 14:02:07 | 000,032,738 | ---- | C] () -- C:\Documents and Settings\vasek\Plocha\Fear Is the Key.srt
[2011.01.02 13:58:39 | 1468,264,448 | ---- | C] () -- C:\Documents and Settings\vasek\Plocha\Fear Is the Key.avi
[2011.01.01 21:39:11 | 710,163,646 | ---- | C] () -- C:\Documents and Settings\vasek\Plocha\Svědek na zabití.avi
[2010.07.06 00:26:10 | 000,215,064 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\FontCache3.0.0.0.dat
[2010.07.02 15:47:46 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2009.11.06 10:58:04 | 000,178,975 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009.08.03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009.07.27 15:35:42 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\psfind.dll
[2009.05.14 18:02:51 | 000,139,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009.05.14 18:02:51 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\vasek\Data aplikací\PnkBstrK.sys
[2009.05.11 22:03:40 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.04.16 16:46:10 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009.04.16 16:46:09 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009.04.16 16:46:09 | 000,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009.04.16 16:46:09 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009.04.16 16:46:07 | 000,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009.04.14 15:25:02 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009.04.14 15:21:36 | 000,220,160 | ---- | C] () -- C:\Documents and Settings\vasek\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.04.07 13:54:10 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009.04.07 13:54:10 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009.04.07 13:54:09 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009.04.07 13:54:09 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2009.04.07 13:54:08 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009.04.07 13:54:08 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2009.04.07 13:54:07 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2009.03.31 14:56:36 | 000,000,390 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009.03.27 17:57:49 | 000,004,249 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008.01.31 16:18:14 | 000,009,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\FlashSys.sys
[2003.04.09 14:38:04 | 000,005,664 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2000.02.28 15:26:02 | 000,092,660 | ---- | C] () -- C:\WINDOWS\System32\bass.dll
[1998.05.20 14:17:12 | 000,280,064 | ---- | C] () -- C:\WINDOWS\System32\CNCS232.DLL
========== LOP Check ==========
[2011.01.02 14:31:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
[2011.01.02 14:35:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\avg9
[2010.02.12 20:14:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\BioWare
[2009.11.26 08:25:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
[2009.05.03 10:57:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Electronic Arts
[2010.07.25 11:42:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ICQ
[2010.08.08 19:12:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Installations
[2009.10.15 21:36:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Nokia
[2009.11.18 20:58:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\OviInstallerCache
[2009.04.30 18:44:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\PC Suite
[2010.05.20 18:03:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Pinnacle
[2010.06.24 14:59:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Ubisoft
[2009.05.02 22:22:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vasek\Data aplikací\cYo
[2009.04.14 15:29:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vasek\Data aplikací\DAEMON Tools
[2009.05.11 17:43:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vasek\Data aplikací\DAEMON Tools Lite
[2009.04.14 15:29:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vasek\Data aplikací\DAEMON Tools Pro
[2009.04.26 18:38:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vasek\Data aplikací\DeepBurner
[2010.06.23 19:45:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vasek\Data aplikací\Facebook
[2010.12.04 15:45:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vasek\Data aplikací\ICQ
[2009.11.18 22:21:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vasek\Data aplikací\Nokia
[2009.05.20 20:14:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vasek\Data aplikací\PC Suite
[2010.07.13 17:36:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vasek\Data aplikací\TS3Client
[2010.06.24 14:59:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vasek\Data aplikací\Ubisoft
[2009.04.14 17:09:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vasek\Data aplikací\Uniblue
[2011.01.03 19:16:01 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job
========== Purity Check ==========
========== Custom Scans ==========
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"CTFMON.EXE" = C:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 13:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation)
< c:\windows\*.* /U >
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
[2009.10.08 17:55:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2009.04.18 14:07:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vasek\Data aplikací\Adobe
[2009.06.30 13:45:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vasek\Data aplikací\Apple Computer
[2009.03.31 10:15:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vasek\Data aplikací\ATI
[2009.05.02 22:22:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vasek\Data aplikací\cYo
[2009.04.14 15:29:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vasek\Data aplikací\DAEMON Tools
[2009.05.11 17:43:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vasek\Data aplikací\DAEMON Tools Lite
[2009.04.14 15:29:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vasek\Data aplikací\DAEMON Tools Pro
[2009.04.26 18:38:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vasek\Data aplikací\DeepBurner
[2010.05.20 18:08:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vasek\Data aplikací\DivX
[2010.06.23 19:45:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vasek\Data aplikací\Facebook
[2010.05.11 18:45:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vasek\Data aplikací\Hamachi
[2010.12.04 15:45:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vasek\Data aplikací\ICQ
[2009.03.27 17:13:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vasek\Data aplikací\Identities
[2009.03.31 09:27:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vasek\Data aplikací\Macromedia
[2011.01.02 13:26:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vasek\Data aplikací\Media Player Classic
[2010.03.01 20:53:49 | 000,000,000 | --SD | M] -- C:\Documents and Settings\vasek\Data aplikací\Microsoft
[2009.04.13 18:47:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vasek\Data aplikací\Mozilla
[2009.11.18 22:21:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vasek\Data aplikací\Nokia
[2009.05.20 20:14:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vasek\Data aplikací\PC Suite
[2010.11.13 10:21:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vasek\Data aplikací\Real
[2009.05.14 18:15:42 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\vasek\Data aplikací\SecuROM
[2010.12.05 16:38:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vasek\Data aplikací\Skype
[2010.12.04 22:12:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vasek\Data aplikací\skypePM
[2009.07.28 09:08:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vasek\Data aplikací\Sony Corporation
[2009.04.14 15:12:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vasek\Data aplikací\Sun
[2010.07.13 17:36:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vasek\Data aplikací\TS3Client
[2010.06.24 14:59:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vasek\Data aplikací\Ubisoft
[2009.04.14 17:09:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vasek\Data aplikací\Uniblue
[2010.07.06 22:42:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vasek\Data aplikací\Ventrilo
[2009.04.14 17:12:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vasek\Data aplikací\WinRAR
< %APPDATA%\*.exe /s >
[2010.06.23 19:45:09 | 000,050,354 | ---- | M] (Facebook, Inc.) -- C:\Documents and Settings\vasek\Data aplikací\Facebook\uninstall.exe
[2009.07.17 16:20:28 | 000,003,262 | R--- | M] () -- C:\Documents and Settings\vasek\Data aplikací\Microsoft\Installer\{10209B87-55D6-493E-A30A-12A265AA324E}\_5b0b29e7.exe
[2009.10.30 18:28:35 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\vasek\Data aplikací\Microsoft\Installer\{B96DB037-DBEA-4186-9081-9CBD537F82E8}\ARPPRODUCTICON.exe
[2010.12.08 19:04:01 | 000,506,024 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\vasek\Data aplikací\Real\Update\setup3.13\setup.exe
[2010.12.27 20:23:47 | 000,510,120 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\vasek\Data aplikací\Real\Update\setup3.14\setup.exe
< MD5 for: AGP440.SYS >
[2008.04.14 13:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
< MD5 for: ATAPI.SYS >
[2008.04.14 13:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 13:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008.04.14 13:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2008.04.14 13:00:00 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\cmdcons\autochk.exe
[2008.04.14 13:00:00 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\system32\autochk.exe
[2008.04.14 13:00:00 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\system32\dllcache\autochk.exe
< MD5 for: CDROM.SYS >
[2008.04.14 13:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008.04.14 13:00:00 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
< MD5 for: CRYPTSVC.DLL >
[2008.04.14 13:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\cryptsvc.dll
[2008.04.14 13:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\dllcache\cryptsvc.dll
< MD5 for: EVENTLOG.DLL >
[2008.04.14 13:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008.04.14 13:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll
< MD5 for: EXPLORER.EXE >
[2008.04.14 13:00:00 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 13:00:00 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\system32\dllcache\cache\explorer.exe
[2008.04.14 13:00:00 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\system32\dllcache\explorer.exe
< MD5 for: HAL.DLL >
[2008.04.14 13:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2008.04.14 13:00:00 | 000,131,840 | ---- | M] (Microsoft Corporation) MD5=6F61D3287A6A15A08A9433222C09D17F -- C:\WINDOWS\system32\hal.dll
< MD5 for: CHANGER.SYS >
[2008.04.14 13:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
< MD5 for: ISAPNP.SYS >
[2008.04.14 13:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2008.04.14 13:00:00 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\drivers\isapnp.sys
< MD5 for: LSASS.EXE >
[2008.04.14 13:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\dllcache\cache\lsass.exe
[2008.04.14 13:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\dllcache\lsass.exe
[2008.04.14 13:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\lsass.exe
< MD5 for: NDIS.SYS >
[2008.04.14 13:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\cache\ndis.sys
[2008.04.14 13:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\ndis.sys
[2008.04.14 13:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
< MD5 for: NETLOGON.DLL >
[2008.04.14 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008.04.14 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll
< MD5 for: NVATA.SYS >
[2006.08.21 17:24:28 | 000,105,344 | ---- | M] (NVIDIA Corporation) MD5=4D6C6B46B3EDF6F2E219A86B61D104AE -- C:\Program Files\Setup Files\NVIDIA MCP55 System Driver v9.19\IDE\Win2K\sata_ide\nvata.sys
[2006.08.21 17:24:28 | 000,105,344 | ---- | M] (NVIDIA Corporation) MD5=4D6C6B46B3EDF6F2E219A86B61D104AE -- C:\Program Files\Setup Files\NVIDIA MCP55 System Driver v9.19\IDE\WinXP\sata_ide\nvata.sys
[2006.08.21 17:24:28 | 000,105,344 | ---- | M] (NVIDIA Corporation) MD5=4D6C6B46B3EDF6F2E219A86B61D104AE -- C:\WINDOWS\system32\drivers\nvata.sys
[2006.08.21 18:24:28 | 000,105,344 | ---- | M] (NVIDIA Corporation) MD5=4D6C6B46B3EDF6F2E219A86B61D104AE -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\nvata.sys
< MD5 for: NVATABUS.SYS >
[2006.08.21 17:24:28 | 000,105,344 | ---- | M] (NVIDIA Corporation) MD5=4D6C6B46B3EDF6F2E219A86B61D104AE -- C:\Program Files\Setup Files\NVIDIA MCP55 System Driver v9.19\IDE\Win2K\sataraid\nvatabus.sys
[2006.08.21 17:24:28 | 000,105,344 | ---- | M] (NVIDIA Corporation) MD5=4D6C6B46B3EDF6F2E219A86B61D104AE -- C:\Program Files\Setup Files\NVIDIA MCP55 System Driver v9.19\IDE\WinXP\sataraid\nvatabus.sys
< MD5 for: NVRAID.SYS >
[2006.08.21 17:24:36 | 000,089,344 | ---- | M] (NVIDIA Corporation) MD5=5D28CC1C394B44106B4303D4ABC45556 -- C:\Program Files\Setup Files\NVIDIA MCP55 System Driver v9.19\IDE\Win2K\sataraid\nvraid.sys
[2006.08.21 17:24:36 | 000,089,344 | ---- | M] (NVIDIA Corporation) MD5=5D28CC1C394B44106B4303D4ABC45556 -- C:\Program Files\Setup Files\NVIDIA MCP55 System Driver v9.19\IDE\WinXP\sataraid\nvraid.sys
< MD5 for: SCECLI.DLL >
[2008.04.14 13:00:00 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008.04.14 13:00:00 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll
< MD5 for: SMSS.EXE >
[2004.08.17 14:49:28 | 000,164,864 | ---- | M] (Microsoft Corporation) MD5=3C100B7FDB179B63829103DF6541337F -- C:\cmdcons\SYSTEM32\SMSS.EXE
[2008.04.14 13:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\dllcache\smss.exe
[2008.04.14 13:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\smss.exe
< MD5 for: SVCHOST.EXE >
[2008.04.14 13:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\dllcache\cache\svchost.exe
[2008.04.14 13:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008.04.14 13:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe
< MD5 for: TCPIP.SYS >
[2008.04.14 13:00:00 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\cache\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2008.06.20 12:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
< MD5 for: USERINIT.EXE >
[2008.04.14 13:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\dllcache\cache\userinit.exe
[2008.04.14 13:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008.04.14 13:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe
< MD5 for: WINLOGON.EXE >
[2008.04.14 13:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\dllcache\cache\winlogon.exe
[2008.04.14 13:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008.04.14 13:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe
< MD5 for: WS2_32.DLL >
[2008.04.14 13:00:00 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\dllcache\cache\ws2_32.dll
[2008.04.14 13:00:00 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\dllcache\ws2_32.dll
[2008.04.14 13:00:00 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\ws2_32.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2009.11.26 08:25:44 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys
< %systemroot%\System32\config\*.sav >
[2009.03.27 17:55:55 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009.03.27 17:55:54 | 001,093,632 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009.03.27 17:55:54 | 000,491,520 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemroot%\system32\*.dll /lockedfiles >
< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs
< %systemroot%\system32\drivers\*.sys /3 >
[2010.12.31 20:56:29 | 000,029,264 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aavmker4.sys
[2010.12.31 20:56:27 | 000,017,744 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys
[2010.12.31 20:59:07 | 000,094,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aswmon.sys
[2010.12.31 20:59:11 | 000,100,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aswmon2.sys
[2010.12.31 20:56:49 | 000,023,632 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aswRdr.sys
[2010.12.31 21:00:18 | 000,293,968 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aswSP.sys
[2010.12.31 20:59:23 | 000,047,440 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aswTdi.sys
< %systemroot%\system32\*.* /3 >
[2010.12.31 21:06:33 | 000,188,216 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\aswBoot.exe
[2011.01.03 19:09:26 | 000,358,828 | ---- | M] () -- C:\WINDOWS\system32\commonpriv.log
[2011.01.03 18:31:16 | 001,024,304 | ---- | M] () -- C:\WINDOWS\system32\commonpriv.log.1
[2011.01.02 20:40:56 | 001,024,218 | ---- | M] () -- C:\WINDOWS\system32\commonpriv.log.2
[2011.01.01 13:49:23 | 001,024,214 | ---- | M] () -- C:\WINDOWS\system32\commonpriv.log.3
[2011.01.02 14:43:50 | 000,002,553 | ---- | M] () -- C:\WINDOWS\system32\CONFIG.NT
[2011.01.03 19:16:10 | 000,002,206 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
< End of report >
OTL logfile created on: 3.1.2011 19:32:28 - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Documents and Settings\vasek\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 84,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 93,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 16,94 Gb Free Space | 34,70% Space Free | Partition Type: NTFS
Drive D: | 137,47 Gb Total Space | 17,50 Gb Free Space | 12,73% Space Free | Partition Type: NTFS
Drive F: | 465,65 Gb Total Space | 86,67 Gb Free Space | 18,61% Space Free | Partition Type: FAT32
Computer Name: JR | User Name: vasek | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days
========== Processes (SafeList) ==========
PRC - [2011.01.03 19:30:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\vasek\Plocha\OTL.exe
PRC - [2010.12.31 21:06:35 | 003,395,600 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010.12.31 21:06:34 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010.12.10 23:10:12 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008.04.14 13:00:00 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.01.07 01:36:10 | 000,081,920 | ---- | M] () -- C:\Program Files\Sony\SonicStage\SSAAD.exe
========== Modules (SafeList) ==========
MOD - [2011.01.03 19:30:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\vasek\Plocha\OTL.exe
MOD - [2010.12.31 21:06:33 | 000,187,144 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010.08.23 17:12:33 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - [2010.12.31 21:06:34 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010.06.14 14:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2006.01.06 21:25:12 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2005.11.24 16:03:22 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2005.11.24 15:57:44 | 000,053,337 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2005.11.24 15:47:30 | 000,069,718 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\vasek\LOCALS~1\Temp\PKP206.tmp -- (GarenaPEngine)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\vasek\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010.12.31 21:00:18 | 000,293,968 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010.12.31 20:59:23 | 000,047,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010.12.31 20:59:11 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010.12.31 20:56:49 | 000,023,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010.12.31 20:56:29 | 000,029,264 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010.12.31 20:56:27 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010.09.11 03:19:16 | 005,417,472 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010.02.26 13:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010.02.26 13:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010.02.26 13:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010.02.26 13:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010.02.03 13:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009.11.26 08:25:44 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.08.05 19:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008.04.17 15:33:26 | 004,707,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008.04.14 13:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2006.10.22 11:22:00 | 003,994,624 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006.09.11 18:45:38 | 000,019,968 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006.09.11 18:45:36 | 000,057,856 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006.08.21 17:24:28 | 000,105,344 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2006.01.04 14:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2005.03.09 14:53:00 | 000,042,496 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2001.08.17 22:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-343818398-448539723-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
IE - HKU\S-1-5-21-343818398-448539723-682003330-1003\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-343818398-448539723-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz"
FF - prefs.js..extensions.enabledItems: npfax@microgaming.co.uk:2.1.0.19
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.732
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_result ... r=1.1.6&q="
FF - HKLM\software\mozilla\Firefox\extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\
FF - HKLM\software\mozilla\Firefox\extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010.08.08 19:14:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.10 23:10:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.10 23:10:16 | 000,000,000 | ---D | M]
[2009.04.13 18:47:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\vasek\Data aplikací\Mozilla\Extensions
[2011.01.03 18:32:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\vasek\Data aplikací\Mozilla\Firefox\Profiles\trtlz84k.default\extensions
[2010.04.27 20:41:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\vasek\Data aplikací\Mozilla\Firefox\Profiles\trtlz84k.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.01.23 10:19:20 | 000,000,000 | ---D | M] (Flash AX Control) -- C:\Documents and Settings\vasek\Data aplikací\Mozilla\Firefox\Profiles\trtlz84k.default\extensions\npfax@microgaming.co.uk
[2009.11.26 08:25:48 | 000,002,059 | ---- | M] () -- C:\Documents and Settings\vasek\Data aplikací\Mozilla\Firefox\Profiles\trtlz84k.default\searchplugins\daemon-search.xml
[2011.01.01 14:31:20 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\vasek\Data aplikací\Mozilla\Firefox\Profiles\trtlz84k.default\searchplugins\icqplugin-1.xml
[2010.09.07 20:37:00 | 000,001,056 | ---- | M] () -- C:\Documents and Settings\vasek\Data aplikací\Mozilla\Firefox\Profiles\trtlz84k.default\searchplugins\icqplugin.xml
[2011.01.03 18:32:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.05.02 14:58:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.13 20:57:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.01 16:34:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\VASEK\DATA APLIKACĂ\MOZILLA\FIREFOX\PROFILES\TRTLZ84K.DEFAULT\EXTENSIONS\{20A82645-C095-46ED-80E3-08825760534B}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\VASEK\DATA APLIKACĂ\MOZILLA\FIREFOX\PROFILES\TRTLZ84K.DEFAULT\EXTENSIONS\NPFAX@MICROGAMING.CO.UK
[2009.04.14 15:12:55 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010.08.08 19:14:13 | 000,000,000 | ---D | M] (PC Sync 2 Synchronisation Extension) -- C:\PROGRAM FILES\NOKIA\NOKIA PC SUITE 7\BKMRKSYNC
[2010.09.15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.07.26 10:56:53 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.07.26 10:56:53 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.07.26 10:56:53 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.07.26 10:56:53 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.07.26 10:56:53 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml
O1 HOSTS File: ([2011.01.03 19:14:38 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O3 - HKU\S-1-5-21-343818398-448539723-682003330-1003\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SsAAD.exe] C:\Program Files\Sony\SonicStage\SSAAD.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 [2010.12.22 17:46:21 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 [2010.12.22 17:46:21 | 000,000,000 | ---D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 [2010.12.22 17:46:21 | 000,000,000 | ---D | M]
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-343818398-448539723-682003330-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-343818398-448539723-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-343818398-448539723-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-343818398-448539723-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O15 - HKU\S-1-5-21-343818398-448539723-682003330-1003\..Trusted Domains: com.tw ([asia.msi] http in Trusted sites)
O15 - HKU\S-1-5-21-343818398-448539723-682003330-1003\..Trusted Domains: com.tw ([global.msi] http in Trusted sites)
O15 - HKU\S-1-5-21-343818398-448539723-682003330-1003\..Trusted Domains: com.tw ([www.msi] http in Trusted sites)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftup ... 8508448812 (MUWebControl Class)
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} http://liveupdate.msi.com.tw/autobios/L ... nstall.cab (WebSDev Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.191.99.9 212.80.66.7
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Nebe.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Nebe.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.03.27 17:08:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{61e6ee87-0de4-11e0-892c-001617d6a149}\Shell - "" = AutoRun
O33 - MountPoints2\{61e6ee87-0de4-11e0-892c-001617d6a149}\Shell\AutoRun\command - "" = F:\DTLplus_Launcher.exe -- File not found
O33 - MountPoints2\{8d1aec6c-e5f8-11df-88d6-001617d6a149}\Shell\AutoRun\command - "" = H:\Web'n'walk_Helper.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\WINDOWS\System32\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)
Unable to start service SrService!
========== Files/Folders - Created Within 7 Days ==========
[2011.01.03 19:30:29 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\vasek\Plocha\OTL.exe
[2011.01.03 19:14:25 | 000,000,000 | ---D | C] -- C:\_OTM
[2011.01.03 18:56:46 | 000,000,000 | ---D | C] -- C:\rsit
[2011.01.02 14:31:25 | 000,293,968 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011.01.02 14:31:25 | 000,047,440 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011.01.02 14:31:25 | 000,023,632 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011.01.02 14:31:25 | 000,017,744 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011.01.02 14:31:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\avast! Free Antivirus
[2011.01.02 14:31:24 | 000,100,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011.01.02 14:31:24 | 000,094,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011.01.02 14:31:24 | 000,029,264 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011.01.02 14:31:09 | 000,188,216 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011.01.02 14:31:09 | 000,038,848 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011.01.02 14:31:05 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2011.01.02 14:31:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
[2011.01.02 13:26:04 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\vasek\Recent
========== Files - Modified Within 7 Days ==========
[2011.01.03 19:30:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\vasek\Plocha\OTL.exe
[2011.01.03 19:16:10 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.01.03 19:16:01 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2011.01.03 19:15:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.01.03 19:14:38 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011.01.03 18:17:58 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011.01.03 17:57:54 | 000,220,160 | ---- | M] () -- C:\Documents and Settings\vasek\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.01.02 19:26:58 | 000,000,655 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\World of Warcraft.lnk
[2011.01.02 14:43:50 | 000,002,553 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011.01.02 14:31:25 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\avast! Free Antivirus.lnk
[2011.01.02 00:16:45 | 710,163,646 | ---- | M] () -- C:\Documents and Settings\vasek\Plocha\Svědek na zabití.avi
[2010.12.31 21:06:36 | 000,038,848 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2010.12.31 21:06:33 | 000,188,216 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010.12.31 21:00:18 | 000,293,968 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010.12.31 20:59:23 | 000,047,440 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010.12.31 20:59:11 | 000,100,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010.12.31 20:59:07 | 000,094,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010.12.31 20:56:49 | 000,023,632 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010.12.31 20:56:29 | 000,029,264 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010.12.31 20:56:27 | 000,017,744 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
========== Files Created - No Company Name ==========
[2011.01.02 14:31:25 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\avast! Free Antivirus.lnk
[2011.01.02 14:02:07 | 000,032,738 | ---- | C] () -- C:\Documents and Settings\vasek\Plocha\Fear Is the Key.srt
[2011.01.02 13:58:39 | 1468,264,448 | ---- | C] () -- C:\Documents and Settings\vasek\Plocha\Fear Is the Key.avi
[2011.01.01 21:39:11 | 710,163,646 | ---- | C] () -- C:\Documents and Settings\vasek\Plocha\Svědek na zabití.avi
[2010.07.06 00:26:10 | 000,215,064 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\FontCache3.0.0.0.dat
[2010.07.02 15:47:46 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2009.11.06 10:58:04 | 000,178,975 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009.08.03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009.07.27 15:35:42 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\psfind.dll
[2009.05.14 18:02:51 | 000,139,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009.05.14 18:02:51 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\vasek\Data aplikací\PnkBstrK.sys
[2009.05.11 22:03:40 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.04.16 16:46:10 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009.04.16 16:46:09 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009.04.16 16:46:09 | 000,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009.04.16 16:46:09 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009.04.16 16:46:07 | 000,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009.04.14 15:25:02 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009.04.14 15:21:36 | 000,220,160 | ---- | C] () -- C:\Documents and Settings\vasek\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.04.07 13:54:10 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009.04.07 13:54:10 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009.04.07 13:54:09 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009.04.07 13:54:09 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2009.04.07 13:54:08 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009.04.07 13:54:08 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2009.04.07 13:54:07 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2009.03.31 14:56:36 | 000,000,390 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009.03.27 17:57:49 | 000,004,249 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008.01.31 16:18:14 | 000,009,216 | ---- | C] () -- C:\WINDOWS\System32\drivers\FlashSys.sys
[2003.04.09 14:38:04 | 000,005,664 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2000.02.28 15:26:02 | 000,092,660 | ---- | C] () -- C:\WINDOWS\System32\bass.dll
[1998.05.20 14:17:12 | 000,280,064 | ---- | C] () -- C:\WINDOWS\System32\CNCS232.DLL
========== LOP Check ==========
[2011.01.02 14:31:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
[2011.01.02 14:35:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\avg9
[2010.02.12 20:14:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\BioWare
[2009.11.26 08:25:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
[2009.05.03 10:57:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Electronic Arts
[2010.07.25 11:42:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ICQ
[2010.08.08 19:12:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Installations
[2009.10.15 21:36:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Nokia
[2009.11.18 20:58:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\OviInstallerCache
[2009.04.30 18:44:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\PC Suite
[2010.05.20 18:03:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Pinnacle
[2010.06.24 14:59:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Ubisoft
[2009.05.02 22:22:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vasek\Data aplikací\cYo
[2009.04.14 15:29:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vasek\Data aplikací\DAEMON Tools
[2009.05.11 17:43:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vasek\Data aplikací\DAEMON Tools Lite
[2009.04.14 15:29:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vasek\Data aplikací\DAEMON Tools Pro
[2009.04.26 18:38:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vasek\Data aplikací\DeepBurner
[2010.06.23 19:45:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vasek\Data aplikací\Facebook
[2010.12.04 15:45:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vasek\Data aplikací\ICQ
[2009.11.18 22:21:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vasek\Data aplikací\Nokia
[2009.05.20 20:14:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vasek\Data aplikací\PC Suite
[2010.07.13 17:36:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vasek\Data aplikací\TS3Client
[2010.06.24 14:59:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vasek\Data aplikací\Ubisoft
[2009.04.14 17:09:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vasek\Data aplikací\Uniblue
[2011.01.03 19:16:01 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job
========== Purity Check ==========
========== Custom Scans ==========
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"CTFMON.EXE" = C:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 13:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation)
< c:\windows\*.* /U >
< %SYSTEMDRIVE%\*.exe >
< %ALLUSERSPROFILE%\Application Data\*. >
[2009.10.08 17:55:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2009.04.18 14:07:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vasek\Data aplikací\Adobe
[2009.06.30 13:45:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vasek\Data aplikací\Apple Computer
[2009.03.31 10:15:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vasek\Data aplikací\ATI
[2009.05.02 22:22:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vasek\Data aplikací\cYo
[2009.04.14 15:29:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vasek\Data aplikací\DAEMON Tools
[2009.05.11 17:43:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vasek\Data aplikací\DAEMON Tools Lite
[2009.04.14 15:29:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vasek\Data aplikací\DAEMON Tools Pro
[2009.04.26 18:38:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vasek\Data aplikací\DeepBurner
[2010.05.20 18:08:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vasek\Data aplikací\DivX
[2010.06.23 19:45:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vasek\Data aplikací\Facebook
[2010.05.11 18:45:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vasek\Data aplikací\Hamachi
[2010.12.04 15:45:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vasek\Data aplikací\ICQ
[2009.03.27 17:13:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vasek\Data aplikací\Identities
[2009.03.31 09:27:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vasek\Data aplikací\Macromedia
[2011.01.02 13:26:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vasek\Data aplikací\Media Player Classic
[2010.03.01 20:53:49 | 000,000,000 | --SD | M] -- C:\Documents and Settings\vasek\Data aplikací\Microsoft
[2009.04.13 18:47:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vasek\Data aplikací\Mozilla
[2009.11.18 22:21:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vasek\Data aplikací\Nokia
[2009.05.20 20:14:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vasek\Data aplikací\PC Suite
[2010.11.13 10:21:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vasek\Data aplikací\Real
[2009.05.14 18:15:42 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\vasek\Data aplikací\SecuROM
[2010.12.05 16:38:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vasek\Data aplikací\Skype
[2010.12.04 22:12:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vasek\Data aplikací\skypePM
[2009.07.28 09:08:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vasek\Data aplikací\Sony Corporation
[2009.04.14 15:12:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vasek\Data aplikací\Sun
[2010.07.13 17:36:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vasek\Data aplikací\TS3Client
[2010.06.24 14:59:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vasek\Data aplikací\Ubisoft
[2009.04.14 17:09:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vasek\Data aplikací\Uniblue
[2010.07.06 22:42:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vasek\Data aplikací\Ventrilo
[2009.04.14 17:12:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vasek\Data aplikací\WinRAR
< %APPDATA%\*.exe /s >
[2010.06.23 19:45:09 | 000,050,354 | ---- | M] (Facebook, Inc.) -- C:\Documents and Settings\vasek\Data aplikací\Facebook\uninstall.exe
[2009.07.17 16:20:28 | 000,003,262 | R--- | M] () -- C:\Documents and Settings\vasek\Data aplikací\Microsoft\Installer\{10209B87-55D6-493E-A30A-12A265AA324E}\_5b0b29e7.exe
[2009.10.30 18:28:35 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\vasek\Data aplikací\Microsoft\Installer\{B96DB037-DBEA-4186-9081-9CBD537F82E8}\ARPPRODUCTICON.exe
[2010.12.08 19:04:01 | 000,506,024 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\vasek\Data aplikací\Real\Update\setup3.13\setup.exe
[2010.12.27 20:23:47 | 000,510,120 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\vasek\Data aplikací\Real\Update\setup3.14\setup.exe
< MD5 for: AGP440.SYS >
[2008.04.14 13:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
< MD5 for: ATAPI.SYS >
[2008.04.14 13:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 13:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008.04.14 13:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2008.04.14 13:00:00 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\cmdcons\autochk.exe
[2008.04.14 13:00:00 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\system32\autochk.exe
[2008.04.14 13:00:00 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\system32\dllcache\autochk.exe
< MD5 for: CDROM.SYS >
[2008.04.14 13:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008.04.14 13:00:00 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
< MD5 for: CRYPTSVC.DLL >
[2008.04.14 13:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\cryptsvc.dll
[2008.04.14 13:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\dllcache\cryptsvc.dll
< MD5 for: EVENTLOG.DLL >
[2008.04.14 13:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008.04.14 13:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll
< MD5 for: EXPLORER.EXE >
[2008.04.14 13:00:00 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 13:00:00 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\system32\dllcache\cache\explorer.exe
[2008.04.14 13:00:00 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\system32\dllcache\explorer.exe
< MD5 for: HAL.DLL >
[2008.04.14 13:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2008.04.14 13:00:00 | 000,131,840 | ---- | M] (Microsoft Corporation) MD5=6F61D3287A6A15A08A9433222C09D17F -- C:\WINDOWS\system32\hal.dll
< MD5 for: CHANGER.SYS >
[2008.04.14 13:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
< MD5 for: ISAPNP.SYS >
[2008.04.14 13:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2008.04.14 13:00:00 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\drivers\isapnp.sys
< MD5 for: LSASS.EXE >
[2008.04.14 13:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\dllcache\cache\lsass.exe
[2008.04.14 13:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\dllcache\lsass.exe
[2008.04.14 13:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\lsass.exe
< MD5 for: NDIS.SYS >
[2008.04.14 13:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\cache\ndis.sys
[2008.04.14 13:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\ndis.sys
[2008.04.14 13:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
< MD5 for: NETLOGON.DLL >
[2008.04.14 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008.04.14 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll
< MD5 for: NVATA.SYS >
[2006.08.21 17:24:28 | 000,105,344 | ---- | M] (NVIDIA Corporation) MD5=4D6C6B46B3EDF6F2E219A86B61D104AE -- C:\Program Files\Setup Files\NVIDIA MCP55 System Driver v9.19\IDE\Win2K\sata_ide\nvata.sys
[2006.08.21 17:24:28 | 000,105,344 | ---- | M] (NVIDIA Corporation) MD5=4D6C6B46B3EDF6F2E219A86B61D104AE -- C:\Program Files\Setup Files\NVIDIA MCP55 System Driver v9.19\IDE\WinXP\sata_ide\nvata.sys
[2006.08.21 17:24:28 | 000,105,344 | ---- | M] (NVIDIA Corporation) MD5=4D6C6B46B3EDF6F2E219A86B61D104AE -- C:\WINDOWS\system32\drivers\nvata.sys
[2006.08.21 18:24:28 | 000,105,344 | ---- | M] (NVIDIA Corporation) MD5=4D6C6B46B3EDF6F2E219A86B61D104AE -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\nvata.sys
< MD5 for: NVATABUS.SYS >
[2006.08.21 17:24:28 | 000,105,344 | ---- | M] (NVIDIA Corporation) MD5=4D6C6B46B3EDF6F2E219A86B61D104AE -- C:\Program Files\Setup Files\NVIDIA MCP55 System Driver v9.19\IDE\Win2K\sataraid\nvatabus.sys
[2006.08.21 17:24:28 | 000,105,344 | ---- | M] (NVIDIA Corporation) MD5=4D6C6B46B3EDF6F2E219A86B61D104AE -- C:\Program Files\Setup Files\NVIDIA MCP55 System Driver v9.19\IDE\WinXP\sataraid\nvatabus.sys
< MD5 for: NVRAID.SYS >
[2006.08.21 17:24:36 | 000,089,344 | ---- | M] (NVIDIA Corporation) MD5=5D28CC1C394B44106B4303D4ABC45556 -- C:\Program Files\Setup Files\NVIDIA MCP55 System Driver v9.19\IDE\Win2K\sataraid\nvraid.sys
[2006.08.21 17:24:36 | 000,089,344 | ---- | M] (NVIDIA Corporation) MD5=5D28CC1C394B44106B4303D4ABC45556 -- C:\Program Files\Setup Files\NVIDIA MCP55 System Driver v9.19\IDE\WinXP\sataraid\nvraid.sys
< MD5 for: SCECLI.DLL >
[2008.04.14 13:00:00 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008.04.14 13:00:00 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll
< MD5 for: SMSS.EXE >
[2004.08.17 14:49:28 | 000,164,864 | ---- | M] (Microsoft Corporation) MD5=3C100B7FDB179B63829103DF6541337F -- C:\cmdcons\SYSTEM32\SMSS.EXE
[2008.04.14 13:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\dllcache\smss.exe
[2008.04.14 13:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\smss.exe
< MD5 for: SVCHOST.EXE >
[2008.04.14 13:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\dllcache\cache\svchost.exe
[2008.04.14 13:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008.04.14 13:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe
< MD5 for: TCPIP.SYS >
[2008.04.14 13:00:00 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\cache\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2008.06.20 12:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
< MD5 for: USERINIT.EXE >
[2008.04.14 13:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\dllcache\cache\userinit.exe
[2008.04.14 13:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008.04.14 13:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe
< MD5 for: WINLOGON.EXE >
[2008.04.14 13:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\dllcache\cache\winlogon.exe
[2008.04.14 13:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008.04.14 13:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe
< MD5 for: WS2_32.DLL >
[2008.04.14 13:00:00 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\dllcache\cache\ws2_32.dll
[2008.04.14 13:00:00 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\dllcache\ws2_32.dll
[2008.04.14 13:00:00 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\ws2_32.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2009.11.26 08:25:44 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys
< %systemroot%\System32\config\*.sav >
[2009.03.27 17:55:55 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009.03.27 17:55:54 | 001,093,632 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009.03.27 17:55:54 | 000,491,520 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemroot%\system32\*.dll /lockedfiles >
< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs
< %systemroot%\system32\drivers\*.sys /3 >
[2010.12.31 20:56:29 | 000,029,264 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aavmker4.sys
[2010.12.31 20:56:27 | 000,017,744 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys
[2010.12.31 20:59:07 | 000,094,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aswmon.sys
[2010.12.31 20:59:11 | 000,100,176 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aswmon2.sys
[2010.12.31 20:56:49 | 000,023,632 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aswRdr.sys
[2010.12.31 21:00:18 | 000,293,968 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aswSP.sys
[2010.12.31 20:59:23 | 000,047,440 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\drivers\aswTdi.sys
< %systemroot%\system32\*.* /3 >
[2010.12.31 21:06:33 | 000,188,216 | ---- | M] (AVAST Software) -- C:\WINDOWS\system32\aswBoot.exe
[2011.01.03 19:09:26 | 000,358,828 | ---- | M] () -- C:\WINDOWS\system32\commonpriv.log
[2011.01.03 18:31:16 | 001,024,304 | ---- | M] () -- C:\WINDOWS\system32\commonpriv.log.1
[2011.01.02 20:40:56 | 001,024,218 | ---- | M] () -- C:\WINDOWS\system32\commonpriv.log.2
[2011.01.01 13:49:23 | 001,024,214 | ---- | M] () -- C:\WINDOWS\system32\commonpriv.log.3
[2011.01.02 14:43:50 | 000,002,553 | ---- | M] () -- C:\WINDOWS\system32\CONFIG.NT
[2011.01.03 19:16:10 | 000,002,206 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
< End of report >
Re: Prosim o preventivku.
Spustte znovu OTL
- Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
- Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize
Kód: Vybrat vše
:otl SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\vasek\LOCALS~1\Temp\catchme.sys -- (catchme) IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found IE - HKU\.DEFAULT\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found IE - HKU\S-1-5-18\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKU\S-1-5-18\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found IE - HKU\S-1-5-21-343818398-448539723-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/ IE - HKU\S-1-5-21-343818398-448539723-682003330-1003\..\URLSearchHook: - Reg Error: Key error. File not found FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.6&q=" [2009.11.26 08:25:48 | 000,002,059 | ---- | M] () -- C:\Documents and Settings\vasek\Data aplikací\Mozilla\Firefox\Profiles\trtlz84k.default\searchplugins\daemon-search.xml [2011.01.01 14:31:20 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\vasek\Data aplikací\Mozilla\Firefox\Profiles\trtlz84k.default\searchplugins\icqplugin-1.xml [2010.09.07 20:37:00 | 000,001,056 | ---- | M] () -- C:\Documents and Settings\vasek\Data aplikací\Mozilla\Firefox\Profiles\trtlz84k.default\searchplugins\icqplugin.xml O3 - HKU\S-1-5-21-343818398-448539723-682003330-1003\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O15 - HKU\S-1-5-21-343818398-448539723-682003330-1003\..Trusted Domains: com.tw ([asia.msi] http in Trusted sites) O15 - HKU\S-1-5-21-343818398-448539723-682003330-1003\..Trusted Domains: com.tw ([global.msi] http in Trusted sites) O15 - HKU\S-1-5-21-343818398-448539723-682003330-1003\..Trusted Domains: com.tw ([www.msi] http in Trusted sites) O33 - MountPoints2\{61e6ee87-0de4-11e0-892c-001617d6a149}\Shell - "" = AutoRun :files %windir%\system32\*.tmp.dll /s %windir%\system32\SET*.tmp /s %windir%\*.tmp /s :commands [RESETHOSTS] [EMPTYTEMP] [EMPTYFLASH]- Nasledne kliknete na Opravit
- PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Prosim o preventivku.
mam opet provest tyto kroky:
# Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
# Zaskrtnete okenko Pro vsechny uzivatele
# Zaskrtnete okenko Kontrola na havet "LOP"
# Zaskrtnete okenko Kontrola na havet "Purity"
# Stari souboru zmente z 30 dnu na 7 dnu
??
# Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
# Zaskrtnete okenko Pro vsechny uzivatele
# Zaskrtnete okenko Kontrola na havet "LOP"
# Zaskrtnete okenko Kontrola na havet "Purity"
# Stari souboru zmente z 30 dnu na 7 dnu
??
Re: Prosim o preventivku.
chci se jeste zeptat na to AVG je definitivne pryc? Dostal jste mail s tim avgremover.log ?
log z OTL:
All processes killed
========== OTL ==========
Service HidServ stopped successfully!
Service HidServ deleted successfully!
File C:\WINDOWS\System32\hidserv.dll not found.
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\DOCUME~1\vasek\LOCALS~1\Temp\catchme.sys not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
Registry key HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
HKU\S-1-5-21-343818398-448539723-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-343818398-448539723-682003330-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\ deleted successfully.
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "http://search.icq.com/search/afe_result ... r=1.1.6&q=" removed from keyword.URL
C:\Documents and Settings\vasek\Data aplikací\Mozilla\Firefox\Profiles\trtlz84k.default\searchplugins\daemon-search.xml moved successfully.
C:\Documents and Settings\vasek\Data aplikací\Mozilla\Firefox\Profiles\trtlz84k.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Documents and Settings\vasek\Data aplikací\Mozilla\Firefox\Profiles\trtlz84k.default\searchplugins\icqplugin.xml moved successfully.
Registry value HKEY_USERS\S-1-5-21-343818398-448539723-682003330-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Registry key HKEY_USERS\S-1-5-21-343818398-448539723-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\com.tw\asia.msi\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-343818398-448539723-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\com.tw\global.msi\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-343818398-448539723-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\com.tw\www.msi\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{61e6ee87-0de4-11e0-892c-001617d6a149}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61e6ee87-0de4-11e0-892c-001617d6a149}\ not found.
========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
File/Folder C:\WINDOWS\*.tmp not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: vasek
->Temp folder emptied: 587528 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 28211743 bytes
->Flash cache emptied: 456 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 2346570 bytes
Total Files Cleaned = 30,00 mb
[EMPTYFLASH]
User: All Users
User: Default User
User: LocalService
User: NetworkService
User: vasek
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
OTL by OldTimer - Version 3.2.20.1 log created on 01032011_202927
Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.
Registry entries deleted on Reboot...
log z OTL:
All processes killed
========== OTL ==========
Service HidServ stopped successfully!
Service HidServ deleted successfully!
File C:\WINDOWS\System32\hidserv.dll not found.
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\DOCUME~1\vasek\LOCALS~1\Temp\catchme.sys not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
Registry key HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
HKU\S-1-5-21-343818398-448539723-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-343818398-448539723-682003330-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\ deleted successfully.
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "http://search.icq.com/search/afe_result ... r=1.1.6&q=" removed from keyword.URL
C:\Documents and Settings\vasek\Data aplikací\Mozilla\Firefox\Profiles\trtlz84k.default\searchplugins\daemon-search.xml moved successfully.
C:\Documents and Settings\vasek\Data aplikací\Mozilla\Firefox\Profiles\trtlz84k.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Documents and Settings\vasek\Data aplikací\Mozilla\Firefox\Profiles\trtlz84k.default\searchplugins\icqplugin.xml moved successfully.
Registry value HKEY_USERS\S-1-5-21-343818398-448539723-682003330-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Registry key HKEY_USERS\S-1-5-21-343818398-448539723-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\com.tw\asia.msi\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-343818398-448539723-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\com.tw\global.msi\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-343818398-448539723-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\com.tw\www.msi\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{61e6ee87-0de4-11e0-892c-001617d6a149}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61e6ee87-0de4-11e0-892c-001617d6a149}\ not found.
========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
File/Folder C:\WINDOWS\*.tmp not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: vasek
->Temp folder emptied: 587528 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 28211743 bytes
->Flash cache emptied: 456 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 2346570 bytes
Total Files Cleaned = 30,00 mb
[EMPTYFLASH]
User: All Users
User: Default User
User: LocalService
User: NetworkService
User: vasek
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
OTL by OldTimer - Version 3.2.20.1 log created on 01032011_202927
Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.
Registry entries deleted on Reboot...
Re: Prosim o preventivku.
Je už vše v pořádku ?
jestli ano tak vam moc děkuji
jestli ano tak vam moc děkuji
Re: Prosim o preventivku.
Log dobro dosli 
OTC http://oldtimer.geekstogo.com/OTC.exe
- Stahnete a spustte
- Kliknete na CleanUp a potvrdte YES
- Program uklidi a restartuje PC
TFC http://oldtimer.geekstogo.com/TFC.exe
- Stahnete a spustte
- Kliknete na Start a potvrdte OK
- Program uklidi a restartuje pc
- Po pouziti utilitu smazte
Stahnete Ccleaner (viz muj podpis)Panel čistič
- Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner
- dejte Hledej problémy
- nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
- postup opakujte dokud nebude bez problemu - vetsinou cca 3x
- Zde muzete odinstalovat nepotrebne programy
Zadne zbytky po AVG jsem jiz ani v OTL nenasel, takze by melo byti pryc Centrum zabezpeceni na Vas stale krici 
Jak se chova PC "Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Prosim o preventivku.
Vše provedeno. Centrum zabezpečení už nekřičí. Vše je v pořádku. Mockrát Vám děkuji za Váš čas. V co nejdřívější době podpořím fórum...jen chci se zeptat na podrobnosti sms podpory...Ještě jednou mockrát děkuji jste borci
Prozatím naschledanou
Re: Prosim o preventivku.
Co Vas ohledne podpory pres SMS zajima, zkusim odpoved pripadne se poptam kolegu...Jinak za podporu jmenem celeho tymu dekuji Nemate zac, rad jsem pomohl
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Prosim o preventivku.
Zajima me, kolik procent z ceny sms připadne fóru a kolik si strhne operátor...
Přispějete na provoz fóra?