Prosím o kontrolu logu.

Zpráva

#31 Příspěvek od **Caroprd111** » 17 kvě 2010 20:30

Podle pravidel fóra se zde nelegálním softwarem nezabýváme (nelegální programy představují bezpečnostní hrozbu).
Obstarejte si legální zabezpečení PC (antivir, firewall), poté sem vložte nový log z RSIT a log z CKScanner.

Vyberte si třeba free Aviru nebo Avast + nějaký firewall (doporučuji ZoneAlarm) http://www.viry.cz/forum/viewtopic.php?f=29&t=6152 + http://www.viry.cz/forum/viewtopic.php?f=41&t=6523

Obrázek

Stáhněte na plochu CKScanner http://downloads.malwareremoval.com/CKScanner.exe

Spusťte a klikněte na "Search For Files", po dokončení skenu klikněte na "Save List to File" -> "OK"
Log s názvem ckfiles.txt bude uložený na ploše, obsah tohoto souboru sem vložte.

atharix · #32 Příspěvek od **atharix** » 17 kvě 2010 20:43

Vaškeré zabezpečení je stáhnuto z odkazů na tomto fóru Zonealarm, spyware terminator. Nerozumim co z toho patří do nelegalniho software. NOD 32 nepoužívám.
Zonealarm je aktivní již 3 měsíce. Již stahuji aviru.

výpis
CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.RP.11
----- EOF -----

#33 Příspěvek od **Caroprd111** » 17 kvě 2010 20:59

OK

Poté dejte nový log z RSIT.

atharix · #34 Příspěvek od **atharix** » 17 kvě 2010 21:04

Něco jsem našel. Když jsem dal po spuštění je zde něco co se mi nelíbí. Mrkněte na to. Když to odeberu samo se to zase přidá. Ještě novinka avira mi našla trojana TR/PSW.Wow.zgz

Beginning disinfection:
The registration entry <HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools> was removed successfully.
C:\Documents and Settings\Joe\Local Settings\temp\11547500.dll
[DETECTION] Is the TR/PSW.Wow.zqz Trojan
[NOTE] The file was moved to the quarantine directory under the name '57fb2341.qua'.

hh.jpg: (145.76 KiB) Staženo 78 x

zde je log

aLogfile of random's system information tool 1.06 (written by random/random)
Run by Joe at 2010-05-17 22:04:03
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 13 GB (45%) free of 30 GB
Total RAM: 2047 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:04:05, on 17.5.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\oodag.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\ACD Systems\ACDSee\9.0\ACDSee9.EXE
C:\Documents and Settings\Joe\Plocha\RSIT.exe
C:\Program Files\trend micro\Joe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\Run: [Configuring] rundll32.exe C:\DOCUME~1\Joe\LOCALS~1\Temp\11547500.dll,W
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Stáhnout &vše FlashGetem - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Stáhnout FlashGetem - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\System32\oodag.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 5413 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-04 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2010-03-10 1230288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
FGCatchUrl - C:\Program Files\FlashGet\jccatch.dll [2007-06-29 94308]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-19 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-19 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
FlashGet GetFlash Class - C:\Program Files\FlashGet\getflash.dll [2007-05-16 163840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - &Crawler lišta - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2010-03-10 1230288]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2009-10-15 949376]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2009-11-22 1037192]
"MSConfig"=C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE [2008-04-14 171008]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Configuring"=C:\DOCUME~1\Joe\LOCALS~1\Temp\11547500.dll [2010-05-09 18186]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-04-04 36272]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Configuring]
C:\DOCUME~1\Joe\LOCALS~1\Temp\11547500.dll [2010-05-09 18186]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
D:\Program Files\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
C:\Program Files\D-Tools\daemon.exe -lang 1033 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
C:\Program Files\FlashGet\flashget.exe [2007-06-29 1990704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2010-03-30 1820040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2007-03-01 153136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
C:\WINDOWS\System32\oodtray.exe [2007-05-11 2512392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2009-06-25 1414144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegDoctor]
C:\Program Files\RegDoctor\RegDoctor.exe [2005-11-30 2260992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2010-03-14 2166784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdate]
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [2010-03-14 3037696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
D:\Program Files\Valve\Steam\Steam.exe [2010-03-29 1217872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-19 149280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-08-14 155648]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\FlashGet\FlashGet.exe"="C:\Program Files\FlashGet\FlashGet.exe:*:Enabled:Flashget"
"D:\Strong DC++\StrongDC.exe"="D:\Strong DC++\StrongDC.exe:*:Enabled:StrongDC++"
"C:\Program Files\QIP\qip.exe"="C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe"="C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe"="C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"="C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe:*:Enabled:Crawler Spyware Terminator"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-05-17 19:14:46 ----D---- C:\rsit
2010-05-12 17:11:23 ----D---- C:\Documents and Settings\Joe\Data aplikací\TS3Client
2010-05-12 17:10:59 ----D---- C:\Program Files\Teamspeak3
2010-05-09 15:24:01 ----A---- C:\WINDOWS\system32\kabaker.dll
2010-05-07 18:17:39 ----D---- C:\Program Files\Common Files\Adobe
2010-05-07 18:17:28 ----SHD---- C:\Config.Msi
2010-04-27 00:13:06 ----A---- C:\WINDOWS\system32\dopdfmn6.dll
2010-04-27 00:13:06 ----A---- C:\WINDOWS\system32\dopdfmi6.dll
2010-04-27 00:13:05 ----D---- C:\Program Files\Softland
2010-04-27 00:08:51 ----D---- C:\Documents and Settings\Joe\Data aplikací\WordToPDF
2010-04-20 14:40:43 ----D---- C:\Documents and Settings\Joe\Data aplikací\ICAClient

======List of files/folders modified in the last 1 months======

2010-05-17 22:04:04 ----D---- C:\Program Files\trend micro
2010-05-17 22:03:54 ----D---- C:\Program Files\FlashGet
2010-05-17 22:03:42 ----D---- C:\WINDOWS\Internet Logs
2010-05-17 22:02:42 ----D---- C:\WINDOWS\Prefetch
2010-05-17 22:01:28 ----RASH---- C:\boot.ini
2010-05-17 22:01:28 ----A---- C:\WINDOWS\win.ini
2010-05-17 22:01:28 ----A---- C:\WINDOWS\system.ini
2010-05-17 21:57:01 ----D---- C:\WINDOWS\Temp
2010-05-17 19:11:02 ----A---- C:\WINDOWS\NeroDigital.ini
2010-05-17 19:10:29 ----D---- C:\WINDOWS\system32\drivers
2010-05-17 18:59:34 ----D---- C:\Program Files\Mozilla Firefox
2010-05-17 18:55:26 ----D---- C:\Documents and Settings\Joe\Data aplikací\Spyware Terminator
2010-05-17 15:35:53 ----D---- C:\WINDOWS\system32\CatRoot2
2010-05-17 01:22:16 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-05-16 14:43:55 ----D---- C:\WINDOWS
2010-05-15 16:08:36 ----A---- C:\WINDOWS\ErrRegDoc.txt
2010-05-12 17:10:59 ----RD---- C:\Program Files
2010-05-12 01:15:15 ----D---- C:\Documents and Settings\Joe\Data aplikací\Skype
2010-05-12 00:02:28 ----D---- C:\Documents and Settings\Joe\Data aplikací\skypePM
2010-05-09 15:24:01 ----D---- C:\WINDOWS\system32
2010-05-07 22:38:00 ----D---- C:\Program Files\Spyware Terminator
2010-05-07 18:18:23 ----SHD---- C:\WINDOWS\Installer
2010-05-07 18:17:44 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2010-05-07 18:17:39 ----D---- C:\Program Files\Common Files
2010-04-19 15:07:34 ----D---- C:\Program Files\DOSBox-0.73

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdPPM;Ovladač procesoru HwPState AMD; C:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 33792]
R1 nod32drv;nod32drv; C:\WINDOWS\system32\drivers\nod32drv.sys [2009-10-15 15424]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2009-11-22 486280]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\System32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 AMON;AMON; C:\WINDOWS\system32\drivers\amon.sys [2009-10-15 512096]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-08-14 4485632]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-09-23 26176]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-04-17 4707328]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2009-05-25 142336]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-14 17152]
S1 SASDIFSV;SASDIFSV; \??\C:\DOCUME~1\Joe\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS []
S1 SASKUTIL;SASKUTIL; \??\C:\DOCUME~1\Joe\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.sys []
S3 a2q89xu9;a2q89xu9; C:\WINDOWS\system32\drivers\a2q89xu9.sys []
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys []
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 GMSIPCI;GMSIPCI; \??\F:\INSTALL\GMSIPCI.SYS []
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-04 1389056]
S3 MSICDSetup;MSICDSetup; \??\F:\CDriver.sys []
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-02-09 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-02-09 22016]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2009-03-19 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2009-03-19 8320]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 SASENUM;SASENUM; \??\C:\DOCUME~1\Joe\LOCALS~1\Temp\SAS_SelfExtract\SASENUM.SYS []
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-02-09 7808]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-14 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-02-09 7808]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;Ovladač filtru Obnovy systému; C:\WINDOWS\System32\DRIVERS\sr.sys [2008-04-14 73344]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2010-03-30 1107336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-19 153376]
R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2009-10-15 552064]
R2 O&O Defrag;O&O Defrag; C:\WINDOWS\System32\oodag.exe [2007-05-11 1050120]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2010-03-14 488960]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2009-11-22 2384240]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-06-02 637952]
S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-08-14 602112]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-08-13 593920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-12-13 447784]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

-----------------EOF-----------------

#35 Příspěvek od **Caroprd111** » 17 kvě 2010 21:16

V logu pořád vidím NOD32, dokud ho neodinstalujete a nenahradíte free řešením, tak odmítám pokračovat.

atharix · #36 Příspěvek od **atharix** » 17 kvě 2010 21:17

Omlouvám se už mám nahozenou aviru. A pomohla hnedka. Zkusim restart a noda odebiram.

#37 Příspěvek od **Caroprd111** » 17 kvě 2010 21:18

atharix · #38 Příspěvek od **atharix** » 17 kvě 2010 21:32

Hotovo, vypadá, že avira ho úspěšně odstranila asi to byl ten trojan. Posílám log z RSIT. NOD32 odinstalován.

Logfile of random's system information tool 1.06 (written by random/random)
Run by Joe at 2010-05-17 22:30:51
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 14 GB (46%) free of 30 GB
Total RAM: 2047 MB (69% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:30:55, on 17.5.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\oodag.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
c:\program files\avira\antivir desktop\avcenter.exe
c:\program files\avira\antivir desktop\avscan.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\dllhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Joe\Plocha\RSIT.exe
C:\Program Files\trend micro\Joe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Stáhnout &vše FlashGetem - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Stáhnout FlashGetem - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\System32\oodag.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 5551 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-04 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2010-03-10 1230288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
FGCatchUrl - C:\Program Files\FlashGet\jccatch.dll [2007-06-29 94308]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-19 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-19 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
FlashGet GetFlash Class - C:\Program Files\FlashGet\getflash.dll [2007-05-16 163840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - &Crawler lišta - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2010-03-10 1230288]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2009-11-22 1037192]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-04-04 36272]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Configuring]
C:\DOCUME~1\Joe\LOCALS~1\Temp\11547500.dll,W []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
D:\Program Files\DAEMON Tools Lite\DTLite.exe [2009-10-30 369200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
C:\Program Files\D-Tools\daemon.exe -lang 1033 []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
C:\Program Files\FlashGet\flashget.exe [2007-06-29 1990704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2010-03-30 1820040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2007-03-01 153136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui]
C:\Program Files\Eset\nod32kui.exe /WAITSERVICE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
C:\WINDOWS\System32\oodtray.exe [2007-05-11 2512392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2009-06-25 1414144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-09-05 417792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegDoctor]
C:\Program Files\RegDoctor\RegDoctor.exe [2005-11-30 2260992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe [2010-03-14 2166784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdate]
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [2010-03-14 3037696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
D:\Program Files\Valve\Steam\Steam.exe [2010-03-29 1217872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-19 149280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-08-14 155648]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\FlashGet\FlashGet.exe"="C:\Program Files\FlashGet\FlashGet.exe:*:Enabled:Flashget"
"D:\Strong DC++\StrongDC.exe"="D:\Strong DC++\StrongDC.exe:*:Enabled:StrongDC++"
"C:\Program Files\QIP\qip.exe"="C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe"="C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe"="C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"="C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe:*:Enabled:Crawler Spyware Terminator"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-05-17 22:13:46 ----D---- C:\WINDOWS\system32\NtmsData
2010-05-17 22:13:15 ----D---- C:\Documents and Settings\Joe\Data aplikací\Avira
2010-05-17 22:11:43 ----D---- C:\Program Files\Avira
2010-05-17 22:11:43 ----D---- C:\Documents and Settings\All Users\Data aplikací\Avira
2010-05-17 19:14:46 ----D---- C:\rsit
2010-05-12 17:11:23 ----D---- C:\Documents and Settings\Joe\Data aplikací\TS3Client
2010-05-12 17:10:59 ----D---- C:\Program Files\Teamspeak3
2010-05-09 15:24:01 ----A---- C:\WINDOWS\system32\kabaker.dll
2010-05-07 18:17:39 ----D---- C:\Program Files\Common Files\Adobe
2010-04-27 00:13:06 ----A---- C:\WINDOWS\system32\dopdfmn6.dll
2010-04-27 00:13:06 ----A---- C:\WINDOWS\system32\dopdfmi6.dll
2010-04-27 00:13:05 ----D---- C:\Program Files\Softland
2010-04-27 00:08:51 ----D---- C:\Documents and Settings\Joe\Data aplikací\WordToPDF
2010-04-20 14:40:43 ----D---- C:\Documents and Settings\Joe\Data aplikací\ICAClient

======List of files/folders modified in the last 1 months======

2010-05-17 22:30:55 ----D---- C:\Program Files\trend micro
2010-05-17 22:28:20 ----D---- C:\WINDOWS\Prefetch
2010-05-17 22:26:56 ----D---- C:\WINDOWS\Internet Logs
2010-05-17 22:25:07 ----D---- C:\Program Files\Mozilla Firefox
2010-05-17 22:25:04 ----D---- C:\WINDOWS\Registration
2010-05-17 22:24:28 ----D---- C:\WINDOWS\Temp
2010-05-17 22:23:56 ----D---- C:\WINDOWS\system32\CatRoot2
2010-05-17 22:22:51 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-05-17 22:22:23 ----D---- C:\Program Files\ESET
2010-05-17 22:22:20 ----RASH---- C:\boot.ini
2010-05-17 22:22:20 ----A---- C:\WINDOWS\win.ini
2010-05-17 22:22:20 ----A---- C:\WINDOWS\system.ini
2010-05-17 22:21:11 ----D---- C:\WINDOWS\system32
2010-05-17 22:18:20 ----D---- C:\WINDOWS
2010-05-17 22:17:56 ----D---- C:\WINDOWS\system32\drivers
2010-05-17 22:13:46 ----D---- C:\WINDOWS\repair
2010-05-17 22:11:43 ----RD---- C:\Program Files
2010-05-17 22:10:51 ----SHD---- C:\WINDOWS\Installer
2010-05-17 22:10:50 ----D---- C:\WINDOWS\WinSxS
2010-05-17 22:09:16 ----A---- C:\WINDOWS\NeroDigital.ini
2010-05-17 22:08:01 ----D---- C:\Program Files\Spyware Terminator
2010-05-17 22:03:54 ----D---- C:\Program Files\FlashGet
2010-05-17 18:55:26 ----D---- C:\Documents and Settings\Joe\Data aplikací\Spyware Terminator
2010-05-15 16:08:36 ----A---- C:\WINDOWS\ErrRegDoc.txt
2010-05-12 01:15:15 ----D---- C:\Documents and Settings\Joe\Data aplikací\Skype
2010-05-12 00:02:28 ----D---- C:\Documents and Settings\Joe\Data aplikací\skypePM
2010-05-07 18:17:44 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2010-05-07 18:17:39 ----D---- C:\Program Files\Common Files
2010-04-19 15:07:34 ----D---- C:\Program Files\DOSBox-0.73

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdPPM;Ovladač procesoru HwPState AMD; C:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 33792]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2010-03-01 124784]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2009-11-22 486280]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\System32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-02-16 60936]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-08-14 4485632]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-09-23 26176]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-04-17 4707328]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2009-05-25 142336]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-14 17152]
S1 SASDIFSV;SASDIFSV; \??\C:\DOCUME~1\Joe\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS []
S1 SASKUTIL;SASKUTIL; \??\C:\DOCUME~1\Joe\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.sys []
S3 a2xymi6f;a2xymi6f; C:\WINDOWS\system32\drivers\a2xymi6f.sys []
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys []
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 GMSIPCI;GMSIPCI; \??\F:\INSTALL\GMSIPCI.SYS []
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-04 1389056]
S3 MSICDSetup;MSICDSetup; \??\F:\CDriver.sys []
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-02-09 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-02-09 22016]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2009-03-19 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2009-03-19 8320]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 SASENUM;SASENUM; \??\C:\DOCUME~1\Joe\LOCALS~1\Temp\SAS_SelfExtract\SASENUM.SYS []
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-02-09 7808]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-14 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-02-09 7808]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;Ovladač filtru Obnovy systému; C:\WINDOWS\System32\DRIVERS\sr.sys [2008-04-14 73344]
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-04-01 267432]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-08-14 602112]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2010-03-30 1107336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-19 153376]
R2 O&O Defrag;O&O Defrag; C:\WINDOWS\System32\oodag.exe [2007-05-11 1050120]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2010-03-14 488960]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2009-11-22 2384240]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-08-13 593920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2007-12-13 447784]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-06-02 637952]

-----------------EOF-----------------

#39 Příspěvek od **Caroprd111** » 18 kvě 2010 05:15

Stáhněte OTL http://oldtimer.geekstogo.com/OTL.exe na plochu

Spusťte, poté do spodního políčka vložte následující skript.

Kód: Vybrat vše

 netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys 
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys 
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
tcpip.sys
cryptsvc.dll
Changer.sys
JakNDis.sys
isapnp.sys 
cdrom.sys 
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav 
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
CREATERESTOREPOINT

Označte položku Pro všechny uživatele.
Označte položky Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Klikněte na tlačítko Prohledat
Po dokončení, sem vložte logy OTL.Txt a Extras.txt

atharix · #40 Příspěvek od **atharix** » 18 kvě 2010 09:20

OTL logfile created on: 18.5.2010 10:17:47 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Joe\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 74,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 90,00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29,29 Gb Total Space | 19,78 Gb Free Space | 67,51% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 577,63 Gb Free Space | 62,01% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 268,79 Gb Total Space | 262,32 Gb Free Space | 97,59% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ADAM
Current User Name: Joe
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.05.18 10:17:08 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joe\Plocha\OTL.exe
PRC - [2010.04.01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.03.30 11:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2010.03.14 21:30:00 | 000,488,960 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\sp_rsser.exe
PRC - [2010.03.02 11:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.02.24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010.01.14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.11.22 16:44:16 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2009.11.22 16:42:50 | 001,037,192 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2009.10.28 12:39:25 | 000,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008.04.14 09:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.05.11 02:09:48 | 001,050,120 | ---- | M] (O&O Software GmbH) -- C:\WINDOWS\system32\oodag.exe

========== Modules (SafeList) ==========

MOD - [2010.05.18 10:17:08 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joe\Plocha\OTL.exe
MOD - [2008.04.14 09:49:02 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - [2010.04.01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.03.30 11:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2010.03.14 21:30:00 | 000,488,960 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files\Spyware Terminator\sp_rsser.exe -- (sp_rssrv)
SRV - [2010.02.24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009.11.22 16:44:16 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2009.06.02 11:10:08 | 000,637,952 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007.05.11 02:09:48 | 001,050,120 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\WINDOWS\system32\oodag.exe -- (O&O Defrag)

========== Driver Services (SafeList) ==========

DRV - [2010.03.29 20:30:33 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010.03.14 21:30:00 | 000,142,592 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2)
DRV - [2010.03.01 10:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.02.16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.11.22 16:42:54 | 000,486,280 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2009.09.23 10:41:58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009.08.14 06:27:00 | 004,485,632 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009.05.25 09:21:28 | 000,142,336 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009.05.11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.03.19 15:48:18 | 000,136,704 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2009.03.19 15:48:12 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2009.02.09 09:37:56 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009.02.09 09:37:48 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009.02.09 09:37:46 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009.02.09 09:37:46 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2008.08.26 11:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.08.05 14:10:12 | 001,684,736 | R--- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008.04.17 10:33:26 | 004,707,328 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007.09.25 16:59:46 | 000,015,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\MediaCoder\SysInfo.sys -- (CrystalSysInfo)
DRV - [2007.04.16 16:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2006.01.04 09:41:48 | 001,389,056 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2005.01.07 17:07:18 | 000,138,752 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com

IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1390067357-343818398-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-1390067357-343818398-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
IE - HKU\S-1-5-21-1390067357-343818398-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.1
FF - prefs.js..extensions.enabledItems: {8b86149f-01fb-4842-9dd8-4d7eb02fd055}:0.20.0
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.0.6
FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.713
FF - prefs.js..extensions.enabledItems: firefox-ext@youtubekeep.com:0.3.1

FF - HKLM\software\mozilla\Firefox\extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009.10.31 12:38:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}: C:\Program Files\Crawler\Toolbar\firefox\ [2010.03.14 21:30:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.03.31 13:44:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.05.07 18:18:17 | 000,000,000 | ---D | M]

[2009.12.19 23:11:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Data aplikací\Mozilla\Extensions
[2009.12.19 23:11:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Data aplikací\Mozilla\Extensions\MediaCoder
[2010.03.21 09:31:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Data aplikací\Mozilla\Firefox\Profiles\htqv7qn3.default\extensions
[2009.10.15 21:06:52 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\Joe\Data aplikací\Mozilla\Firefox\Profiles\htqv7qn3.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2009.10.15 21:17:41 | 000,000,000 | ---D | M] (All-in-One Gestures) -- C:\Documents and Settings\Joe\Data aplikací\Mozilla\Firefox\Profiles\htqv7qn3.default\extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055}
[2009.10.15 21:07:58 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Joe\Data aplikací\Mozilla\Firefox\Profiles\htqv7qn3.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009.11.08 18:07:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Data aplikací\Mozilla\Firefox\Profiles\htqv7qn3.default\extensions\firefox-ext@youtubekeep.com
[2010.03.21 09:31:40 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009.04.07 20:52:04 | 000,028,672 | ---- | M] () -- C:\Program Files\Mozilla Firefox\components\GooglePlusVideosXPCOM.dll
[2008.10.19 11:58:22 | 000,049,152 | ---- | M] () -- C:\Program Files\Mozilla Firefox\components\SiteVacuumXPCOM.dll
[2009.08.09 23:14:12 | 000,049,152 | ---- | M] () -- C:\Program Files\Mozilla Firefox\components\SuperSearchXPCOM.dll
[2008.08.16 18:42:02 | 000,070,456 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\CgpCore.dll
[2008.08.16 18:42:12 | 000,091,448 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\confmgr.dll
[2008.08.16 18:42:08 | 000,020,800 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ctxlogging.dll
[2008.05.21 09:41:08 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\msvcm80.dll
[2008.05.21 09:41:08 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\msvcp80.dll
[2008.05.21 09:41:08 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\msvcr80.dll
[2008.08.16 18:44:46 | 000,427,312 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npicaN.dll
[2009.07.17 20:21:00 | 003,883,424 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll
[2008.08.16 18:42:04 | 000,023,864 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\TcpPServ.dll
[2007.07.26 13:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml
[2009.10.18 13:53:14 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2009.10.18 13:53:14 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2009.10.18 13:53:14 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2009.10.24 19:34:34 | 000,002,664 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\SiteVacuum.xml
[2009.10.18 13:53:14 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2009.10.18 13:53:14 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2010.03.16 15:39:33 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: () - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com)
O3 - HKLM\..\Toolbar: (&Crawler lišta) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O3 - HKU\S-1-5-21-1390067357-343818398-839522115-1003\..\Toolbar\ShellBrowser: (&Crawler lišta) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O3 - HKU\S-1-5-21-1390067357-343818398-839522115-1003\..\Toolbar\WebBrowser: (&Crawler lišta) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1390067357-343818398-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1390067357-343818398-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1390067357-343818398-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1390067357-343818398-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Stáhnout &vše FlashGetem - C:\Program Files\FlashGet\JC_ALL.HTM ()
O8 - Extra context menu item: &Stáhnout FlashGetem - C:\Program Files\FlashGet\JC_LINK.HTM ()
O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\flashget.exe (FlashGet.com)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/sh ... wflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Joe\Data aplikací\ACD Systems\ACDSee\ACD Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Joe\Data aplikací\ACD Systems\ACDSee\ACD Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (OODBS) - C:\WINDOWS\System32\OODBS.exe (O&O Software GmbH)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009.07.24 03:13:28 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\WINDOWS\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: VIDC.ACDV - C:\WINDOWS\System32\ACDV.dll (ACD Systems)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

CREATERESTOREPOINT
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

========== Files/Folders - Created Within 30 Days ==========

[2010.05.18 10:17:07 | 000,571,392 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Joe\Plocha\OTL.exe
[2010.05.17 22:51:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe\Dokumenty\Fotky
[2010.05.17 22:13:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010.05.17 22:13:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe\Data aplikací\Avira
[2010.05.17 22:11:46 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010.05.17 22:11:44 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010.05.17 22:11:44 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2010.05.17 22:11:44 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010.05.17 22:11:44 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010.05.17 22:11:43 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010.05.17 22:11:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Avira
[2010.05.17 19:14:46 | 000,000,000 | ---D | C] -- C:\rsit
[2010.05.15 16:07:42 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Joe\Recent
[2010.05.12 17:11:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe\Data aplikací\TS3Client
[2010.05.12 17:10:59 | 000,000,000 | ---D | C] -- C:\Program Files\Teamspeak3
[2010.05.09 15:24:01 | 000,988,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kabaker.dll
[2010.05.07 18:17:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010.04.27 00:14:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Data aplikací\Softland
[2010.04.27 00:13:06 | 000,021,192 | ---- | C] (Softland) -- C:\WINDOWS\System32\dopdfmn6.dll
[2010.04.27 00:13:06 | 000,018,632 | ---- | C] (Softland) -- C:\WINDOWS\System32\dopdfmi6.dll
[2010.04.27 00:13:05 | 000,000,000 | ---D | C] -- C:\Program Files\Softland
[2010.04.27 00:08:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe\Data aplikací\WordToPDF
[2010.04.20 14:40:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe\Data aplikací\ICAClient
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.05.18 10:17:08 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joe\Plocha\OTL.exe
[2010.05.18 10:15:48 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.05.18 10:15:40 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.05.18 10:15:36 | 000,568,265 | ---- | M] () -- C:\WINDOWS\System32\oodbs.lor
[2010.05.17 22:52:55 | 009,437,184 | -H-- | M] () -- C:\Documents and Settings\Joe\NTUSER.DAT
[2010.05.17 22:22:49 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Joe\ntuser.ini
[2010.05.17 22:22:20 | 000,000,664 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.05.17 22:22:20 | 000,000,293 | RHS- | M] () -- C:\boot.ini
[2010.05.17 22:22:20 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.05.17 22:11:53 | 000,001,713 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Avira AntiVir Control Center.lnk
[2010.05.17 22:09:16 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.05.17 18:49:12 | 005,334,636 | -H-- | M] () -- C:\Documents and Settings\Joe\Local Settings\Data aplikací\IconCache.db
[2010.05.17 18:18:41 | 000,200,704 | ---- | M] () -- C:\Documents and Settings\Joe\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.17 15:35:26 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.05.14 12:46:40 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\Joe\Plocha\Informace ke státní záv zkou_ce.doc
[2010.05.14 11:41:12 | 000,000,162 | ---- | M] () -- C:\Documents and Settings\Joe\Plocha\~$_lení 15.5.!!!.doc
[2010.05.12 17:11:01 | 000,000,789 | ---- | M] () -- C:\Documents and Settings\Joe\Plocha\TeamSpeak 3 Client.lnk
[2010.05.11 23:22:23 | 000,002,283 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Skype.lnk
[2010.05.09 20:05:31 | 000,064,000 | ---- | M] () -- C:\Documents and Settings\Joe\Plocha\P_ihlá_ka k bak.státnicím - 3. etapa.doc
[2010.05.09 20:04:14 | 000,045,300 | ---- | M] () -- C:\Documents and Settings\Joe\Plocha\info_3rocBc.doc
[2010.05.09 12:43:17 | 000,082,432 | ---- | M] () -- C:\Documents and Settings\Joe\Plocha\PO_Karvina.doc
[2010.05.08 19:32:14 | 000,000,659 | ---- | M] () -- C:\Documents and Settings\Joe\Plocha\WOTLK.lnk
[2010.05.08 19:32:08 | 000,000,616 | ---- | M] () -- C:\Documents and Settings\Joe\Plocha\Wow.lnk
[2010.05.07 18:18:17 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Adobe Reader 9.lnk
[2010.05.06 20:29:56 | 000,082,432 | ---- | M] () -- C:\Documents and Settings\Joe\Plocha\Řízení jakosti A - Seminární práce.doc
[2010.05.06 20:07:27 | 000,249,856 | ---- | M] () -- C:\Documents and Settings\Joe\Plocha\TZ_PREDAVANI_ ARODNI_CENY_KVALITY_11_11_2009.doc
[2010.05.06 20:07:08 | 000,077,824 | ---- | M] () -- C:\Documents and Settings\Joe\Plocha\start_plus_D_pokyny.doc
[2010.04.28 16:41:54 | 000,077,312 | ---- | M] () -- C:\Documents and Settings\Joe\Plocha\Řízení jakosti.doc
[2010.04.27 00:14:42 | 000,997,040 | ---- | M] () -- C:\Documents and Settings\Joe\Dokumenty\Bakalářská_práce.pdf
[2010.04.25 14:25:33 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Joe\Plocha\~$žní ocenění rodinného domu ve Vratimově.doc
[2010.04.24 11:56:22 | 000,019,023 | ---- | M] () -- C:\Documents and Settings\Joe\Plocha\Seznam.xlsx
[2010.04.22 17:43:12 | 000,154,624 | ---- | M] () -- C:\Documents and Settings\Joe\Plocha\Podmínky realizace bakalá_ských státnic.doc
[2010.04.21 13:57:04 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\Joe\Plocha\Závěr.doc
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.05.17 22:11:53 | 000,001,713 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Avira AntiVir Control Center.lnk
[2010.05.14 12:46:39 | 000,027,648 | ---- | C] () -- C:\Documents and Settings\Joe\Plocha\Informace ke státní záv zkou_ce.doc
[2010.05.14 11:41:12 | 000,000,162 | ---- | C] () -- C:\Documents and Settings\Joe\Plocha\~$_lení 15.5.!!!.doc
[2010.05.12 17:11:01 | 000,000,789 | ---- | C] () -- C:\Documents and Settings\Joe\Plocha\TeamSpeak 3 Client.lnk
[2010.05.09 20:05:31 | 000,064,000 | ---- | C] () -- C:\Documents and Settings\Joe\Plocha\P_ihlá_ka k bak.státnicím - 3. etapa.doc
[2010.05.09 20:04:13 | 000,045,300 | ---- | C] () -- C:\Documents and Settings\Joe\Plocha\info_3rocBc.doc
[2010.05.09 12:40:00 | 000,082,432 | ---- | C] () -- C:\Documents and Settings\Joe\Plocha\PO_Karvina.doc
[2010.05.08 19:32:14 | 000,000,659 | ---- | C] () -- C:\Documents and Settings\Joe\Plocha\WOTLK.lnk
[2010.05.08 19:32:08 | 000,000,616 | ---- | C] () -- C:\Documents and Settings\Joe\Plocha\Wow.lnk
[2010.05.07 18:17:46 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Adobe Reader 9.lnk
[2010.05.06 20:07:26 | 000,249,856 | ---- | C] () -- C:\Documents and Settings\Joe\Plocha\TZ_PREDAVANI_ ARODNI_CENY_KVALITY_11_11_2009.doc
[2010.05.06 20:07:08 | 000,077,824 | ---- | C] () -- C:\Documents and Settings\Joe\Plocha\start_plus_D_pokyny.doc
[2010.05.06 19:16:19 | 000,082,432 | ---- | C] () -- C:\Documents and Settings\Joe\Plocha\Řízení jakosti A - Seminární práce.doc
[2010.04.28 16:30:48 | 000,077,312 | ---- | C] () -- C:\Documents and Settings\Joe\Plocha\Řízení jakosti.doc
[2010.04.27 00:14:30 | 000,997,040 | ---- | C] () -- C:\Documents and Settings\Joe\Dokumenty\Bakalářská_práce.pdf
[2010.04.27 00:13:07 | 000,007,537 | ---- | C] () -- C:\WINDOWS\System32\dopdf6.ctm
[2010.04.25 14:25:33 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Joe\Plocha\~$žní ocenění rodinného domu ve Vratimově.doc
[2010.04.24 11:56:21 | 000,019,023 | ---- | C] () -- C:\Documents and Settings\Joe\Plocha\Seznam.xlsx
[2010.04.22 17:43:12 | 000,154,624 | ---- | C] () -- C:\Documents and Settings\Joe\Plocha\Podmínky realizace bakalá_ských státnic.doc
[2010.04.21 13:53:23 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\Joe\Plocha\Závěr.doc
[2010.03.29 20:30:33 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010.03.14 21:30:00 | 000,142,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2009.10.30 00:45:42 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.10.24 20:11:37 | 000,000,264 | ---- | C] () -- C:\WINDOWS\System32\winsusrm.dll
[2009.10.24 19:26:20 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth2.dll
[2009.10.24 19:26:20 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth1.dll
[2009.10.24 19:26:20 | 000,000,100 | ---- | C] () -- C:\WINDOWS\System32\prsgrc.dll
[2009.10.24 19:24:55 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2009.10.24 19:24:55 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2009.10.15 20:44:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\oodcnt.INI
[2009.10.15 20:42:10 | 000,000,390 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009.10.15 20:12:19 | 000,073,728 | R--- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2005.06.29 09:58:02 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005.02.17 12:31:58 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005.02.17 12:31:58 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005.02.17 12:31:58 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005.02.17 12:31:58 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005.02.17 12:31:58 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005.02.17 12:31:58 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005.02.17 12:31:58 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2003.04.09 15:38:04 | 000,005,664 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002.03.21 14:39:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL

========== LOP Check ==========

[2009.10.18 15:15:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ACD Systems
[2009.10.19 00:33:59 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\CanonBJ
[2010.03.29 20:30:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
[2010.01.19 19:01:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Installations
[2010.01.19 19:02:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Nokia
[2009.10.31 12:38:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\PC Suite
[2009.10.24 19:26:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\SafeNet Sentinel
[2010.03.15 13:08:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
[2009.10.24 18:21:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Data aplikací\ACD Systems
[2009.11.18 19:40:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Data aplikací\Broad Intelligence
[2010.02.15 16:02:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Data aplikací\BSplayer
[2010.02.15 14:56:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Data aplikací\BSplayer Pro
[2010.03.29 21:18:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Data aplikací\DAEMON Tools Lite
[2009.11.18 19:44:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Data aplikací\Fraunhofer
[2009.10.18 14:01:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Data aplikací\GHISLER
[2010.04.20 14:42:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Data aplikací\ICAClient
[2009.11.08 19:22:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Data aplikací\Nokia
[2009.11.08 19:09:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Data aplikací\PC Suite
[2009.11.24 23:23:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Data aplikací\Runiter
[2010.05.17 18:55:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Data aplikací\Spyware Terminator
[2010.05.12 21:43:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Data aplikací\TS3Client
[2010.04.27 00:09:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Data aplikací\WordToPDF
[2010.04.27 00:14:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Data aplikací\Softland

========== Purity Check ==========

========== Custom Scans ==========

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >

< c:\windows\*.* /U >
[4 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >
[2009.10.24 19:26:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SPSS

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2009.10.24 18:21:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Data aplikací\ACD Systems
[2009.10.18 16:55:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Data aplikací\Adobe
[2009.12.01 00:19:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Data aplikací\Apple Computer
[2010.05.17 22:13:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Data aplikací\Avira
[2009.11.18 19:40:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Data aplikací\Broad Intelligence
[2010.02.15 16:02:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Data aplikací\BSplayer
[2010.02.15 14:56:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Data aplikací\BSplayer Pro
[2009.10.15 20:50:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Data aplikací\CyberLink
[2010.03.29 21:18:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Data aplikací\DAEMON Tools Lite
[2009.11.18 19:44:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Data aplikací\Fraunhofer
[2009.10.18 14:01:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Data aplikací\GHISLER
[2009.12.03 00:18:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Data aplikací\Hamachi
[2010.04.20 14:42:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Data aplikací\ICAClient
[2009.10.15 19:34:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Data aplikací\Identities
[2009.10.15 20:12:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Data aplikací\InstallShield
[2009.10.25 11:59:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Data aplikací\Lavasoft
[2009.10.15 20:43:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Data aplikací\Macromedia
[2010.02.13 16:37:40 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Joe\Data aplikací\Microsoft
[2009.10.15 21:06:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Data aplikací\Mozilla
[2009.10.29 20:52:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Data aplikací\Nero
[2009.11.08 19:22:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Data aplikací\Nokia
[2009.11.08 19:09:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Data aplikací\PC Suite
[2009.11.24 23:23:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Data aplikací\Runiter
[2009.10.18 17:22:06 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Joe\Data aplikací\SecuROM
[2010.05.12 01:15:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Data aplikací\Skype
[2010.05.12 00:02:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Data aplikací\skypePM
[2010.05.17 18:55:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Data aplikací\Spyware Terminator
[2009.10.19 00:51:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Data aplikací\Sun
[2010.03.15 14:03:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Data aplikací\SUPERAntiSpyware.com
[2009.11.25 23:03:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Data aplikací\teamspeak2
[2010.05.12 21:43:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Data aplikací\TS3Client
[2009.10.18 23:01:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Data aplikací\Ventrilo
[2009.10.15 23:50:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Data aplikací\WinRAR
[2010.04.27 00:09:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joe\Data aplikací\WordToPDF

< %APPDATA%\*.exe /s >
[2007.08.18 10:54:02 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Joe\Data aplikací\BSplayer\AC3 Filter\ac3config.exe
[2007.08.18 10:53:50 | 000,016,384 | ---- | M] () -- C:\Documents and Settings\Joe\Data aplikací\BSplayer\AC3 Filter\dialog_patch.exe
[2008.04.13 18:26:54 | 000,036,396 | ---- | M] () -- C:\Documents and Settings\Joe\Data aplikací\BSplayer\AC3 Filter\uninstall.exe
[2008.04.01 12:51:06 | 000,691,717 | ---- | M] () -- C:\Documents and Settings\Joe\Data aplikací\BSplayer\FFDShow\unins000.exe
[2008.03.29 18:42:00 | 000,103,424 | ---- | M] () -- C:\Documents and Settings\Joe\Data aplikací\BSplayer\Haali media splitter\dsmux.exe
[2008.03.29 18:42:02 | 000,335,872 | ---- | M] () -- C:\Documents and Settings\Joe\Data aplikací\BSplayer\Haali media splitter\gdsmux.exe
[2008.03.29 18:41:54 | 000,135,168 | ---- | M] () -- C:\Documents and Settings\Joe\Data aplikací\BSplayer\Haali media splitter\mkv2vfr.exe
[2008.06.10 10:11:02 | 000,041,412 | ---- | M] () -- C:\Documents and Settings\Joe\Data aplikací\BSplayer\Haali media splitter\uninstall.exe
[2010.03.29 18:59:50 | 000,015,872 | R--- | M] () -- C:\Documents and Settings\Joe\Data aplikací\Microsoft\Installer\{048298C9-A4D3-490B-9FF9-AB023A9238F3}\Icon048298C9.exe
[2009.10.15 19:51:54 | 000,292,878 | R--- | M] () -- C:\Documents and Settings\Joe\Data aplikací\Microsoft\Installer\{53480330-E1D1-41CA-B8F8-7F78644F7F50}\ARPPRODUCTICON.exe
[2009.10.15 19:51:54 | 000,292,878 | R--- | M] () -- C:\Documents and Settings\Joe\Data aplikací\Microsoft\Installer\{53480330-E1D1-41CA-B8F8-7F78644F7F50}\oodcnt_ds.53480420_ED54_41F1_B802_5A3B83DAF067.exe
[2009.10.15 19:51:54 | 000,292,878 | R--- | M] () -- C:\Documents and Settings\Joe\Data aplikací\Microsoft\Installer\{53480330-E1D1-41CA-B8F8-7F78644F7F50}\oodcnt_exe.53480420_ED54_41F1_B802_5A3B83DAF067.exe
[2009.10.15 19:51:20 | 000,022,486 | R--- | M] () -- C:\Documents and Settings\Joe\Data aplikací\Microsoft\Installer\{53480880-18E0-4097-A460-F22DD3AC6D70}\ARPPRODUCTICON.exe
[2009.10.15 19:51:20 | 000,061,440 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\Joe\Data aplikací\Microsoft\Installer\{53480880-18E0-4097-A460-F22DD3AC6D70}\NewShortcut1_1B77C7148529485093387D9DB12862D9.exe
[2009.10.15 19:51:20 | 000,061,440 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\Joe\Data aplikací\Microsoft\Installer\{53480880-18E0-4097-A460-F22DD3AC6D70}\NewShortcut2_534800708E5F4678B8E02525A719DD39.exe
[2009.10.15 21:06:59 | 000,177,024 | ---- | M] () -- C:\Documents and Settings\Joe\Data aplikací\Mozilla\Firefox\Profiles\htqv7qn3.default\FlashGot.exe

< MD5 for: AGP440.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.04.14 10:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008.04.14 10:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.14 01:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.14 01:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004.08.03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2002.09.20 18:17:54 | 010,174,968 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.04.14 10:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008.04.14 10:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: CDROM.SYS >
[2002.09.20 18:17:54 | 010,174,968 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:cdrom.sys
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2008.04.14 10:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:cdrom.sys
[2008.04.14 10:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008.04.14 01:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008.04.14 01:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2004.08.03 22:59:54 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys

< MD5 for: CRYPTSVC.DLL >
[2004.08.17 15:49:04 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll
[2008.04.14 09:51:40 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[2008.04.14 09:51:40 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2008.04.14 09:51:42 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 09:51:42 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll
[2004.08.17 15:49:08 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008.04.14 09:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 09:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004.08.17 15:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: HAL.DLL >
[2002.09.20 18:17:54 | 010,174,968 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:hal.dll
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2008.04.14 10:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:hal.dll
[2008.04.14 10:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll
[2008.04.14 01:01:30 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=4329EE7D502C9113EBA0F9570392F5EE -- C:\WINDOWS\system32\HAL.DLL
[2008.04.14 01:01:34 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll
[2004.08.03 22:59:14 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=DFCE51FD96909D1B97D4A1A72D060D77 -- C:\WINDOWS\$NtServicePackUninstall$\hal.dll

< MD5 for: CHANGER.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2008.04.14 10:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:Changer.sys
[2008.04.14 10:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Changer.sys
[2008.04.14 01:11:00 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\ServicePackFiles\i386\changer.sys
[2004.08.03 23:00:14 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=DAF1A8193B6CAF0FB858CADCC5C4AF4A -- C:\WINDOWS\$NtServicePackUninstall$\changer.sys

< MD5 for: ISAPNP.SYS >
[2008.04.14 10:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2008.04.14 10:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:isapnp.sys
[2001.10.25 14:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\$NtServicePackUninstall$\isapnp.sys
[2008.04.14 08:57:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\ServicePackFiles\i386\isapnp.sys
[2008.04.14 08:57:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\drivers\isapnp.sys

< MD5 for: LSASS.EXE >
[2004.08.17 15:49:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
[2008.04.14 09:52:30 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[2008.04.14 09:52:30 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\lsass.exe

< MD5 for: NDIS.SYS >
[2008.04.14 01:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008.04.14 01:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2004.08.03 23:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

< MD5 for: NETLOGON.DLL >
[2004.08.17 15:49:14 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008.04.14 09:51:52 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 09:51:52 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004.08.17 15:49:18 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008.04.14 09:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 09:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SMSS.EXE >
[2004.08.17 15:49:28 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\$NtServicePackUninstall$\smss.exe
[2004.08.17 16:49:28 | 000,164,864 | ---- | M] (Microsoft Corporation) MD5=3C100B7FDB179B63829103DF6541337F -- C:\cmdcons\SYSTEM32\SMSS.EXE
[2008.04.14 09:52:48 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\ServicePackFiles\i386\smss.exe
[2008.04.14 09:52:48 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\smss.exe

< MD5 for: SVCHOST.EXE >
[2008.04.14 09:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008.04.14 09:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe
[2004.08.17 15:49:28 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: TCPIP.SYS >
[2004.08.03 23:14:42 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=6A603809F598332DBEDD535BDBCE313E -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2008.04.14 01:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008.04.14 01:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\system32\drivers\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.04.14 09:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 09:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe
[2004.08.17 15:49:28 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004.08.17 15:49:28 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 09:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 09:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WS2_32.DLL >
[2004.08.17 15:49:22 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
[2008.04.14 09:52:08 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008.04.14 09:52:08 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010.03.29 20:30:33 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys

< %systemroot%\System32\config\*.sav >
[2009.07.24 03:16:44 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009.07.24 03:16:44 | 000,630,784 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009.07.24 03:16:44 | 000,430,080 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2010.05.18 10:15:36 | 000,568,265 | ---- | M] () -- C:\WINDOWS\system32\oodbs.lor
[2010.05.17 15:35:26 | 000,002,206 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

========== Files - Unicode (All) ==========
[2009.10.30 00:20:35 | 000,000,000 | ---D | M](C:\Documents and Settings\Joe\data aplikac??) -- C:\Documents and Settings\Joe\data aplikacￃﾭ
[2009.10.30 00:20:35 | 000,000,000 | ---D | M](C:\Documents and Settings\All Users\data aplikac??) -- C:\Documents and Settings\All Users\data aplikacￃﾭ
(C:\Documents and Settings\Joe\data aplikac??) -- C:\Documents and Settings\Joe\data aplikacￃﾭ
(C:\Documents and Settings\All Users\data aplikac??) -- C:\Documents and Settings\All Users\data aplikacￃﾭ

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\MSDOS.SYS:SummaryInformation
< End of report >

atharix · #41 Příspěvek od **atharix** » 18 kvě 2010 09:22

OTL Extras logfile created on: 18.5.2010 10:17:47 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\Joe\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 74,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 90,00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29,29 Gb Total Space | 19,78 Gb Free Space | 67,51% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 577,63 Gb Free Space | 62,01% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 268,79 Gb Total Space | 262,32 Gb Free Space | 97,59% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ADAM
Current User Name: Joe
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-1390067357-343818398-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee 9.0.Browse] -- "C:\Program Files\ACD Systems\ACDSee\9.0\ACDSeeQV.exe" "%1" (ACD Systems Ltd.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\FlashGet\FlashGet.exe" = C:\Program Files\FlashGet\FlashGet.exe:*:Enabled:Flashget -- (FlashGet.com)
"D:\Strong DC++\StrongDC.exe" = D:\Strong DC++\StrongDC.exe:*:Enabled:StrongDC++ -- (Big Muscle, KohlSoft® Corporation

)
"C:\Program Files\QIP\qip.exe" = C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager -- (The Author of QIP)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe" = C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater -- (Nokia Corporation)
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process -- (Nokia Corporation)
"C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe" = C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe:*:Enabled:Crawler Spyware Terminator -- (Crawler.com)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0C973594-7DDF-4BD0-84ED-3517F7622037}" = PC Connectivity Solution
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4300" = Canon iP4300
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{2DF7B278-D3B6-40A4-B25C-0E7149F439EA}" = 3DMark05
"{31D95937-B237-405D-920C-A3EF4E482395}" = Supreme Commander - Forged Alliance
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3D39E775-DDDA-4327-B747-0BDC5F191331}" = Nokia PC Suite
"{3E5CBADD-2E51-47C1-BBE2-B802DB6DA56A}" = XTB-Trader 4.00
"{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}" = Nokia Software Updater
"{52D02A2B-03D2-4E34-A358-DC5D951FD296}" = Nokia Connectivity Cable Driver
"{53480330-E1D1-41CA-B8F8-7F78644F7F50}" = O&O Defrag Professional Edition
"{53480880-18E0-4097-A460-F22DD3AC6D70}" = O&O DiskRecovery
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8A74DEFD-A224-49CC-AB80-4E88BC730125}" = LogMeIn Hamachi
"{90110405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0405-0000-0000000FF1CE}" = Sada Compatibility Pack pro systém Office 2007
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A8BB9906-E618-406A-B161-7383AFF46C39}" = EasyRecovery Professional
"{AC76BA86-7AD7-1029-7B44-A93000000001}" = Adobe Reader 9.3.2 - Czech
"{B2D41883-3BFC-4BA0-A2F6-5A2C9836C238}" = ACDSee 9 Photo Manager
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C194D333-B84A-4BB7-B35E-060732D98DC4}" = GPGNet
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{E2C00C8C-3D0C-40DF-BC67-44321C9E1029}" = Nero 8
"{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"504244733D18C8F63FF584AEB290E3904E791693" = Balíček ovladače systému Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"All ATI Software" = Softarová utilita ATI - Odinstalovat
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BSPlayer1" = BSPlayer
"BSPlayerf" = BS.Player FREE
"CCleaner" = CCleaner (remove only)
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.2.7
"CToolbar_UNINSTALL" = Crawler Toolbar with Web Security Guard
"doPDF 6 printer_is1" = doPDF 6.3 printer
"DVD Shrink_is1" = DVD Shrink 3.2
"E8A6D621B6D3FC5D43C68C549D959DE76EEF5D84" = Balíček ovladače systému Windows - Nokia Modem (06/01/2009 4.1)
"F779F5541ABD99C95C03B0FD5E3C058B22DA0FF7" = Balíček ovladače systému Windows - Nokia Modem (06/01/2009 7.01.0.3)
"FlashGet" = FlashGet 1.9.0.1012
"HijackThis" = HijackThis 2.0.2
"InstallShield_{A8BB9906-E618-406A-B161-7383AFF46C39}" = EasyRecovery Professional
"LogMeIn Hamachi" = LogMeIn Hamachi
"MediaCoder" = MediaCoder 0.7.2.4530
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Mozilla Firefox (3.0.15)" = Mozilla Firefox (3.0.15)
"Nokia PC Suite" = Nokia PC Suite
"RecFreeToolbar" = RecFree toolbar powered by Ask.com
"RegDoctor_is1" = RegDoctor 1.53
"SiteVacuum" = vlnet1.com - SiteVacuum
"Spyware Terminator_is1" = Spyware Terminator
"Starcraft" = Starcraft
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Totalcmd" = Total Commander (Remove or Repair)
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
"XoftSpy" = XoftSpy
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar
"YInstHelper" = Yahoo! Install Manager
"ZoneAlarm" = ZoneAlarm

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1390067357-343818398-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"TeamSpeak 3 Client" = TeamSpeak 3 Client

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 15.3.2010 5:49:55 | Computer Name = ADAM | Source = Application Error | ID = 1004
Description = Chybující aplikace HFVKRQU.exe, verze 1.71.0.0, chybující modul HFVKRQU.exe,
verze 1.71.0.0, adresa chyby 0x0003a64c.

Error - 15.3.2010 7:57:26 | Computer Name = ADAM | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace gmer.exe, verze 1.0.15.15281, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 15.3.2010 16:53:38 | Computer Name = ADAM | Source = Application Error | ID = 1000
Description = Chybující aplikace maja.com, verze 1.0.15.15281, chybující modul maja.com,
verze 1.0.15.15281, adresa chyby 0x0005c887.

Error - 15.3.2010 16:54:20 | Computer Name = ADAM | Source = Application Error | ID = 1000
Description = Chybující aplikace cokoli.exe.exe, verze 1.0.15.15281, chybující modul
cokoli.exe.exe, verze 1.0.15.15281, adresa chyby 0x0005c887.

Error - 15.3.2010 16:55:08 | Computer Name = ADAM | Source = Application Error | ID = 1000
Description = Chybující aplikace cokoli.com, verze 1.0.15.15281, chybující modul
cokoli.com, verze 1.0.15.15281, adresa chyby 0x0005c887.

Error - 15.3.2010 16:57:43 | Computer Name = ADAM | Source = Application Error | ID = 1000
Description = Chybující aplikace cokoli.com, verze 1.0.15.15281, chybující modul
cokoli.com, verze 1.0.15.15281, adresa chyby 0x0005c887.

Error - 16.3.2010 10:36:32 | Computer Name = ADAM | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace cokoli.com, verze 1.0.15.15281, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 16.3.2010 18:24:25 | Computer Name = ADAM | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace firefox.exe, verze 1.9.0.3576, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 17.3.2010 8:32:31 | Computer Name = ADAM | Source = ESENT | ID = 490
Description = svchost (1508) Pokus o otevření souboru C:\WINDOWS\system32\CatRoot2\edb.chk
pro čtení nebo zápis se nezdařil. Došlo k systémové chybě 32 (0x00000020): Proces
nemá přístup k souboru, neboť jej právě využívá jiný proces. . Operace otevření
souboru se nezdaří a dojde k chybě -1032 (0xfffffbf8).

Error - 17.3.2010 8:32:31 | Computer Name = ADAM | Source = ESENT | ID = 439
Description = Catalog Database (1508) Pro soubor C:\WINDOWS\system32\CatRoot2\edb.chk
nelze zapsat stínové záhlaví. Chyba -1032

[ System Events ]
Error - 17.5.2010 10:11:31 | Computer Name = ADAM | Source = MRxSmb | ID = 8003
Description = Hlavní prohledávač přijal oznámení serveru od počítače SUZUKI, který
se považuje za hlavní prohledávač domény pro přenos NetBT_Tcpip_{42997430-5B3D-45FA-94.
Hlavní
prohledávač bude ukončen nebo bude vyvolána volba.

Error - 17.5.2010 11:23:31 | Computer Name = ADAM | Source = MRxSmb | ID = 8003
Description = Hlavní prohledávač přijal oznámení serveru od počítače SUZUKI, který
se považuje za hlavní prohledávač domény pro přenos NetBT_Tcpip_{42997430-5B3D-45FA-94.
Hlavní
prohledávač bude ukončen nebo bude vyvolána volba.

Error - 17.5.2010 14:50:16 | Computer Name = ADAM | Source = MRxSmb | ID = 8003
Description = Hlavní prohledávač přijal oznámení serveru od počítače SUZUKI, který
se považuje za hlavní prohledávač domény pro přenos NetBT_Tcpip_{42997430-5B3D-45FA-94.
Hlavní
prohledávač bude ukončen nebo bude vyvolána volba.

Error - 17.5.2010 15:50:18 | Computer Name = ADAM | Source = MRxSmb | ID = 8003
Description = Hlavní prohledávač přijal oznámení serveru od počítače SUZUKI, který
se považuje za hlavní prohledávač domény pro přenos NetBT_Tcpip_{42997430-5B3D-45FA-94.
Hlavní
prohledávač bude ukončen nebo bude vyvolána volba.

Error - 17.5.2010 16:10:45 | Computer Name = ADAM | Source = SideBySide | ID = 16842784
Description = Závislá symbolická adresa Microsoft.VC90.CRT nebyla nalezena a poslední
chyba byla Sestavení určené odkazem není v systému nainstalováno. .

Error - 17.5.2010 16:10:45 | Computer Name = ADAM | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly pro Microsoft.VC90.CRT se nezdařila. Referenční
chybová zpráva: Sestavení určené odkazem není v systému nainstalováno. .

Error - 17.5.2010 16:10:45 | Computer Name = ADAM | Source = SideBySide | ID = 16842811
Description = Generate Activation Context pro C:\DOCUME~1\Joe\LOCALS~1\Temp\RarSFX0\redist.dll
se nezdařila. Referenční chybová zpráva: Operace byla dokončena úspěšně. .

Error - 17.5.2010 16:22:03 | Computer Name = ADAM | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: SASDIFSV SASKUTIL

Error - 17.5.2010 16:24:24 | Computer Name = ADAM | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: SASDIFSV SASKUTIL

Error - 17.5.2010 16:26:16 | Computer Name = ADAM | Source = MRxSmb | ID = 8003
Description = Hlavní prohledávač přijal oznámení serveru od počítače SUZUKI, který
se považuje za hlavní prohledávač domény pro přenos NetBT_Tcpip_{42997430-5B3D-45FA-94.
Hlavní
prohledávač bude ukončen nebo bude vyvolána volba.

< End of report >

#42 Příspěvek od **Caroprd111** » 18 kvě 2010 16:07

Spusťte OTL a do spodního okna vložte následující skript.

Kód: Vybrat vše

:OTL
IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - File not found
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
@Alternate Data Stream - 88 bytes -> C:\MSDOS.SYS:SummaryInformation

:Reg
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Configuring]

:Commands
[EMPTYTEMP] 
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[CREATERESTOREPOINT]

Poté klikněte na Opravit, PC se restartuje, log vložte sem.

Obrázek

Doporučuji odinstalovat Ad-Aware.

Obrázek

Doporučuji odinstalovat:
D:\Strong DC++\StrongDC.exe

P2P sítě a jejich klienti jsou potenciálním bezpečnostním rizikem, prakticky neustále jsou zdrojem virů, zbytečně se vystavujete riziku.

atharix · #43 Příspěvek od **atharix** » 18 kvě 2010 17:47

Ad aware jsem odinstaloval, DC++ mám na vlastní riziko, používám ho strašně dlouho, ale máte pravdu je to zdroj rizik.

log

All processes killed
========== OTL ==========
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
File Animation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab not found.
Starting removal of ActiveX control DirectAnimation Java Classes
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\DirectAnimation Java Classes\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully.
C:\WINDOWS\002195_.tmp deleted successfully.
C:\WINDOWS\005174_.tmp deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SETA.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
ADS C:\MSDOS.SYS:SummaryInformation deleted successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Configuring\ deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Joe
->Temp folder emptied: 8044088 bytes
->Temporary Internet Files folder emptied: 443341 bytes
->Java cache emptied: 1 bytes
->FireFox cache emptied: 60206462 bytes
->Flash cache emptied: 1184 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 33536 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 4268353329 bytes

Total Files Cleaned = 4 136,00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: Joe
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0,00 mb

Restore points cleared and new OTL Restore Point set!
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

OTL by OldTimer - Version 3.2.4.1 log created on 05182010_184316

Files\Folders moved on Reboot...
C:\Documents and Settings\Joe\Local Settings\Temp\~DF5C54.tmp moved successfully.
File\Folder C:\WINDOWS\temp\ZLT04ba0.TMP not found!

Registry entries deleted on Reboot...

#44 Příspěvek od **Caroprd111** » 18 kvě 2010 17:53

Jak to vypadá s PC

atharix · #45 Příspěvek od **atharix** » 18 kvě 2010 17:56

To hlavní jsme vyřešili už včera takže ok, bootování vypadá taky zrychlené i po restartu. Zatím nebudu říkat hop, ale je to rozhodně lepší.

Děkuji za pomoc a trpělivost.

VIRY.CZ

Prosím o kontrolu logu.

Re: Prosím o kontrolu logu.

Re: Prosím o kontrolu logu.

Re: Prosím o kontrolu logu.

Re: Prosím o kontrolu logu.

Re: Prosím o kontrolu logu.

Re: Prosím o kontrolu logu.

Re: Prosím o kontrolu logu.

Re: Prosím o kontrolu logu.

Re: Prosím o kontrolu logu.

Re: Prosím o kontrolu logu.

Re: Prosím o kontrolu logu.

Re: Prosím o kontrolu logu.

Re: Prosím o kontrolu logu.

Re: Prosím o kontrolu logu.

Re: Prosím o kontrolu logu.