VIRY.CZ

pro dnes musím končit, díky, dobrou noc

Spusťte znovu Avenger s následujícím skriptem :
Po restartu opět manuálně aplikujte opravu registru z tohoto postu : http://www.viry.cz/forum/viewtopic.php?p=996238#p996238

Poté poprosím o nový log z OTL.

dobrý večer
zde avenger, soubor opr.reg se přepsal, naleduje otl, spustil jsem to s nastavením oprava havěti

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Registry key "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wuauserv" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

OTL logfile created on: 17.6.2011 20:37:40 - Run 3
OTL by OldTimer - Version 3.2.24.0 Folder = D:\_Downloaded files\OTL
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1023,49 Mb Total Physical Memory | 572,16 Mb Available Physical Memory | 55,90% Memory free
1,28 Gb Paging File | 0,97 Gb Available in Paging File | 75,57% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 9,77 Gb Total Space | 2,94 Gb Free Space | 30,14% Space Free | Partition Type: NTFS
Drive D: | 46,12 Gb Total Space | 39,44 Gb Free Space | 85,51% Space Free | Partition Type: NTFS
Drive G: | 465,76 Gb Total Space | 197,50 Gb Free Space | 42,40% Space Free | Partition Type: NTFS

Computer Name: PETR-87F50839C2 | User Name: Petr | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.06.15 23:28:43 | 000,580,608 | ---- | M] (OldTimer Tools) -- D:\_Downloaded files\OTL\OTL.exe
PRC - [2011.06.03 21:29:29 | 000,941,936 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2011.05.10 14:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011.05.10 14:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009.03.05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2007.06.13 15:23:39 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004.12.22 00:28:58 | 000,602,220 | ---- | M] (Executive Software International, Inc.) -- C:\Program Files\Executive Software\Diskeeper\DkService.exe
PRC - [2003.12.03 07:01:00 | 000,753,700 | ---- | M] (C. Ghisler & Co.) -- C:\totalcmd\TOTALCMD.EXE
PRC - [2001.10.27 07:32:54 | 000,270,336 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\system32\atiptaxx.exe


========== Modules (SafeList) ==========

MOD - [2011.06.15 23:28:43 | 000,580,608 | ---- | M] (OldTimer Tools) -- D:\_Downloaded files\OTL\OTL.exe
MOD - [2011.05.10 14:10:55 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2006.08.25 17:51:20 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011.05.10 14:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2004.12.22 00:28:58 | 000,602,220 | ---- | M] (Executive Software International, Inc.) [Auto | Running] -- C:\Program Files\Executive Software\Diskeeper\DkService.exe -- (Diskeeper)


========== Driver Services (SafeList) ==========

DRV - [2011.05.10 14:03:54 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011.05.10 14:03:44 | 000,307,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011.05.10 14:02:37 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011.05.10 14:02:25 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011.05.10 13:59:56 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011.05.10 13:59:37 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011.05.10 13:59:35 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2006.09.24 15:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2004.08.04 01:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004.08.04 00:31:36 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2001.10.27 07:47:14 | 000,349,184 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2001.10.27 05:50:02 | 000,032,752 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atinxsxx.sys -- (ATIXSAudio)
DRV - [2001.10.27 05:49:46 | 000,020,960 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atinttxx.sys -- (TTDec)
DRV - [2001.10.27 05:49:30 | 000,011,280 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atinmdxx.sys -- (MVDCODEC)
DRV - [2001.10.27 05:49:22 | 000,032,848 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atinraxx.sys -- (ativraxx)
DRV - [2001.10.27 05:47:30 | 000,065,024 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atinrvxx.sys -- (atinrvxx)
DRV - [2001.10.27 05:46:22 | 000,035,952 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atintuxx.sys -- (ATITUNEP)
DRV - [2001.10.01 15:29:22 | 000,006,144 | ---- | M] (Ravisent Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\CINEMSUP.SYS -- (CINEMSUP)
DRV - [2001.08.18 00:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001.08.17 23:28:12 | 000,488,383 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_V124.sys -- (V124)
DRV - [2001.08.17 23:28:12 | 000,050,751 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_TONE.sys -- (Tones)
DRV - [2001.08.17 23:28:10 | 000,542,879 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_MSFT.sys -- (hsf_msft)
DRV - [2001.08.17 23:28:10 | 000,073,279 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_SPKP.sys -- (SpeakerPhone)
DRV - [2001.08.17 23:28:10 | 000,057,471 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_SAMP.sys -- (Rksample)
DRV - [2001.08.17 23:28:08 | 000,391,199 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_K56K.sys -- (K56)
DRV - [2001.08.17 23:28:06 | 000,289,887 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FALL.sys -- (Fallback)
DRV - [2001.08.17 23:28:06 | 000,199,711 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FAXX.sys -- (SoftFax)
DRV - [2001.08.17 23:28:06 | 000,115,807 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FSKS.sys -- (Fsks)
DRV - [2001.08.17 23:28:04 | 000,067,167 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_BSC2.sys -- (basic2)
DRV - [2001.08.17 22:19:34 | 000,040,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\es1371mp.sys -- (es1371) Creative AudioPCI (ES1371,ES1373) (WDM)
DRV - [1996.04.03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-606747145-1202660629-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-606747145-1202660629-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2011.06.16 18:08:14 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [AtiPTA] C:\WINDOWS\System32\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Executive Software\Diskeeper\DkIcon.exe (Executive Software International, Inc.)
O4 - HKLM..\Run: [HydarVisionDesktopManager] File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKU\S-1-5-21-606747145-1202660629-854245398-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-606747145-1202660629-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL (ATI Technologies Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.240.0.214 83.240.0.215
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.03.03 22:34:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011.06.16 18:41:26 | 000,286,720 | ---- | C] (SteelWerX) -- C:\swreg.exe
[2011.06.15 19:27:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Sun
[2011.06.15 19:27:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011.06.15 19:26:52 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011.06.15 19:26:52 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011.06.15 19:26:52 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011.06.15 19:26:52 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011.06.15 19:26:52 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011.06.15 19:26:25 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011.06.15 19:25:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Petr\Data aplikací\Sun
[2011.06.11 06:45:50 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011.06.04 16:07:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Google Earth
[2011.06.03 21:29:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Petr\Local Settings\Data aplikací\Opera
[2011.05.29 18:04:15 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Petr\PrivacIE
[2011.05.29 18:01:17 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Petr\IETldCache
[2011.05.29 17:59:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2011.05.29 17:57:55 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011.05.29 17:57:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\cs-CZ

========== Files - Modified Within 30 Days ==========

[2011.06.17 20:34:34 | 000,004,599 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2011.06.17 20:33:57 | 000,000,944 | ---- | M] () -- C:\opr.reg
[2011.06.17 20:27:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.06.17 20:27:39 | 1073,274,880 | -HS- | M] () -- C:\hiberfil.sys
[2011.06.17 16:23:18 | 000,000,031 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
[2011.06.17 14:31:17 | 000,002,275 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Skype.lnk
[2011.06.16 22:20:07 | 000,000,175 | ---- | M] () -- C:\oprava_5.bat
[2011.06.16 22:18:55 | 000,286,720 | ---- | M] (SteelWerX) -- C:\swreg.exe
[2011.06.16 18:43:03 | 000,000,179 | ---- | M] () -- C:\oprava.bat
[2011.06.16 18:38:57 | 000,002,701 | ---- | M] () -- C:\WINDOWS\WDICT32.INI
[2011.06.16 18:08:14 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011.06.15 19:26:32 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011.06.15 19:26:32 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011.06.15 19:26:32 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011.06.15 19:26:32 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011.06.15 19:26:31 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011.06.14 14:52:00 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\Petr\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.06.14 14:41:17 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.06.12 20:37:22 | 000,023,148 | -H-- | M] () -- C:\WINDOWS\System32\Atmcsyxx.GID
[2011.06.11 06:45:50 | 000,002,553 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011.06.04 16:07:32 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Google Earth.lnk
[2011.06.03 21:29:35 | 000,001,492 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Opera.lnk
[2011.05.26 17:00:54 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\avast! Free Antivirus.lnk

========== Files Created - No Company Name ==========

[2011.06.17 20:33:57 | 000,000,944 | ---- | C] () -- C:\opr.reg
[2011.06.16 22:20:07 | 000,000,175 | ---- | C] () -- C:\oprava_5.bat
[2011.06.16 18:43:03 | 000,000,179 | ---- | C] () -- C:\oprava.bat
[2011.06.04 16:07:32 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Google Earth.lnk
[2011.06.03 21:29:35 | 000,001,498 | ---- | C] () -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Opera.lnk
[2011.06.03 21:29:35 | 000,001,492 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Opera.lnk
[2010.12.19 20:26:04 | 000,000,342 | ---- | C] () -- C:\WINDOWS\WTRDICT.INI
[2010.12.19 20:26:04 | 000,000,044 | ---- | C] () -- C:\WINDOWS\STXKBD.INI
[2009.03.11 21:22:21 | 000,000,178 | ---- | C] () -- C:\WINDOWS\arbasew.ini
[2009.01.05 21:57:18 | 000,004,251 | ---- | C] () -- C:\WINDOWS\WTRAN32.INI
[2008.11.23 20:08:05 | 000,003,487 | ---- | C] () -- C:\WINDOWS\MDVDP.Ini
[2008.05.04 17:57:39 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008.04.02 21:12:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WEBTRANS.INI
[2008.04.02 21:07:30 | 000,000,134 | ---- | C] () -- C:\WINDOWS\WEBWTR.INI
[2008.02.21 20:26:44 | 000,002,383 | ---- | C] () -- C:\WINDOWS\WINTRAN.INI
[2007.06.25 18:42:20 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2007.05.31 20:26:47 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\Petr\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.05.25 21:52:37 | 000,001,759 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\QTSBandwidthCache
[2007.05.08 14:27:37 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
[2007.04.24 22:28:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ATIMMC.INI
[2007.04.24 22:19:15 | 000,000,011 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.ini
[2007.04.24 22:19:10 | 000,066,560 | ---- | C] () -- C:\WINDOWS\System32\atiyuv12.dll
[2007.04.24 22:19:10 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2007.04.24 22:19:00 | 000,009,136 | ---- | C] () -- C:\WINDOWS\System32\INETWH16.DLL
[2007.04.24 22:18:17 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\HydraFra.dll
[2007.04.24 22:18:17 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\HydraEsp.dll
[2007.04.24 22:18:17 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\HydraPtb.dll
[2007.04.24 22:18:17 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\HydraNln.dll
[2007.04.24 22:18:17 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\HydraIta.dll
[2007.04.24 22:18:17 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\HydraSvs.dll
[2007.04.24 22:18:17 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\HydraNon.dll
[2007.04.24 22:18:17 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\HydraFif.dll
[2007.04.24 22:18:17 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\HydraDad.dll
[2007.04.24 22:18:17 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\HydraJan.dll
[2007.04.24 22:18:17 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\HydraKor.dll
[2007.04.24 22:18:17 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\HydraZht.dll
[2007.04.24 22:18:17 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\HydraZhs.dll
[2007.04.24 22:18:17 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\ViewHook.dll
[2007.04.24 22:08:42 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007.03.20 20:09:42 | 000,000,023 | ---- | C] () -- C:\WINDOWS\kodakpcd.Petr.ini
[2007.03.07 23:17:57 | 000,001,160 | ---- | C] () -- C:\WINDOWS\visualdirsize.ini
[2007.03.07 22:59:51 | 000,000,133 | ---- | C] () -- C:\WINDOWS\lsplugin.ini
[2007.03.04 18:15:36 | 000,002,701 | ---- | C] () -- C:\WINDOWS\WDICT32.INI
[2007.03.03 23:53:45 | 000,000,031 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2007.03.03 23:35:33 | 000,000,390 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007.03.03 23:26:23 | 000,004,599 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2007.03.03 23:23:26 | 000,035,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\atintuxx.sys
[2007.03.03 23:23:24 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinrvxx.sys
[2007.03.03 23:23:21 | 000,032,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinraxx.sys
[2007.03.03 23:23:18 | 000,032,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinxsxx.sys
[2007.03.03 23:23:17 | 000,011,280 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinmdxx.sys
[2007.03.03 23:23:16 | 000,020,960 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinttxx.sys
[2007.03.03 23:19:45 | 000,004,249 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007.03.03 23:18:19 | 000,195,368 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007.03.03 22:38:42 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007.03.03 22:29:07 | 000,021,812 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004.08.17 16:58:58 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004.08.02 15:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2001.10.27 05:49:38 | 000,011,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinpdxx.sys
[2001.10.27 05:48:52 | 000,060,672 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinbtxx.sys
[2001.10.25 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001.10.25 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001.10.25 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001.10.25 14:00:00 | 000,269,162 | ---- | C] () -- C:\WINDOWS\System32\perfi005.dat
[2001.10.25 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001.10.25 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001.10.25 14:00:00 | 000,032,072 | ---- | C] () -- C:\WINDOWS\System32\perfd005.dat
[2001.10.25 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001.10.25 14:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001.10.25 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001.10.15 22:47:00 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2010.04.17 22:44:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
[2008.10.28 18:56:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Autodesk
[2008.10.28 18:56:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Autodesk(2)
[2009.06.10 19:49:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\IM
[2009.06.10 19:47:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\IncrediMail
[2009.09.28 16:37:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2007.03.05 21:17:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\Autodesk
[2009.12.02 22:48:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\f2fElementary
[2009.10.28 19:48:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\f2fStarter
[2009.09.06 18:31:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\Foxit
[2007.11.02 18:48:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\GameHouse
[2007.03.03 22:59:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\Opera
[2007.05.11 20:24:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\Zoner

========== Purity Check ==========



< End of report >

Stáhněte SystemLook, do okna vložte následující skript a stiskněte tlačítko Look!
Log ze SL poté vložte sem.

SystemLook 04.09.10 by jpshortstuff
Log created at 23:07 on 17/06/2011 by Petr
Administrator - Elevation successful

========== dir ==========

C: - Parameters: "(none)"

---Files---
AUTOEXEC.BAT --a---- 0 bytes [20:34 03/03/2007] [20:34 03/03/2007]
avenger.txt --a---- 1086 bytes [18:27 17/06/2011] [18:27 17/06/2011]
boot.ini ---hs-- 211 bytes [21:17 03/03/2007] [19:09 22/05/2008]
Bootfont.bin -rahs-- 4952 bytes [12:00 25/10/2001] [12:00 25/10/2001]
CONFIG.SYS --a---- 0 bytes [20:34 03/03/2007] [20:34 03/03/2007]
EasyShareInstall.log --a---- 235694 bytes [19:10 11/05/2007] [19:20 11/05/2007]
hiberfil.sys --ahs-- 1073274880 bytes [10:19 17/11/2008] [18:27 17/06/2011]
IO.SYS -rahs-- 0 bytes [20:34 03/03/2007] [20:34 03/03/2007]
logfile --a---- 49469 bytes [19:48 11/05/2007] [16:46 04/05/2008]
MSDOS.SYS -rahs-- 0 bytes [20:34 03/03/2007] [20:34 03/03/2007]
NTDETECT.COM -rahs-- 47564 bytes [21:38 03/08/2004] [21:38 03/08/2004]
ntldr -rahs-- 250048 bytes [21:59 03/08/2004] [21:59 03/08/2004]
opr.reg --a---- 944 bytes [18:33 17/06/2011] [18:33 17/06/2011]
oprava.bat --a---- 179 bytes [16:43 16/06/2011] [16:43 16/06/2011]
oprava_5.bat --a---- 175 bytes [20:20 16/06/2011] [20:20 16/06/2011]
pagefile.sys --ahs-- 402653184 bytes [21:11 03/03/2007] [18:27 17/06/2011]
PCcheck.LOG --a---- 3367 bytes [20:19 24/04/2007] [20:19 24/04/2007]
swreg.exe --a---- 286720 bytes [16:41 16/06/2011] [20:18 16/06/2011]

---Folders---
Avenger d------ [01:04 10/06/2009]
Documents and Settings d------ [21:18 03/03/2007]
Games d------ [22:28 03/03/2007]
Phenomedia AG d------ [14:07 24/08/2008]
Program Files d------ [21:19 03/03/2007]
RECYCLER d--hs-- [21:38 03/03/2007]
rsit d------ [20:01 09/06/2009]
System Volume Information d--hs-- [21:18 03/03/2007]
totalcmd d------ [21:26 03/03/2007]
WINDOWS d------ [21:11 03/03/2007]

========== reg ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS]
"ImagePath"="%systemroot%\system32\svchost.exe -k netsvcs"
"Type"= 0x0000000020 (32)
"Start"= 0x0000000002 (2)
"ErrorControl"= 0x0000000001 (1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BITS\Enum]


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Services\wuauserv]
(Unable to open key - key not found)

-= EOF =-

A ještě OTL podle tohoto postupu : http://www.viry.cz/forum/viewtopic.php?p=995905#p995905

OTL logfile created on: 17.6.2011 23:18:01 - Run 4
OTL by OldTimer - Version 3.2.24.0 Folder = D:\_Downloaded files\OTL
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1023,49 Mb Total Physical Memory | 554,31 Mb Available Physical Memory | 54,16% Memory free
1,28 Gb Paging File | 0,86 Gb Available in Paging File | 67,27% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 9,77 Gb Total Space | 2,94 Gb Free Space | 30,12% Space Free | Partition Type: NTFS
Drive D: | 46,12 Gb Total Space | 39,44 Gb Free Space | 85,51% Space Free | Partition Type: NTFS
Drive G: | 465,76 Gb Total Space | 197,50 Gb Free Space | 42,40% Space Free | Partition Type: NTFS

Computer Name: PETR-87F50839C2 | User Name: Petr | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - [2011.06.16 22:47:11 | 000,075,264 | ---- | M] () -- D:\_Downloaded files\Systemook\SystemLook.exe
PRC - [2011.06.15 23:28:43 | 000,580,608 | ---- | M] (OldTimer Tools) -- D:\_Downloaded files\OTL\OTL.exe
PRC - [2011.06.03 21:29:29 | 000,941,936 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2011.05.10 14:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011.05.10 14:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009.03.05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2007.06.13 15:23:39 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004.12.22 00:28:58 | 000,602,220 | ---- | M] (Executive Software International, Inc.) -- C:\Program Files\Executive Software\Diskeeper\DkService.exe
PRC - [2003.12.03 07:01:00 | 000,753,700 | ---- | M] (C. Ghisler & Co.) -- C:\totalcmd\TOTALCMD.EXE
PRC - [2001.10.27 07:32:54 | 000,270,336 | ---- | M] (ATI Technologies, Inc.) -- C:\WINDOWS\system32\atiptaxx.exe
PRC - [1999.03.21 03:54:54 | 007,151,661 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office\EXCEL.EXE


========== Modules (SafeList) ==========

MOD - [2011.06.15 23:28:43 | 000,580,608 | ---- | M] (OldTimer Tools) -- D:\_Downloaded files\OTL\OTL.exe
MOD - [2011.05.10 14:10:55 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2006.08.25 17:51:20 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011.05.10 14:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2004.12.22 00:28:58 | 000,602,220 | ---- | M] (Executive Software International, Inc.) [Auto | Running] -- C:\Program Files\Executive Software\Diskeeper\DkService.exe -- (Diskeeper)


========== Driver Services (SafeList) ==========

DRV - [2011.05.10 14:03:54 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011.05.10 14:03:44 | 000,307,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011.05.10 14:02:37 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011.05.10 14:02:25 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011.05.10 13:59:56 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011.05.10 13:59:37 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011.05.10 13:59:35 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2006.09.24 15:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2004.08.04 01:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004.08.04 00:31:36 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2001.10.27 07:47:14 | 000,349,184 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2001.10.27 05:50:02 | 000,032,752 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atinxsxx.sys -- (ATIXSAudio)
DRV - [2001.10.27 05:49:46 | 000,020,960 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atinttxx.sys -- (TTDec)
DRV - [2001.10.27 05:49:30 | 000,011,280 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atinmdxx.sys -- (MVDCODEC)
DRV - [2001.10.27 05:49:22 | 000,032,848 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atinraxx.sys -- (ativraxx)
DRV - [2001.10.27 05:47:30 | 000,065,024 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atinrvxx.sys -- (atinrvxx)
DRV - [2001.10.27 05:46:22 | 000,035,952 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atintuxx.sys -- (ATITUNEP)
DRV - [2001.10.01 15:29:22 | 000,006,144 | ---- | M] (Ravisent Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\CINEMSUP.SYS -- (CINEMSUP)
DRV - [2001.08.18 00:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001.08.17 23:28:12 | 000,488,383 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_V124.sys -- (V124)
DRV - [2001.08.17 23:28:12 | 000,050,751 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_TONE.sys -- (Tones)
DRV - [2001.08.17 23:28:10 | 000,542,879 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_MSFT.sys -- (hsf_msft)
DRV - [2001.08.17 23:28:10 | 000,073,279 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_SPKP.sys -- (SpeakerPhone)
DRV - [2001.08.17 23:28:10 | 000,057,471 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_SAMP.sys -- (Rksample)
DRV - [2001.08.17 23:28:08 | 000,391,199 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_K56K.sys -- (K56)
DRV - [2001.08.17 23:28:06 | 000,289,887 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FALL.sys -- (Fallback)
DRV - [2001.08.17 23:28:06 | 000,199,711 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FAXX.sys -- (SoftFax)
DRV - [2001.08.17 23:28:06 | 000,115,807 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FSKS.sys -- (Fsks)
DRV - [2001.08.17 23:28:04 | 000,067,167 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_BSC2.sys -- (basic2)
DRV - [2001.08.17 22:19:34 | 000,040,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\es1371mp.sys -- (es1371) Creative AudioPCI (ES1371,ES1373) (WDM)
DRV - [1996.04.03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-606747145-1202660629-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-606747145-1202660629-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2011.06.16 18:08:14 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [AtiPTA] C:\WINDOWS\System32\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Executive Software\Diskeeper\DkIcon.exe (Executive Software International, Inc.)
O4 - HKLM..\Run: [HydarVisionDesktopManager] File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKU\S-1-5-21-606747145-1202660629-854245398-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-606747145-1202660629-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL (ATI Technologies Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.240.0.214 83.240.0.215
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.03.03 22:34:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DRAW - DVIDEO.DLL File not found
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.VCR1 - ATIVCR1.DLL File not found
Drivers32: VIDC.VCR2 - ATIVCR2.DLL File not found
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\atiyuv12.dll ()
Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (54619756233228288)

========== Files/Folders - Created Within 7 Days ==========

[2011.06.16 18:41:26 | 000,286,720 | ---- | C] (SteelWerX) -- C:\swreg.exe
[2011.06.15 19:27:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Sun
[2011.06.15 19:27:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011.06.15 19:26:52 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011.06.15 19:26:52 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011.06.15 19:26:52 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011.06.15 19:26:52 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011.06.15 19:26:52 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011.06.15 19:26:25 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011.06.15 19:25:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Petr\Data aplikací\Sun
[2011.06.11 06:45:50 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys

========== Files - Modified Within 7 Days ==========

[2011.06.17 20:34:34 | 000,004,599 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2011.06.17 20:33:57 | 000,000,944 | ---- | M] () -- C:\opr.reg
[2011.06.17 20:27:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.06.17 20:27:39 | 1073,274,880 | -HS- | M] () -- C:\hiberfil.sys
[2011.06.17 16:23:18 | 000,000,031 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
[2011.06.17 14:31:17 | 000,002,275 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Skype.lnk
[2011.06.16 22:20:07 | 000,000,175 | ---- | M] () -- C:\oprava_5.bat
[2011.06.16 22:18:55 | 000,286,720 | ---- | M] (SteelWerX) -- C:\swreg.exe
[2011.06.16 18:43:03 | 000,000,179 | ---- | M] () -- C:\oprava.bat
[2011.06.16 18:38:57 | 000,002,701 | ---- | M] () -- C:\WINDOWS\WDICT32.INI
[2011.06.16 18:08:14 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011.06.15 19:26:32 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011.06.15 19:26:32 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011.06.15 19:26:32 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011.06.15 19:26:32 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011.06.15 19:26:31 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011.06.14 14:52:00 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\Petr\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.06.14 14:41:17 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.06.12 20:37:22 | 000,023,148 | -H-- | M] () -- C:\WINDOWS\System32\Atmcsyxx.GID
[2011.06.11 06:45:50 | 000,002,553 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

========== Files Created - No Company Name ==========

[2011.06.17 20:33:57 | 000,000,944 | ---- | C] () -- C:\opr.reg
[2011.06.16 22:20:07 | 000,000,175 | ---- | C] () -- C:\oprava_5.bat
[2011.06.16 18:43:03 | 000,000,179 | ---- | C] () -- C:\oprava.bat
[2010.12.19 20:26:04 | 000,000,342 | ---- | C] () -- C:\WINDOWS\WTRDICT.INI
[2010.12.19 20:26:04 | 000,000,044 | ---- | C] () -- C:\WINDOWS\STXKBD.INI
[2009.03.11 21:22:21 | 000,000,178 | ---- | C] () -- C:\WINDOWS\arbasew.ini
[2009.01.05 21:57:18 | 000,004,251 | ---- | C] () -- C:\WINDOWS\WTRAN32.INI
[2008.11.23 20:08:05 | 000,003,487 | ---- | C] () -- C:\WINDOWS\MDVDP.Ini
[2008.05.04 17:57:39 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008.04.02 21:12:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WEBTRANS.INI
[2008.04.02 21:07:30 | 000,000,134 | ---- | C] () -- C:\WINDOWS\WEBWTR.INI
[2008.02.21 20:26:44 | 000,002,383 | ---- | C] () -- C:\WINDOWS\WINTRAN.INI
[2007.06.25 18:42:20 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2007.05.31 20:26:47 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\Petr\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.05.25 21:52:37 | 000,001,759 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\QTSBandwidthCache
[2007.05.08 14:27:37 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
[2007.04.24 22:28:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ATIMMC.INI
[2007.04.24 22:19:15 | 000,000,011 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.ini
[2007.04.24 22:19:10 | 000,066,560 | ---- | C] () -- C:\WINDOWS\System32\atiyuv12.dll
[2007.04.24 22:19:10 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2007.04.24 22:19:00 | 000,009,136 | ---- | C] () -- C:\WINDOWS\System32\INETWH16.DLL
[2007.04.24 22:18:17 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\HydraFra.dll
[2007.04.24 22:18:17 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\HydraEsp.dll
[2007.04.24 22:18:17 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\HydraPtb.dll
[2007.04.24 22:18:17 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\HydraNln.dll
[2007.04.24 22:18:17 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\HydraIta.dll
[2007.04.24 22:18:17 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\HydraSvs.dll
[2007.04.24 22:18:17 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\HydraNon.dll
[2007.04.24 22:18:17 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\HydraFif.dll
[2007.04.24 22:18:17 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\HydraDad.dll
[2007.04.24 22:18:17 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\HydraJan.dll
[2007.04.24 22:18:17 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\HydraKor.dll
[2007.04.24 22:18:17 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\HydraZht.dll
[2007.04.24 22:18:17 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\HydraZhs.dll
[2007.04.24 22:18:17 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\ViewHook.dll
[2007.04.24 22:08:42 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007.03.20 20:09:42 | 000,000,023 | ---- | C] () -- C:\WINDOWS\kodakpcd.Petr.ini
[2007.03.07 23:17:57 | 000,001,160 | ---- | C] () -- C:\WINDOWS\visualdirsize.ini
[2007.03.07 22:59:51 | 000,000,133 | ---- | C] () -- C:\WINDOWS\lsplugin.ini
[2007.03.04 18:15:36 | 000,002,701 | ---- | C] () -- C:\WINDOWS\WDICT32.INI
[2007.03.03 23:53:45 | 000,000,031 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2007.03.03 23:35:33 | 000,000,390 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007.03.03 23:26:23 | 000,004,599 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2007.03.03 23:23:26 | 000,035,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\atintuxx.sys
[2007.03.03 23:23:24 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinrvxx.sys
[2007.03.03 23:23:21 | 000,032,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinraxx.sys
[2007.03.03 23:23:18 | 000,032,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinxsxx.sys
[2007.03.03 23:23:17 | 000,011,280 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinmdxx.sys
[2007.03.03 23:23:16 | 000,020,960 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinttxx.sys
[2007.03.03 23:19:45 | 000,004,249 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007.03.03 23:18:19 | 000,195,368 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007.03.03 22:38:42 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007.03.03 22:29:07 | 000,021,812 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004.08.17 16:58:58 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004.08.02 15:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2001.10.27 05:49:38 | 000,011,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinpdxx.sys
[2001.10.27 05:48:52 | 000,060,672 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinbtxx.sys
[2001.10.25 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001.10.25 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001.10.25 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001.10.25 14:00:00 | 000,269,162 | ---- | C] () -- C:\WINDOWS\System32\perfi005.dat
[2001.10.25 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001.10.25 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001.10.25 14:00:00 | 000,032,072 | ---- | C] () -- C:\WINDOWS\System32\perfd005.dat
[2001.10.25 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001.10.25 14:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001.10.25 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001.10.15 22:47:00 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2010.04.17 22:44:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
[2008.10.28 18:56:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Autodesk
[2008.10.28 18:56:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Autodesk(2)
[2009.06.10 19:49:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\IM
[2009.06.10 19:47:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\IncrediMail
[2009.09.28 16:37:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2007.03.05 21:17:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\Autodesk
[2009.12.02 22:48:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\f2fElementary
[2009.10.28 19:48:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\f2fStarter
[2009.09.06 18:31:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\Foxit
[2007.11.02 18:48:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\GameHouse
[2007.03.03 22:59:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\Opera
[2007.05.11 20:24:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\Zoner

========== Purity Check ==========



========== Custom Scans ==========


< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"CTFMON.EXE" = C:\WINDOWS\system32\ctfmon.exe -- [2004.08.17 16:49:24 | 000,015,360 | ---- | M] (Microsoft Corporation)
"SpybotSD TeaTimer" = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe -- [2009.03.05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.)

< c:\windows\*.* /U >

< %SYSTEMDRIVE%\*.exe >
[2011.06.16 22:18:55 | 000,286,720 | ---- | M] (SteelWerX) -- C:\swreg.exe

< %ALLUSERSPROFILE%\Application Data\*. >
[2008.12.16 22:53:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2008.10.17 19:27:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\Adobe
[2007.05.25 21:54:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\Apple Computer
[2007.03.05 21:17:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\Autodesk
[2007.04.24 22:08:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\CyberLink
[2011.06.08 20:01:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\dvdcss
[2009.12.02 22:48:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\f2fElementary
[2009.10.28 19:48:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\f2fStarter
[2009.09.06 18:31:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\Foxit
[2007.11.02 18:48:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\GameHouse
[2007.10.01 20:19:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\Google
[2007.05.16 18:12:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\Help
[2007.03.03 22:42:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\Identities
[2007.03.05 19:08:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\Macromedia
[2011.06.03 21:29:28 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Petr\Data aplikací\Microsoft
[2007.03.03 23:33:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\Microsoft Web Folders
[2009.09.06 18:31:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\Mozilla
[2007.03.03 22:59:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\Opera
[2011.06.17 16:42:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\Skype
[2011.06.17 16:02:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\skypePM
[2011.06.15 19:25:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\Sun
[2008.06.13 21:03:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\vlc
[2009.09.01 21:09:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\WinRAR
[2007.05.11 20:24:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\Zoner

< %APPDATA%\*.exe /s >


< MD5 for: AGP440.SYS >
[2004.08.17 16:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2004.08.17 16:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2004.08.17 16:49:22 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=CEA8636EC12F062C1ED8A7CB4E75324F -- C:\WINDOWS\system32\autochk.exe
[2004.08.17 16:49:22 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=CEA8636EC12F062C1ED8A7CB4E75324F -- C:\WINDOWS\system32\dllcache\autochk.exe

< MD5 for: CDROM.SYS >
[2004.08.17 16:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2004.08.03 23:59:54 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\system32\drivers\cdrom.sys

< MD5 for: CRYPTSVC.DLL >
[2004.08.17 16:49:04 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\system32\cryptsvc.dll
[2004.08.17 16:49:04 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\system32\dllcache\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2004.08.17 16:49:08 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004.08.17 16:49:08 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2007.06.13 15:23:39 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=ED7B460B142A32097B8A8F6ECC941815 -- C:\WINDOWS\explorer.exe
[2007.06.13 15:23:39 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=ED7B460B142A32097B8A8F6ECC941815 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: HAL.DLL >
[2004.08.17 16:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2004.08.03 23:59:08 | 000,081,280 | ---- | M] (Microsoft Corporation) MD5=4AF58CA3425F28FC5E3DB47DC122F722 -- C:\WINDOWS\system32\hal.dll

< MD5 for: CHANGER.SYS >
[2004.08.17 16:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys

< MD5 for: ISAPNP.SYS >
[2001.10.25 14:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\system32\drivers\isapnp.sys

< MD5 for: LSASS.EXE >
[2004.08.17 16:49:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\system32\dllcache\lsass.exe
[2004.08.17 16:49:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\system32\lsass.exe

< MD5 for: NDIS.SYS >
[2004.08.04 00:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\dllcache\ndis.sys
[2004.08.04 00:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\drivers\ndis.sys

< MD5 for: NETLOGON.DLL >
[2004.08.17 16:49:14 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2004.08.17 16:49:14 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004.08.17 16:49:18 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004.08.17 16:49:18 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SMSS.EXE >
[2004.08.17 16:49:28 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\system32\dllcache\smss.exe
[2004.08.17 16:49:28 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\system32\smss.exe

< MD5 for: SVCHOST.EXE >
[2004.08.17 16:49:28 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\system32\dllcache\svchost.exe
[2004.08.17 16:49:28 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\system32\svchost.exe

< MD5 for: TCPIP.SYS >
[2007.10.30 19:20:55 | 000,360,064 | ---- | M] (Microsoft Corporation) MD5=90CAFF4B094573449A0872A0F919B178 -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2007.10.30 19:20:55 | 000,360,064 | ---- | M] (Microsoft Corporation) MD5=90CAFF4B094573449A0872A0F919B178 -- C:\WINDOWS\system32\drivers\tcpip.sys

< MD5 for: USERINIT.EXE >
[2004.08.17 16:49:28 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\system32\dllcache\userinit.exe
[2004.08.17 16:49:28 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004.08.17 16:49:28 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2004.08.17 16:49:28 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WS2_32.DLL >
[2004.08.17 16:49:22 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\system32\dllcache\ws2_32.dll
[2004.08.17 16:49:22 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2007.03.03 23:17:49 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2007.03.03 23:17:48 | 000,663,552 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2007.03.03 23:17:48 | 000,458,752 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2011.06.15 19:26:31 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\system32\deployJava1.dll
[2011.06.15 19:26:32 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\system32\java.exe
[2011.06.15 19:26:32 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\system32\javacpl.cpl
[2011.06.15 19:26:32 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\system32\javaw.exe
[2011.06.15 19:26:32 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\system32\javaws.exe
[2011.06.15 23:21:44 | 000,934,374 | ---- | M] () -- C:\WINDOWS\system32\PerfStringBackup.INI

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< End of report >

Uf, trochu jsme s tím bojovali, ale je to pryč. Ještě doopravíme a vyzkoušíme...

Na stránce http://tinyurl.com/653f7oz vložte do okna následující skript, pojmenování zvolte libovolné a stiskněte tlačítko OK. Stažený soubor spusťte a přidání informací do registru potvrďte. Na stránce http://tinyurl.com/653f7oz vložte do okna následující skript, přepněte nahoře přepínač na .bat, pojmenování zvolte libovolné a stiskněte tlačítko OK. Stažený soubor spusťte, problikne černé okno a otevře se poznámkový blok s logem. Otevřený log sem prosím vložte.

Dobrý den, vše proběhlo, zde:


SpouçtŘnˇ slu§by wuauserv.
SpouçtŘnˇ slu§by BITS.

Zkuste zapnout automatické aktualizace a ověřit jejich funkčnost.

Spusťte znovu OTL, nastavte ho podle předchozích instrukcí, do okna dole vložte následující skript (míst toho předchozího) a klikněte na tlačítko Prohledat.
Log z OTL sem vložte.

Dobrý den, Windouzy mám neofi, aktualizace je vypnutá,, zatím jsem nic nezkoušel, když tak ještě napište, nevím co se může stát. OTL pouštím 4x, vždy se zastavil, přestal točit disk a po klepnutí myší na program vypíše dumprex.exe-chyb aplikace, správná iniciace aplikace (0xc000012d) se nezdařila. Dole v okně prohramu píše "manual File Scan -looking in folder:C\WINDOWS\Fonts\..." No už jsem si říkal že to bude OK, teď se vše zakouslo =totacomm, opera.

Od posledního skenu OTL jsme nic, co by mělo zapříčinit toto chování, neprováděli . Zkuste spustřit OTL v nouzovém režimu (restartujte počítač, při startu mačkejte F8 a z nabídky zvolte Nouzový režim s prací v síti).
A ten nelegální systém...

OTL logfile created on: 22.6.2011 18:44:13 - Run 5
OTL by OldTimer - Version 3.2.24.0 Folder = D:\_Downloaded files\OTL
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1023,49 Mb Total Physical Memory | 733,00 Mb Available Physical Memory | 71,62% Memory free
1,28 Gb Paging File | 1,13 Gb Available in Paging File | 88,67% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 9,77 Gb Total Space | 3,74 Gb Free Space | 38,29% Space Free | Partition Type: NTFS
Drive D: | 46,12 Gb Total Space | 39,44 Gb Free Space | 85,51% Space Free | Partition Type: NTFS
Drive G: | 465,76 Gb Total Space | 197,50 Gb Free Space | 42,40% Space Free | Partition Type: NTFS

Computer Name: PETR-87F50839C2 | User Name: Petr | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - [2011.06.15 23:28:43 | 000,580,608 | ---- | M] (OldTimer Tools) -- D:\_Downloaded files\OTL\OTL.exe
PRC - [2011.06.03 21:29:29 | 000,941,936 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2007.06.13 15:23:39 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003.12.03 07:01:00 | 000,753,700 | ---- | M] (C. Ghisler & Co.) -- C:\totalcmd\TOTALCMD.EXE


========== Modules (SafeList) ==========

MOD - [2011.06.15 23:28:43 | 000,580,608 | ---- | M] (OldTimer Tools) -- D:\_Downloaded files\OTL\OTL.exe
MOD - [2006.08.25 17:51:20 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011.05.10 14:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2004.12.22 00:28:58 | 000,602,220 | ---- | M] (Executive Software International, Inc.) [Auto | Stopped] -- C:\Program Files\Executive Software\Diskeeper\DkService.exe -- (Diskeeper)


========== Driver Services (SafeList) ==========

DRV - [2011.05.10 14:03:54 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011.05.10 14:03:44 | 000,307,928 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011.05.10 14:02:37 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011.05.10 14:02:25 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011.05.10 13:59:56 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011.05.10 13:59:37 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011.05.10 13:59:35 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2006.09.24 15:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2004.08.04 01:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004.08.04 00:31:36 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2001.10.27 07:47:14 | 000,349,184 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2001.10.27 05:50:02 | 000,032,752 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\atinxsxx.sys -- (ATIXSAudio)
DRV - [2001.10.27 05:49:46 | 000,020,960 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\atinttxx.sys -- (TTDec)
DRV - [2001.10.27 05:49:30 | 000,011,280 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\atinmdxx.sys -- (MVDCODEC)
DRV - [2001.10.27 05:49:22 | 000,032,848 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinraxx.sys -- (ativraxx)
DRV - [2001.10.27 05:47:30 | 000,065,024 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinrvxx.sys -- (atinrvxx)
DRV - [2001.10.27 05:46:22 | 000,035,952 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\atintuxx.sys -- (ATITUNEP)
DRV - [2001.10.01 15:29:22 | 000,006,144 | ---- | M] (Ravisent Technologies, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\CINEMSUP.SYS -- (CINEMSUP)
DRV - [2001.08.18 00:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001.08.17 23:28:12 | 000,488,383 | ---- | M] (Conexant) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\HSF_V124.sys -- (V124)
DRV - [2001.08.17 23:28:12 | 000,050,751 | ---- | M] (Conexant) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\HSF_TONE.sys -- (Tones)
DRV - [2001.08.17 23:28:10 | 000,542,879 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_MSFT.sys -- (hsf_msft)
DRV - [2001.08.17 23:28:10 | 000,073,279 | ---- | M] (Conexant) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\HSF_SPKP.sys -- (SpeakerPhone)
DRV - [2001.08.17 23:28:10 | 000,057,471 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_SAMP.sys -- (Rksample)
DRV - [2001.08.17 23:28:08 | 000,391,199 | ---- | M] (Conexant) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\HSF_K56K.sys -- (K56)
DRV - [2001.08.17 23:28:06 | 000,289,887 | ---- | M] (Conexant) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\HSF_FALL.sys -- (Fallback)
DRV - [2001.08.17 23:28:06 | 000,199,711 | ---- | M] (Conexant) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\HSF_FAXX.sys -- (SoftFax)
DRV - [2001.08.17 23:28:06 | 000,115,807 | ---- | M] (Conexant) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\HSF_FSKS.sys -- (Fsks)
DRV - [2001.08.17 23:28:04 | 000,067,167 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_BSC2.sys -- (basic2)
DRV - [2001.08.17 22:19:34 | 000,040,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\es1371mp.sys -- (es1371) Creative AudioPCI (ES1371,ES1373) (WDM)
DRV - [1996.04.03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-606747145-1202660629-854245398-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-606747145-1202660629-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2011.06.16 18:08:14 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [AtiPTA] C:\WINDOWS\System32\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DiskeeperSystray] C:\Program Files\Executive Software\Diskeeper\DkIcon.exe (Executive Software International, Inc.)
O4 - HKLM..\Run: [HydarVisionDesktopManager] File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKU\S-1-5-21-606747145-1202660629-854245398-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-606747145-1202660629-854245398-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL (ATI Technologies Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.240.0.214 83.240.0.215
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.03.03 22:34:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 7 Days ==========

[2011.06.22 18:39:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2011.06.16 18:41:26 | 000,286,720 | ---- | C] (SteelWerX) -- C:\swreg.exe
[2011.06.15 19:27:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Sun
[2011.06.15 19:27:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011.06.15 19:26:52 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011.06.15 19:26:52 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011.06.15 19:26:52 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011.06.15 19:26:52 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011.06.15 19:26:52 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011.06.15 19:26:25 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011.06.15 19:25:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Petr\Data aplikací\Sun

========== Files - Modified Within 7 Days ==========

[2011.06.22 18:41:29 | 000,004,590 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2011.06.22 18:39:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.06.22 12:22:37 | 000,002,275 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Skype.lnk
[2011.06.21 12:36:10 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011.06.21 12:36:10 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2011.06.20 17:57:31 | 000,000,281 | ---- | M] () -- C:\18zal.bat
[2011.06.20 17:56:02 | 000,000,529 | ---- | M] () -- C:\18cer.reg
[2011.06.19 20:04:29 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.06.17 20:33:57 | 000,000,944 | ---- | M] () -- C:\opr.reg
[2011.06.17 16:23:18 | 000,000,031 | ---- | M] () -- C:\WINDOWS\popcinfo.dat
[2011.06.16 22:20:07 | 000,000,175 | ---- | M] () -- C:\oprava_5.bat
[2011.06.16 22:18:55 | 000,286,720 | ---- | M] (SteelWerX) -- C:\swreg.exe
[2011.06.16 18:43:03 | 000,000,179 | ---- | M] () -- C:\oprava.bat
[2011.06.16 18:38:57 | 000,002,701 | ---- | M] () -- C:\WINDOWS\WDICT32.INI
[2011.06.16 18:08:14 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011.06.15 19:26:32 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011.06.15 19:26:32 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011.06.15 19:26:32 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011.06.15 19:26:32 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011.06.15 19:26:31 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll

========== Files Created - No Company Name ==========

[2011.06.21 12:36:10 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2011.06.21 12:36:10 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2011.06.20 17:57:31 | 000,000,281 | ---- | C] () -- C:\18zal.bat
[2011.06.20 17:56:02 | 000,000,529 | ---- | C] () -- C:\18cer.reg
[2011.06.17 20:33:57 | 000,000,944 | ---- | C] () -- C:\opr.reg
[2011.06.16 22:20:07 | 000,000,175 | ---- | C] () -- C:\oprava_5.bat
[2011.06.16 18:43:03 | 000,000,179 | ---- | C] () -- C:\oprava.bat
[2010.12.19 20:26:04 | 000,000,342 | ---- | C] () -- C:\WINDOWS\WTRDICT.INI
[2010.12.19 20:26:04 | 000,000,044 | ---- | C] () -- C:\WINDOWS\STXKBD.INI
[2009.03.11 21:22:21 | 000,000,178 | ---- | C] () -- C:\WINDOWS\arbasew.ini
[2009.01.05 21:57:18 | 000,004,251 | ---- | C] () -- C:\WINDOWS\WTRAN32.INI
[2008.11.23 20:08:05 | 000,003,487 | ---- | C] () -- C:\WINDOWS\MDVDP.Ini
[2008.05.04 17:57:39 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008.04.02 21:12:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WEBTRANS.INI
[2008.04.02 21:07:30 | 000,000,134 | ---- | C] () -- C:\WINDOWS\WEBWTR.INI
[2008.02.21 20:26:44 | 000,002,383 | ---- | C] () -- C:\WINDOWS\WINTRAN.INI
[2007.06.25 18:42:20 | 000,015,360 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2007.05.31 20:26:47 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\Petr\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.05.25 21:52:37 | 000,001,759 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\QTSBandwidthCache
[2007.05.08 14:27:37 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
[2007.04.24 22:28:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ATIMMC.INI
[2007.04.24 22:19:15 | 000,000,011 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.ini
[2007.04.24 22:19:10 | 000,066,560 | ---- | C] () -- C:\WINDOWS\System32\atiyuv12.dll
[2007.04.24 22:19:10 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2007.04.24 22:19:00 | 000,009,136 | ---- | C] () -- C:\WINDOWS\System32\INETWH16.DLL
[2007.04.24 22:18:17 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\HydraFra.dll
[2007.04.24 22:18:17 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\HydraEsp.dll
[2007.04.24 22:18:17 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\HydraPtb.dll
[2007.04.24 22:18:17 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\HydraNln.dll
[2007.04.24 22:18:17 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\HydraIta.dll
[2007.04.24 22:18:17 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\HydraSvs.dll
[2007.04.24 22:18:17 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\HydraNon.dll
[2007.04.24 22:18:17 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\HydraFif.dll
[2007.04.24 22:18:17 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\HydraDad.dll
[2007.04.24 22:18:17 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\HydraJan.dll
[2007.04.24 22:18:17 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\HydraKor.dll
[2007.04.24 22:18:17 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\HydraZht.dll
[2007.04.24 22:18:17 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\HydraZhs.dll
[2007.04.24 22:18:17 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\ViewHook.dll
[2007.04.24 22:08:42 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007.03.20 20:09:42 | 000,000,023 | ---- | C] () -- C:\WINDOWS\kodakpcd.Petr.ini
[2007.03.07 23:17:57 | 000,001,160 | ---- | C] () -- C:\WINDOWS\visualdirsize.ini
[2007.03.07 22:59:51 | 000,000,133 | ---- | C] () -- C:\WINDOWS\lsplugin.ini
[2007.03.04 18:15:36 | 000,002,701 | ---- | C] () -- C:\WINDOWS\WDICT32.INI
[2007.03.03 23:53:45 | 000,000,031 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2007.03.03 23:35:33 | 000,000,390 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007.03.03 23:26:23 | 000,004,590 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2007.03.03 23:23:26 | 000,035,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\atintuxx.sys
[2007.03.03 23:23:24 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinrvxx.sys
[2007.03.03 23:23:21 | 000,032,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinraxx.sys
[2007.03.03 23:23:18 | 000,032,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinxsxx.sys
[2007.03.03 23:23:17 | 000,011,280 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinmdxx.sys
[2007.03.03 23:23:16 | 000,020,960 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinttxx.sys
[2007.03.03 23:19:45 | 000,004,249 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007.03.03 23:18:19 | 000,195,368 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007.03.03 22:38:42 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2007.03.03 22:29:07 | 000,021,812 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004.08.17 16:58:58 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004.08.02 15:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2001.10.27 05:49:38 | 000,011,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinpdxx.sys
[2001.10.27 05:48:52 | 000,060,672 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinbtxx.sys
[2001.10.25 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001.10.25 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001.10.25 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001.10.25 14:00:00 | 000,269,162 | ---- | C] () -- C:\WINDOWS\System32\perfi005.dat
[2001.10.25 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001.10.25 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001.10.25 14:00:00 | 000,032,072 | ---- | C] () -- C:\WINDOWS\System32\perfd005.dat
[2001.10.25 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001.10.25 14:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001.10.25 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001.10.15 22:47:00 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2010.04.17 22:44:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
[2008.10.28 18:56:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Autodesk
[2008.10.28 18:56:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Autodesk(2)
[2009.06.10 19:49:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\IM
[2009.06.10 19:47:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\IncrediMail
[2009.09.28 16:37:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2007.03.05 21:17:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\Autodesk
[2009.12.02 22:48:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\f2fElementary
[2009.10.28 19:48:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\f2fStarter
[2009.09.06 18:31:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\Foxit
[2007.11.02 18:48:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\GameHouse
[2007.03.03 22:59:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\Opera
[2007.05.11 20:24:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Petr\Data aplikací\Zoner

========== Purity Check ==========



========== Custom Scans ==========


< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /s /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
ImagePath REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs
Type REG_DWORD 0x20
Start REG_DWORD 0x2
ErrorControl REG_DWORD 0x1
DisplayName REG_SZ Automatické aktualizace
ObjectName REG_SZ LocalSystem
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV\Enum
0 REG_SZ Root\LEGACY_WUAUSERV\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /s /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
ImagePath REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs
Type REG_DWORD 0x20
Start REG_DWORD 0x2
ErrorControl REG_DWORD 0x1
DisplayName REG_SZ Služba inteligentního přenosu na pozadí
DependOnService REG_SZ RpcSs
DependOnGroup REG_SZ
ObjectName REG_SZ LocalSystem
Description REG_SZ Přenáší na pozadí data mezi klienty a servery. Pokud je služba BITS zakázána, některé funkce systému (např. Windows Update) nebudou fungovat.
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS\Enum
0 REG_SZ Root\LEGACY_BITS\0000
Count REG_DWORD 0x1
NextInstance REG_DWORD 0x1

< End of report >

Dobrý den, v nouzovém režimu proběhlo OK, log výše, dokonce to bylo velice rychlé - proti trvání předchozích skenů.

Spusťte znovu OTL, do okna dole vložte následující skript a klikněte na tlačítko Opravit!
Po restartu PC sem prosím vložte log z OTM, který se otevře.