Mel jsem Security Tool a asi i TrojanDownloader.Wigon.BS ...

Zpráva

Zabaak · #16 Příspěvek od **Zabaak** » 16 bře 2010 08:30

OTL.TXT

OTL logfile created on: 16.3.2010 8:17:59 - Run 1
OTL by OldTimer - Version 3.1.37.1 Folder = C:\Documents and Settings\Boza\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1 023,00 Mb Total Physical Memory | 638,00 Mb Available Physical Memory | 62,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 22,95 Gb Total Space | 1,52 Gb Free Space | 6,62% Space Free | Partition Type: NTFS
Drive D: | 70,21 Gb Total Space | 0,22 Gb Free Space | 0,31% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 967,72 Mb Total Space | 137,73 Mb Free Space | 14,23% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive W: | 928,30 Gb Total Space | 923,13 Gb Free Space | 99,44% Space Free | Partition Type: NTFS
Drive X: | 928,30 Gb Total Space | 923,13 Gb Free Space | 99,44% Space Free | Partition Type: NTFS
Drive Y: | 928,30 Gb Total Space | 923,13 Gb Free Space | 99,44% Space Free | Partition Type: NTFS
Drive Z: | 928,30 Gb Total Space | 923,13 Gb Free Space | 99,44% Space Free | Partition Type: NTFS

Computer Name: THINKPAD
Current User Name: Boza
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - File not found -- C:\WINDOWS\explorer.exe
PRC - [2010.03.16 08:16:26 | 000,555,008 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Boza\Plocha\OTL.exe
PRC - [2009.11.25 00:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009.11.25 00:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009.11.25 00:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009.11.25 00:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2008.03.06 13:26:14 | 000,118,784 | R--- | M] (Bytemobile, Inc.) -- C:\WINDOWS\System32\bmwebcfg.exe
PRC - [2007.06.01 02:02:06 | 000,036,400 | ---- | M] (Lenovo) -- C:\WINDOWS\System32\ibmpmsvc.exe
PRC - [2007.03.02 17:49:00 | 000,037,680 | ---- | M] (Lenovo.) -- C:\WINDOWS\System32\TPHDEXLG.exe
PRC - [2002.09.20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

========== Modules (SafeList) ==========

MOD - [2010.03.16 08:16:26 | 000,555,008 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Boza\Plocha\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (WMPNetworkSvc)
SRV - [2009.11.25 00:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009.11.25 00:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009.11.25 00:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009.11.25 00:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2008.07.29 18:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008.03.06 13:26:14 | 000,118,784 | R--- | M] (Bytemobile, Inc.) [Auto | Running] -- C:\WINDOWS\System32\bmwebcfg.exe -- (bmwebcfg)
SRV - [2007.06.01 02:02:06 | 000,036,400 | ---- | M] (Lenovo) [Auto | Running] -- C:\WINDOWS\System32\ibmpmsvc.exe -- (IBMPMSVC)
SRV - [2007.03.02 17:49:00 | 000,037,680 | ---- | M] (Lenovo.) [Auto | Running] -- C:\WINDOWS\System32\TPHDEXLG.exe -- (TPHDEXLGSVC)
SRV - [2007.02.16 18:49:50 | 000,411,168 | ---- | M] (Acronis) [Disabled | Stopped] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2006.05.12 14:04:08 | 000,439,248 | ---- | M] (RealVNC Ltd.) [Disabled | Stopped] -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)
SRV - [2005.11.22 15:20:28 | 000,036,864 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\System32\acs.exe -- (ACS)
SRV - [2005.08.25 17:55:56 | 000,016,384 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2002.12.17 15:26:22 | 007,520,337 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -- (MSSQL$SONY_MEDIAMGR)
SRV - [2002.12.17 15:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -- (SQLAgent$SONY_MEDIAMGR)
SRV - [2002.09.20 14:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))
SRV - [1999.06.18 13:43:32 | 000,066,560 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\Crypserv.exe -- (Crypkey License)

========== Driver Services (SafeList) ==========

DRV - [2009.11.25 00:50:59 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009.11.25 00:50:12 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2009.11.25 00:50:00 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009.11.25 00:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009.11.25 00:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009.11.25 00:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008.11.20 22:57:55 | 000,114,048 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2008.10.31 13:49:16 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2008.10.31 13:49:15 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2008.07.31 19:45:42 | 000,020,616 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\BtHidBus.sys -- (BtHidBus)
DRV - [2008.07.02 13:58:48 | 000,026,248 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\IvtBtBus.sys -- (IvtBtBUs)
DRV - [2008.04.13 19:54:36 | 000,028,672 | ---- | M] (National Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nscirda.sys -- (NSCIRDA)
DRV - [2008.04.13 19:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nmnt.sys -- (nm)
DRV - [2008.03.06 13:26:14 | 000,018,688 | R--- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\tcpipbm.sys -- (tcpipBM)
DRV - [2008.01.30 14:45:33 | 000,716,272 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\drivers\sptd.sys -- (sptd)
DRV - [2007.11.19 04:31:56 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\npf.sys -- (NPF) WinPcap Packet Driver (NPF)
DRV - [2007.06.01 02:01:30 | 000,021,424 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV - [2007.05.02 08:54:08 | 000,472,224 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\ar5211.sys -- (AR5211)
DRV - [2007.03.02 17:49:00 | 000,100,656 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\Apsx86.sys -- (Shockprf)
DRV - [2007.03.02 17:47:00 | 000,019,760 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ApsHM86.sys -- (TPDIGIMN)
DRV - [2006.11.16 22:02:24 | 001,133,568 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006.11.03 23:45:48 | 000,178,913 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\V0260Vid.sys -- (V0260VID)
DRV - [2005.12.15 14:27:52 | 000,034,639 | R--- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\FTD2XX.sys -- (FTD2XX)
DRV - [2005.07.25 10:04:08 | 000,048,640 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2005.07.05 14:57:06 | 000,017,699 | ---- | M] (IBM Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\TPHKDRV.sys -- (TPHKDRV)
DRV - [2005.04.20 01:38:00 | 000,016,384 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\TPPWR.SYS -- (TPPWR)
DRV - [2005.02.11 09:24:00 | 000,079,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\k750obex.sys -- (k750obex)
DRV - [2005.02.11 09:22:00 | 000,081,728 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\k750mgmt.sys -- (k750mgmt)
DRV - [2005.02.11 09:21:00 | 000,089,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\k750mdm.sys -- (k750mdm)
DRV - [2005.02.11 09:21:00 | 000,006,576 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\k750mdfl.sys -- (k750mdfl)
DRV - [2005.02.11 09:19:00 | 000,055,216 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\k750bus.sys -- (k750bus) Sony Ericsson 750 driver (WDM)
DRV - [2004.10.14 01:27:54 | 000,054,272 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AvidXPSerial.sys -- (Serial)
DRV - [2004.10.08 04:00:00 | 000,006,796 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\TPPORT.SYS -- (TPPORT)
DRV - [2004.06.24 03:54:12 | 000,023,552 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\tap0801.sys -- (tap0801)
DRV - [2004.03.24 03:12:34 | 000,017,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\nsndis5.sys -- (NSNDIS5)
DRV - [2003.06.27 08:53:44 | 001,196,352 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2002.01.18 03:01:00 | 000,054,784 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\wlanNDS.sys -- (WLAN)
DRV - [2001.02.01 15:10:12 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32)
DRV - [1999.06.18 13:43:32 | 000,024,736 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\ckldrv.sys -- (NetworkX)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-329068152-492894223-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.cz/"
FF - prefs.js..extensions.enabledItems: anttoolbar@ant.com:2.0
FF - prefs.js..extensions.enabledItems: {C6128004-4838-4708-9A97-BB172D17767D}:1.6.1
FF - prefs.js..extensions.enabledItems: {43c35458-c907-439b-bcfd-07d373834689}:2.2.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.2

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.03.01 00:03:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.02.20 12:24:41 | 000,000,000 | ---D | M]

[2008.07.03 11:01:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boza\Data aplikací\Mozilla\Extensions
[2010.03.11 00:17:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boza\Data aplikací\Mozilla\Firefox\Profiles\u7mx818s.default\extensions
[2010.01.25 10:55:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Boza\Data aplikací\Mozilla\Firefox\Profiles\u7mx818s.default\extensions\{43c35458-c907-439b-bcfd-07d373834689}
[2010.02.24 21:52:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Boza\Data aplikací\Mozilla\Firefox\Profiles\u7mx818s.default\extensions\{C6128004-4838-4708-9A97-BB172D17767D}
[2008.07.03 11:02:19 | 000,000,000 | ---D | M] (Media Pirate - The video downloader) -- C:\Documents and Settings\Boza\Data aplikací\Mozilla\Firefox\Profiles\u7mx818s.default\extensions\{cc265d3d-3f6f-0170-a78b-bbbaef7a868c}
[2010.01.04 10:58:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Boza\Data aplikací\Mozilla\Firefox\Profiles\u7mx818s.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2010.01.15 21:52:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boza\Data aplikací\Mozilla\Firefox\Profiles\u7mx818s.default\extensions\anttoolbar@ant.com
[2008.01.30 14:47:39 | 000,002,920 | ---- | M] () -- C:\Documents and Settings\Boza\Data aplikací\Mozilla\Firefox\Profiles\u7mx818s.default\searchplugins\daemon-search.xml
[2010.03.11 00:17:28 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010.03.11 12:56:43 | 000,000,027 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (WebTransBHO Class) - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll File not found
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (WebTranslator) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll File not found
O3 - HKU\S-1-5-21-329068152-492894223-854245398-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AGRSMMSG] File not found
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\UTILIT~1\BATLOGEX.DLL ()
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE ()
O4 - HKLM..\Run: [BMMMONWND] C:\Program Files\ThinkPad\UTILIT~1\BATINFEX.DLL ()
O4 - HKLM..\Run: [EZEJMNAP] C:\Program Files\ThinkPad\UTILIT~1\EZEJMNAP.EXE (Lenovo Group Limited)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe File not found
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe ()
O4 - HKLM..\Run: [TpShocks] C:\WINDOWS\System32\TpShocks.exe (Lenovo.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-329068152-492894223-854245398-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-329068152-492894223-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-329068152-492894223-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 255
O7 - HKU\S-1-5-21-329068152-492894223-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 0
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Převést cíl vazby do existujícího PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Převést do Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Převést do existujícího PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Převést výběr do Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Převést výběr do existujícího PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Převést vybrané vazby do Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Převést vybrané vazby do existujícího PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll File not found
O9 - Extra 'Tools' menuitem : &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll File not found
O9 - Extra 'Tools' menuitem : &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll File not found
O9 - Extra 'Tools' menuitem : Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll File not found
O9 - Extra 'Tools' menuitem : Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll File not found
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe (ICQ, Inc.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe (ICQ, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - File not found
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\tpfnf2: DllName - notifyf2.dll - C:\WINDOWS\System32\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - tphklock.dll - C:\WINDOWS\System32\tphklock.dll ()
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop Components:1 () - http://timeanddate.com/counters/customc ... c=0&p0=204
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.12.09 17:41:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010.03.16 08:12:00 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010.03.16 08:12:00 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010.03.16 08:12:02 | 000,000,000 | RHSD | M] - F:\autorun.inf -- [ FAT ]
O32 - AutoRun File - [2010.03.16 08:11:58 | 000,000,000 | ---D | M] - W:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010.03.16 08:11:59 | 000,000,000 | ---D | M] - X:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010.03.16 08:11:59 | 000,000,000 | ---D | M] - Y:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010.03.16 08:11:59 | 000,000,000 | ---D | M] - Z:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\System32\ias [2008.11.13 13:09:44 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (54046588552609792)

========== Files/Folders - Created Within 30 Days ==========

[2010.03.16 08:16:23 | 000,555,008 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Boza\Plocha\OTL.exe
[2010.03.16 08:12:00 | 000,000,000 | RHSD | C] -- C:\autorun.inf
[2010.03.16 07:55:22 | 000,000,000 | ---D | C] -- C:\UsbFix
[2010.03.15 08:19:39 | 000,000,000 | ---D | C] -- C:\cistic
[2010.03.14 20:00:23 | 000,000,000 | ---D | C] -- C:\Program Files\HYCAD
[2010.03.14 19:58:44 | 004,265,121 | ---- | C] (Jiang.Jiang ) -- C:\HYCADSetUpEn.exe
[2010.03.14 15:59:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\runouce.exe
[2010.03.14 15:54:19 | 000,632,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr80.dll
[2010.03.14 15:54:18 | 000,554,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp80.dll
[2010.03.14 15:54:17 | 000,034,048 | ---- | C] (MicroWorld Technologies Inc.) -- C:\WINDOWS\System32\eEmpty.exe
[2010.03.14 15:54:15 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\TASKMGR.COM
[2010.03.14 15:54:15 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\T.COM
[2010.03.14 15:54:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MicroWorld
[2010.03.14 15:54:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\MicroWorld
[2010.03.12 17:44:36 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\regedit.exe
[2010.03.11 10:01:38 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010.03.11 09:56:25 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.03.11 09:25:21 | 000,000,000 | ---D | C] -- C:\rsit
[2010.03.11 00:17:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boza\Data aplikací\Uniblue
[2010.03.10 00:25:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boza\Data aplikací\Malwarebytes
[2010.03.10 00:03:06 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.03.10 00:03:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
[2010.03.10 00:03:04 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.03.10 00:03:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.03.09 23:32:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boza\Plocha\viry
[2010.03.08 23:44:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boza\Plocha\stirling philips
[2010.03.08 00:19:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Boza\Plocha\Ladislav_Vodicka
[2010.03.04 21:08:56 | 000,000,000 | ---D | C] -- C:\Program Files\Free M4a to MP3 Converter
[2010.03.04 21:07:32 | 005,003,908 | ---- | C] (ManiacTools.com ) -- C:\Documents and Settings\Boza\Plocha\m4a-to-mp3-converter.exe
[2010.03.01 18:05:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2009.02.11 15:51:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Google
[2008.12.17 09:01:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Data aplikací\Bytemobile
[2008.11.13 13:59:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Google
[2008.10.31 13:51:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Data aplikací\Acronis
[2008.09.04 07:13:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Microsoft
[2008.03.27 18:04:20 | 000,582,144 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Common Files\dao350.dll
[2008.03.14 17:17:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Apple
[2007.12.09 17:46:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Microsoft
[2007.12.09 17:41:39 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Data aplikací\Microsoft
[2007.12.09 17:41:39 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Data aplikací\Microsoft
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.03.16 08:16:26 | 000,555,008 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Boza\Plocha\OTL.exe
[2010.03.16 08:13:14 | 001,099,298 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.03.16 08:13:14 | 000,459,288 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.03.16 08:13:14 | 000,455,900 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2010.03.16 08:13:14 | 000,090,434 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2010.03.16 08:13:14 | 000,079,078 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.03.16 08:12:04 | 000,207,206 | ---- | M] () -- C:\UsbFix_Upload_Me_THINKPAD.zip
[2010.03.16 08:01:57 | 000,000,936 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.03.16 08:01:29 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.03.16 08:01:18 | 1072,615,424 | -HS- | M] () -- C:\hiberfil.sys
[2010.03.16 08:00:08 | 006,815,744 | -H-- | M] () -- C:\Documents and Settings\Boza\NTUSER.DAT
[2010.03.16 08:00:08 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\Boza\ntuser.ini
[2010.03.16 07:55:00 | 000,000,940 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.03.16 07:54:39 | 001,775,837 | ---- | M] () -- C:\Documents and Settings\Boza\Plocha\UsbFix.exe
[2010.03.14 22:30:52 | 000,092,160 | ---- | M] () -- C:\Documents and Settings\Boza\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.03.14 20:00:26 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\HYCAD.lnk
[2010.03.14 19:58:44 | 004,265,121 | ---- | M] (Jiang.Jiang ) -- C:\HYCADSetUpEn.exe
[2010.03.14 18:13:09 | 000,083,456 | ---- | M] () -- C:\Documents and Settings\Boza\Plocha\kalendar.xls
[2010.03.14 15:54:18 | 000,632,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr80.dll
[2010.03.14 15:54:17 | 000,554,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp80.dll
[2010.03.14 15:54:16 | 000,034,048 | ---- | M] (MicroWorld Technologies Inc.) -- C:\WINDOWS\System32\eEmpty.exe
[2010.03.14 15:53:48 | 068,866,904 | ---- | M] () -- C:\Documents and Settings\Boza\Plocha\mwav.exe
[2010.03.14 15:42:12 | 000,082,086 | ---- | M] () -- C:\Documents and Settings\Boza\Dokumenty\cc_20100314_1541.reg
[2010.03.14 15:23:02 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.03.12 20:20:12 | 000,002,283 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Skype.lnk
[2010.03.12 17:40:08 | 003,888,122 | R--- | M] () -- C:\Documents and Settings\Boza\Plocha\ComboFix.exe
[2010.03.12 11:16:15 | 000,028,936 | ---- | M] () -- C:\Documents and Settings\Boza\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
[2010.03.11 21:50:38 | 000,126,447 | ---- | M] () -- C:\Documents and Settings\Boza\Plocha\repair_technician.pdf
[2010.03.11 12:56:43 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.03.11 10:01:46 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010.03.11 09:58:52 | 000,151,584 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.03.11 09:14:50 | 000,694,826 | ---- | M] () -- C:\Documents and Settings\Boza\Plocha\viry_login.bmp
[2010.03.10 00:03:09 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2010.03.09 23:55:49 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010.03.09 18:02:40 | 000,104,106 | ---- | M] () -- C:\Documents and Settings\Boza\Plocha\TAB119.jpg
[2010.03.09 00:51:49 | 000,207,242 | ---- | M] () -- C:\Documents and Settings\Boza\Plocha\karta_studium.jpg
[2010.03.07 02:44:11 | 008,419,220 | ---- | M] () -- C:\Documents and Settings\Boza\Plocha\fox on the run.flv
[2010.03.05 23:25:51 | 000,014,336 | ---- | M] () -- C:\Documents and Settings\Boza\Plocha\dynama.xls
[2010.03.05 22:28:39 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\Boza\PUTTY.RND
[2010.03.04 21:08:59 | 000,000,740 | ---- | M] () -- C:\Documents and Settings\Boza\Plocha\Free M4a to MP3 Converter.lnk
[2010.03.04 21:07:55 | 005,003,908 | ---- | M] (ManiacTools.com ) -- C:\Documents and Settings\Boza\Plocha\m4a-to-mp3-converter.exe
[2010.03.03 23:55:25 | 000,245,786 | ---- | M] () -- C:\Documents and Settings\Boza\Plocha\Pohled_spolecnosti_CEPS_na_fotovaltaiku_k_23_2.pdf
[2010.02.21 22:30:58 | 000,033,792 | ---- | M] () -- C:\Documents and Settings\Boza\Plocha\co nam jeste privezt;).doc
[2010.02.21 15:50:37 | 010,719,744 | ---- | M] () -- C:\Documents and Settings\Boza\Plocha\nizkootackove generatory.doc
[2010.02.18 10:45:18 | 000,034,304 | ---- | M] () -- C:\Documents and Settings\Boza\Plocha\dane.doc
[2010.02.16 20:22:03 | 000,504,007 | ---- | M] () -- C:\Documents and Settings\Boza\Plocha\dvojkolo.PNG
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.03.16 08:12:04 | 000,207,206 | ---- | C] () -- C:\UsbFix_Upload_Me_THINKPAD.zip
[2010.03.16 07:54:28 | 001,775,837 | ---- | C] () -- C:\Documents and Settings\Boza\Plocha\UsbFix.exe
[2010.03.15 19:28:38 | 1072,615,424 | -HS- | C] () -- C:\hiberfil.sys
[2010.03.14 20:00:26 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\HYCAD.lnk
[2010.03.14 15:54:17 | 000,000,522 | ---- | C] () -- C:\WINDOWS\System32\Microsoft.VC80.CRT.manifest
[2010.03.14 15:53:45 | 068,866,904 | ---- | C] () -- C:\Documents and Settings\Boza\Plocha\mwav.exe
[2010.03.14 15:41:57 | 000,082,086 | ---- | C] () -- C:\Documents and Settings\Boza\Dokumenty\cc_20100314_1541.reg
[2010.03.11 21:50:38 | 000,126,447 | ---- | C] () -- C:\Documents and Settings\Boza\Plocha\repair_technician.pdf
[2010.03.11 10:01:46 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010.03.11 10:01:41 | 000,261,312 | ---- | C] () -- C:\cmldr
[2010.03.11 09:54:56 | 003,888,122 | R--- | C] () -- C:\Documents and Settings\Boza\Plocha\ComboFix.exe
[2010.03.11 09:14:49 | 000,694,826 | ---- | C] () -- C:\Documents and Settings\Boza\Plocha\viry_login.bmp
[2010.03.10 00:03:09 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2010.03.09 18:02:38 | 000,104,106 | ---- | C] () -- C:\Documents and Settings\Boza\Plocha\TAB119.jpg
[2010.03.09 00:51:24 | 000,207,242 | ---- | C] () -- C:\Documents and Settings\Boza\Plocha\karta_studium.jpg
[2010.03.07 02:41:35 | 008,419,220 | ---- | C] () -- C:\Documents and Settings\Boza\Plocha\fox on the run.flv
[2010.03.04 21:08:59 | 000,000,740 | ---- | C] () -- C:\Documents and Settings\Boza\Plocha\Free M4a to MP3 Converter.lnk
[2010.03.03 23:55:25 | 000,245,786 | ---- | C] () -- C:\Documents and Settings\Boza\Plocha\Pohled_spolecnosti_CEPS_na_fotovaltaiku_k_23_2.pdf
[2010.03.01 18:05:49 | 000,002,283 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Skype.lnk
[2010.02.18 10:45:18 | 000,034,304 | ---- | C] () -- C:\Documents and Settings\Boza\Plocha\dane.doc
[2010.02.16 20:22:02 | 000,504,007 | ---- | C] () -- C:\Documents and Settings\Boza\Plocha\dvojkolo.PNG
[2009.08.28 09:55:34 | 000,001,031 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\hpzinstall.log
[2008.12.25 13:56:26 | 000,000,090 | R--- | C] () -- C:\WINDOWS\System32\PRESTOUN.ini
[2008.11.25 21:22:43 | 000,000,080 | RHS- | C] () -- C:\WINDOWS\System32\FEEBB870E5.dll
[2008.11.25 10:28:18 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008.11.07 17:43:49 | 000,000,146 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2008.11.07 17:43:48 | 000,003,165 | R--- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2008.11.07 17:43:13 | 000,106,496 | R--- | C] () -- C:\WINDOWS\System32\VSHP1020.DLL
[2008.10.21 23:21:00 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2008.10.21 23:21:00 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2008.08.17 21:58:38 | 001,032,582 | ---- | C] () -- C:\WINDOWS\System32\alleg42.dll
[2008.06.20 13:17:31 | 000,024,736 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys
[2008.03.27 20:31:21 | 000,905,290 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll
[2008.03.27 20:31:20 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\AvidXPSerial.sys
[2008.03.27 20:31:16 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2008.03.27 18:04:20 | 000,073,184 | ---- | C] () -- C:\Program Files\Common Files\Dao2535.tlb
[2008.03.08 12:58:20 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\adultpdf_Decrypt_reg.ini
[2007.12.29 02:34:16 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Boza\Local Settings\Data aplikací\PUTTY.RND
[2007.12.15 22:55:36 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2007.12.15 22:55:34 | 001,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007.12.15 22:55:34 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007.12.15 22:55:33 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007.12.15 22:55:32 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2007.12.15 22:55:31 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007.12.15 22:43:52 | 000,092,160 | ---- | C] () -- C:\Documents and Settings\Boza\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.12.15 21:13:10 | 000,054,784 | ---- | C] () -- C:\WINDOWS\System32\drivers\wlanNDS.sys
[2007.12.15 21:13:10 | 000,050,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\wlanUSB.sys
[2007.12.09 21:17:35 | 000,000,124 | ---- | C] () -- C:\Documents and Settings\Boza\Local Settings\Data aplikací\fusioncache.dat
[2007.10.11 10:01:42 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2007.01.25 23:04:12 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\mase32.dll
[2007.01.25 23:04:12 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\ma32.dll
[2006.10.30 11:58:33 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar_mpfc.dll
[2005.11.30 20:16:02 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\tphklock.dll
[2005.07.05 23:45:08 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\notifyf2.dll
[1996.02.01 18:25:42 | 000,943,616 | ---- | C] () -- C:\WINDOWS\System32\dfolder.dll

========== LOP Check ==========

[2008.11.21 17:12:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Acronis
[2010.03.14 15:54:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\MicroWorld
[2008.04.03 14:33:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Pinnacle
[2008.04.03 14:41:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Pinnacle VideoSpin
[2008.04.13 20:33:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Sony
[2009.02.23 19:33:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2008.04.19 13:47:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\VideoSpin
[2008.11.21 16:13:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boza\Data aplikací\Acronis
[2010.01.19 22:43:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boza\Data aplikací\BitTyrant
[2008.12.17 02:13:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boza\Data aplikací\Bytemobile
[2008.02.07 18:00:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boza\Data aplikací\COWON
[2008.01.30 14:47:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boza\Data aplikací\DAEMON Tools
[2008.08.18 09:06:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boza\Data aplikací\Dev-Cpp
[2008.11.26 02:03:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boza\Data aplikací\EZwebLynx
[2008.05.28 22:06:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boza\Data aplikací\GARMIN
[2008.02.17 19:28:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boza\Data aplikací\ICQ
[2008.12.25 16:22:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boza\Data aplikací\MyPhoneExplorer
[2008.06.16 21:38:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boza\Data aplikací\Navigator
[2008.06.22 18:19:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boza\Data aplikací\Plagiarism-Finder
[2008.04.13 21:13:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boza\Data aplikací\Publish Providers
[2008.08.19 23:32:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boza\Data aplikací\QIP
[2008.04.14 02:48:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boza\Data aplikací\Sony
[2008.01.13 19:58:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boza\Data aplikací\SWI-Prolog
[2008.09.29 22:15:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boza\Data aplikací\The Bat!
[2010.03.11 00:17:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boza\Data aplikací\Uniblue
[2009.12.01 23:15:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boza\Data aplikací\VitySoft
[2007.12.16 23:46:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boza\Data aplikací\WildPackets
[2007.12.15 21:04:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boza\Data aplikací\Wireshark
[2009.04.18 08:19:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boza\Data aplikací\XnView
[2008.06.21 18:19:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Boza\Data aplikací\xpce
[2008.10.31 13:51:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Data aplikací\Acronis
[2008.12.17 09:01:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Data aplikací\Bytemobile
[2009.01.08 17:23:21 | 000,000,920 | ---- | M] () -- C:\WINDOWS\Tasks\BMMTask.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2010.03.14 19:58:44 | 004,265,121 | ---- | M] (Jiang.Jiang ) -- C:\HYCADSetUpEn.exe
[2008.04.14 04:22:42 | 000,147,968 | ---- | M] (Microsoft Corporation) -- C:\regedit.exe

< %SYSTEMDRIVE%\eventlog.dll /s /md5 >

< %SYSTEMDRIVE%\scecli.dll /s /md5 >

< %SYSTEMDRIVE%\netlogon.dll /s /md5 >

< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >

< %SYSTEMDRIVE%\sceclt.dll /s /md5 >

< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >

< %SYSTEMDRIVE%\logevent.dll /s /md5 >

< %SYSTEMDRIVE%\iaStor.sys /s /md5 >

< %SYSTEMDRIVE%\nvstor.sys /s /md5 >

< %SYSTEMDRIVE%\atapi.sys /s /md5 >

< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >

< %SYSTEMDRIVE%\viasraid.sys /s /md5 >

< %SYSTEMDRIVE%\AGP440.sys /s /md5 >

< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >

< %SYSTEMDRIVE%\nvatabus.sys /s /md5 >

< %SYSTEMDRIVE%\viamraid.sys /s /md5 >

< %SYSTEMDRIVE%\nvata.sys /s /md5 >

< %SYSTEMROOT%\*. /mp /s >

< %SYSTEMROOT%\system32\*.dll /lockedfiles >
[2009.02.20 18:13:42 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\System32\dxtmsft.dll
[2009.02.20 18:13:42 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\System32\dxtrans.dll
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %SYSTEMROOT%\Tasks\*.job /lockedfiles >
< End of report >

Zabaak · #17 Příspěvek od **Zabaak** » 16 bře 2010 08:31

Extras.txt
OTL Extras logfile created on: 16.3.2010 8:17:59 - Run 1
OTL by OldTimer - Version 3.1.37.1 Folder = C:\Documents and Settings\Boza\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1 023,00 Mb Total Physical Memory | 638,00 Mb Available Physical Memory | 62,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 22,95 Gb Total Space | 1,52 Gb Free Space | 6,62% Space Free | Partition Type: NTFS
Drive D: | 70,21 Gb Total Space | 0,22 Gb Free Space | 0,31% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 967,72 Mb Total Space | 137,73 Mb Free Space | 14,23% Space Free | Partition Type: FAT
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive W: | 928,30 Gb Total Space | 923,13 Gb Free Space | 99,44% Space Free | Partition Type: NTFS
Drive X: | 928,30 Gb Total Space | 923,13 Gb Free Space | 99,44% Space Free | Partition Type: NTFS
Drive Y: | 928,30 Gb Total Space | 923,13 Gb Free Space | 99,44% Space Free | Partition Type: NTFS
Drive Z: | 928,30 Gb Total Space | 923,13 Gb Free Space | 99,44% Space Free | Partition Type: NTFS

Computer Name: THINKPAD
Current User Name: Boza
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe File not found
.reg [@ = regfile] -- regedit.exe "%1"

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" ()
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1"
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe File not found
Directory [Prozkoumat v XnView] -- "C:\Program Files\XnView\xnview.exe" "%1" File not found
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L File not found
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L File not found
Drive [find] -- %SystemRoot%\Explorer.exe File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"5900:TCP" = 5900:TCP:*:Enabled:5900 port pro VNC

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Miranda IM\miranda32.exe" = C:\Program Files\Miranda IM\miranda32.exe:*:Enabled:Miranda IM -- ( )
"C:\Program Files\OpenVPN\bin\openvpn.exe" = C:\Program Files\OpenVPN\bin\openvpn.exe:*:Enabled:openvpn -- ()
"C:\Program Files\ICQ6\ICQ.exe" = C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, Inc.)
"D:\programy\sdc211\StrongDC.exe" = D:\programy\sdc211\StrongDC.exe:*:Enabled:StrongDC++ -- ()
"C:\Program Files\BitTyrant\Azureus.exe" = C:\Program Files\BitTyrant\Azureus.exe:*:Enabled:Azureus -- (Aelitis)
"C:\Program Files\Avid\Avid Free DV\AvidFreeDV.exe" = C:\Program Files\Avid\Avid Free DV\AvidFreeDV.exe:*:Disabled:Avid Editor -- (Avid Technology, Inc.)
"C:\Program Files\Pinnacle\VideoSpin\Programs\PMSRegisterFile.exe" = C:\Program Files\Pinnacle\VideoSpin\Programs\PMSRegisterFile.exe:*:Enabled:PMSRegisterFile -- ( )
"C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe" = C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe:*:Enabled:Pinnacle VideoSpin -- (Pinnacle Systems)
"C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe" = C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe:*:Disabled:Render Manager -- (Pinnacle Systems)
"C:\Program Files\EZWebLynx\EZwebLynx.exe" = C:\Program Files\EZWebLynx\EZwebLynx.exe:*:Enabled:EZwebLynx -- (CCS)
"C:\Program Files\KiCad\bin\pcbnew.exe" = C:\Program Files\KiCad\bin\pcbnew.exe:*:Enabled:pcbnew -- ()
"C:\Program Files\KiCad\bin\eeschema.exe" = C:\Program Files\KiCad\bin\eeschema.exe:*:Enabled:eeschema -- ()
"\\192.168.109.135\PRACOVNI\stary_hlavni_sborovna\install\ss\SuperScan4.exe" = \\192.168.109.135\PRACOVNI\stary_hlavni_sborovna\install\ss\SuperScan4.exe:*:Enabled:SuperScan4.exe
"C:\Program Files\Java\jdk1.6.0_13\bin\java.exe" = C:\Program Files\Java\jdk1.6.0_13\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Java\jdk1.6.0_13\jre\bin\java.exe" = C:\Program Files\Java\jdk1.6.0_13\jre\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\NetBeans 6.5\mobility8\WTK2.5.2\bin\emulator.exe" = C:\Program Files\NetBeans 6.5\mobility8\WTK2.5.2\bin\emulator.exe:*:Enabled:emulator -- ()
"C:\Program Files\Western Digital\WD Discovery Software\WD Discovery.exe" = C:\Program Files\Western Digital\WD Discovery Software\WD Discovery.exe:*:Enabled:WD Discovery Application -- ()

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{1297C681-92D7-40EF-93BF-03F66EC5105C}" = ThinkPad EasyEject Utility
"{133EE4CD-DC53-4049-A383-3B906924F703}" = Demo-IMG2MS
"{1C0E7CA0-C65C-11D5-B2CD-000086470202}" = Wireless LAN Utility
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{251C3815-7A55-4607-A82D-C3B98F0FBAB8}" = Sony Vegas 7.0
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 17
"{2864C41B-EF2D-4640-95A2-526276524519}" = Borland C++Builder 6
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{32A3A4F4-B792-11D6-A78A-00B0D0160130}" = Java(TM) SE Development Kit 6 Update 13
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{419CF344-3D94-4DAD-99C8-EA7B00E5EA8B}" = Acronis True Image Home
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
"{47D50190-9DAD-4FFE-9EFA-6D278B2C4810}" = MapSource Product Install
"{49FC50FC-F965-40D9-89B4-CBFF80941033}" = Windows Movie Maker 2.0
"{4ACBBFC6-3F39-48DE-8D85-182736B2749B}" = Garmin MapSource
"{4EDB1CA5-983F-4FC3-A8E3-E34981E05A60}" = Pinnacle VideoSpin
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
"{5E3CFCA6-C95A-47CB-A822-7FA80D423AF2}" = MapSource
"{5E65E94D-69F2-4850-9E93-6459C53A0F50}" = Microsoft .NET Framework 1.1 Czech Language Pack
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A69D94E-C569-4154-9643-72E94D1DDFDA}" = XPS Essentials Pack
"{6EF72FC6-842E-4FE6-BF88-BFBF03C9DA74}" = Windows Workflow Foundation CS Language Pack
"{718E5F0B-485B-4617-A264-5BC573EE51C0}" = The Bat! Professional v4.0.26
"{71A41426-C7A4-4DCF-A9ED-C5B4B105ED1D}" = Sony Media Manager 2.2
"{7668D9E4-B7FC-49C2-AF1B-C8DC4CFB0BD6}" = TOPO Czech 2
"{7F947BFE-C2DF-4779-9909-5BEE746BD0C4}" = Microsoft .NET Framework 2.0 Language Pack - CSY
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{8898F144-AE98-45FE-B2C0-D4DD9A4C3210}" = Garmin Communicator Plugin
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280405-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional s aplikací FrontPage
"{96793F18-9880-4E50-A89B-D42A591CD8D3}" = Andrea Electroincs USB Audio
"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6
"{998D6972-F58E-479D-9248-8F179E55AE38}" = Java DB 10.4.1.3
"{9FAC9E5C-0D20-4DBF-AFE5-2E09C52A95A2}" = ThinkPad Wireless LAN Adapters Software (11a/b, 11b/g, 11a/b/g)
"{A0F584A7-B0C2-4D90-9580-15456B9CF63C}" = MapSource - Trip & Waypoint Manager v2
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAB6D0F8-02B3-4E89-B24C-0BB153C21445}" = Windows Presentation Foundation Language Pack (CSY)
"{AC76BA86-1033-C740-7760-100000000002}" = Adobe Acrobat 7.0 Professional - Czech, Polish, Greek
"{AC76BA86-7AD7-1029-7B44-A70500000002}" = Adobe Reader 7.0.5 - Czech
"{AF600F7B-67A7-48D9-BA3B-0FF97F35F970}" = ABBYY FineReader 6.0 Corporate Edition
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B1740155-60C5-4FB9-B255-BF4EBDAA9326}" = Andrea Electronics AudioCommander
"{B2C61EBB-F47C-48ba-B375-27A40F8F48F7}" = HP Deskjet All-In-One Software 9.0
"{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6
"{B4F35A00-24FD-4fb3-BF5E-413D5423434D}" = DJ_AIO_Software_min
"{BAD26CB5-035A-495E-83B8-92215B6DA3DE}" = Avid Free DV
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BC6D5EAF-D314-4f47-8951-42CF14CB7316}" = dj_aio_corporate
"{BFD96B89-B769-4CD6-B11E-E79FFD46F067}" = QuickTime
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3EBEF79-DE34-44AE-8774-F6A17ABE27B2}" = Garmin nRoute
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D2E47D81-4CAA-44AF-956D-33D25ACA2F7B}" = Flowcode V3
"{D8087907-E255-3A41-A46D-D0F798709C71}" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
"{D8979435-753B-40AE-9318-5E712C160A71}" = Windows Communication Foundation Language Pack - CSY
"{DA80700F-068D-11DF-9686-005056806466}" = Google Earth Plug-in
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F6149499-69E8-44EF-9A63-558D9065CCDE}" = Flowcode for AVRs
"{FB09515C-8E3E-4E0F-A1F2-032F38DEC185}" = Microsoft .NET Framework 3.0 Czech Language Pack
"7-Zip" = 7-Zip 4.57
"Adobe Acrobat 7.0 Professional - Czech, Polish, Greek - V" = Adobe Acrobat 7.0 Professional - Czech, Polish, Greek
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adult PDF Password Recovery v2.1.0_is1" = Adult PDF Password Recovery v2.1.0
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"airpcapinst" = AirPcap software 3.2.1
"All ATI Software" = ATI - Software Uninstall Utility
"AP Guitar Tuner 1.02" = AP Guitar Tuner 1.02
"ASIX UP_is1" = UP v.2-32
"ASIXPRESTO" = ASIX PRESTO USB Drivers
"ATI Display Driver" = ATI Display Driver
"avast!" = avast! Antivirus
"BitTyrant" = BitTyrant
"CCleaner" = CCleaner (remove only)
"cGPSmapper Free_is1" = cGPSmapper Free 0096
"Creative Live! Cam Center" = Creative Live! Cam Center
"Creative Live! Cam Vista IM User's Guide English" = Creative Live! Cam Vista IM User's Guide (English)
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative VF0260" = Creative Live! Cam Vista IM Driver (1.01.03.1104)
"Creative WebCam Center" = Creative WebCam Center
"Cyklotrasy 2.11" = Cyklotrasy 2.11
"DDT" = DDT
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"DVD Shrink_is1" = DVD Shrink 3.2
"EasyGPS_is1" = EasyGPS 2.7.5
"eset online scanner" = ESET Online Scanner v3
"EZWebLynx IDE" = EZWebLynx IDE
"F5391F7559879F2138D362214B63330AF00975AF" = Windows Driver Package - Atmel (libusb0) LibUsbDevices (03/09/2005 0.1.10.1)
"FB31E191600F9BCCD127F705E9F28A931CD9A37A" = Windows Driver Package - Atmel (libusb0) LibUsbDevices (03/09/2005 0.1.10.1)
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 2.4
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.1
"HijackThis" = HijackThis 2.0.2
"HP-LaserJet 1020 series" = LaserJet 1020 series
"HYCAD_is1" = HYCAD 5.35
"ie7" = Windows Internet Explorer 7
"Img2gps v2.6_is1" = Img2gps v2.6
"InstallShield_{A0F584A7-B0C2-4D90-9580-15456B9CF63C}" = MapSource - Trip & Waypoint Manager v2
"KiCad" = KiCad 2008.08.25
"kismetinst" = Kismet 2007-10-R1 for Windows
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.5.7 Full
"LanSpy_is1" = LanSpy
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaCoder" = MediaCoder 0.6.0
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - CSY" = Microsoft .NET Framework 2.0 Language Pack - CSY
"Microsoft .NET Framework 3.0 Czech Language Pack" = Microsoft .NET Framework 3.0 Czech Language Pack
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual C++ 2008 Express Edition with SP1 - ENU" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
"MIKSOFT Mobile AMR converter_is1" = MIKSOFT Mobile AMR converter
"Miranda IM_is1" = Miranda IM
"MovieExplorer" = MovieExplorer
"Mozilla Firefox (3.5.8)" = Mozilla Firefox (3.5.8)
"MPE" = MyPhoneExplorer
"nbi-glassfish-2.0.2.4.20080515" = GlassFish V2 UR2
"nbi-glassfish-mod-3.0.0.28.20081022" = GlassFish v3 Prelude
"nbi-nb-base-6.5.0.0.200812050001" = NetBeans IDE 6.5
"Network Notepad_is1" = Network Notepad 4.4.4
"Network Stumbler" = Network Stumbler 0.4.0 (remove only)
"Nmap" = Nmap 4.50
"OpenVPN" = OpenVPN 2.0.5-gui-1.0.3
"OrderReminder HP LaserJet 1020" = OrderReminder HP LaserJet 1020
"Oskar_Config" = Snadné připojení 2.15
"OziExplorer 3.95_is1" = OziExplorer 3.95
"PC Translator" = PC Translator
"PCNavigator6_is1" = PC Navigator 6.4.21-1
"Plagiarism-Finder" = Plagiarism-Finder TRIAL
"Power Features" = IBM ThinkPad Battery MaxiMiser and Power Management Features
"Power Management Driver" = ThinkPad Power Management Driver
"PROSet" = Intel(R) PRO Network Connections Drivers
"PSPad editor_is1" = PSPad editor
"QIP 2005_is1" = QIP 2005 8080
"QIP Infium_is1" = QIP Infium 1.0.9012 RC3
"rajče.net_is1" = rajče beta48
"RealAlt_is1" = Real Alternative 1.8.0
"RealVNC_is1" = VNC Free Edition 4.1.2
"Red Eye Remover Pro_is1" = Red Eye Remover Pro 1.1
"SmartPCRecorder" = Smart PC Recorder - by freebird
"Sony Ericsson Bluetooth Remote Control" = Sony Ericsson Bluetooth Remote Control 3.04
"Sprint-Layout_50_Demo_is1" = Sprint-Layout 5.0 (Demo)
"ST6UNST #1" = Blade Calculator 2006
"SupervisionCam" = SupervisionCam
"Swiff Player_is1" = Swiff Player 1.1
"SWI-Prolog" = SWI-Prolog (remove only)
"SysInfo" = Creative System Information
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"TinyCAD" = TinyCAD 2.60.01
"Totalcmd" = Total Commander (Remove or Repair)
"USBVIEW" = USBVIEW
"WIC" = Windows Imaging Component
"WildPackets AiroPeek 1.2 Demo" = WildPackets AiroPeek 1.2 Demo
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinMend Folder Hidden_is1" = WinMend Folder Hidden 1.3.5
"winpcap-nmap" = winpcap-nmap 4.02
"WinRAR archiver" = WinRAR
"winscp3_is1" = WinSCP 4.0.6
"Wireshark" = Wireshark 0.99.6a
"XnView_is1" = XnView 1.93.6
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"ZIP PASSWORD FINDER" = ZIP PASSWORD FINDER

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 12.3.2010 16:51:56 | Computer Name = THINKPAD | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of C:\Program Files\Mozilla Firefox\smime3.dll failed, 00000005.

Error - 12.3.2010 16:51:56 | Computer Name = THINKPAD | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of C:\Program Files\Mozilla Firefox\plds4.dll failed, 00000005.

Error - 12.3.2010 16:51:56 | Computer Name = THINKPAD | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of C:\Program Files\Mozilla Firefox\plc4.dll failed, 00000005.

Error - 12.3.2010 16:51:56 | Computer Name = THINKPAD | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of C:\Program Files\Mozilla Firefox\nssutil3.dll failed, 00000005.

Error - 12.3.2010 16:52:24 | Computer Name = THINKPAD | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of C:\Program Files\Mozilla Firefox\nssdbm3.dll failed, 00000005.

Error - 12.3.2010 16:52:24 | Computer Name = THINKPAD | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of C:\Program Files\Mozilla Firefox\nssckbi.dll failed, 00000005.

Error - 12.3.2010 16:52:24 | Computer Name = THINKPAD | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of C:\Program Files\Mozilla Firefox\nss3.dll failed, 00000005.

Error - 12.3.2010 16:52:24 | Computer Name = THINKPAD | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of C:\Program Files\Mozilla Firefox\nspr4.dll failed, 00000005.

Error - 12.3.2010 16:52:24 | Computer Name = THINKPAD | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of C:\Program Files\Mozilla Firefox\mozcrt19.dll failed, 00000005.

Error - 16.3.2010 3:24:24 | Computer Name = THINKPAD | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of C:\Program Files\Mozilla Firefox\firefox.exe failed, 00000005.

[ Application Events ]
Error - 22.11.2009 19:55:48 | Computer Name = THINKPAD | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace mplayerc.exe, verze 6.4.9.1, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 1.12.2009 17:14:02 | Computer Name = THINKPAD | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace mplayerc.exe, verze 6.4.9.1, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 3.12.2009 5:53:59 | Computer Name = THINKPAD | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace mplayerc.exe, verze 6.4.9.1, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 3.12.2009 9:52:29 | Computer Name = THINKPAD | Source = Application Error | ID = 1000
Description = Chybující aplikace acrord32.exe, verze 7.0.5.172, chybující modul
acrord32.dll, verze 7.0.5.172, adresa chyby 0x001d4fa7.

Error - 4.1.2010 8:24:54 | Computer Name = THINKPAD | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace ACDSee32.exe, verze 2.4.1.0, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 6.1.2010 5:58:14 | Computer Name = THINKPAD | Source = Application Error | ID = 1000
Description = Chybující aplikace , verze 0.0.0.0, chybující modul unknown, verze
0.0.0.0, adresa chyby 0x00000000.

Error - 6.1.2010 19:48:57 | Computer Name = THINKPAD | Source = MsiInstaller | ID = 11706
Description = Product: Flowcode V3 -- Error 1706. No valid source could be found
for product Flowcode V3. Windows Installer cannot continue.

Error - 13.1.2010 7:39:56 | Computer Name = THINKPAD | Source = Application Error | ID = 1000
Description = Chybující aplikace svchost.exe, verze 5.1.2600.5512, chybující modul
wiaservc.dll, verze 5.1.2600.5512, adresa chyby 0x000223dd.

Error - 6.3.2010 21:30:38 | Computer Name = THINKPAD | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace firefox.exe, verze 1.9.1.3685, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 16.3.2010 3:01:42 | Computer Name = THINKPAD | Source = Application Error | ID = 1000
Description = Chybující aplikace crypserv.exe, verze 0.0.0.0, chybující modul crypserv.exe,
verze 0.0.0.0, adresa chyby 0x0000b4b3.

[ System Events ]
Error - 15.3.2010 3:18:08 | Computer Name = THINKPAD | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1084 při pokusu o spuštění služby netman
s argumenty za účelem spuštění serveru: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 15.3.2010 3:18:30 | Computer Name = THINKPAD | Source = SRService | ID = 104
Description = Proces inicializace nástroje Obnovení systému se nezdařil.

Error - 15.3.2010 3:18:30 | Computer Name = THINKPAD | Source = Service Control Manager | ID = 7023
Description = Služba Služba obnovení systému byla ukončena s následující chybou:
%%2

Error - 15.3.2010 3:19:27 | Computer Name = THINKPAD | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1084 při pokusu o spuštění služby netman
s argumenty za účelem spuštění serveru: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 15.3.2010 3:29:09 | Computer Name = THINKPAD | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1084 při pokusu o spuštění služby EventSystem
s argumenty za účelem spuštění serveru: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 15.3.2010 14:29:10 | Computer Name = THINKPAD | Source = SRService | ID = 104
Description = Proces inicializace nástroje Obnovení systému se nezdařil.

Error - 15.3.2010 14:29:12 | Computer Name = THINKPAD | Source = Service Control Manager | ID = 7023
Description = Služba Služba obnovení systému byla ukončena s následující chybou:
%%5

Error - 16.3.2010 3:01:39 | Computer Name = THINKPAD | Source = Print | ID = 19
Description = Došlo k chybě sdílení tiskárny + 1722, tiskárna HP LaserJet 4 Plus
název sdílení Tiskárna2.

Error - 16.3.2010 3:03:08 | Computer Name = THINKPAD | Source = Service Control Manager | ID = 7022
Description = Služba Crypkey License přestala během spouštění reagovat.

Error - 16.3.2010 3:09:08 | Computer Name = THINKPAD | Source = Service Control Manager | ID = 7034
Description = Služba Crypkey License byla neočekávaně ukončena. Tento stav nastal
již 1krát.

< End of report >

#18 Příspěvek od **JaRon** » 16 bře 2010 08:39

1. otestuj na www.virustotal.com subor C:\regedit.exe daj reanalyzu
2. uvolni trochu miesta na disku d:
3. odinstaluj ComboFix - stiahni aktualny a skus spustit

Zabaak · #19 Příspěvek od **Zabaak** » 16 bře 2010 18:01

Ten regedit v C:\ jsem tam dal ja, kdyz jsem se ho pokousel dokopirovat do C:\Windows, jak mi radil Combofix.

V testech vypada, ze tomu souboru nic neni.

Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.50 2010.03.16 -
AhnLab-V3 5.0.0.2 2010.03.16 -
AntiVir 8.2.1.180 2010.03.16 -
Antiy-AVL 2.0.3.7 2010.03.16 -
Authentium 5.2.0.5 2010.03.16 -
Avast 4.8.1351.0 2010.03.16 -
Avast5 5.0.332.0 2010.03.16 -
BitDefender 7.2 2010.03.16 -
CAT-QuickHeal 10.00 2010.03.15 -
ClamAV 0.96.0.0-git 2010.03.16 -
Comodo 4285 2010.03.16 -
eSafe 7.0.17.0 2010.03.16 -
eTrust-Vet 35.2.7365 2010.03.16 -
F-Prot 4.5.1.85 2010.03.16 -
F-Secure 9.0.15370.0 2010.03.16 -
Fortinet 4.0.14.0 2010.03.15 -
GData 19 2010.03.16 -
Ikarus T3.1.1.80.0 2010.03.16 -
Jiangmin 13.0.900 2010.03.16 -
K7AntiVirus 7.10.998 2010.03.15 -
Kaspersky 7.0.0.125 2010.03.16 -
McAfee 5921 2010.03.15 -
McAfee+Artemis 5921 2010.03.15 -
McAfee-GW-Edition 6.8.5 2010.03.16 -
Microsoft 1.5605 2010.03.16 -
NOD32 4949 2010.03.16 -
Norman 6.04.08 2010.03.16 -
nProtect 2009.1.8.0 2010.03.16 -
Panda 10.0.2.6 2010.03.16 -
PCTools 7.0.3.5 2010.03.15 -
Prevx 3.0 2010.03.16 -
Rising 22.39.01.04 2010.03.16 -
Sophos 4.51.0 2010.03.16 -
Sunbelt 5916 2010.03.16 -
Symantec 20091.2.0.41 2010.03.16 -
TheHacker 6.5.2.0.234 2010.03.16 -
TrendMicro 9.120.0.1004 2010.03.16 -
VBA32 3.12.12.2 2010.03.16 -
ViRobot 2010.3.16.2230 2010.03.16 -
VirusBuster 5.0.27.0 2010.03.16 -
Rozšiřující informace
File size: 147968 bytes
MD5...: fdeb1d02cae38665cbf114f44e6b997e
SHA1..: 8f5ec3a1948c7c698c548b1681f1a67b31877add
SHA256: 1023358dc5cec3d19b60a80172df54dfab1dbb8dfd2e55ab645fa37711b7fb79
ssdeep: 3072:e9tkaZgxktEdSja2qLckP+4AnrIKvOBI+huG0TG0ueLr3vGVql5l6j0Q:e9
tkqxrqLckP+xn0YOBI+AG0TG0a

PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1691e
timedatestamp.....: 0x48025214 (Sun Apr 13 18:33:56 2008)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x17902 0x17a00 6.37 b1a59076333cb5116cc68191ebcceaa9
.data 0x19000 0x40da0 0x400 1.20 def7edb164ce2210badeb06959cdaa48
.rsrc 0x5a000 0xbf78 0xc000 3.93 b5c36784d81c3757297dec7356ae7a6c

( 14 imports )
> msvcrt.dll: __p__commode, _adjust_fdiv, __p__fmode, _initterm, __getmainargs, _acmdln, __set_app_type, _except_handler3, __setusermatherr, _controlfp, exit, _XcptFilter, _exit, _c_exit, swprintf, iswprint, wcsncpy, wcslen, wcscat, wcscpy, _purecall, iswctype, wcscmp, wcschr, wcsncmp, wcsrchr, _cexit, memmove
> ADVAPI32.dll: RegQueryValueExA, RegOpenKeyExA, InitializeSecurityDescriptor, RegDeleteValueW, InitializeAcl, SetSecurityDescriptorDacl, SetSecurityDescriptorSacl, SetSecurityDescriptorOwner, SetSecurityDescriptorGroup, GetInheritanceSourceW, LookupAccountSidW, GetSidSubAuthorityCount, GetSidSubAuthority, GetSecurityDescriptorControl, GetSecurityDescriptorOwner, GetSecurityDescriptorGroup, GetSecurityDescriptorDacl, GetSecurityDescriptorSacl, SetSecurityInfo, SetNamedSecurityInfoW, GetNamedSecurityInfoW, MapGenericMask, RegSetValueExA, RegSetValueW, RegFlushKey, RegSaveKeyW, RegRestoreKeyW, RegConnectRegistryW, RegQueryValueExW, RegCloseKey, RegOpenKeyW, RegSetValueExW, RegCreateKeyW, RegEnumValueW, RegEnumKeyW, AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, RegUnLoadKeyW, RegLoadKeyW, RegOpenKeyExW, RegQueryInfoKeyW, RegDeleteKeyW
> KERNEL32.dll: ReadFile, DeleteFileW, WriteFile, WideCharToMultiByte, CreateFileW, OutputDebugStringW, GetLastError, SetFilePointer, GetFileSize, SearchPathW, GetTimeFormatW, GetDateFormatW, GetSystemDefaultLCID, FileTimeToSystemTime, FileTimeToLocalFileTime, FreeLibrary, LoadLibraryW, MulDiv, lstrcpynW, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetModuleHandleA, GetStartupInfoA, MultiByteToWideChar, lstrcmpW, FormatMessageW, GetThreadLocale, GetModuleHandleW, ExitProcess, GetCommandLineW, GetProcessHeap, lstrcatW, LocalAlloc, GetCurrentProcess, CloseHandle, LocalFree, GetComputerNameW, lstrcmpiW, lstrlenW, lstrcpyW, LocalReAlloc, GlobalAlloc, GlobalLock, GlobalUnlock, GetProcAddress, LoadLibraryA
> GDI32.dll: GetStockObject, SetAbortProc, StartDocW, StartPage, SetViewportOrgEx, EndPage, EndDoc, AbortDoc, DeleteDC, CreateBitmap, CreatePatternBrush, PatBlt, ExcludeClipRect, SelectClipRgn, DeleteObject, SetBkColor, SetTextColor, ExtTextOutW, GetDeviceCaps, CreateFontIndirectW, SelectObject, GetTextMetricsW
> USER32.dll: SendDlgItemMessageW, SetDlgItemTextW, SetWindowLongW, DefWindowProcW, ReleaseDC, GetDC, SetScrollInfo, wsprintfW, DestroyCaret, ReleaseCapture, KillTimer, SetCaretPos, ScrollWindowEx, ShowCaret, HideCaret, InvalidateRect, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, GetClipboardData, WinHelpW, EndDialog, GetWindowLongW, EndPaint, BeginPaint, CreateCaret, SetTimer, SetCapture, SetFocus, CharLowerW, GetDlgItem, DestroyMenu, TrackPopupMenuEx, IsClipboardFormatAvailable, EnableMenuItem, GetSubMenu, LoadMenuW, GetKeyState, RegisterClassW, LoadCursorW, RegisterClipboardFormatW, CheckRadioButton, SendMessageW, GetWindowTextW, GetParent, GetDlgItemTextW, IsDlgButtonChecked, GetDlgCtrlID, CallWindowProcW, GetWindowTextLengthW, GetDlgItemInt, PostQuitMessage, GetWindowPlacement, SetWindowTextW, EnableWindow, GetWindowRect, DrawMenuBar, InsertMenuItemW, DeleteMenu, SetMenuItemInfoW, GetMenu, GetMenuItemInfoW, EndDeferWindowPos, DeferWindowPos, BeginDeferWindowPos, IsIconic, DestroyIcon, LoadImageW, GetSysColor, SetCursor, ShowCursor, ShowWindow, SetWindowPlacement, CreateWindowExW, GetProcessDefaultLayout, GetMessageW, ScreenToClient, SetCursorPos, DispatchMessageW, ClientToScreen, GetDesktopWindow, LoadIconW, PostMessageW, SetMenuDefaultItem, InsertMenuW, GetMenuItemID, CheckMenuItem, UpdateWindow, RegisterClassExW, CharNextW, GetClientRect, DestroyWindow, CreateDialogParamW, CheckDlgButton, DrawAnimatedRects, IntersectRect, ModifyMenuW, GetMessagePos, TranslateMessage, TranslateAcceleratorW, LoadAcceleratorsW, SetForegroundWindow, GetLastActivePopup, BringWindowToTop, FindWindowW, LoadStringW, GetWindow, IsDialogMessageW, PeekMessageW, MessageBoxW, CharUpperBuffW, CharUpperW, IsCharAlphaNumericW, GetSystemMetrics, MoveWindow, MapWindowPoints, DialogBoxParamW, SetWindowPos, MessageBeep
> COMCTL32.dll: -, -, -, -, InitCommonControlsEx, -, -, ImageList_SetBkColor, ImageList_Create, ImageList_Destroy, -, -, ImageList_ReplaceIcon, -, -, -, -, CreateStatusWindowW
> comdlg32.dll: GetOpenFileNameW, GetSaveFileNameW, PrintDlgExW
> SHELL32.dll: ShellAboutW, DragQueryFileW, DragFinish
> AUTHZ.dll: AuthzInitializeContextFromSid, AuthzAccessCheck, AuthzFreeContext, AuthzFreeResourceManager, AuthzInitializeResourceManager
> ACLUI.dll: -
> ole32.dll: CoCreateInstance, CoUninitialize, CoInitializeEx, ReleaseStgMedium
> ulib.dll: _Resize@DSTRING@@UAEEK@Z, _Initialize@ARRAY@@QAEEKK@Z, _NewBuf@DSTRING@@UAEEK@Z, __1DSTRING@@UAE@XZ, __1OBJECT@@UAE@XZ, __0OBJECT@@IAE@XZ, _Compare@OBJECT@@UBEJPBV1@@Z, __0DSTRING@@QAE@XZ, _Initialize@WSTRING@@QAEEPBV1@KK@Z, _Strcat@WSTRING@@QAEEPBV1@@Z, __0ARRAY@@QAE@XZ, _Initialize@WSTRING@@QAEEPBGK@Z
> clb.dll: ClbAddData, ClbSetColumnWidths
> ntdll.dll: RtlFreeHeap, RtlAllocateHeap

( 0 exports )

RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable MS Visual C++ (generic) (53.1%)
Windows Screen Saver (18.4%)
Win32 Executable Generic (12.0%)
Win32 Dynamic Link Library (generic) (10.6%)
Generic Win/DOS Executable (2.8%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. V_echna pr_va vyhrazena.
product......: Microsoft_ Windows_ Operating System
description..: Editor registru
original name: REGEDIT.EXE
internal name: REGEDIT
file version.: 5.1.2600.5512 (xpsp.080413-2111)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

Zabaak · #20 Příspěvek od **Zabaak** » 16 bře 2010 18:32

combofix /u jsem ho odinstaloval, spustil novy a zase skoncil na tom, ze nema dostupny regedit.exe

#21 Příspěvek od **stell** » 16 bře 2010 22:00

stiahnes na plochu>Download>spustis>>vloz zeleny text a klik >look,,log vloz sem

Kód: Vybrat vše

:filefind
regedit.exe

Zabaak · #22 Příspěvek od **Zabaak** » 16 bře 2010 22:09

Diky, provedeno, vkladam.

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 22:06 on 16/03/2010 by Boza (Administrator - Elevation successful)

========== filefind ==========

Searching for "regedit.exe"
C:\regedit.exe --a--- 147968 bytes [16:44 12/03/2010] [03:22 14/04/2008] FDEB1D02CAE38665CBF114F44E6B997E

-=End Of File=-

Zajimave je, ze Windowsy zatim jedou, kdyz restartuju do nouzoveho rezimu s MS DOS tak se objevim v adresari Windows, ale jinak se do nej neda dostat, pise to ze: Pristup odepren.

#23 Příspěvek od **stell** » 16 bře 2010 22:18

tiahnes>>AVANGER
podla navodu vloz zeleny text,po restarte log vloz sem

Kód: Vybrat vše

Begin copying here:
Files to move:
c:\regedit.exe | C:\WINDOWS\regedit.exe

Spust OTL,do okna customscan/fixes vloz zeleny text log po restarte vloz sem:

Kód: Vybrat vše

:OTL
O2 - BHO: (WebTransBHO Class) - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll File not found
O3 - HKLM\..\Toolbar: (WebTranslator) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll File not found
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe File not found
O9 - Extra 'Tools' menuitem : &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll File not found
O9 - Extra 'Tools' menuitem : Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll File not found
O9 - Extra 'Tools' menuitem : Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
:rEG
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"="explorer.exe"
:commands
[emptytemp]
[emptyflash]
[start explorer]
[Reboot]

Zabaak · #24 Příspěvek od **Zabaak** » 16 bře 2010 22:26

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Error: could not move file "c:\regedit.exe"
File move operation "c:\regedit.exe|C:\WINDOWS\regedit.exe" failed!
Status: 0xc0000022 (STATUS_ACCESS_DENIED)

Completed script processing.

*******************

Finished! Terminate.

#25 Příspěvek od **stell** » 16 bře 2010 22:31

zaujimave,sprav OTL,,po restarte log vloz sem,potom pojdes do nudzoveho rezimu a akciu s AVANGER zopakujes,log vloz sem.

Zabaak · #26 Příspěvek od **Zabaak** » 16 bře 2010 22:46

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{BFC32E1D-EE75-4A48-BC60-104E11EE2431} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BFC32E1D-EE75-4A48-BC60-104E11EE2431}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CC963627-B1DC-40E0-B52A-CF21EE748450}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC963627-B1DC-40E0-B52A-CF21EE748450}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CC963627-B1DC-40E0-B52A-CF21EE748451}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC963627-B1DC-40E0-B52A-CF21EE748451}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CC963627-B1DC-40E0-B52A-CF21EE748452}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC963627-B1DC-40E0-B52A-CF21EE748452}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003\ deleted successfully.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\"Shell"|"explorer.exe" /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 280069 bytes
->FireFox cache emptied: 25244120 bytes
->Flash cache emptied: 434 bytes

User: All Users

User: Boza
->Temp folder emptied: 297825895 bytes
->Temporary Internet Files folder emptied: 33449123 bytes
->Java cache emptied: 12118713 bytes
->FireFox cache emptied: 51568360 bytes
->Flash cache emptied: 1033 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 65536 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 174536 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 102500 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 401,00 mb

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Boza
->Flash cache emptied: 0 bytes

User: Default User

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0,00 mb

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\: LSP stack updated.

OTL by OldTimer - Version 3.1.37.1 log created on 03162010_222813

Files\Folders moved on Reboot...
C:\Documents and Settings\Boza\Local Settings\Temporary Internet Files\Content.IE5\SP7RKIA0\afr[4].htm moved successfully.
C:\Documents and Settings\Boza\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat moved successfully.
File\Folder C:\WINDOWS\temp\_avast4_\Webshlock.txt not found!
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_1dc.dat not found!

Registry entries deleted on Reboot...

Zabaak · #27 Příspěvek od **Zabaak** » 16 bře 2010 23:08

A jeste vysledek Avangera v nouzovem rezimu:

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Error: could not move file "c:\regedit.exe"
File move operation "c:\regedit.exe|C:\WINDOWS\regedit.exe" failed!
Status: 0xc0000022 (STATUS_ACCESS_DENIED)

Completed script processing.

*******************

Finished! Terminate.

Prijde mi, ze je to dost podobny.

#28 Příspěvek od **stell** » 16 bře 2010 23:10

Whitelist,ok
spust OTL do okna customscan/fixes vloz zeleny text log po restarte vloz sem

Kód: Vybrat vše

:files
c:\regedit.exe|C:\Windows\regedit.exe /replace
:commands
[emptytemp]

Zabaak · #29 Příspěvek od **Zabaak** » 16 bře 2010 23:17

Probehlo to, napsalo ze: Kos na jednotce C je poskozen a jestli ho chci vysypat, dal jsem ze ano.

All processes killed
========== FILES ==========
File C:\Windows\regedit.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Boza
->Temp folder emptied: 361 bytes
->Temporary Internet Files folder emptied: 1390430 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 434 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16958 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,00 mb

OTL by OldTimer - Version 3.1.37.1 log created on 03162010_231238

Files\Folders moved on Reboot...
C:\Documents and Settings\Boza\Local Settings\Temporary Internet Files\Content.IE5\7IUE5A60\601[1].htm moved successfully.
C:\Documents and Settings\Boza\Local Settings\Temporary Internet Files\Content.IE5\4NK3P1R3\afr[1].htm moved successfully.
C:\Documents and Settings\Boza\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat moved successfully.
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_1cc.dat not found!

Registry entries deleted on Reboot...

#30 Příspěvek od **stell** » 16 bře 2010 23:25

Pri tejto akcii je nutné mať ComboFix na ploche.

Vypni>FIREWALL>Antivir>Antispyware>vsetko rezidentne.

Otvor Notepad (Poznámkový blok) a zkopíruj do neho celý zeleny tex:

Kód: Vybrat vše

KILLALL::
FCOPY::
c:\regedit.exe | C:\Windows\regedit.exe

Potom klik na Subor -> Uložiť ako.. .. -> Ako je Názov souboru tak do toho riadku napiš:CFScript.txt
Typ súboru tak tam vyberies *všetky súbory
A ulož ho na plochu.> Pozor CFScript.txt>Neotvarat a nemoze byt ani>CFScript.txt.txt A Urobis Toto :
Obrázek

Po skonceni skenu vlož log čo ComboFix vytvorí

VIRY.CZ

Mel jsem Security Tool a asi i TrojanDownloader.Wigon.BS ...

Re: Mel jsem Security Tool a asi i TrojanDownloader.Wigon.BS ...

Re: Mel jsem Security Tool a asi i TrojanDownloader.Wigon.BS ...

Re: Mel jsem Security Tool a asi i TrojanDownloader.Wigon.BS ...

Re: Mel jsem Security Tool a asi i TrojanDownloader.Wigon.BS ...

Re: Mel jsem Security Tool a asi i TrojanDownloader.Wigon.BS ...

Re: Mel jsem Security Tool a asi i TrojanDownloader.Wigon.BS ...

Re: Mel jsem Security Tool a asi i TrojanDownloader.Wigon.BS ...

Re: Mel jsem Security Tool a asi i TrojanDownloader.Wigon.BS ...

Re: Mel jsem Security Tool a asi i TrojanDownloader.Wigon.BS ...

Re: Mel jsem Security Tool a asi i TrojanDownloader.Wigon.BS ...

Re: Mel jsem Security Tool a asi i TrojanDownloader.Wigon.BS ...

Re: Mel jsem Security Tool a asi i TrojanDownloader.Wigon.BS ...

Re: Mel jsem Security Tool a asi i TrojanDownloader.Wigon.BS ...

Re: Mel jsem Security Tool a asi i TrojanDownloader.Wigon.BS ...

Re: Mel jsem Security Tool a asi i TrojanDownloader.Wigon.BS ...