Prosím o pomoc

Zpráva

wendyp · #1 Příspěvek od **wendyp** » 22 úno 2011 11:19

Dobrý den,
prosím o pomoc. Po zapnutí se mi objeví okno s upozorněním na virus, začne scanovat PC a vnucuje mi koupi antivira. Problém jsem hledala a je to přesně jako tady http://www.myantispyware.com/2009/12/02 ... are-alert/

Zkoušela jsem to vyřešit sama, ale když dám scan v SuperAntiSpyware nebo v Avast, tak se mi po chvíli program vypne. A to samé mi dělá i HijackThis. Zkoušela jsem použít rkill, ale nepomohlo to.
Děkuji moc za jakoukoli radu
Wendy

#2 Příspěvek od **vyosek** » 22 úno 2011 11:24

Zdravim a pekny den preji

Prihlaste se do nouzoveho rezimu (restart PC, mackat F8, zvolit Stav nouze s praci v siti)

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

Pokud ho havet blokuje, pouzijte jeden z nasledujicich
motji píše: Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe

Rkill SCR:
http://download.bleepingcomputer.com/grinler/rkill.scr

Rkill PIF:
http://download.bleepingcomputer.com/grinler/rkill.pif
Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
Spustte tradicne dvojklikem - program probehne temer okamzite a ukonci i svou cinnost
RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
Ted nerestartujte PC - prisli byste o ucinek RKillu

Dejte log z RSIT

wendyp · #3 Příspěvek od **wendyp** » 22 úno 2011 12:05

Log je zde:
Logfile of random's system information tool 1.08 (written by random/random)
Run by vpi at 2011-02-22 12:02:23
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 9 GB (22%) free of 40 GB
Total RAM: 1013 MB (69% free)

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1296831542-966831808-597317292-1005Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1296831542-966831808-597317292-1005UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-12-31 329312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-12-19 135168]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-12-19 159744]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-12-19 131072]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-05-08 16862208]
"MGSysCtrl"=C:\Program Files\System Control Manager\MGSysCtrl.exe [2008-07-29 684032]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2011-01-13 3396624]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2011-01-15 2424560]
"Google Update"=C:\Documents and Settings\vpi\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2011-02-06 136176]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2009-09-03 548352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-12-19 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\sys

#4 Příspěvek od **vyosek** » 22 úno 2011 12:09

No udelame si radeji log z OTL, ten nam ukaze vice

Stahnete OTL (viz muj podpis) a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
Zaskrtnete okenko Pro vsechny uzivatele
Zaskrtnete okenko Kontrola na havet "LOP"
Zaskrtnete okenko Kontrola na havet "Purity"
Stari souboru zmente z 30 dnu na 7 dnu
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

Kód: Vybrat vše

netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
autochk.exe
cdrom.sys
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
explorer.exe
hal.dll
Changer.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys
JakNDis.sys
KR10N.sys
logevent.dll
lsass.exe
mv61xx.sys
ndis.sys
netlogon.dll
ntelogon.dll
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys
nvrd32.sys
nvstor.sys
nvstor32.sys
scecli.dll
sceclt.dll
smss.exe
svchost.exe
symmpi.sys
tcpip.sys
userinit.exe
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
winlogon.exe
ws2_32.dll
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
CREATERESTOREPOINT

Kliknete na tlacitko Prohledat
Po dokonceni skenu (cca 5 az 10 min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte

wendyp · #5 Příspěvek od **wendyp** » 22 úno 2011 23:39

OTL.txt

========== Processes (SafeList) ==========

PRC - [2011.02.22 23:00:21 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\vpi\Plocha\OTL.exe
PRC - [2011.01.13 09:47:34 | 003,396,624 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011.01.13 09:47:33 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010.12.11 10:46:53 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010.10.16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010.01.15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2008.10.31 06:24:28 | 001,365,288 | ---- | M] (Sunbelt Software, Inc.) -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
PRC - [2008.10.31 06:24:28 | 000,095,528 | ---- | M] (Sunbelt Software, Inc.) -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
PRC - [2008.10.31 06:24:26 | 001,705,256 | ---- | M] (Sunbelt Software, Inc.) -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
PRC - [2008.07.29 14:45:12 | 000,684,032 | ---- | M] (Mirco-Star International CO., LTD.) -- C:\Program Files\System Control Manager\MGSysCtrl.exe
PRC - [2008.06.09 16:26:52 | 000,159,744 | ---- | M] () -- C:\Program Files\System Control Manager\MSIService.exe
PRC - [2008.04.14 13:00:00 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.02.22 09:04:42 | 002,938,184 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2008.01.22 19:13:08 | 000,288,072 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2007.10.29 13:30:14 | 000,278,528 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2007.10.04 17:39:42 | 000,077,824 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
PRC - [2007.09.28 15:05:16 | 000,128,360 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

========== Modules (SafeList) ==========

MOD - [2011.02.22 23:00:21 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\vpi\Plocha\OTL.exe
MOD - [2011.01.13 09:47:35 | 000,189,728 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2010.08.23 17:12:33 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008.07.18 12:39:04 | 000,053,248 | ---- | M] () -- C:\Program Files\System Control Manager\MGKBHook.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (wmcmgc)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011.01.13 09:47:33 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010.10.16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010.01.15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008.10.31 06:24:28 | 001,365,288 | ---- | M] (Sunbelt Software, Inc.) [Auto | Running] -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe -- (SPF4)
SRV - [2008.10.31 06:24:28 | 000,095,528 | ---- | M] (Sunbelt Software, Inc.) [Auto | Running] -- C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe -- (SbPF.Launcher)
SRV - [2008.06.09 16:26:52 | 000,159,744 | ---- | M] () [Auto | Running] -- C:\Program Files\System Control Manager\MSIService.exe -- (Micro Star SCM)
SRV - [2007.09.28 15:05:16 | 000,128,360 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2002.01.25 05:30:52 | 000,020,480 | ---- | M] () [Auto | Stopped] -- c:\apache\APACHE.EXE -- (PHPGeekUtil)

========== Driver Services (SafeList) ==========

DRV - [2011.01.13 09:41:16 | 000,294,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011.01.13 09:40:16 | 000,047,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011.01.13 09:40:04 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011.01.13 09:37:30 | 000,023,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011.01.13 09:37:11 | 000,029,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011.01.13 09:37:09 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010.09.26 16:34:54 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010.05.10 19:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010.02.17 19:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2008.10.31 06:09:06 | 000,270,888 | R--- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SbFw.sys -- (SbFw)
DRV - [2008.07.10 18:33:40 | 000,306,176 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rtl8187Se.sys -- (rtl8187Se)
DRV - [2008.06.21 03:54:54 | 000,066,600 | R--- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sbhips.sys -- (sbhips)
DRV - [2008.06.21 03:54:54 | 000,065,576 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV - [2008.06.11 04:23:07 | 000,106,368 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008.06.11 04:23:01 | 000,156,160 | R--- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTS5121.sys -- (RSUSBSTOR)
DRV - [2008.05.19 21:49:14 | 000,625,792 | R--- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt2860.sys -- (RT80x86)
DRV - [2008.05.08 05:21:40 | 004,739,072 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008.04.14 13:00:00 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008.04.14 13:00:00 | 000,075,264 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ipsec.sys -- (IPSec)
DRV - [2008.02.15 14:01:06 | 000,131,712 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2008.01.31 14:55:06 | 000,074,240 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2008.01.22 19:57:48 | 000,054,144 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2007.12.19 19:32:12 | 005,854,688 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007.11.29 08:45:44 | 000,036,608 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2007.10.18 13:25:00 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2007.10.02 10:43:22 | 000,064,128 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2007.01.29 06:40:22 | 000,449,408 | ---- | M] (MSI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MSILiveVirtualCamera.sys -- (MSILiveVirtualCamera)
DRV - [2006.10.10 18:33:00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2005.01.07 04:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004.12.23 03:47:10 | 000,027,392 | R--- | M] (Ulead Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ULCDRHlp.sys -- (ULCDRHlp)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msi.com.tw

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msi.com.tw

IE - HKU\S-1-5-21-1296831542-966831808-597317292-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (Eng)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
FF - prefs.js..extensions.enabledItems: YoutubeDownloader@PeterOlayev.com:1.5
FF - prefs.js..extensions.enabledItems: {bee6eb20-01e0-ebd1-da83-080329fb9a3a}:0.1
FF - prefs.js..extensions.enabledItems: multilinks@plugin:2.0.0.17
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2
FF - prefs.js..extensions.enabledItems: SkipScreen@SkipScreen:0.5.21amo
FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:2.22.5
FF - prefs.js..network.proxy.backup.ftp: "4iz110.vse.cz"
FF - prefs.js..network.proxy.backup.ftp_port: 40190
FF - prefs.js..network.proxy.backup.gopher: "4iz110.vse.cz"
FF - prefs.js..network.proxy.backup.gopher_port: 40190
FF - prefs.js..network.proxy.backup.socks: "4iz110.vse.cz"
FF - prefs.js..network.proxy.backup.socks_port: 40190
FF - prefs.js..network.proxy.backup.ssl: "4iz110.vse.cz"
FF - prefs.js..network.proxy.backup.ssl_port: 40190
FF - prefs.js..network.proxy.ftp: "4iz110.vse.cz"
FF - prefs.js..network.proxy.ftp_port: 40190
FF - prefs.js..network.proxy.gopher: "4iz110.vse.cz"
FF - prefs.js..network.proxy.gopher_port: 40190
FF - prefs.js..network.proxy.http: "4iz110.vse.cz"
FF - prefs.js..network.proxy.http_port: 40190
FF - prefs.js..network.proxy.no_proxies_on: "aplis,aplis.com"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "4iz110.vse.cz"
FF - prefs.js..network.proxy.socks_port: 40190
FF - prefs.js..network.proxy.ssl: "4iz110.vse.cz"
FF - prefs.js..network.proxy.ssl_port: 40190
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.01.31 11:37:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.01.31 11:36:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.12.08 16:35:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.01.30 15:18:10 | 000,000,000 | ---D | M]

[2008.12.05 11:26:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\vpi\Data aplikací\Mozilla\Extensions
[2011.02.22 10:57:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\vpi\Data aplikací\Mozilla\Firefox\Profiles\me5v8hc4.default\extensions
[2011.01.09 20:48:02 | 000,000,000 | ---D | M] (Forecastfox Weather) -- C:\Documents and Settings\vpi\Data aplikací\Mozilla\Firefox\Profiles\me5v8hc4.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2010.04.20 20:47:46 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Documents and Settings\vpi\Data aplikací\Mozilla\Firefox\Profiles\me5v8hc4.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
[2011.01.07 23:04:49 | 000,000,000 | ---D | M] (Web Developer) -- C:\Documents and Settings\vpi\Data aplikací\Mozilla\Firefox\Profiles\me5v8hc4.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2011.01.07 23:04:49 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\vpi\Data aplikací\Mozilla\Firefox\Profiles\me5v8hc4.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011.02.12 15:53:22 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Documents and Settings\vpi\Data aplikací\Mozilla\Firefox\Profiles\me5v8hc4.default\extensions\foxyproxy@eric.h.jung
[2011.01.05 15:19:53 | 000,000,000 | ---D | M] (Multi Links) -- C:\Documents and Settings\vpi\Data aplikací\Mozilla\Firefox\Profiles\me5v8hc4.default\extensions\multilinks@plugin
[2011.01.30 14:18:26 | 000,000,000 | ---D | M] (SkipScreen) -- C:\Documents and Settings\vpi\Data aplikací\Mozilla\Firefox\Profiles\me5v8hc4.default\extensions\SkipScreen@SkipScreen
[2010.07.30 08:37:01 | 000,000,000 | ---D | M] (1-Click YouTube Video Downloader) -- C:\Documents and Settings\vpi\Data aplikací\Mozilla\Firefox\Profiles\me5v8hc4.default\extensions\YoutubeDownloader@PeterOlayev.com
[2011.02.08 19:08:13 | 000,002,291 | ---- | M] () -- C:\Documents and Settings\vpi\Data aplikací\Mozilla\Firefox\Profiles\me5v8hc4.default\searchplugins\8nemjn28.xml
[2010.03.18 18:27:40 | 000,002,131 | ---- | M] () -- C:\Documents and Settings\vpi\Data aplikací\Mozilla\Firefox\Profiles\me5v8hc4.default\searchplugins\bmrk-file-host-search.xml
[2010.03.10 19:51:02 | 000,002,293 | ---- | M] () -- C:\Documents and Settings\vpi\Data aplikací\Mozilla\Firefox\Profiles\me5v8hc4.default\searchplugins\demonoid-search.xml
[2009.11.29 16:06:32 | 000,000,938 | ---- | M] () -- C:\Documents and Settings\vpi\Data aplikací\Mozilla\Firefox\Profiles\me5v8hc4.default\searchplugins\facebook.xml
[2009.10.31 18:39:44 | 000,001,512 | ---- | M] () -- C:\Documents and Settings\vpi\Data aplikací\Mozilla\Firefox\Profiles\me5v8hc4.default\searchplugins\imdb.xml
[2011.02.21 10:41:39 | 000,004,873 | ---- | M] () -- C:\Documents and Settings\vpi\Data aplikací\Mozilla\Firefox\Profiles\me5v8hc4.default\searchplugins\isohunt---bt-search.xml
[2009.12.05 22:29:09 | 000,001,966 | ---- | M] () -- C:\Documents and Settings\vpi\Data aplikací\Mozilla\Firefox\Profiles\me5v8hc4.default\searchplugins\lastfm.xml
[2009.12.09 10:47:31 | 000,002,051 | ---- | M] () -- C:\Documents and Settings\vpi\Data aplikací\Mozilla\Firefox\Profiles\me5v8hc4.default\searchplugins\mapycz.xml
[2010.03.21 12:50:41 | 000,002,072 | ---- | M] () -- C:\Documents and Settings\vpi\Data aplikací\Mozilla\Firefox\Profiles\me5v8hc4.default\searchplugins\novinkycz.xml
[2009.12.13 22:46:30 | 000,002,700 | ---- | M] () -- C:\Documents and Settings\vpi\Data aplikací\Mozilla\Firefox\Profiles\me5v8hc4.default\searchplugins\opensubtitles.xml
[2009.10.31 18:40:06 | 000,001,127 | ---- | M] () -- C:\Documents and Settings\vpi\Data aplikací\Mozilla\Firefox\Profiles\me5v8hc4.default\searchplugins\rapidshare-filefinder.xml
[2009.11.04 21:40:56 | 000,001,699 | ---- | M] () -- C:\Documents and Settings\vpi\Data aplikací\Mozilla\Firefox\Profiles\me5v8hc4.default\searchplugins\sfd.xml
[2009.10.31 18:40:11 | 000,001,686 | ---- | M] () -- C:\Documents and Settings\vpi\Data aplikací\Mozilla\Firefox\Profiles\me5v8hc4.default\searchplugins\thepiratebayorg.xml
[2011.02.15 17:03:06 | 000,011,187 | ---- | M] () -- C:\Documents and Settings\vpi\Data aplikací\Mozilla\Firefox\Profiles\me5v8hc4.default\searchplugins\timeanddatecom.xml
[2010.03.10 19:53:17 | 000,001,019 | ---- | M] () -- C:\Documents and Settings\vpi\Data aplikací\Mozilla\Firefox\Profiles\me5v8hc4.default\searchplugins\torrentz-search.xml
[2009.10.31 18:39:53 | 000,001,042 | ---- | M] () -- C:\Documents and Settings\vpi\Data aplikací\Mozilla\Firefox\Profiles\me5v8hc4.default\searchplugins\wikipedia-eng.xml
[2009.10.31 18:36:08 | 000,004,153 | ---- | M] () -- C:\Documents and Settings\vpi\Data aplikací\Mozilla\Firefox\Profiles\me5v8hc4.default\searchplugins\youtube.xml
[2011.02.22 10:57:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\VPI\DATA APLIKACĂ\MOZILLA\FIREFOX\PROFILES\ME5V8HC4.DEFAULT\EXTENSIONS\{0538E3E3-7E9B-4D49-8831-A227C80A7AD3}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\VPI\DATA APLIKACĂ\MOZILLA\FIREFOX\PROFILES\ME5V8HC4.DEFAULT\EXTENSIONS\{BEE6EB20-01E0-EBD1-DA83-080329FB9A3A}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\VPI\DATA APLIKACĂ\MOZILLA\FIREFOX\PROFILES\ME5V8HC4.DEFAULT\EXTENSIONS\{C45C406E-AB73-11D8-BE73-000A95BE3B12}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\VPI\DATA APLIKACĂ\MOZILLA\FIREFOX\PROFILES\ME5V8HC4.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\VPI\DATA APLIKACĂ\MOZILLA\FIREFOX\PROFILES\ME5V8HC4.DEFAULT\EXTENSIONS\FOXYPROXY@ERIC.H.JUNG
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\VPI\DATA APLIKACĂ\MOZILLA\FIREFOX\PROFILES\ME5V8HC4.DEFAULT\EXTENSIONS\MULTILINKS@PLUGIN
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\VPI\DATA APLIKACĂ\MOZILLA\FIREFOX\PROFILES\ME5V8HC4.DEFAULT\EXTENSIONS\SKIPSCREEN@SKIPSCREEN
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\VPI\DATA APLIKACĂ\MOZILLA\FIREFOX\PROFILES\ME5V8HC4.DEFAULT\EXTENSIONS\YOUTUBEDOWNLOADER@PETEROLAYEV.COM
[2009.03.18 23:03:56 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010.01.03 01:02:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2009.07.16 17:23:24 | 000,873,976 | ---- | M] (Ganymede Technologies) -- C:\Program Files\Mozilla Firefox\plugins\NPCARDS.dll
[2009.07.16 17:22:04 | 000,529,912 | ---- | M] (Ganymede Technologies) -- C:\Program Files\Mozilla Firefox\plugins\NPNAVY.dll
[2007.03.10 00:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
[2010.03.12 18:59:43 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.03.12 18:59:43 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.03.12 18:59:43 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.03.12 18:59:43 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.03.12 18:59:43 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2011.01.02 17:29:19 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe (Mirco-Star International CO., LTD.)
O4 - HKU\S-1-5-21-1296831542-966831808-597317292-1005..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE ()
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1296831542-966831808-597317292-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1296831542-966831808-597317292-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1296831542-966831808-597317292-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1296831542-966831808-597317292-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = aplis.com
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe ()
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\vpi\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\vpi\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: wmcmgc - File not found
NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.divxa32 - C:\WINDOWS\System32\msaud32_divx.acm (Microsoft Corporation)
Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()

wendyp · #6 Příspěvek od **wendyp** » 22 úno 2011 23:40

OTL.txt pokracovani

CREATERESTOREPOINT
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

========== Files/Folders - Created Within 7 Days ==========

[2011.02.22 23:00:17 | 000,577,024 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\vpi\Plocha\OTL.exe
[2011.02.22 11:39:19 | 000,000,000 | ---D | C] -- C:\rsit
[2011.02.22 10:20:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\vpi\Plocha\Malwarebytes' Anti-Malware
[2011.02.21 23:16:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\vpi\Data aplikací\Malwarebytes
[2011.02.21 23:16:03 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011.02.21 23:16:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Malwarebytes' Anti-Malware
[2011.02.21 23:16:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
[2011.02.21 23:15:54 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.02.21 23:15:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.02.21 23:04:21 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\vpi\Plocha\mbam-setup-1.50.1.1100.exe
[33 C:\Documents and Settings\vpi\Dokumenty\*.tmp files -> C:\Documents and Settings\vpi\Dokumenty\*.tmp -> ]

========== Files - Modified Within 7 Days ==========

[2011.02.22 23:00:21 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\vpi\Plocha\OTL.exe
[2011.02.22 23:00:04 | 000,001,018 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1296831542-966831808-597317292-1005UA.job
[2011.02.22 22:55:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.02.22 22:55:12 | 1062,526,976 | -HS- | M] () -- C:\hiberfil.sys
[2011.02.22 12:00:26 | 000,339,991 | ---- | M] () -- C:\Documents and Settings\vpi\Plocha\RSIT(3).exe
[2011.02.22 11:51:22 | 000,721,253 | ---- | M] () -- C:\Documents and Settings\vpi\Plocha\rkill(2).com
[2011.02.22 11:51:04 | 000,721,253 | ---- | M] () -- C:\Documents and Settings\vpi\Plocha\rkillc.exe
[2011.02.22 11:05:12 | 000,396,288 | ---- | M] () -- C:\Documents and Settings\vpi\Plocha\explorer.exe
[2011.02.22 11:00:59 | 000,396,288 | ---- | M] () -- C:\Documents and Settings\vpi\Plocha\hijackthis(2).exe
[2011.02.22 11:00:34 | 000,000,838 | ---- | M] () -- C:\Documents and Settings\vpi\Plocha\Zástupce - hijackthis.exe.lnk
[2011.02.22 10:21:01 | 000,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2011.02.22 10:10:38 | 000,166,912 | ---- | M] () -- C:\Documents and Settings\vpi\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.02.21 23:22:50 | 000,721,253 | ---- | M] () -- C:\Documents and Settings\vpi\Plocha\rkill.exe
[2011.02.21 23:08:00 | 000,001,628 | ---- | M] () -- C:\Documents and Settings\vpi\Plocha\SUPERAntiSpyware Alternate Start.lnk
[2011.02.21 23:04:37 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\vpi\Plocha\mbam-setup-1.50.1.1100.exe
[2011.02.21 22:34:07 | 000,000,184 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2011.02.21 18:10:47 | 000,000,847 | ---- | M] () -- C:\Documents and Settings\All Users\Data aplikací\.wtav
[2011.02.20 13:59:01 | 000,000,966 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1296831542-966831808-597317292-1005Core.job
[2011.02.19 09:51:12 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[33 C:\Documents and Settings\vpi\Dokumenty\*.tmp files -> C:\Documents and Settings\vpi\Dokumenty\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.02.22 22:55:12 | 1062,526,976 | -HS- | C] () -- C:\hiberfil.sys
[2011.02.22 11:51:31 | 000,339,991 | ---- | C] () -- C:\Documents and Settings\vpi\Plocha\RSIT(3).exe
[2011.02.22 11:51:11 | 000,721,253 | ---- | C] () -- C:\Documents and Settings\vpi\Plocha\rkill(2).com
[2011.02.22 11:50:52 | 000,721,253 | ---- | C] () -- C:\Documents and Settings\vpi\Plocha\rkillc.exe
[2011.02.22 11:05:11 | 000,396,288 | ---- | C] () -- C:\Documents and Settings\vpi\Plocha\explorer.exe
[2011.02.22 11:00:58 | 000,396,288 | ---- | C] () -- C:\Documents and Settings\vpi\Plocha\hijackthis(2).exe
[2011.02.22 11:00:34 | 000,000,838 | ---- | C] () -- C:\Documents and Settings\vpi\Plocha\Zástupce - hijackthis.exe.lnk
[2011.02.21 23:22:21 | 000,721,253 | ---- | C] () -- C:\Documents and Settings\vpi\Plocha\rkill.exe
[2011.02.21 23:16:03 | 000,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2011.02.21 23:08:00 | 000,001,628 | ---- | C] () -- C:\Documents and Settings\vpi\Plocha\SUPERAntiSpyware Alternate Start.lnk
[2011.02.17 23:03:10 | 000,000,847 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\.wtav
[2010.06.08 14:58:50 | 000,000,115 | ---- | C] () -- C:\WINDOWS\DailyMugshot.ini
[2010.05.12 04:41:35 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2010.05.12 04:38:43 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\vpi\Data aplikací\winscp.rnd
[2010.04.27 20:36:41 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\vpi\Local Settings\Data aplikací\PUTTY.RND
[2010.01.17 21:29:35 | 000,000,097 | ---- | C] () -- C:\WINDOWS\WirelessFTP.INI
[2009.12.04 22:01:46 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2009.09.27 12:20:14 | 000,139,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009.09.27 12:20:14 | 000,139,152 | ---- | C] () -- C:\Documents and Settings\vpi\Data aplikací\PnkBstrK.sys
[2009.08.23 16:06:44 | 000,638,976 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009.08.23 15:43:46 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009.06.22 13:13:01 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009.04.19 07:42:05 | 000,166,912 | ---- | C] () -- C:\Documents and Settings\vpi\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.03.12 23:38:39 | 001,051,136 | ---- | C] () -- C:\WINDOWS\System32\drivers\CAMTHWDM.sys
[2008.12.05 11:57:56 | 000,000,184 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2008.12.05 11:22:35 | 000,000,390 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008.08.30 00:25:37 | 000,001,168 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008.08.30 00:25:28 | 000,053,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\vbma3fe9.sys
[2008.08.30 00:25:26 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\drivers\ipsec.sys
[2008.08.29 18:01:37 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008.08.29 17:55:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2008.08.29 17:33:11 | 000,004,249 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008.08.29 16:59:48 | 006,184,960 | R--- | C] () -- C:\WINDOWS\System32\RTS5121icon.dll
[2008.08.29 16:46:15 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4906.dll
[2008.02.04 18:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007.12.21 15:46:32 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2007.12.12 16:57:43 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\GETIGBC.dll
[2007.12.12 16:57:43 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\GETIGSN.dll
[2007.12.12 16:57:43 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\GETIGBD.dll
[2005.07.22 20:30:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2002.11.20 15:13:44 | 003,907,640 | ---- | C] () -- C:\WINDOWS\System32\GSDLL32.dll
[2002.02.08 03:20:20 | 000,002,063 | ---- | C] () -- C:\WINDOWS\System32\my.ini
[2001.12.30 22:27:06 | 001,155,072 | ---- | C] () -- C:\WINDOWS\System32\php4ts.dll
[2001.10.28 01:42:30 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2001.09.19 21:52:22 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\sablot.dll
[2001.08.16 19:04:46 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\ming.dll
[2001.07.30 19:17:12 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2001.07.26 20:44:38 | 000,475,136 | ---- | C] () -- C:\WINDOWS\System32\libxml2.dll
[2001.05.16 23:17:04 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2001.05.16 23:16:30 | 000,860,160 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2000.10.22 19:26:44 | 000,438,334 | ---- | C] () -- C:\WINDOWS\System32\expat.dll
[2000.10.22 05:41:26 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\libsasl.dll
[2000.10.07 07:41:10 | 000,747,486 | ---- | C] () -- C:\WINDOWS\System32\iconv-1.3.dll
[2000.09.27 02:28:20 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\libpq.dll
[2000.08.24 19:44:10 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2000.08.24 19:44:08 | 000,078,848 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[1999.05.24 12:26:42 | 000,317,440 | ---- | C] () -- C:\WINDOWS\System32\FdfTk.dll
[1997.09.08 01:13:48 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\mSQL.dll

========== LOP Check ==========

[2010.10.30 10:50:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\2DBoy
[2010.07.21 21:07:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
[2010.09.26 16:34:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
[2009.03.29 18:32:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Last.fm
[2010.07.12 23:56:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Make A Voozie
[2010.03.04 00:48:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Pinnacle
[2009.11.03 00:33:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2009.12.04 21:53:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TuneUp Software
[2010.09.26 16:30:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Ulead Systems
[2009.03.23 19:31:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010.04.10 13:13:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009.10.18 15:12:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009.06.07 20:03:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009.12.04 21:50:05 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Data aplikací\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2009.12.04 22:00:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Data aplikací\TuneUp Software
[2010.08.20 15:51:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vpi\Data aplikací\.minecraft
[2009.06.22 13:28:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vpi\Data aplikací\DAEMON Tools Lite
[2010.04.27 20:37:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vpi\Data aplikací\FileZilla
[2009.07.07 18:14:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vpi\Data aplikací\Fit3DLive
[2010.04.17 10:54:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vpi\Data aplikací\FLV Extract
[2009.08.14 00:25:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vpi\Data aplikací\GanymedeNet
[2010.03.23 10:57:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vpi\Data aplikací\GHISLER
[2010.04.27 23:09:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vpi\Data aplikací\gtk-2.0
[2008.12.05 17:40:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vpi\Data aplikací\OfficeUpdate12
[2009.12.07 22:31:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vpi\Data aplikací\PDM
[2010.05.12 04:44:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vpi\Data aplikací\PrimoPDF
[2009.11.03 00:41:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vpi\Data aplikací\SoftOrbits
[2010.06.11 06:59:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vpi\Data aplikací\soundcrank
[2009.07.07 11:04:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vpi\Data aplikací\Thunderbird
[2009.12.04 21:53:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vpi\Data aplikací\TuneUp Software
[2010.09.26 16:30:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vpi\Data aplikací\Ulead Systems
[2010.06.10 23:20:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vpi\Data aplikací\Uniblue
[2011.02.22 11:40:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vpi\Data aplikací\uTorrent
[2010.06.06 09:38:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vpi\Data aplikací\VoozieMaker
[2009.03.12 23:39:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vpi\Data aplikací\Webcammax

========== Purity Check ==========

========== Custom Scans ==========

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"SUPERAntiSpyware" = C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe -- [2011.01.15 11:04:50 | 002,424,560 | ---- | M] ()
"Google Update" = "C:\Documents and Settings\vpi\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c -- [2011.02.06 13:54:46 | 000,136,176 | ---- | M] (Google Inc.)

< c:\windows\*.* /U >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2010.08.20 15:51:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vpi\Data aplikací\.minecraft
[2009.03.23 20:14:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vpi\Data aplikací\Adobe
[2010.04.10 19:23:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vpi\Data aplikací\Apple Computer
[2009.06.22 13:28:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vpi\Data aplikací\DAEMON Tools Lite
[2011.02.12 12:15:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vpi\Data aplikací\dvdcss
[2010.04.27 20:37:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vpi\Data aplikací\FileZilla
[2009.07.07 18:14:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vpi\Data aplikací\Fit3DLive
[2010.04.17 10:54:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vpi\Data aplikací\FLV Extract
[2009.08.14 00:25:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vpi\Data aplikací\GanymedeNet
[2010.03.23 10:57:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vpi\Data aplikací\GHISLER
[2010.05.11 20:10:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vpi\Data aplikací\GRETECH
[2010.04.27 23:09:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vpi\Data aplikací\gtk-2.0
[2009.03.20 10:20:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vpi\Data aplikací\Help
[2008.08.29 15:41:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vpi\Data aplikací\Identities
[2008.08.29 16:58:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vpi\Data aplikací\InstallShield
[2009.03.23 23:02:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vpi\Data aplikací\Macromedia
[2011.02.21 23:16:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vpi\Data aplikací\Malwarebytes
[2010.09.15 10:24:40 | 000,000,000 | --SD | M] -- C:\Documents and Settings\vpi\Data aplikací\Microsoft
[2009.07.07 11:04:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vpi\Data aplikací\Mozilla
[2008.12.05 17:40:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vpi\Data aplikací\OfficeUpdate12
[2009.12.07 22:31:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vpi\Data aplikací\PDM
[2010.05.12 04:44:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vpi\Data aplikací\PrimoPDF
[2010.03.08 16:33:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vpi\Data aplikací\Real
[2010.11.27 17:50:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vpi\Data aplikací\Skype
[2010.11.27 17:50:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vpi\Data aplikací\skypePM
[2009.11.03 00:41:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vpi\Data aplikací\SoftOrbits
[2010.06.11 06:59:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vpi\Data aplikací\soundcrank
[2008.12.05 11:28:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vpi\Data aplikací\Sun
[2011.01.02 18:45:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vpi\Data aplikací\SUPERAntiSpyware.com
[2009.07.07 11:04:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vpi\Data aplikací\Thunderbird
[2009.12.04 21:53:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vpi\Data aplikací\TuneUp Software
[2010.09.26 16:30:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vpi\Data aplikací\Ulead Systems
[2010.06.10 23:20:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vpi\Data aplikací\Uniblue
[2011.02.22 11:40:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vpi\Data aplikací\uTorrent
[2011.02.19 19:57:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vpi\Data aplikací\vlc
[2010.06.06 09:38:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vpi\Data aplikací\VoozieMaker
[2009.03.12 23:39:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vpi\Data aplikací\Webcammax

< %APPDATA%\*.exe /s >
[2009.08.14 00:25:54 | 000,054,272 | ---- | M] () -- C:\Documents and Settings\vpi\Data aplikací\GanymedeNet\Online Games\Common\ielauncher.exe
[2007.03.22 11:46:40 | 000,126,976 | ---- | M] () -- C:\Documents and Settings\vpi\Data aplikací\GRETECH\GomPlayer\GrLauncher.exe
[2007.03.22 11:46:34 | 000,125,952 | ---- | M] () -- C:\Documents and Settings\vpi\Data aplikací\GRETECH\GomTVStreamer\GrLauncher.exe
[2010.06.22 10:16:49 | 000,439,816 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\vpi\Data aplikací\Real\Update\setup3.10\setup.exe
[2010.12.07 23:26:53 | 000,506,024 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\vpi\Data aplikací\Real\Update\setup3.13\setup.exe

< MD5 for: AGP440.SYS >
[2008.04.14 13:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.04.14 13:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2008.04.14 13:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 13:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:atapi.sys
[2005.03.25 14:00:00 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=9CAB5B612E3AF65810F276BA051D56CD -- C:\WINDOWS\RE_DRIVE\RECOVERYCD_ISO\I386\SYSTEM32\DRIVERS\ATAPI.SYS
[2005.03.25 14:00:00 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=9CAB5B612E3AF65810F276BA051D56CD -- C:\WINDOWS\RE_DRIVE\RECOVERYCD_ISO\STAGE\MININT\SYSTEM32\DRIVERS\ATAPI.SYS
[2008.04.13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008.04.13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008.04.14 13:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2008.04.14 13:00:00 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\cmdcons\autochk.exe
[2008.04.14 13:00:00 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\I386\AUTOCHK.EXE
[2008.04.14 13:00:00 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\system32\autochk.exe
[2008.04.14 13:00:00 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\system32\dllcache\autochk.exe
[2005.03.25 14:00:00 | 000,594,432 | ---- | M] (Microsoft Corporation) MD5=D18FA3530AA4124A9D64F97162B1E3DF -- C:\WINDOWS\RE_DRIVE\RECOVERYCD_ISO\I386\SYSTEM32\AUTOCHK.EXE
[2005.03.25 14:00:00 | 000,594,432 | ---- | M] (Microsoft Corporation) MD5=D18FA3530AA4124A9D64F97162B1E3DF -- C:\WINDOWS\RE_DRIVE\RECOVERYCD_ISO\STAGE\MININT\SYSTEM32\AUTOCHK.EXE

< MD5 for: CDROM.SYS >
[2008.04.14 13:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008.04.14 13:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:cdrom.sys
[2008.04.14 13:00:00 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2005.03.25 14:00:00 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=DD6A189894B14E24A14B4D182F5F3949 -- C:\WINDOWS\RE_DRIVE\RECOVERYCD_ISO\I386\SYSTEM32\DRIVERS\CDROM.SYS
[2005.03.25 14:00:00 | 000,052,224 | ---- | M] (Microsoft Corporation) MD5=DD6A189894B14E24A14B4D182F5F3949 -- C:\WINDOWS\RE_DRIVE\RECOVERYCD_ISO\STAGE\MININT\SYSTEM32\DRIVERS\CDROM.SYS

< MD5 for: CRYPTSVC.DLL >
[2008.04.14 13:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\cryptsvc.dll
[2008.04.14 13:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\dllcache\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2008.04.14 13:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008.04.14 13:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008.04.14 13:00:00 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2011.02.22 11:05:12 | 000,396,288 | ---- | M] () Unable to obtain MD5 -- C:\Documents and Settings\vpi\Plocha\explorer.exe

< MD5 for: HAL.DLL >
[2008.04.14 13:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2008.04.14 13:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:hal.dll
[2008.04.14 13:00:00 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=4329EE7D502C9113EBA0F9570392F5EE -- C:\WINDOWS\system32\hal.dll
[2005.03.25 14:00:00 | 000,109,568 | ---- | M] (Microsoft Corporation) MD5=EB0D4F2DED96775E9C272BBDFAA7B923 -- C:\WINDOWS\RE_DRIVE\RECOVERYCD_ISO\I386\SYSTEM32\HAL.DLL
[2005.03.25 14:00:00 | 000,109,568 | ---- | M] (Microsoft Corporation) MD5=EB0D4F2DED96775E9C272BBDFAA7B923 -- C:\WINDOWS\RE_DRIVE\RECOVERYCD_ISO\STAGE\MININT\SYSTEM32\HAL.DLL

< MD5 for: CHANGER.SYS >
[2008.04.14 13:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
[2008.04.14 13:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:Changer.sys

< MD5 for: IASTOR.SYS >
[2008.02.14 12:31:26 | 000,310,808 | ---- | M] (Intel Corporation) MD5=ACF3EC4273521B83AD9EFE56C11B4626 -- C:\WINDOWS\RE_DRIVE\RECOVERYCD_ISO\I386\SYSTEM32\DRIVERS\IASTOR.SYS
[2008.02.14 12:31:26 | 000,310,808 | ---- | M] (Intel Corporation) MD5=ACF3EC4273521B83AD9EFE56C11B4626 -- C:\WINDOWS\RE_DRIVE\RECOVERYCD_ISO\STAGE\MININT\SYSTEM32\DRIVERS\IASTOR.SYS

< MD5 for: ISAPNP.SYS >
[2008.04.14 13:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2008.04.14 13:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:isapnp.sys
[2005.03.25 14:00:00 | 000,037,888 | ---- | M] (Microsoft Corporation) MD5=4EA2CC0CC091854FB1A07B6758BB68C0 -- C:\WINDOWS\RE_DRIVE\RECOVERYCD_ISO\I386\SYSTEM32\DRIVERS\ISAPNP.SYS
[2005.03.25 14:00:00 | 000,037,888 | ---- | M] (Microsoft Corporation) MD5=4EA2CC0CC091854FB1A07B6758BB68C0 -- C:\WINDOWS\RE_DRIVE\RECOVERYCD_ISO\STAGE\MININT\SYSTEM32\DRIVERS\ISAPNP.SYS
[2008.04.14 06:57:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\dllcache\isapnp.sys
[2008.04.14 06:57:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\drivers\isapnp.sys
[2008.04.14 13:00:00 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\isapnp.sys

< MD5 for: LSASS.EXE >
[2005.03.25 14:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=D4B61A935670C57A0DEA81B4F4A12169 -- C:\WINDOWS\RE_DRIVE\RECOVERYCD_ISO\I386\SYSTEM32\LSASS.EXE
[2005.03.25 14:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=D4B61A935670C57A0DEA81B4F4A12169 -- C:\WINDOWS\RE_DRIVE\RECOVERYCD_ISO\STAGE\MININT\SYSTEM32\LSASS.EXE
[2008.04.14 13:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\dllcache\lsass.exe
[2008.04.14 13:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\lsass.exe

< MD5 for: NDIS.SYS >
[2008.04.14 13:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\ndis.sys
[2008.04.14 13:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2005.03.25 14:00:00 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=FDB9275EB5E75A456BD26F4479103C19 -- C:\WINDOWS\RE_DRIVE\RECOVERYCD_ISO\I386\SYSTEM32\DRIVERS\NDIS.SYS
[2005.03.25 14:00:00 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=FDB9275EB5E75A456BD26F4479103C19 -- C:\WINDOWS\RE_DRIVE\RECOVERYCD_ISO\STAGE\MININT\SYSTEM32\DRIVERS\NDIS.SYS

< MD5 for: NETLOGON.DLL >
[2005.03.25 14:00:00 | 000,419,328 | ---- | M] (Microsoft Corporation) MD5=9DA343027F3B72029AB499D3F7FFACAA -- C:\WINDOWS\RE_DRIVE\RECOVERYCD_ISO\I386\SYSTEM32\NETLOGON.DLL
[2005.03.25 14:00:00 | 000,419,328 | ---- | M] (Microsoft Corporation) MD5=9DA343027F3B72029AB499D3F7FFACAA -- C:\WINDOWS\RE_DRIVE\RECOVERYCD_ISO\STAGE\MININT\SYSTEM32\NETLOGON.DLL
[2008.04.14 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008.04.14 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2005.03.25 14:00:00 | 000,190,976 | ---- | M] (Microsoft Corporation) MD5=71FB876580530E7B0429312A8BCE5E04 -- C:\WINDOWS\RE_DRIVE\RECOVERYCD_ISO\I386\SYSTEM32\SCECLI.DLL
[2005.03.25 14:00:00 | 000,190,976 | ---- | M] (Microsoft Corporation) MD5=71FB876580530E7B0429312A8BCE5E04 -- C:\WINDOWS\RE_DRIVE\RECOVERYCD_ISO\STAGE\MININT\SYSTEM32\SCECLI.DLL
[2008.04.14 13:00:00 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008.04.14 13:00:00 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SMSS.EXE >
[2004.08.17 15:49:28 | 000,164,864 | ---- | M] (Microsoft Corporation) MD5=3C100B7FDB179B63829103DF6541337F -- C:\cmdcons\SYSTEM32\SMSS.EXE
[2005.03.25 14:00:00 | 000,053,760 | ---- | M] (Microsoft Corporation) MD5=5912CC8F61CF76E4FADC6F34C8F92DDB -- C:\WINDOWS\RE_DRIVE\RECOVERYCD_ISO\I386\SYSTEM32\SMSS.EXE
[2005.03.25 14:00:00 | 000,053,760 | ---- | M] (Microsoft Corporation) MD5=5912CC8F61CF76E4FADC6F34C8F92DDB -- C:\WINDOWS\RE_DRIVE\RECOVERYCD_ISO\STAGE\MININT\SYSTEM32\SMSS.EXE
[2008.04.14 13:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\dllcache\smss.exe
[2008.04.14 13:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\smss.exe
[2008.04.14 13:00:00 | 000,481,792 | ---- | M] (Microsoft Corporation) MD5=F209B5C79A87A9521DC0BD88B039EEE3 -- C:\WINDOWS\I386\SYSTEM32\SMSS.EXE

< MD5 for: SVCHOST.EXE >
[2008.04.14 13:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008.04.14 13:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe
[2005.03.25 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=CA8E6441930B54A8B8210061CE5FCCE7 -- C:\WINDOWS\RE_DRIVE\RECOVERYCD_ISO\I386\SYSTEM32\SVCHOST.EXE
[2005.03.25 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=CA8E6441930B54A8B8210061CE5FCCE7 -- C:\WINDOWS\RE_DRIVE\RECOVERYCD_ISO\STAGE\MININT\SYSTEM32\SVCHOST.EXE

< MD5 for: SYMMPI.SYS >
[2005.03.25 14:00:00 | 000,049,664 | ---- | M] (LSI Logic) MD5=868204832E011E2D64281D7EABEE572E -- C:\WINDOWS\RE_DRIVE\RECOVERYCD_ISO\I386\SYSTEM32\DRIVERS\SYMMPI.SYS
[2005.03.25 14:00:00 | 000,049,664 | ---- | M] (LSI Logic) MD5=868204832E011E2D64281D7EABEE572E -- C:\WINDOWS\RE_DRIVE\RECOVERYCD_ISO\STAGE\MININT\SYSTEM32\DRIVERS\SYMMPI.SYS

< MD5 for: TCPIP.SYS >
[2008.04.14 13:00:00 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2008.06.20 12:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[2005.03.25 14:00:00 | 000,333,312 | ---- | M] (Microsoft Corporation) MD5=EC676733442B122F1828FCD03B86C20B -- C:\WINDOWS\RE_DRIVE\RECOVERYCD_ISO\I386\SYSTEM32\DRIVERS\TCPIP.SYS
[2005.03.25 14:00:00 | 000,333,312 | ---- | M] (Microsoft Corporation) MD5=EC676733442B122F1828FCD03B86C20B -- C:\WINDOWS\RE_DRIVE\RECOVERYCD_ISO\STAGE\MININT\SYSTEM32\DRIVERS\TCPIP.SYS

< MD5 for: USERINIT.EXE >
[2005.03.25 14:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=29A1877F2D0EACFF20B6507A3C00F31B -- C:\WINDOWS\RE_DRIVE\RECOVERYCD_ISO\I386\SYSTEM32\USERINIT.EXE
[2005.03.25 14:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=29A1877F2D0EACFF20B6507A3C00F31B -- C:\WINDOWS\RE_DRIVE\RECOVERYCD_ISO\STAGE\MININT\SYSTEM32\USERINIT.EXE
[2008.04.14 13:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008.04.14 13:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2005.03.25 14:00:00 | 000,508,928 | ---- | M] (Microsoft Corporation) MD5=325FD6D25FC1D77C363E87B445C8B023 -- C:\WINDOWS\RE_DRIVE\RECOVERYCD_ISO\I386\SYSTEM32\WINLOGON.EXE
[2005.03.25 14:00:00 | 000,508,928 | ---- | M] (Microsoft Corporation) MD5=325FD6D25FC1D77C363E87B445C8B023 -- C:\WINDOWS\RE_DRIVE\RECOVERYCD_ISO\STAGE\MININT\SYSTEM32\WINLOGON.EXE
[2011.01.02 16:29:35 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WS2_32.DLL >
[2008.04.14 13:00:00 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\dllcache\ws2_32.dll
[2008.04.14 13:00:00 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\ws2_32.dll
[2005.03.25 14:00:00 | 000,083,968 | ---- | M] (Microsoft Corporation) MD5=DB060880F9C349F597AFA270D1D01B68 -- C:\WINDOWS\RE_DRIVE\RECOVERYCD_ISO\I386\SYSTEM32\WS2_32.DLL
[2005.03.25 14:00:00 | 000,083,968 | ---- | M] (Microsoft Corporation) MD5=DB060880F9C349F597AFA270D1D01B68 -- C:\WINDOWS\RE_DRIVE\RECOVERYCD_ISO\STAGE\MININT\SYSTEM32\WS2_32.DLL

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010.09.26 16:34:54 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys
[2010.12.09 16:15:19 | 000,053,888 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\vbma3fe9.sys

< %systemroot%\System32\config\*.sav >
[2008.08.29 17:31:41 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008.08.29 17:31:41 | 001,069,056 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008.08.29 17:31:40 | 000,483,328 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >

========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:3ED99525

< End of report >

wendyp · #7 Příspěvek od **wendyp** » 22 úno 2011 23:42

Extras.txt

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1296831542-966831808-597317292-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiSpywareOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\utorrent.exe" = C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{09801D34-8DE8-406A-BFD7-747AF74F5E6E}" = WhiteBoardMeeting
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 17
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{32A3A4F4-B792-11D6-A78A-00B0D0160120}" = Java(TM) SE Development Kit 6 Update 12
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{49FC50FC-F965-40D9-89B4-CBFF80941033}" = Windows Movie Maker 2.0
"{4E45638B-8AD3-41FC-876E-577084115A07}" = Soundcrank
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5AB0B30D-4EBF-4897-894A-6B8865954694}" = Bison WebCam AP
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C994474-67BD-499B-A99C-6ABF8F8732A2}_is1" = Wolf's Profi Miranda-Pack 1.5.0
"{82B1150E-9B37-49FC-83EB-D52197D900D0}" = Sunbelt Personal Firewall
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91120405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{9455959E-D588-EFAE-329C-F66CC797F32A}" = Adobe Media Player
"{998D6972-F58E-479D-9248-8F179E55AE38}" = Java DB 10.4.1.3
"{9AE395DB-6BC3-4CA9-B894-351CB8DE915A}" = BurnRecovery
"{9CC5E685-58F5-4238-AA90-C803BCC6ED8B}" = Rapidshare Auto Downloader 3.8.2
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Ulead Burn.Now 4.5
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CA567AD5-33A4-403D-86D1-EE2D38251951}_is1" = VDownloader 1.12
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D10CB652-9332-4242-B7A9-2D61570144F7}" = USB 2.0 Card Reader
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster
"{ED8BB1CA-535A-408D-85C9-ED1986D2B85E}" = Palm Reader
"{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}" = System Control Manager
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FAE36873-1941-4076-A9A5-48812B5EA0B7}" = iTunes
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"{FF7A031F-96C8-404C-99C9-96C675D6099F}" = The Incredible Machine: Even More Contraptions
"µTorrent CZ_is1" = µTorrent CZ 1.8.2 (build 14458)
"4E1F54FAB25DB3EE9094949BF3DFDCF6E1CF07E6" = Windows Driver Package - Realtek (rtl8187Se) Net (07/10/2008 5.9067.0710.2008)
"7-Zip" = 7-Zip 4.65
"Actual Booster" = Actual Booster 3.1
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced GIF Animator_is1" = Advanced GIF Animator 3.0
"avast5" = avast! Free Antivirus
"BlueJ_is1" = BlueJ 2.2.1
"CamStudio" = CamStudio
"CCleaner" = CCleaner
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DtsFilter" = DTS+AC3 ÇĘĹÍ
"E0E22E828DBDB1F29F3D91CF328727F39AF8062B" = Windows Driver Package - Atheros (AR5416) Net (04/08/2008 7.6.0.200)
"E920DD3E0FC6CCFF23A10B3AF7C6DC99BA39648C" = Windows Driver Package - Ralink Technology, Corp. (RT80x86) Net (05/19/2008 1.01.03.0000)
"FileZilla Client" = FileZilla Client 3.3.2.1
"Free iPod Video Converter_is1" = Free iPod Video Converter 1.34
"GOM Player" = GOM Player
"Guitar Pro 5_is1" = Guitar Pro 5.2
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Ulead Burn.Now 4.5 SE
"Intelore - RAR Password Recovery" = RAR Password Recovery v1.1 RC16 (remove only)
"LastFM Motorokr Screensaver" = LastFM Motorokr Screensaver
"LastFM_is1" = Last.fm 1.5.4.27091
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Mozilla Thunderbird (2.0.0.23)" = Mozilla Thunderbird (2.0.0.23)
"MPEG2 Codec(libmpeg2/mad)" = MPEG2 Codec(libmpeg2/mad)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"PunkBusterSvc" = PunkBuster Services
"RealPlayer 12.0" = RealPlayer
"Recuva" = Recuva
"SciTE_is1" = SciTE 1.77
"StepMania" = StepMania 3.9 (remove only)
"Text To PDF Converter v1.5_is1" = Text To PDF Converter v1.5
"Totalcmd" = Total Commander (Remove or Repair)
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.0
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinRAR archiver" = WinRAR archiver
"winscp3_is1" = WinSCP 4.2.7
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WONswap" = WONswap
"Word to PDF Converter_is1" = Word to PDF Converter 3.0
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XviD Video Codec" = XviD Video Codec (remove only)
"YInstHelper" = Yahoo! Install Manager

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1296831542-966831808-597317292-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 6.6.2010 15:42:07 | Computer Name = HUSTODEMON | Source = avast! | ID = 33554522
Description =

Error - 6.6.2010 15:42:42 | Computer Name = HUSTODEMON | Source = avast! | ID = 33554522
Description =

Error - 6.6.2010 15:42:47 | Computer Name = HUSTODEMON | Source = avast! | ID = 33554522
Description =

Error - 6.6.2010 15:42:47 | Computer Name = HUSTODEMON | Source = avast! | ID = 33554522
Description =

Error - 6.6.2010 15:42:48 | Computer Name = HUSTODEMON | Source = avast! | ID = 33554522
Description =

Error - 6.6.2010 15:42:49 | Computer Name = HUSTODEMON | Source = avast! | ID = 33554522
Description =

Error - 6.6.2010 15:42:51 | Computer Name = HUSTODEMON | Source = avast! | ID = 33554522
Description =

Error - 6.6.2010 15:42:52 | Computer Name = HUSTODEMON | Source = avast! | ID = 33554522
Description =

Error - 6.6.2010 15:42:52 | Computer Name = HUSTODEMON | Source = avast! | ID = 33554522
Description =

Error - 6.6.2010 15:43:01 | Computer Name = HUSTODEMON | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 21.2.2011 5:46:49 | Computer Name = HUSTODEMON | Source = crypt32 | ID = 131080
Description = Načtení automatické aktualizace pořadového čísla kořenového seznamu
jiného výrobce z: <http://www.download.windowsupdate.com/m ... ootseq.txt>
se nezdařilo. Chyba: Zvolený server nemůže provést požadovanou operaci.

Error - 21.2.2011 5:46:50 | Computer Name = HUSTODEMON | Source = crypt32 | ID = 131080
Description = Načtení automatické aktualizace pořadového čísla kořenového seznamu
jiného výrobce z: <http://www.download.windowsupdate.com/m ... ootseq.txt>
se nezdařilo. Chyba: Zvolený server nemůže provést požadovanou operaci.

Error - 21.2.2011 5:48:09 | Computer Name = HUSTODEMON | Source = crypt32 | ID = 131080
Description = Načtení automatické aktualizace pořadového čísla kořenového seznamu
jiného výrobce z: <http://www.download.windowsupdate.com/m ... ootseq.txt>
se nezdařilo. Chyba: Daná operace se vrátila, protože vypršel časový limit.

Error - 21.2.2011 5:48:09 | Computer Name = HUSTODEMON | Source = crypt32 | ID = 131080
Description = Načtení automatické aktualizace pořadového čísla kořenového seznamu
jiného výrobce z: <http://www.download.windowsupdate.com/m ... ootseq.txt>
se nezdařilo. Chyba: Zvolený server nemůže provést požadovanou operaci.

Error - 22.2.2011 5:50:02 | Computer Name = HUSTODEMON | Source = crypt32 | ID = 131080
Description = Načtení automatické aktualizace pořadového čísla kořenového seznamu
jiného výrobce z: <http://www.download.windowsupdate.com/m ... ootseq.txt>
se nezdařilo. Chyba: Daná operace se vrátila, protože vypršel časový limit.

Error - 22.2.2011 5:50:02 | Computer Name = HUSTODEMON | Source = crypt32 | ID = 131080
Description = Načtení automatické aktualizace pořadového čísla kořenového seznamu
jiného výrobce z: <http://www.download.windowsupdate.com/m ... ootseq.txt>
se nezdařilo. Chyba: Zvolený server nemůže provést požadovanou operaci.

Error - 22.2.2011 5:50:02 | Computer Name = HUSTODEMON | Source = crypt32 | ID = 131080
Description = Načtení automatické aktualizace pořadového čísla kořenového seznamu
jiného výrobce z: <http://www.download.windowsupdate.com/m ... ootseq.txt>
se nezdařilo. Chyba: Zvolený server nemůže provést požadovanou operaci.

Error - 22.2.2011 5:50:02 | Computer Name = HUSTODEMON | Source = crypt32 | ID = 131080
Description = Načtení automatické aktualizace pořadového čísla kořenového seznamu
jiného výrobce z: <http://www.download.windowsupdate.com/m ... ootseq.txt>
se nezdařilo. Chyba: Zvolený server nemůže provést požadovanou operaci.

Error - 22.2.2011 5:51:26 | Computer Name = HUSTODEMON | Source = crypt32 | ID = 131080
Description = Načtení automatické aktualizace pořadového čísla kořenového seznamu
jiného výrobce z: <http://www.download.windowsupdate.com/m ... ootseq.txt>
se nezdařilo. Chyba: Daná operace se vrátila, protože vypršel časový limit.

Error - 22.2.2011 5:51:26 | Computer Name = HUSTODEMON | Source = crypt32 | ID = 131080
Description = Načtení automatické aktualizace pořadového čísla kořenového seznamu
jiného výrobce z: <http://www.download.windowsupdate.com/m ... ootseq.txt>
se nezdařilo. Chyba: Zvolený server nemůže provést požadovanou operaci.

[ System Events ]
Error - 22.2.2011 17:56:16 | Computer Name = HUSTODEMON | Source = Service Control Manager | ID = 7023
Description = Služba Sledování umístění v síti (NLA) byla ukončena s následující
chybou: %%127

Error - 22.2.2011 17:56:16 | Computer Name = HUSTODEMON | Source = Service Control Manager | ID = 7023
Description = Služba Sledování umístění v síti (NLA) byla ukončena s následující
chybou: %%127

Error - 22.2.2011 17:56:16 | Computer Name = HUSTODEMON | Source = Service Control Manager | ID = 7023
Description = Služba Sledování umístění v síti (NLA) byla ukončena s následující
chybou: %%127

Error - 22.2.2011 17:56:16 | Computer Name = HUSTODEMON | Source = Service Control Manager | ID = 7023
Description = Služba Sledování umístění v síti (NLA) byla ukončena s následující
chybou: %%127

Error - 22.2.2011 17:56:16 | Computer Name = HUSTODEMON | Source = Service Control Manager | ID = 7023
Description = Služba Sledování umístění v síti (NLA) byla ukončena s následující
chybou: %%127

Error - 22.2.2011 17:57:19 | Computer Name = HUSTODEMON | Source = Service Control Manager | ID = 7031
Description = Služba avast! Antivirus byla nečekaně ukončena. Stalo se to 1 krát.
Následující opravná akce bude spuštěna za 5000 milisekund: Restartovat službu.

Error - 22.2.2011 18:03:17 | Computer Name = HUSTODEMON | Source = Service Control Manager | ID = 7031
Description = Služba avast! Antivirus byla nečekaně ukončena. Stalo se to 2 krát.
Následující opravná akce bude spuštěna za 5000 milisekund: Restartovat službu.

Error - 22.2.2011 18:04:31 | Computer Name = HUSTODEMON | Source = SRService | ID = 104
Description = Proces inicializace nástroje Obnovení systému se nezdařil.

Error - 22.2.2011 18:04:31 | Computer Name = HUSTODEMON | Source = Service Control Manager | ID = 7023
Description = Služba Služba obnovení systému byla ukončena s následující chybou:
%%2

Error - 22.2.2011 18:06:17 | Computer Name = HUSTODEMON | Source = Service Control Manager | ID = 7034
Description = Služba avast! Antivirus byla neočekávaně ukončena. Tento stav nastal
již 3krát.

< End of report >

#8 Příspěvek od **vyosek** » 23 úno 2011 07:23

Spustte znovu OTL

Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

Kód: Vybrat vše

:otl
SRV - File not found [Auto | Stopped] -- -- (wmcmgc)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\VPI\DATA APLIKACĂ\MOZILLA\FIREFOX\PROFILES\ME5V8HC4.DEFAULT\EXTENSIONS\{0538E3E3-7E9B-4D49-8831-A227C80A7AD3}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\VPI\DATA APLIKACĂ\MOZILLA\FIREFOX\PROFILES\ME5V8HC4.DEFAULT\EXTENSIONS\{BEE6EB20-01E0-EBD1-DA83-080329FB9A3A}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\VPI\DATA APLIKACĂ\MOZILLA\FIREFOX\PROFILES\ME5V8HC4.DEFAULT\EXTENSIONS\{C45C406E-AB73-11D8-BE73-000A95BE3B12}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\VPI\DATA APLIKACĂ\MOZILLA\FIREFOX\PROFILES\ME5V8HC4.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\VPI\DATA APLIKACĂ\MOZILLA\FIREFOX\PROFILES\ME5V8HC4.DEFAULT\EXTENSIONS\FOXYPROXY@ERIC.H.JUNG
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\VPI\DATA APLIKACĂ\MOZILLA\FIREFOX\PROFILES\ME5V8HC4.DEFAULT\EXTENSIONS\MULTILINKS@PLUGIN
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\VPI\DATA APLIKACĂ\MOZILLA\FIREFOX\PROFILES\ME5V8HC4.DEFAULT\EXTENSIONS\SKIPSCREEN@SKIPSCREEN
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\VPI\DATA APLIKACĂ\MOZILLA\FIREFOX\PROFILES\ME5V8HC4.DEFAULT\EXTENSIONS\YOUTUBEDOWNLOADER@PETEROLAYEV.COM
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
[33 C:\Documents and Settings\vpi\Dokumenty\*.tmp files -> C:\Documents and Settings\vpi\Dokumenty\*.tmp -> ]
[2009.03.23 19:31:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010.04.10 13:13:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009.10.18 15:12:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009.06.07 20:03:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009.12.04 21:50:05 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Data aplikací\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:3ED99525

:reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="explorer.exe"

 
:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp /s

:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]

Nasledne kliknete na Opravit
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

Dale vidim nainstalovany MBAM - udelejte kompletni sken ale dejte log pred mazanim - obcas miva falesne detekce

wendyp · #9 Příspěvek od **wendyp** » 23 úno 2011 20:39

Udělala jsem to podle návodu ale snad jsem neudělala něco špatně, protože po naběhnutí PC se objevilo varování: avast detected unauthorized modification of this program file (AvastSvc.exe) Continuing can be dangerous. A po přihlášení nefungoval internet (hlásí to Omezené nebo žádné připojení) a Avast je zastaven a kdyz ho chci rozjet, tak mi zase vyhodí tu hlášku s AvastSvc.exe. Jsem z toho jelen.
Hlavně ten internet jak nefunguje je velký problém, musím používat cizí PC...

wendyp · #10 Příspěvek od **wendyp** » 24 úno 2011 09:05

No a taky pořád po zadání scanu v SuperAntispyware nebo v mbam se program po chvíli vypne... :-\

#11 Příspěvek od **vyosek** » 24 úno 2011 09:35

Restartujte PC, mackejte F8 a zvolte posledni funkcni znama konfigurace...Parametry pripojeni mate zadavany rucne nebo jsou ziskavany automaticky

wendyp · #12 Příspěvek od **wendyp** » 24 úno 2011 09:37

Automaticky

#13 Příspěvek od **vyosek** » 24 úno 2011 09:40

Zkuste tu posledni znamou funkcni konfiguraci

wendyp · #14 Příspěvek od **wendyp** » 24 úno 2011 09:42

Žádná změna

#15 Příspěvek od **vyosek** » 24 úno 2011 09:52

Stahnete WinSockFix http://vyosek.ic.cz/pro_usery/winsockxpfix.exe a aplikujte jej - resetuje protokol pripojeni...

Taktez Avast odinstalujte a znovu nainstalujte

VIRY.CZ

Prosím o pomoc

Prosím o pomoc

Re: Prosím o pomoc

Re: Prosím o pomoc

Re: Prosím o pomoc

Re: Prosím o pomoc

Re: Prosím o pomoc

Re: Prosím o pomoc

Re: Prosím o pomoc

Re: Prosím o pomoc

Re: Prosím o pomoc

Re: Prosím o pomoc

Re: Prosím o pomoc

Re: Prosím o pomoc

Re: Prosím o pomoc

Re: Prosím o pomoc