VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Motji pls help

https://forum.viry.cz:443/viewtopic.php?t=107616

Stránka 5 z 6

Re: Motji pls help

Napsal: 05 úno 2011 09:04
od Frenki
OTL.txt

OTL logfile created on: 5.2.2011 8:46:25 - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\vf\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

511,00 Mb Total Physical Memory | 268,00 Mb Available Physical Memory | 52,00% Memory free
982,00 Mb Paging File | 725,00 Mb Available in Paging File | 74,00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55,88 Gb Total Space | 18,35 Gb Free Space | 32,84% Space Free | Partition Type: FAT32
Drive E: | 74,53 Gb Total Space | 13,94 Gb Free Space | 18,70% Space Free | Partition Type: NTFS

Computer Name: VIT | User Name: vf | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.02.05 08:43:48 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\vf\Plocha\OTL.exe
PRC - [2011.01.20 16:20:34 | 000,426,840 | ---- | M] (IObit) -- C:\Program Files\IObit\Game Booster\gbtray.exe
PRC - [2010.08.02 16:10:02 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010.08.02 16:09:56 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.08.02 16:09:56 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.03.18 22:25:56 | 000,126,976 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\WINDOWS\system32\Crypserv.exe
PRC - [2010.01.14 22:11:02 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008.04.14 08:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.05.28 17:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2006.11.17 06:42:52 | 000,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2005.09.12 14:28:02 | 000,883,712 | ---- | M] () -- C:\Program Files\Avant Browser\avant.exe


========== Modules (SafeList) ==========

MOD - [2011.02.05 08:43:48 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\vf\Plocha\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [Auto | Stopped] -- -- (gupdate) Služba Google Update (gupdate)
SRV - [2010.08.02 16:10:02 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.08.02 16:09:56 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.03.18 22:25:56 | 000,126,976 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\WINDOWS\system32\Crypserv.exe -- (CrypKey License)
SRV - [2007.05.28 17:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)


========== Driver Services (SafeList) ==========

DRV - [2010.08.02 16:10:10 | 000,126,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.08.02 16:10:10 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.06.17 15:27:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.06.17 15:27:14 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2010.04.12 10:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2010.03.23 12:35:48 | 000,053,312 | -H-- | M] (microOLAP Technologies LTD) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pssdklbf.sys -- (PsSdkLBF)
DRV - [2010.03.23 12:35:48 | 000,036,928 | -H-- | M] (microOLAP Technologies LTD) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pssdk40.sys -- (PsSdk40)
DRV - [2010.03.19 01:11:12 | 000,023,360 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\ckldrv.sys -- (NetworkX)
DRV - [2009.12.28 17:24:12 | 000,721,904 | -H-- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2008.04.14 00:15:30 | 000,010,624 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008.04.14 00:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007.05.16 18:19:52 | 000,133,168 | ---- | M] (Ahead Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\imagesrv.sys -- (imagesrv)
DRV - [2007.05.16 18:19:50 | 000,011,568 | ---- | M] (Ahead Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\imagedrv.sys -- (imagedrv)
DRV - [2007.03.08 15:34:46 | 004,027,840 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004.08.03 22:31:36 | 000,032,768 | -H-- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2004.08.03 22:29:56 | 001,897,408 | -H-- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2001.08.17 22:00:04 | 000,002,944 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001.08.17 20:19:34 | 000,040,704 | -H-- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\es1371mp.sys -- (es1371) Creative AudioPCI (ES1371,ES1373) (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1960408961-1060284298-1460758035-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz
IE - HKU\S-1-5-21-1960408961-1060284298-1460758035-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2011.02.04 22:32:04 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-1960408961-1060284298-1460758035-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1960408961-1060284298-1460758035-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1960408961-1060284298-1460758035-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAddPrinter = 0
O7 - HKU\S-1-5-21-1960408961-1060284298-1460758035-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKU\S-1-5-21-1960408961-1060284298-1460758035-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPrinterTabs = 0
O7 - HKU\S-1-5-21-1960408961-1060284298-1460758035-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O7 - HKU\S-1-5-21-1960408961-1060284298-1460758035-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskBar = 0
O7 - HKU\S-1-5-21-1960408961-1060284298-1460758035-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\S-1-5-21-1960408961-1060284298-1460758035-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKU\S-1-5-21-1960408961-1060284298-1460758035-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0
O7 - HKU\S-1-5-21-1960408961-1060284298-1460758035-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1960408961-1060284298-1460758035-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1960408961-1060284298-1460758035-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSecCpl = 0
O7 - HKU\S-1-5-21-1960408961-1060284298-1460758035-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoProfilePage = 0
O7 - HKU\S-1-5-21-1960408961-1060284298-1460758035-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoConfigPage = 0
O7 - HKU\S-1-5-21-1960408961-1060284298-1460758035-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDevMgrPage = 0
O7 - HKU\S-1-5-21-1960408961-1060284298-1460758035-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoFileSysPage = 0
O7 - HKU\S-1-5-21-1960408961-1060284298-1460758035-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVirtMemPage = 0
O8 - Extra context menu item: Blokovat všechny obrázky ze stejného serveru - C:\Program Files\Avant Browser\AddAllToADBlackList.htm ()
O8 - Extra context menu item: Hledat - C:\Program Files\Avant Browser\Search.htm ()
O8 - Extra context menu item: Otevřít v nové instanci programu - C:\Program Files\Avant Browser\OpenInNewBrowser.htm ()
O8 - Extra context menu item: Otevřít všechny odkazy na této stránce... - C:\Program Files\Avant Browser\OpenAllLinks.htm ()
O8 - Extra context menu item: Přidat do seznamu blokovaných reklam - C:\Program Files\Avant Browser\AddToADBlackList.htm ()
O8 - Extra context menu item: Zvýraznit - C:\Program Files\Avant Browser\Highlight.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_17.dll (Sun Microsystems, Inc.)
O15 - HKLM\..Trusted Domains: mojebanka.cz ([*] https in Důvěryhodné servery)
O15 - HKU\S-1-5-21-1960408961-1060284298-1460758035-1003\..Trusted Domains: mojebanka.cz ([*] https in Důvěryhodné servery)
O15 - HKU\S-1-5-21-1960408961-1060284298-1460758035-1003\..Trusted Domains: mojebanka.cz ([www] https in Důvěryhodné servery)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\vf\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\vf\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (56308606093492224)

========== Files/Folders - Created Within 30 Days ==========

[2011.02.05 08:43:45 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\vf\Plocha\OTL.exe
[2011.02.05 08:35:37 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\vf\Recent
[2011.02.04 23:16:57 | 000,000,000 | -HSD | C] -- C:\Recycled
[2011.02.04 20:25:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2011.02.04 20:17:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\vf\Data aplikací\Avira
[2011.02.04 19:56:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Avira
[2011.02.04 19:56:21 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011.02.04 19:56:20 | 000,126,856 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011.02.04 19:56:20 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011.02.04 19:56:20 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2011.02.04 19:56:20 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2011.02.04 19:56:19 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011.02.04 19:56:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Avira
[2011.02.04 17:16:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\vf\Data aplikací\Malwarebytes
[2011.02.04 17:15:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011.02.04 17:15:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
[2011.02.04 17:15:47 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.02.04 17:15:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.02.04 14:30:55 | 000,000,000 | ---D | C] -- C:\Josef_Alois_Nahlovsky_-_Krusnohorske_pohadky
[2011.02.04 13:15:23 | 006,932,152 | ---- | C] (Xceed Software Inc. 1-450-442-2626 info@xceedsoft.com www.xceedsoft.com) -- C:\diktaty.exe
[2011.01.29 14:11:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Mafia
[2011.01.29 14:11:54 | 000,000,000 | ---D | C] -- C:\Program Files\Cenega Czech
[2011.01.19 15:58:02 | 000,000,000 | ---D | C] -- C:\system
[2011.01.17 17:28:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Game Booster
[2011.01.17 17:28:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\IObit
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[102 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.02.05 08:43:48 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\vf\Plocha\OTL.exe
[2011.02.05 08:38:14 | 000,000,432 | -H-- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2011.02.05 08:38:10 | 000,000,242 | ---- | M] () -- C:\WINDOWS\tasks\Game_Booster_Startup.job
[2011.02.05 08:38:02 | 000,002,048 | -H-- | M] () -- C:\WINDOWS\bootstat.dat
[2011.02.05 08:37:58 | 536,399,872 | -HS- | M] () -- C:\hiberfil.sys
[2011.02.05 08:37:58 | 000,095,864 | -H-- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.02.05 08:33:02 | 000,210,944 | ---- | M] () -- C:\Documents and Settings\vf\Plocha\T-Cleaner.exe
[2011.02.04 23:21:10 | 000,006,119 | -H-- | M] () -- C:\WINDOWS\WINCMD.INI
[2011.02.04 23:18:20 | 000,000,496 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Opera.lnk
[2011.02.04 19:56:42 | 000,001,611 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Avira AntiVir Control Center.lnk
[2011.02.04 17:15:52 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2011.02.04 16:40:56 | 000,000,069 | -H-- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011.02.04 14:50:38 | 000,014,256 | ---- | M] () -- C:\Documents and Settings\vf\Dokumenty\default (12).htm
[2011.02.03 16:08:56 | 000,000,468 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for vf.job
[2011.01.29 14:11:58 | 000,000,591 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Mafia.lnk
[2011.01.29 07:31:26 | 000,000,083 | ---- | M] () -- C:\WINDOWS\0x.ini
[2011.01.27 15:41:10 | 000,002,206 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.01.24 18:14:26 | 000,000,888 | ---- | M] () -- C:\Documents and Settings\vf\Local Settings\Data aplikací\SRDownloader.nast
[2011.01.24 18:11:34 | 698,651,760 | ---- | M] () -- C:\moulové.avi
[2011.01.24 17:50:54 | 000,011,035 | ---- | M] () -- C:\Documents and Settings\vf\Local Settings\Data aplikací\SRDownloader.err
[2011.01.24 15:43:40 | 712,628,736 | ---- | M] () -- C:\7 Trpasliku - upload by Dodos PCE.avi
[2011.01.24 15:28:04 | 873,873,842 | ---- | M] () -- C:\Sněhurka a sedm trpaslíků (1937).avi
[2011.01.24 14:38:00 | 734,027,776 | ---- | M] () -- C:\snehurka.jak.to.bylo.dal.xvid.CZ.1993.avi
[2011.01.24 13:56:40 | 886,789,632 | ---- | M] () -- C:\invaze_2002.avi
[2011.01.24 13:30:04 | 730,139,510 | ---- | M] () -- C:\Knih.prez.avi
[2011.01.24 13:13:58 | 734,552,064 | ---- | M] () -- C:\Centurion.2010.DVDRip.XviD.CZ.MY.avi
[2011.01.24 13:02:44 | 832,834,810 | ---- | M] () -- C:\Punisher.War.Zone.2008.DVDrip.XviD.xXx.CZ.avi
[2011.01.24 13:01:40 | 730,339,470 | ---- | M] () -- C:\Andele.a.slunce.2006.DVDRip.XviD.CZ-CiBULATOR679-up.by.pablos.avi
[2011.01.24 11:51:46 | 749,498,368 | ---- | M] () -- C:\Blbec k veceri.avi
[2011.01.21 15:41:34 | 000,051,712 | ---- | M] () -- C:\Documents and Settings\vf\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.01.17 17:28:44 | 000,000,725 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Switch to Gaming Mode.lnk
[2011.01.17 17:28:44 | 000,000,713 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Game Booster.lnk
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[102 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.02.05 08:33:01 | 000,210,944 | ---- | C] () -- C:\Documents and Settings\vf\Plocha\T-Cleaner.exe
[2011.02.04 23:18:18 | 000,000,502 | ---- | C] () -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Opera.lnk
[2011.02.04 23:18:18 | 000,000,496 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Opera.lnk
[2011.02.04 19:56:41 | 000,001,611 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Avira AntiVir Control Center.lnk
[2011.02.04 17:15:51 | 000,000,688 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2011.02.04 14:50:36 | 000,014,256 | ---- | C] () -- C:\Documents and Settings\vf\Dokumenty\default (12).htm
[2011.01.29 14:11:57 | 000,000,591 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Mafia.lnk
[2011.01.24 18:00:47 | 698,651,760 | ---- | C] () -- C:\moulové.avi
[2011.01.24 15:33:23 | 712,628,736 | ---- | C] () -- C:\7 Trpasliku - upload by Dodos PCE.avi
[2011.01.24 15:14:11 | 873,873,842 | ---- | C] () -- C:\Sněhurka a sedm trpaslíků (1937).avi
[2011.01.24 14:27:26 | 734,027,776 | ---- | C] () -- C:\snehurka.jak.to.bylo.dal.xvid.CZ.1993.avi
[2011.01.24 13:43:22 | 886,789,632 | ---- | C] () -- C:\invaze_2002.avi
[2011.01.24 13:18:23 | 730,139,510 | ---- | C] () -- C:\Knih.prez.avi
[2011.01.24 13:01:40 | 734,552,064 | ---- | C] () -- C:\Centurion.2010.DVDRip.XviD.CZ.MY.avi
[2011.01.24 12:41:02 | 730,339,470 | ---- | C] () -- C:\Andele.a.slunce.2006.DVDRip.XviD.CZ-CiBULATOR679-up.by.pablos.avi
[2011.01.24 12:39:36 | 832,834,810 | ---- | C] () -- C:\Punisher.War.Zone.2008.DVDrip.XviD.xXx.CZ.avi
[2011.01.24 11:40:34 | 749,498,368 | ---- | C] () -- C:\Blbec k veceri.avi
[2011.01.17 17:28:54 | 000,000,242 | ---- | C] () -- C:\WINDOWS\tasks\Game_Booster_Startup.job
[2010.12.26 05:07:57 | 000,008,989 | ---- | C] () -- C:\Documents and Settings\vf\Local Settings\Data aplikací\SRDownloader (2).err
[2010.12.26 04:40:30 | 000,000,864 | ---- | C] () -- C:\Documents and Settings\vf\Local Settings\Data aplikací\SRDownloader (2).nast
[2010.12.04 17:14:21 | 000,000,880 | ---- | C] () -- C:\Documents and Settings\vf\Local Settings\Data aplikací\SRDownloader (1).nast
[2010.10.30 19:35:09 | 000,000,832 | ---- | C] () -- C:\Documents and Settings\vf\Local Settings\Data aplikací\13.nast
[2010.10.30 19:35:01 | 000,000,046 | ---- | C] () -- C:\Documents and Settings\vf\Local Settings\Data aplikací\13.err
[2010.10.17 10:46:33 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2010.10.17 10:46:28 | 000,056,320 | R--- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2010.10.16 08:08:44 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2010.09.25 15:22:00 | 000,011,035 | ---- | C] () -- C:\Documents and Settings\vf\Local Settings\Data aplikací\SRDownloader.err
[2010.09.25 15:17:14 | 000,000,888 | ---- | C] () -- C:\Documents and Settings\vf\Local Settings\Data aplikací\SRDownloader.nast
[2010.09.11 12:20:13 | 000,000,083 | ---- | C] () -- C:\WINDOWS\0x.ini
[2010.08.29 16:51:41 | 000,000,047 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
[2010.08.29 16:51:39 | 000,023,360 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys
[2010.07.08 13:20:13 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010.05.01 09:54:09 | 000,005,079 | ---- | C] () -- C:\WINDOWS\l2control.ini
[2010.04.09 08:24:07 | 000,000,330 | ---- | C] () -- C:\WINDOWS\l2net.ini
[2010.01.05 09:38:31 | 000,020,611 | -H-- | C] () -- C:\WINDOWS\System32\mvastnet.dll
[2009.12.24 05:44:08 | 000,057,344 | -H-- | C] () -- C:\WINDOWS\System32\wmsprog.dll
[2009.11.07 10:12:32 | 000,000,112 | -H-- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2009.09.25 12:45:36 | 000,000,287 | -H-- | C] () -- C:\WINDOWS\game.ini
[2009.09.25 07:41:23 | 001,806,336 | ---- | C] () -- C:\Program Files\HellShare.exe
[2009.09.24 13:07:07 | 000,000,069 | -H-- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.09.24 08:01:30 | 000,000,092 | -H-- | C] () -- C:\WINDOWS\CMISETUP.INI
[2009.09.24 08:01:29 | 000,000,026 | -H-- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2009.09.24 08:01:26 | 000,000,054 | -H-- | C] () -- C:\WINDOWS\Wininit.ini
[2009.09.24 08:01:20 | 000,028,672 | -H-- | C] () -- C:\WINDOWS\CMIRmDriver.dll
[2009.09.22 16:23:08 | 000,051,712 | ---- | C] () -- C:\Documents and Settings\vf\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.09.22 11:12:00 | 000,004,249 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003.08.14 08:46:30 | 000,000,504 | -H-- | C] () -- C:\WINDOWS\mamba.ini
[2003.08.13 05:45:50 | 000,000,028 | -H-- | C] () -- C:\WINDOWS\boxworld.ini
[2003.08.13 05:44:05 | 000,000,131 | -H-- | C] () -- C:\WINDOWS\chess.ini
[2003.08.13 05:38:54 | 000,000,298 | -H-- | C] () -- C:\WINDOWS\pent.ini
[2003.08.13 05:33:51 | 000,000,020 | -H-- | C] () -- C:\WINDOWS\entpack.ini
[2003.08.13 05:31:03 | 000,000,163 | -H-- | C] () -- C:\WINDOWS\games.ini
[2003.08.13 05:30:43 | 000,000,062 | -H-- | C] () -- C:\WINDOWS\soko.ini
[2003.08.11 00:10:28 | 000,006,119 | -H-- | C] () -- C:\WINDOWS\WINCMD.INI
[2003.02.19 01:26:28 | 000,028,672 | -H-- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll

========== LOP Check ==========

[2003.08.11 00:26:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ESET
[2003.08.11 00:57:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\IM
[2003.08.11 00:58:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
[2009.09.24 07:40:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\DriverScanner
[2009.10.05 11:34:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\IncrediMail
[2009.12.24 05:39:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2010.01.05 08:47:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ICQ
[2010.05.02 20:19:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\avg9
[2010.06.30 06:58:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\{66E2F539-12B6-4870-A500-7689CDE75C5E}
[2010.08.29 16:51:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\AceReader Pro
[2011.01.17 17:28:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\IObit
[2009.09.22 12:23:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vf\Data aplikací\Opera
[2003.08.11 00:27:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vf\Data aplikací\ESET
[2009.09.24 07:40:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vf\Data aplikací\Uniblue
[2010.09.04 14:27:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vf\Data aplikací\com.youneedabudget.YNAB3.Live.9C763150EFAB05FD2A2B78705C7A54E2FCDDE07D.1
[2010.10.11 09:48:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vf\Data aplikací\IObit
[2010.10.18 11:24:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vf\Data aplikací\TS3Client
[2010.12.29 11:05:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vf\Data aplikací\Avant Browser
[2003.08.16 05:13:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Data aplikací\Opera
[2010.03.15 09:35:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Data aplikací\ESET
[2010.12.26 03:45:42 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\Tasks\RegCure.job
[2011.02.05 08:38:14 | 000,000,432 | -H-- | M] () -- C:\WINDOWS\Tasks\RegCure Program Check.job
[2011.02.05 08:38:10 | 000,000,242 | ---- | M] () -- C:\WINDOWS\Tasks\Game_Booster_Startup.job

========== Purity Check ==========



========== Custom Scans ==========


< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >

< c:\windows\*.* /U >
[102 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >
[2010.04.29 18:09:00 | 006,932,152 | ---- | M] (Xceed Software Inc. 1-450-442-2626 info@xceedsoft.com www.xceedsoft.com) -- C:\diktaty.exe
[2001.05.24 12:59:30 | 000,162,304 | ---- | M] () -- C:\UNWISE.EXE
[2009.02.03 10:32:28 | 003,550,592 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\procexp.exe

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2009.09.22 11:11:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vf\Data aplikací\Microsoft
[2009.09.22 11:46:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vf\Data aplikací\Identities
[2009.09.22 12:23:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vf\Data aplikací\Opera
[2009.09.22 12:26:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vf\Data aplikací\Adobe
[2009.09.22 12:26:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vf\Data aplikací\Macromedia
[2003.08.11 00:27:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vf\Data aplikací\ESET
[2009.09.24 07:40:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vf\Data aplikací\Uniblue
[2009.09.24 08:46:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vf\Data aplikací\Ahead
[2009.09.24 14:38:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vf\Data aplikací\vlc
[2009.09.25 09:06:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vf\Data aplikací\WinRAR
[2009.09.25 15:01:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vf\Data aplikací\dvdcss
[2009.09.25 22:36:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vf\Data aplikací\U3
[2009.09.28 20:49:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vf\Data aplikací\Ventrilo
[2009.10.14 05:58:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vf\Data aplikací\Sun
[2010.01.05 08:47:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vf\Data aplikací\Mozilla
[2010.03.15 09:49:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vf\Data aplikací\DivX
[2010.05.19 19:48:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vf\Data aplikací\Help
[2010.07.08 13:04:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vf\Data aplikací\InstallShield
[2010.09.04 14:27:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vf\Data aplikací\com.youneedabudget.YNAB3.Live.9C763150EFAB05FD2A2B78705C7A54E2FCDDE07D.1
[2010.10.11 09:48:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vf\Data aplikací\IObit
[2010.10.18 11:24:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vf\Data aplikací\TS3Client
[2010.12.29 11:05:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vf\Data aplikací\Avant Browser
[2011.02.04 17:16:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vf\Data aplikací\Malwarebytes
[2011.02.04 20:17:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vf\Data aplikací\Avira

< %APPDATA%\*.exe /s >
[2003.08.11 00:32:56 | 000,000,766 | ---- | M] () -- C:\Documents and Settings\vf\Data aplikací\Microsoft\Installer\{7339E7E7-FB6A-46EC-8303-D31E655EF617}\_124305e.exe
[2003.08.11 00:32:56 | 000,001,078 | ---- | M] () -- C:\Documents and Settings\vf\Data aplikací\Microsoft\Installer\{7339E7E7-FB6A-46EC-8303-D31E655EF617}\_440d491c.exe
[2003.08.11 00:32:56 | 000,001,078 | ---- | M] () -- C:\Documents and Settings\vf\Data aplikací\Microsoft\Installer\{7339E7E7-FB6A-46EC-8303-D31E655EF617}\_4d064db7.exe
[2003.08.11 00:32:56 | 000,000,766 | ---- | M] () -- C:\Documents and Settings\vf\Data aplikací\Microsoft\Installer\{7339E7E7-FB6A-46EC-8303-D31E655EF617}\_154754de.exe
[2003.08.11 00:32:56 | 000,000,766 | ---- | M] () -- C:\Documents and Settings\vf\Data aplikací\Microsoft\Installer\{7339E7E7-FB6A-46EC-8303-D31E655EF617}\_39b32d12.exe
[2003.08.11 00:32:56 | 000,000,766 | ---- | M] () -- C:\Documents and Settings\vf\Data aplikací\Microsoft\Installer\{7339E7E7-FB6A-46EC-8303-D31E655EF617}\_74d4dc8.exe
[2006.08.15 10:15:04 | 000,110,592 | ---- | M] () -- C:\Documents and Settings\vf\Data aplikací\U3\01D10470D2B32898\cleanup.exe
[2007.02.19 11:36:04 | 003,477,504 | ---- | M] () -- C:\Documents and Settings\vf\Data aplikací\U3\01D10470D2B32898\Launchpad.exe
[2006.10.12 16:38:42 | 000,049,152 | ---- | M] () -- C:\Documents and Settings\vf\Data aplikací\U3\01D10470D2B32898\U3AccessGrant.exe
[2006.08.15 10:15:04 | 000,110,592 | ---- | M] () -- C:\Documents and Settings\vf\Data aplikací\U3\temp\cleanup.exe


< MD5 for: AGP440.SYS >
[1980.01.01 00:00:00 | 018,786,869 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.04.14 09:10:02 | 020,102,206 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.04.14 09:10:02 | 020,102,206 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.14 00:06:40 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[1980.01.01 00:00:00 | 018,786,869 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.04.14 09:10:02 | 020,102,206 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 09:10:02 | 020,102,206 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | -H-- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: CDROM.SYS >
[1980.01.01 00:00:00 | 018,786,869 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2008.04.14 09:10:02 | 020,102,206 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008.04.14 09:10:02 | 020,102,206 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008.04.14 00:10:48 | 000,062,976 | -H-- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008.04.14 00:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys

< MD5 for: CRYPTSVC.DLL >
[2008.04.14 08:51:40 | 000,062,464 | -H-- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[2008.04.14 08:51:40 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2008.04.14 08:51:42 | 000,056,320 | -H-- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 08:51:42 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008.04.14 08:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 08:52:24 | 001,034,240 | -H-- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe

< MD5 for: HAL.DLL >
[1980.01.01 00:00:00 | 018,786,869 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2008.04.14 09:10:02 | 020,102,206 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2008.04.14 09:10:02 | 020,102,206 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll
[2008.04.14 00:01:34 | 000,105,344 | -H-- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll
[2008.04.14 00:01:28 | 000,081,152 | -H-- | M] (Microsoft Corporation) MD5=C4BA879B581BE34536FE01F79AC28631 -- C:\WINDOWS\system32\HAL.DLL

< MD5 for: CHANGER.SYS >
[1980.01.01 00:00:00 | 018,786,869 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2008.04.14 09:10:02 | 020,102,206 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
[2008.04.14 09:10:02 | 020,102,206 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Changer.sys
[2008.04.14 00:11:00 | 000,008,192 | -H-- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\ServicePackFiles\i386\changer.sys

< MD5 for: ISAPNP.SYS >
[2008.04.14 09:10:02 | 020,102,206 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2008.04.14 09:10:02 | 020,102,206 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:isapnp.sys
[2008.04.14 07:57:54 | 000,037,248 | -H-- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\ServicePackFiles\i386\isapnp.sys
[2008.04.14 07:57:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\drivers\isapnp.sys

< MD5 for: LSASS.EXE >
[2008.04.14 08:52:30 | 000,013,312 | -H-- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[2008.04.14 08:52:30 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\lsass.exe

< MD5 for: NDIS.SYS >
[2008.04.14 00:50:38 | 000,182,656 | -H-- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008.04.14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys

< MD5 for: NETLOGON.DLL >
[2008.04.14 08:51:52 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 08:51:52 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008.04.14 08:51:56 | 000,185,856 | -H-- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 08:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SMSS.EXE >
[2004.08.17 15:49:28 | 000,164,864 | ---- | M] (Microsoft Corporation) MD5=3C100B7FDB179B63829103DF6541337F -- C:\cmdcons\SYSTEM32\SMSS.EXE
[2008.04.14 08:52:48 | 000,050,688 | -H-- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\ServicePackFiles\i386\smss.exe
[2008.04.14 08:52:48 | 000,050,688 | -H-- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\smss.exe

< MD5 for: SVCHOST.EXE >
[2008.04.14 08:52:50 | 000,014,336 | -H-- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008.04.14 08:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: TCPIP.SYS >
[2006.01.13 19:07:08 | 000,360,448 | -H-- | M] (Microsoft Corporation) MD5=5562CC0A47B2AEF06D3417B733F3C195 -- C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[2005.05.25 21:07:12 | 000,359,936 | -H-- | M] (Microsoft Corporation) MD5=63FDFEA54EB53DE2D863EE454937CE1E -- C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[2008.04.14 00:50:18 | 000,361,344 | -H-- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.04.14 00:50:18 | 000,361,344 | -H-- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | -H-- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[2006.04.20 14:18:36 | 000,360,576 | -H-- | M] (Microsoft Corporation) MD5=B2220C618B42A2212A59D91EBD6FC4B4 -- C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.04.14 08:52:52 | 000,026,112 | -H-- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 08:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008.04.14 08:52:54 | 000,507,904 | -H-- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 08:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WS2_32.DLL >
[2008.04.14 08:52:08 | 000,082,432 | -H-- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008.04.14 08:52:08 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009.09.22 11:09:16 | 000,442,368 | -H-- | M] () -- C:\WINDOWS\system32\config\system.sav
[2009.09.22 11:09:16 | 000,663,552 | -H-- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009.09.22 11:09:16 | 000,094,208 | -H-- | M] () -- C:\WINDOWS\system32\config\default.sav

< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2011.02.05 08:37:58 | 000,095,864 | -H-- | M] () -- C:\WINDOWS\system32\FNTCACHE.DAT
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< >

< End of report >

Re: Motji pls help

Napsal: 05 úno 2011 09:07
od Frenki
A ještě přidávám report z AVIRY



Avira AntiVir Personal
Report file date: 5. února 2011 07:31

Scanning for 2456743 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : vf
Computer name : VIT

Version information:
BUILD.DAT : 10.0.0.592 31823 Bytes 9.8.2010 11:00:00
AVSCAN.EXE : 10.0.3.1 434344 Bytes 2.8.2010 15:09:58
AVSCAN.DLL : 10.0.3.0 46440 Bytes 1.4.2010 12:57:06
LUKE.DLL : 10.0.2.3 104296 Bytes 2.8.2010 15:10:02
LUKERES.DLL : 10.0.0.1 12648 Bytes 10.2.2010 23:40:50
VBASE000.VDF : 7.10.0.0 19875328 Bytes 6.11.2009 09:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 19:03:00
VBASE002.VDF : 7.11.0.1 2048 Bytes 14.12.2010 19:03:00
VBASE003.VDF : 7.11.0.2 2048 Bytes 14.12.2010 19:03:00
VBASE004.VDF : 7.11.0.3 2048 Bytes 14.12.2010 19:03:00
VBASE005.VDF : 7.11.0.4 2048 Bytes 14.12.2010 19:03:00
VBASE006.VDF : 7.11.0.5 2048 Bytes 14.12.2010 19:03:00
VBASE007.VDF : 7.11.0.6 2048 Bytes 14.12.2010 19:03:00
VBASE008.VDF : 7.11.0.7 2048 Bytes 14.12.2010 19:03:00
VBASE009.VDF : 7.11.0.8 2048 Bytes 14.12.2010 19:03:00
VBASE010.VDF : 7.11.0.9 2048 Bytes 14.12.2010 19:03:00
VBASE011.VDF : 7.11.0.10 2048 Bytes 14.12.2010 19:03:00
VBASE012.VDF : 7.11.0.11 2048 Bytes 14.12.2010 19:03:02
VBASE013.VDF : 7.11.0.52 128000 Bytes 16.12.2010 19:03:06
VBASE014.VDF : 7.11.0.91 226816 Bytes 20.12.2010 19:03:20
VBASE015.VDF : 7.11.0.122 136192 Bytes 21.12.2010 19:03:24
VBASE016.VDF : 7.11.0.156 122880 Bytes 24.12.2010 19:03:30
VBASE017.VDF : 7.11.0.185 146944 Bytes 27.12.2010 19:03:36
VBASE018.VDF : 7.11.0.228 132608 Bytes 30.12.2010 19:03:42
VBASE019.VDF : 7.11.1.5 148480 Bytes 3.1.2011 19:03:48
VBASE020.VDF : 7.11.1.37 156672 Bytes 7.1.2011 19:03:54
VBASE021.VDF : 7.11.1.65 140800 Bytes 10.1.2011 19:03:58
VBASE022.VDF : 7.11.1.87 225280 Bytes 11.1.2011 19:04:04
VBASE023.VDF : 7.11.1.124 125440 Bytes 14.1.2011 19:04:16
VBASE024.VDF : 7.11.1.155 132096 Bytes 17.1.2011 19:04:20
VBASE025.VDF : 7.11.1.189 451072 Bytes 20.1.2011 19:04:32
VBASE026.VDF : 7.11.1.230 138752 Bytes 24.1.2011 19:04:36
VBASE027.VDF : 7.11.2.12 164352 Bytes 27.1.2011 19:04:44
VBASE028.VDF : 7.11.2.43 178176 Bytes 1.2.2011 19:04:50
VBASE029.VDF : 7.11.2.78 206336 Bytes 4.2.2011 19:04:58
VBASE030.VDF : 7.11.2.79 2048 Bytes 4.2.2011 19:04:58
VBASE031.VDF : 7.11.2.80 2048 Bytes 4.2.2011 19:04:58
Engineversion : 8.2.4.162
AEVDF.DLL : 8.1.2.1 106868 Bytes 2.8.2010 15:09:56
AESCRIPT.DLL : 8.1.3.53 1282427 Bytes 4.2.2011 19:06:48
AESCN.DLL : 8.1.7.2 127349 Bytes 4.2.2011 19:06:38
AESBX.DLL : 8.1.3.2 254324 Bytes 4.2.2011 19:06:52
AERDL.DLL : 8.1.9.2 635252 Bytes 4.2.2011 19:06:34
AEPACK.DLL : 8.2.4.9 512374 Bytes 4.2.2011 19:06:24
AEOFFICE.DLL : 8.1.1.16 205179 Bytes 4.2.2011 19:06:18
AEHEUR.DLL : 8.1.2.73 3207541 Bytes 4.2.2011 19:06:16
AEHELP.DLL : 8.1.16.1 246134 Bytes 4.2.2011 19:05:22
AEGEN.DLL : 8.1.5.2 397683 Bytes 4.2.2011 19:05:18
AEEMU.DLL : 8.1.3.0 393589 Bytes 4.2.2011 19:05:12
AECORE.DLL : 8.1.19.2 196983 Bytes 4.2.2011 19:05:08
AEBB.DLL : 8.1.1.0 53618 Bytes 2.8.2010 15:09:50
AVWINLL.DLL : 10.0.0.0 19304 Bytes 2.8.2010 15:09:58
AVPREF.DLL : 10.0.0.0 44904 Bytes 2.8.2010 15:09:56
AVREP.DLL : 10.0.0.8 62209 Bytes 17.6.2010 14:27:14
AVREG.DLL : 10.0.3.2 53096 Bytes 2.8.2010 15:09:56
AVSCPLR.DLL : 10.0.3.1 83816 Bytes 2.8.2010 15:09:58
AVARKT.DLL : 10.0.0.14 227176 Bytes 2.8.2010 15:09:56
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 2.8.2010 15:09:56
SQLITE3.DLL : 3.6.19.0 355688 Bytes 17.6.2010 14:27:24
AVSMTP.DLL : 10.0.0.17 63848 Bytes 2.8.2010 15:09:58
NETNT.DLL : 10.0.0.0 11624 Bytes 17.6.2010 14:27:22
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28.1.2010 13:10:22
RCTEXT.DLL : 10.0.58.0 97128 Bytes 2.8.2010 15:10:10

Configuration settings for the scan:
Jobname.............................: Local Hard Disks
Configuration file..................: c:\program files\avira\antivir desktop\alldiscs.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, E:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: Intelligent file selection
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: 5. února 2011 07:31

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'gbtray.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'StarWindServiceAE.exe' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'crypserv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '396' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\Program Files\LegWinTym 1.26\Aplikace\xp.rar
[0] Archive type: RAR
[DETECTION] Is the TR/Tool.Wpakill.F Trojan
--> WPA_KILL 2.EXE
[DETECTION] Is the TR/Tool.Wpakill.F Trojan
C:\Program Files\LegWinTym 1.26\Aplikace\WGA- Legalizator\overeni-legwintym.exe
[DETECTION] Is the TR/Agent.1034861 Trojan
C:\System Volume Information\_restore{7A94F55C-7189-4DE7-A502-E3A3871DC189}\RP164\A0289628.exe
[DETECTION] Contains recognition pattern of the DR/ArchSMS.mbj dropper
C:\System Volume Information\_restore{7A94F55C-7189-4DE7-A502-E3A3871DC189}\RP164\A0289629.exe
[DETECTION] Contains recognition pattern of the DR/ArchSMS.mbj dropper
C:\System Volume Information\_restore{7A94F55C-7189-4DE7-A502-E3A3871DC189}\RP193\A0323799.exe
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{7A94F55C-7189-4DE7-A502-E3A3871DC189}\RP193\A0323800.exe
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{7A94F55C-7189-4DE7-A502-E3A3871DC189}\RP193\A0323801.exe
[DETECTION] Is the TR/Drop.Softomat.AN Trojan
C:\System Volume Information\_restore{7A94F55C-7189-4DE7-A502-E3A3871DC189}\RP193\A0323802.exe
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{7A94F55C-7189-4DE7-A502-E3A3871DC189}\RP193\A0323803.exe
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{7A94F55C-7189-4DE7-A502-E3A3871DC189}\RP193\A0323828.sys
[DETECTION] Is the TR/Rootkit.Gen3 Trojan
C:\System Volume Information\_restore{7A94F55C-7189-4DE7-A502-E3A3871DC189}\RP193\A0323965.exe
[DETECTION] Is the TR/Gendal.200704.BA Trojan
Begin scan in 'E:\' <Nový svazek>
E:\dočasná\l2control 3,5.rar
[0] Archive type: RAR
[DETECTION] Is the TR/Flood.ICQBomber.FZ Trojan
--> l2fish.exe
[DETECTION] Is the TR/Flood.ICQBomber.FZ Trojan
E:\dočasná\l2control.rar
[0] Archive type: RAR
[DETECTION] Is the TR/Flood.ICQBomber.FL Trojan
--> l2fish.exe
[DETECTION] Is the TR/Flood.ICQBomber.FL Trojan
E:\HALPEX\inject.dll
[DETECTION] Is the TR/ATRAPS.Gen Trojan
E:\HALPEX\l2phx.exe
[DETECTION] Is the TR/PSW.LdPinch.vgg Trojan
E:\M602\Movie Label 2009\MovieLabel.exe
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan

Beginning disinfection:
E:\M602\Movie Label 2009\MovieLabel.exe
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '4b8c5fac.qua'.
E:\HALPEX\l2phx.exe
[DETECTION] Is the TR/PSW.LdPinch.vgg Trojan
[NOTE] The file was moved to the quarantine directory under the name '536571ce.qua'.
E:\HALPEX\inject.dll
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '01302ae2.qua'.
E:\dočasná\l2control.rar
[DETECTION] Is the TR/Flood.ICQBomber.FL Trojan
[NOTE] The file was moved to the quarantine directory under the name '671e64e5.qua'.
E:\dočasná\l2control 3,5.rar
[DETECTION] Is the TR/Flood.ICQBomber.FZ Trojan
[NOTE] The file was moved to the quarantine directory under the name '229a49db.qua'.
C:\System Volume Information\_restore{7A94F55C-7189-4DE7-A502-E3A3871DC189}\RP193\A0323965.exe
[DETECTION] Is the TR/Gendal.200704.BA Trojan
[NOTE] The file was moved to the quarantine directory under the name '5d517bbb.qua'.
C:\System Volume Information\_restore{7A94F55C-7189-4DE7-A502-E3A3871DC189}\RP193\A0323828.sys
[DETECTION] Is the TR/Rootkit.Gen3 Trojan
[NOTE] The file was moved to the quarantine directory under the name '11e957f1.qua'.
C:\System Volume Information\_restore{7A94F55C-7189-4DE7-A502-E3A3871DC189}\RP193\A0323803.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '6df117a1.qua'.
C:\System Volume Information\_restore{7A94F55C-7189-4DE7-A502-E3A3871DC189}\RP193\A0323802.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '40ab38ec.qua'.
C:\System Volume Information\_restore{7A94F55C-7189-4DE7-A502-E3A3871DC189}\RP193\A0323801.exe
[DETECTION] Is the TR/Drop.Softomat.AN Trojan
[NOTE] The file was moved to the quarantine directory under the name '59c30376.qua'.
C:\System Volume Information\_restore{7A94F55C-7189-4DE7-A502-E3A3871DC189}\RP193\A0323800.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '359f2f46.qua'.
C:\System Volume Information\_restore{7A94F55C-7189-4DE7-A502-E3A3871DC189}\RP193\A0323799.exe
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '442616d3.qua'.
C:\System Volume Information\_restore{7A94F55C-7189-4DE7-A502-E3A3871DC189}\RP164\A0289629.exe
[DETECTION] Contains recognition pattern of the DR/ArchSMS.mbj dropper
[NOTE] The file was moved to the quarantine directory under the name '4a3d2614.qua'.
C:\System Volume Information\_restore{7A94F55C-7189-4DE7-A502-E3A3871DC189}\RP164\A0289628.exe
[DETECTION] Contains recognition pattern of the DR/ArchSMS.mbj dropper
[NOTE] The file was moved to the quarantine directory under the name '0f145f56.qua'.
C:\Program Files\LegWinTym 1.26\Aplikace\WGA- Legalizator\overeni-legwintym.exe
[DETECTION] Is the TR/Agent.1034861 Trojan
[NOTE] The file was moved to the quarantine directory under the name '06d05a47.qua'.
C:\Program Files\LegWinTym 1.26\Aplikace\xp.rar
[DETECTION] Is the TR/Tool.Wpakill.F Trojan
[NOTE] The file was moved to the quarantine directory under the name '5e5a4354.qua'.


End of the scan: 5. února 2011 08:22
Used time: 41:40 Minute(s)

The scan has been done completely.

3668 Scanned directories
187375 Files were scanned
16 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
16 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
187359 Files not concerned
4457 Archives were scanned
0 Warnings
16 Notes

Re: Motji pls help

Napsal: 05 úno 2011 09:28
od Frenki
HURÁ Opera uz jede
Odinstaloval jsem ji přes to Revo a uz to maká :D :worship:

Re: Motji pls help

Napsal: 05 úno 2011 09:34
od motji
Ještě prosím log Otl.txt :)

Re: Motji pls help

Napsal: 05 úno 2011 10:08
od Frenki
OTL.txt

OTL logfile created on: 5.2.2011 8:46:25 - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\vf\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

511,00 Mb Total Physical Memory | 268,00 Mb Available Physical Memory | 52,00% Memory free
982,00 Mb Paging File | 725,00 Mb Available in Paging File | 74,00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55,88 Gb Total Space | 18,35 Gb Free Space | 32,84% Space Free | Partition Type: FAT32
Drive E: | 74,53 Gb Total Space | 13,94 Gb Free Space | 18,70% Space Free | Partition Type: NTFS

Computer Name: VIT | User Name: vf | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.02.05 08:43:48 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\vf\Plocha\OTL.exe
PRC - [2011.01.20 16:20:34 | 000,426,840 | ---- | M] (IObit) -- C:\Program Files\IObit\Game Booster\gbtray.exe
PRC - [2010.08.02 16:10:02 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010.08.02 16:09:56 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.08.02 16:09:56 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.03.18 22:25:56 | 000,126,976 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\WINDOWS\system32\Crypserv.exe
PRC - [2010.01.14 22:11:02 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008.04.14 08:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.05.28 17:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2006.11.17 06:42:52 | 000,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2005.09.12 14:28:02 | 000,883,712 | ---- | M] () -- C:\Program Files\Avant Browser\avant.exe


========== Modules (SafeList) ==========

MOD - [2011.02.05 08:43:48 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\vf\Plocha\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [Auto | Stopped] -- -- (gupdate) Služba Google Update (gupdate)
SRV - [2010.08.02 16:10:02 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.08.02 16:09:56 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.03.18 22:25:56 | 000,126,976 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\WINDOWS\system32\Crypserv.exe -- (CrypKey License)
SRV - [2007.05.28 17:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Running] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)


========== Driver Services (SafeList) ==========

DRV - [2010.08.02 16:10:10 | 000,126,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.08.02 16:10:10 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.06.17 15:27:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.06.17 15:27:14 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2010.04.12 10:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2010.03.23 12:35:48 | 000,053,312 | -H-- | M] (microOLAP Technologies LTD) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pssdklbf.sys -- (PsSdkLBF)
DRV - [2010.03.23 12:35:48 | 000,036,928 | -H-- | M] (microOLAP Technologies LTD) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pssdk40.sys -- (PsSdk40)
DRV - [2010.03.19 01:11:12 | 000,023,360 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\ckldrv.sys -- (NetworkX)
DRV - [2009.12.28 17:24:12 | 000,721,904 | -H-- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2008.04.14 00:15:30 | 000,010,624 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008.04.14 00:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007.05.16 18:19:52 | 000,133,168 | ---- | M] (Ahead Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\imagesrv.sys -- (imagesrv)
DRV - [2007.05.16 18:19:50 | 000,011,568 | ---- | M] (Ahead Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\imagedrv.sys -- (imagedrv)
DRV - [2007.03.08 15:34:46 | 004,027,840 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004.08.03 22:31:36 | 000,032,768 | -H-- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2004.08.03 22:29:56 | 001,897,408 | -H-- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2001.08.17 22:00:04 | 000,002,944 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001.08.17 20:19:34 | 000,040,704 | -H-- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\es1371mp.sys -- (es1371) Creative AudioPCI (ES1371,ES1373) (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1960408961-1060284298-1460758035-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz
IE - HKU\S-1-5-21-1960408961-1060284298-1460758035-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2011.02.04 22:32:04 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-1960408961-1060284298-1460758035-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1960408961-1060284298-1460758035-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1960408961-1060284298-1460758035-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAddPrinter = 0
O7 - HKU\S-1-5-21-1960408961-1060284298-1460758035-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKU\S-1-5-21-1960408961-1060284298-1460758035-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPrinterTabs = 0
O7 - HKU\S-1-5-21-1960408961-1060284298-1460758035-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O7 - HKU\S-1-5-21-1960408961-1060284298-1460758035-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskBar = 0
O7 - HKU\S-1-5-21-1960408961-1060284298-1460758035-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\S-1-5-21-1960408961-1060284298-1460758035-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKU\S-1-5-21-1960408961-1060284298-1460758035-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0
O7 - HKU\S-1-5-21-1960408961-1060284298-1460758035-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1960408961-1060284298-1460758035-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1960408961-1060284298-1460758035-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoSecCpl = 0
O7 - HKU\S-1-5-21-1960408961-1060284298-1460758035-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoProfilePage = 0
O7 - HKU\S-1-5-21-1960408961-1060284298-1460758035-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoConfigPage = 0
O7 - HKU\S-1-5-21-1960408961-1060284298-1460758035-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDevMgrPage = 0
O7 - HKU\S-1-5-21-1960408961-1060284298-1460758035-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoFileSysPage = 0
O7 - HKU\S-1-5-21-1960408961-1060284298-1460758035-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoVirtMemPage = 0
O8 - Extra context menu item: Blokovat všechny obrázky ze stejného serveru - C:\Program Files\Avant Browser\AddAllToADBlackList.htm ()
O8 - Extra context menu item: Hledat - C:\Program Files\Avant Browser\Search.htm ()
O8 - Extra context menu item: Otevřít v nové instanci programu - C:\Program Files\Avant Browser\OpenInNewBrowser.htm ()
O8 - Extra context menu item: Otevřít všechny odkazy na této stránce... - C:\Program Files\Avant Browser\OpenAllLinks.htm ()
O8 - Extra context menu item: Přidat do seznamu blokovaných reklam - C:\Program Files\Avant Browser\AddToADBlackList.htm ()
O8 - Extra context menu item: Zvýraznit - C:\Program Files\Avant Browser\Highlight.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_17.dll (Sun Microsystems, Inc.)
O15 - HKLM\..Trusted Domains: mojebanka.cz ([*] https in Důvěryhodné servery)
O15 - HKU\S-1-5-21-1960408961-1060284298-1460758035-1003\..Trusted Domains: mojebanka.cz ([*] https in Důvěryhodné servery)
O15 - HKU\S-1-5-21-1960408961-1060284298-1460758035-1003\..Trusted Domains: mojebanka.cz ([www] https in Důvěryhodné servery)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\vf\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\vf\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (56308606093492224)

========== Files/Folders - Created Within 30 Days ==========

[2011.02.05 08:43:45 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\vf\Plocha\OTL.exe
[2011.02.05 08:35:37 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\vf\Recent
[2011.02.04 23:16:57 | 000,000,000 | -HSD | C] -- C:\Recycled
[2011.02.04 20:25:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2011.02.04 20:17:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\vf\Data aplikací\Avira
[2011.02.04 19:56:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Avira
[2011.02.04 19:56:21 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011.02.04 19:56:20 | 000,126,856 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011.02.04 19:56:20 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011.02.04 19:56:20 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2011.02.04 19:56:20 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2011.02.04 19:56:19 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011.02.04 19:56:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Avira
[2011.02.04 17:16:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\vf\Data aplikací\Malwarebytes
[2011.02.04 17:15:51 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011.02.04 17:15:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
[2011.02.04 17:15:47 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.02.04 17:15:47 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.02.04 14:30:55 | 000,000,000 | ---D | C] -- C:\Josef_Alois_Nahlovsky_-_Krusnohorske_pohadky
[2011.02.04 13:15:23 | 006,932,152 | ---- | C] (Xceed Software Inc. 1-450-442-2626 info@xceedsoft.com www.xceedsoft.com) -- C:\diktaty.exe
[2011.01.29 14:11:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Mafia
[2011.01.29 14:11:54 | 000,000,000 | ---D | C] -- C:\Program Files\Cenega Czech
[2011.01.19 15:58:02 | 000,000,000 | ---D | C] -- C:\system
[2011.01.17 17:28:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Game Booster
[2011.01.17 17:28:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\IObit
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[102 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.02.05 08:43:48 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\vf\Plocha\OTL.exe
[2011.02.05 08:38:14 | 000,000,432 | -H-- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2011.02.05 08:38:10 | 000,000,242 | ---- | M] () -- C:\WINDOWS\tasks\Game_Booster_Startup.job
[2011.02.05 08:38:02 | 000,002,048 | -H-- | M] () -- C:\WINDOWS\bootstat.dat
[2011.02.05 08:37:58 | 536,399,872 | -HS- | M] () -- C:\hiberfil.sys
[2011.02.05 08:37:58 | 000,095,864 | -H-- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.02.05 08:33:02 | 000,210,944 | ---- | M] () -- C:\Documents and Settings\vf\Plocha\T-Cleaner.exe
[2011.02.04 23:21:10 | 000,006,119 | -H-- | M] () -- C:\WINDOWS\WINCMD.INI
[2011.02.04 23:18:20 | 000,000,496 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Opera.lnk
[2011.02.04 19:56:42 | 000,001,611 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Avira AntiVir Control Center.lnk
[2011.02.04 17:15:52 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2011.02.04 16:40:56 | 000,000,069 | -H-- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011.02.04 14:50:38 | 000,014,256 | ---- | M] () -- C:\Documents and Settings\vf\Dokumenty\default (12).htm
[2011.02.03 16:08:56 | 000,000,468 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for vf.job
[2011.01.29 14:11:58 | 000,000,591 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Mafia.lnk
[2011.01.29 07:31:26 | 000,000,083 | ---- | M] () -- C:\WINDOWS\0x.ini
[2011.01.27 15:41:10 | 000,002,206 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.01.24 18:14:26 | 000,000,888 | ---- | M] () -- C:\Documents and Settings\vf\Local Settings\Data aplikací\SRDownloader.nast
[2011.01.24 18:11:34 | 698,651,760 | ---- | M] () -- C:\moulové.avi
[2011.01.24 17:50:54 | 000,011,035 | ---- | M] () -- C:\Documents and Settings\vf\Local Settings\Data aplikací\SRDownloader.err
[2011.01.24 15:43:40 | 712,628,736 | ---- | M] () -- C:\7 Trpasliku - upload by Dodos PCE.avi
[2011.01.24 15:28:04 | 873,873,842 | ---- | M] () -- C:\Sněhurka a sedm trpaslíků (1937).avi
[2011.01.24 14:38:00 | 734,027,776 | ---- | M] () -- C:\snehurka.jak.to.bylo.dal.xvid.CZ.1993.avi
[2011.01.24 13:56:40 | 886,789,632 | ---- | M] () -- C:\invaze_2002.avi
[2011.01.24 13:30:04 | 730,139,510 | ---- | M] () -- C:\Knih.prez.avi
[2011.01.24 13:13:58 | 734,552,064 | ---- | M] () -- C:\Centurion.2010.DVDRip.XviD.CZ.MY.avi
[2011.01.24 13:02:44 | 832,834,810 | ---- | M] () -- C:\Punisher.War.Zone.2008.DVDrip.XviD.xXx.CZ.avi
[2011.01.24 13:01:40 | 730,339,470 | ---- | M] () -- C:\Andele.a.slunce.2006.DVDRip.XviD.CZ-CiBULATOR679-up.by.pablos.avi
[2011.01.24 11:51:46 | 749,498,368 | ---- | M] () -- C:\Blbec k veceri.avi
[2011.01.21 15:41:34 | 000,051,712 | ---- | M] () -- C:\Documents and Settings\vf\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.01.17 17:28:44 | 000,000,725 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Switch to Gaming Mode.lnk
[2011.01.17 17:28:44 | 000,000,713 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Game Booster.lnk
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[102 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.02.05 08:33:01 | 000,210,944 | ---- | C] () -- C:\Documents and Settings\vf\Plocha\T-Cleaner.exe
[2011.02.04 23:18:18 | 000,000,502 | ---- | C] () -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Opera.lnk
[2011.02.04 23:18:18 | 000,000,496 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Opera.lnk
[2011.02.04 19:56:41 | 000,001,611 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Avira AntiVir Control Center.lnk
[2011.02.04 17:15:51 | 000,000,688 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2011.02.04 14:50:36 | 000,014,256 | ---- | C] () -- C:\Documents and Settings\vf\Dokumenty\default (12).htm
[2011.01.29 14:11:57 | 000,000,591 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Mafia.lnk
[2011.01.24 18:00:47 | 698,651,760 | ---- | C] () -- C:\moulové.avi
[2011.01.24 15:33:23 | 712,628,736 | ---- | C] () -- C:\7 Trpasliku - upload by Dodos PCE.avi
[2011.01.24 15:14:11 | 873,873,842 | ---- | C] () -- C:\Sněhurka a sedm trpaslíků (1937).avi
[2011.01.24 14:27:26 | 734,027,776 | ---- | C] () -- C:\snehurka.jak.to.bylo.dal.xvid.CZ.1993.avi
[2011.01.24 13:43:22 | 886,789,632 | ---- | C] () -- C:\invaze_2002.avi
[2011.01.24 13:18:23 | 730,139,510 | ---- | C] () -- C:\Knih.prez.avi
[2011.01.24 13:01:40 | 734,552,064 | ---- | C] () -- C:\Centurion.2010.DVDRip.XviD.CZ.MY.avi
[2011.01.24 12:41:02 | 730,339,470 | ---- | C] () -- C:\Andele.a.slunce.2006.DVDRip.XviD.CZ-CiBULATOR679-up.by.pablos.avi
[2011.01.24 12:39:36 | 832,834,810 | ---- | C] () -- C:\Punisher.War.Zone.2008.DVDrip.XviD.xXx.CZ.avi
[2011.01.24 11:40:34 | 749,498,368 | ---- | C] () -- C:\Blbec k veceri.avi
[2011.01.17 17:28:54 | 000,000,242 | ---- | C] () -- C:\WINDOWS\tasks\Game_Booster_Startup.job
[2010.12.26 05:07:57 | 000,008,989 | ---- | C] () -- C:\Documents and Settings\vf\Local Settings\Data aplikací\SRDownloader (2).err
[2010.12.26 04:40:30 | 000,000,864 | ---- | C] () -- C:\Documents and Settings\vf\Local Settings\Data aplikací\SRDownloader (2).nast
[2010.12.04 17:14:21 | 000,000,880 | ---- | C] () -- C:\Documents and Settings\vf\Local Settings\Data aplikací\SRDownloader (1).nast
[2010.10.30 19:35:09 | 000,000,832 | ---- | C] () -- C:\Documents and Settings\vf\Local Settings\Data aplikací\13.nast
[2010.10.30 19:35:01 | 000,000,046 | ---- | C] () -- C:\Documents and Settings\vf\Local Settings\Data aplikací\13.err
[2010.10.17 10:46:33 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2010.10.17 10:46:28 | 000,056,320 | R--- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2010.10.16 08:08:44 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2010.09.25 15:22:00 | 000,011,035 | ---- | C] () -- C:\Documents and Settings\vf\Local Settings\Data aplikací\SRDownloader.err
[2010.09.25 15:17:14 | 000,000,888 | ---- | C] () -- C:\Documents and Settings\vf\Local Settings\Data aplikací\SRDownloader.nast
[2010.09.11 12:20:13 | 000,000,083 | ---- | C] () -- C:\WINDOWS\0x.ini
[2010.08.29 16:51:41 | 000,000,047 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
[2010.08.29 16:51:39 | 000,023,360 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys
[2010.07.08 13:20:13 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2010.05.01 09:54:09 | 000,005,079 | ---- | C] () -- C:\WINDOWS\l2control.ini
[2010.04.09 08:24:07 | 000,000,330 | ---- | C] () -- C:\WINDOWS\l2net.ini
[2010.01.05 09:38:31 | 000,020,611 | -H-- | C] () -- C:\WINDOWS\System32\mvastnet.dll
[2009.12.24 05:44:08 | 000,057,344 | -H-- | C] () -- C:\WINDOWS\System32\wmsprog.dll
[2009.11.07 10:12:32 | 000,000,112 | -H-- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2009.09.25 12:45:36 | 000,000,287 | -H-- | C] () -- C:\WINDOWS\game.ini
[2009.09.25 07:41:23 | 001,806,336 | ---- | C] () -- C:\Program Files\HellShare.exe
[2009.09.24 13:07:07 | 000,000,069 | -H-- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.09.24 08:01:30 | 000,000,092 | -H-- | C] () -- C:\WINDOWS\CMISETUP.INI
[2009.09.24 08:01:29 | 000,000,026 | -H-- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2009.09.24 08:01:26 | 000,000,054 | -H-- | C] () -- C:\WINDOWS\Wininit.ini
[2009.09.24 08:01:20 | 000,028,672 | -H-- | C] () -- C:\WINDOWS\CMIRmDriver.dll
[2009.09.22 16:23:08 | 000,051,712 | ---- | C] () -- C:\Documents and Settings\vf\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.09.22 11:12:00 | 000,004,249 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003.08.14 08:46:30 | 000,000,504 | -H-- | C] () -- C:\WINDOWS\mamba.ini
[2003.08.13 05:45:50 | 000,000,028 | -H-- | C] () -- C:\WINDOWS\boxworld.ini
[2003.08.13 05:44:05 | 000,000,131 | -H-- | C] () -- C:\WINDOWS\chess.ini
[2003.08.13 05:38:54 | 000,000,298 | -H-- | C] () -- C:\WINDOWS\pent.ini
[2003.08.13 05:33:51 | 000,000,020 | -H-- | C] () -- C:\WINDOWS\entpack.ini
[2003.08.13 05:31:03 | 000,000,163 | -H-- | C] () -- C:\WINDOWS\games.ini
[2003.08.13 05:30:43 | 000,000,062 | -H-- | C] () -- C:\WINDOWS\soko.ini
[2003.08.11 00:10:28 | 000,006,119 | -H-- | C] () -- C:\WINDOWS\WINCMD.INI
[2003.02.19 01:26:28 | 000,028,672 | -H-- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll

========== LOP Check ==========

[2003.08.11 00:26:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ESET
[2003.08.11 00:57:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\IM
[2003.08.11 00:58:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
[2009.09.24 07:40:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\DriverScanner
[2009.10.05 11:34:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\IncrediMail
[2009.12.24 05:39:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2010.01.05 08:47:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ICQ
[2010.05.02 20:19:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\avg9
[2010.06.30 06:58:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\{66E2F539-12B6-4870-A500-7689CDE75C5E}
[2010.08.29 16:51:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\AceReader Pro
[2011.01.17 17:28:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\IObit
[2009.09.22 12:23:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vf\Data aplikací\Opera
[2003.08.11 00:27:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vf\Data aplikací\ESET
[2009.09.24 07:40:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vf\Data aplikací\Uniblue
[2010.09.04 14:27:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vf\Data aplikací\com.youneedabudget.YNAB3.Live.9C763150EFAB05FD2A2B78705C7A54E2FCDDE07D.1
[2010.10.11 09:48:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vf\Data aplikací\IObit
[2010.10.18 11:24:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vf\Data aplikací\TS3Client
[2010.12.29 11:05:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vf\Data aplikací\Avant Browser
[2003.08.16 05:13:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Data aplikací\Opera
[2010.03.15 09:35:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Data aplikací\ESET
[2010.12.26 03:45:42 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\Tasks\RegCure.job
[2011.02.05 08:38:14 | 000,000,432 | -H-- | M] () -- C:\WINDOWS\Tasks\RegCure Program Check.job
[2011.02.05 08:38:10 | 000,000,242 | ---- | M] () -- C:\WINDOWS\Tasks\Game_Booster_Startup.job

========== Purity Check ==========



========== Custom Scans ==========


< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >

< c:\windows\*.* /U >
[102 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >
[2010.04.29 18:09:00 | 006,932,152 | ---- | M] (Xceed Software Inc. 1-450-442-2626 info@xceedsoft.com www.xceedsoft.com) -- C:\diktaty.exe
[2001.05.24 12:59:30 | 000,162,304 | ---- | M] () -- C:\UNWISE.EXE
[2009.02.03 10:32:28 | 003,550,592 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\procexp.exe

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2009.09.22 11:11:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vf\Data aplikací\Microsoft
[2009.09.22 11:46:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vf\Data aplikací\Identities
[2009.09.22 12:23:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vf\Data aplikací\Opera
[2009.09.22 12:26:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vf\Data aplikací\Adobe
[2009.09.22 12:26:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vf\Data aplikací\Macromedia
[2003.08.11 00:27:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vf\Data aplikací\ESET
[2009.09.24 07:40:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vf\Data aplikací\Uniblue
[2009.09.24 08:46:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vf\Data aplikací\Ahead
[2009.09.24 14:38:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vf\Data aplikací\vlc
[2009.09.25 09:06:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vf\Data aplikací\WinRAR
[2009.09.25 15:01:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vf\Data aplikací\dvdcss
[2009.09.25 22:36:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vf\Data aplikací\U3
[2009.09.28 20:49:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vf\Data aplikací\Ventrilo
[2009.10.14 05:58:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vf\Data aplikací\Sun
[2010.01.05 08:47:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vf\Data aplikací\Mozilla
[2010.03.15 09:49:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vf\Data aplikací\DivX
[2010.05.19 19:48:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vf\Data aplikací\Help
[2010.07.08 13:04:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vf\Data aplikací\InstallShield
[2010.09.04 14:27:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vf\Data aplikací\com.youneedabudget.YNAB3.Live.9C763150EFAB05FD2A2B78705C7A54E2FCDDE07D.1
[2010.10.11 09:48:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vf\Data aplikací\IObit
[2010.10.18 11:24:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vf\Data aplikací\TS3Client
[2010.12.29 11:05:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vf\Data aplikací\Avant Browser
[2011.02.04 17:16:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vf\Data aplikací\Malwarebytes
[2011.02.04 20:17:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\vf\Data aplikací\Avira

< %APPDATA%\*.exe /s >
[2003.08.11 00:32:56 | 000,000,766 | ---- | M] () -- C:\Documents and Settings\vf\Data aplikací\Microsoft\Installer\{7339E7E7-FB6A-46EC-8303-D31E655EF617}\_124305e.exe
[2003.08.11 00:32:56 | 000,001,078 | ---- | M] () -- C:\Documents and Settings\vf\Data aplikací\Microsoft\Installer\{7339E7E7-FB6A-46EC-8303-D31E655EF617}\_440d491c.exe
[2003.08.11 00:32:56 | 000,001,078 | ---- | M] () -- C:\Documents and Settings\vf\Data aplikací\Microsoft\Installer\{7339E7E7-FB6A-46EC-8303-D31E655EF617}\_4d064db7.exe
[2003.08.11 00:32:56 | 000,000,766 | ---- | M] () -- C:\Documents and Settings\vf\Data aplikací\Microsoft\Installer\{7339E7E7-FB6A-46EC-8303-D31E655EF617}\_154754de.exe
[2003.08.11 00:32:56 | 000,000,766 | ---- | M] () -- C:\Documents and Settings\vf\Data aplikací\Microsoft\Installer\{7339E7E7-FB6A-46EC-8303-D31E655EF617}\_39b32d12.exe
[2003.08.11 00:32:56 | 000,000,766 | ---- | M] () -- C:\Documents and Settings\vf\Data aplikací\Microsoft\Installer\{7339E7E7-FB6A-46EC-8303-D31E655EF617}\_74d4dc8.exe
[2006.08.15 10:15:04 | 000,110,592 | ---- | M] () -- C:\Documents and Settings\vf\Data aplikací\U3\01D10470D2B32898\cleanup.exe
[2007.02.19 11:36:04 | 003,477,504 | ---- | M] () -- C:\Documents and Settings\vf\Data aplikací\U3\01D10470D2B32898\Launchpad.exe
[2006.10.12 16:38:42 | 000,049,152 | ---- | M] () -- C:\Documents and Settings\vf\Data aplikací\U3\01D10470D2B32898\U3AccessGrant.exe
[2006.08.15 10:15:04 | 000,110,592 | ---- | M] () -- C:\Documents and Settings\vf\Data aplikací\U3\temp\cleanup.exe


< MD5 for: AGP440.SYS >
[1980.01.01 00:00:00 | 018,786,869 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.04.14 09:10:02 | 020,102,206 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.04.14 09:10:02 | 020,102,206 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.14 00:06:40 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[1980.01.01 00:00:00 | 018,786,869 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.04.14 09:10:02 | 020,102,206 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 09:10:02 | 020,102,206 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | -H-- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: CDROM.SYS >
[1980.01.01 00:00:00 | 018,786,869 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2008.04.14 09:10:02 | 020,102,206 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008.04.14 09:10:02 | 020,102,206 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008.04.14 00:10:48 | 000,062,976 | -H-- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008.04.14 00:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys

< MD5 for: CRYPTSVC.DLL >
[2008.04.14 08:51:40 | 000,062,464 | -H-- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[2008.04.14 08:51:40 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2008.04.14 08:51:42 | 000,056,320 | -H-- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 08:51:42 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008.04.14 08:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 08:52:24 | 001,034,240 | -H-- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe

< MD5 for: HAL.DLL >
[1980.01.01 00:00:00 | 018,786,869 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2008.04.14 09:10:02 | 020,102,206 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2008.04.14 09:10:02 | 020,102,206 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll
[2008.04.14 00:01:34 | 000,105,344 | -H-- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll
[2008.04.14 00:01:28 | 000,081,152 | -H-- | M] (Microsoft Corporation) MD5=C4BA879B581BE34536FE01F79AC28631 -- C:\WINDOWS\system32\HAL.DLL

< MD5 for: CHANGER.SYS >
[1980.01.01 00:00:00 | 018,786,869 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2008.04.14 09:10:02 | 020,102,206 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
[2008.04.14 09:10:02 | 020,102,206 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Changer.sys
[2008.04.14 00:11:00 | 000,008,192 | -H-- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\ServicePackFiles\i386\changer.sys

< MD5 for: ISAPNP.SYS >
[2008.04.14 09:10:02 | 020,102,206 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2008.04.14 09:10:02 | 020,102,206 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:isapnp.sys
[2008.04.14 07:57:54 | 000,037,248 | -H-- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\ServicePackFiles\i386\isapnp.sys
[2008.04.14 07:57:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\drivers\isapnp.sys

< MD5 for: LSASS.EXE >
[2008.04.14 08:52:30 | 000,013,312 | -H-- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[2008.04.14 08:52:30 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\lsass.exe

< MD5 for: NDIS.SYS >
[2008.04.14 00:50:38 | 000,182,656 | -H-- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008.04.14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys

< MD5 for: NETLOGON.DLL >
[2008.04.14 08:51:52 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 08:51:52 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008.04.14 08:51:56 | 000,185,856 | -H-- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 08:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SMSS.EXE >
[2004.08.17 15:49:28 | 000,164,864 | ---- | M] (Microsoft Corporation) MD5=3C100B7FDB179B63829103DF6541337F -- C:\cmdcons\SYSTEM32\SMSS.EXE
[2008.04.14 08:52:48 | 000,050,688 | -H-- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\ServicePackFiles\i386\smss.exe
[2008.04.14 08:52:48 | 000,050,688 | -H-- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\smss.exe

< MD5 for: SVCHOST.EXE >
[2008.04.14 08:52:50 | 000,014,336 | -H-- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008.04.14 08:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: TCPIP.SYS >
[2006.01.13 19:07:08 | 000,360,448 | -H-- | M] (Microsoft Corporation) MD5=5562CC0A47B2AEF06D3417B733F3C195 -- C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[2005.05.25 21:07:12 | 000,359,936 | -H-- | M] (Microsoft Corporation) MD5=63FDFEA54EB53DE2D863EE454937CE1E -- C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[2008.04.14 00:50:18 | 000,361,344 | -H-- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.04.14 00:50:18 | 000,361,344 | -H-- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | -H-- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[2006.04.20 14:18:36 | 000,360,576 | -H-- | M] (Microsoft Corporation) MD5=B2220C618B42A2212A59D91EBD6FC4B4 -- C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.04.14 08:52:52 | 000,026,112 | -H-- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 08:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008.04.14 08:52:54 | 000,507,904 | -H-- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 08:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WS2_32.DLL >
[2008.04.14 08:52:08 | 000,082,432 | -H-- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008.04.14 08:52:08 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009.09.22 11:09:16 | 000,442,368 | -H-- | M] () -- C:\WINDOWS\system32\config\system.sav
[2009.09.22 11:09:16 | 000,663,552 | -H-- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009.09.22 11:09:16 | 000,094,208 | -H-- | M] () -- C:\WINDOWS\system32\config\default.sav

< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2011.02.05 08:37:58 | 000,095,864 | -H-- | M] () -- C:\WINDOWS\system32\FNTCACHE.DAT
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< >

< End of report >
:D

Re: Motji pls help

Napsal: 05 úno 2011 10:42
od motji
Otestuj na www.virustotal.com
C:\Documents and Settings\vf\Data aplikací\U3\temp\cleanup.exe
C:\Documents and Settings\vf\Data aplikací\Microsoft\Installer\{7339E7E7-FB6A-46EC-8303-D31E655EF617}\_154754de.exe
C:\Documents and Settings\vf\Data aplikací\Microsoft\Installer\{7339E7E7-FB6A-46EC-8303-D31E655EF617}\_4d064db7.exe
C:\UNWISE.EXE



Vidím tam zbytky po AVG a Esetu, zkusím to pak vyčistit a uvidíme.
teď jdu vařit :)

Re: Motji pls help

Napsal: 06 úno 2011 13:43
od Frenki
Ahojky tak jsem konečně z5

Ten poslední soubor obsahuje vir

http://www.virustotal.com/file-scan/rep ... 1296995887 :(

Re: Motji pls help

Napsal: 06 úno 2011 22:18
od motji
:arrow: Spustte OTL
-do bílého okna dole skopírujte tento skript:

Kód: Vybrat vše

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

:files
C:\WINDOWS\system32\*.tmp.dll /s
C:\WINDOWS\system32\SET*.tmp /s
C:\WINDOWS\*.tmp /s
C:\Documents and Settings\vf\Data aplikací\ESET
C:\Documents and Settings\All Users\Data aplikací\avg9

:commands
[resethosts]
[emptytemp]
[EMPTYFLASH]
[Reboot]

-klikněte na tlačítko opravit.
-Následně se pc restartuje.
- Log vložte zde :)



Vidíš, já přehlédla, že už Ti jde, ale ten skript proveď.

Re: Motji pls help

Napsal: 07 úno 2011 18:15
od Frenki
Tak o5 zde mezi tim mi kamoska prinesla pc k opravě.to jsem se zapotil ale rozchodil jsem to jen jsem nemohl instalovat Mbam a combofix taky hlasil problemy ale zatim ji to maka mnela to bez jakehokoli antiviru :) přes moje důrazné upozornění

tak ted z5 k nasemu

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
========== FILES ==========
File\Folder C:\WINDOWS\system32\*.tmp.dll not found.
File\Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\SET3.tmp moved successfully.
C:\WINDOWS\SET4.tmp moved successfully.
C:\WINDOWS\SET8.tmp moved successfully.
C:\WINDOWS\SET25.tmp moved successfully.
C:\WINDOWS\SET26.tmp moved successfully.
C:\WINDOWS\SET27.tmp moved successfully.
C:\WINDOWS\SET28.tmp moved successfully.
C:\WINDOWS\SET29.tmp moved successfully.
C:\WINDOWS\SET2A.tmp moved successfully.
C:\WINDOWS\SET2B.tmp moved successfully.
C:\WINDOWS\SET2C.tmp moved successfully.
C:\WINDOWS\SET2D.tmp moved successfully.
C:\WINDOWS\002854_.tmp moved successfully.
C:\WINDOWS\SET2E.tmp moved successfully.
C:\WINDOWS\SET2F.tmp moved successfully.
C:\WINDOWS\SET30.tmp moved successfully.
C:\WINDOWS\SET31.tmp moved successfully.
C:\WINDOWS\SET32.tmp moved successfully.
C:\WINDOWS\SET33.tmp moved successfully.
C:\WINDOWS\SET34.tmp moved successfully.
C:\WINDOWS\SET35.tmp moved successfully.
C:\WINDOWS\SET36.tmp moved successfully.
C:\WINDOWS\SET37.tmp moved successfully.
C:\WINDOWS\SET38.tmp moved successfully.
C:\WINDOWS\SET39.tmp moved successfully.
C:\WINDOWS\SET3A.tmp moved successfully.
C:\WINDOWS\SET3B.tmp moved successfully.
C:\WINDOWS\SET3C.tmp moved successfully.
C:\WINDOWS\SET3D.tmp moved successfully.
C:\WINDOWS\SET3E.tmp moved successfully.
C:\WINDOWS\SET3F.tmp moved successfully.
C:\WINDOWS\SET40.tmp moved successfully.
C:\WINDOWS\SET41.tmp moved successfully.
C:\WINDOWS\SET42.tmp moved successfully.
C:\WINDOWS\SET43.tmp moved successfully.
C:\WINDOWS\SET44.tmp moved successfully.
C:\WINDOWS\SET45.tmp moved successfully.
C:\WINDOWS\SET46.tmp moved successfully.
C:\WINDOWS\SET47.tmp moved successfully.
C:\WINDOWS\SET48.tmp moved successfully.
C:\WINDOWS\SET49.tmp moved successfully.
C:\WINDOWS\SET4A.tmp moved successfully.
C:\WINDOWS\SET4B.tmp moved successfully.
C:\WINDOWS\SET4C.tmp moved successfully.
C:\WINDOWS\SET4D.tmp moved successfully.
C:\WINDOWS\SET4E.tmp moved successfully.
C:\WINDOWS\SET4F.tmp moved successfully.
C:\WINDOWS\SET50.tmp moved successfully.
C:\WINDOWS\SET51.tmp moved successfully.
C:\WINDOWS\SET52.tmp moved successfully.
C:\WINDOWS\SET53.tmp moved successfully.
C:\WINDOWS\SET54.tmp moved successfully.
C:\WINDOWS\SET55.tmp moved successfully.
C:\WINDOWS\SET56.tmp moved successfully.
C:\WINDOWS\SET57.tmp moved successfully.
C:\WINDOWS\SET58.tmp moved successfully.
C:\WINDOWS\SET59.tmp moved successfully.
C:\WINDOWS\SET5A.tmp moved successfully.
C:\WINDOWS\SET5B.tmp moved successfully.
C:\WINDOWS\SET5C.tmp moved successfully.
C:\WINDOWS\SET5D.tmp moved successfully.
C:\WINDOWS\SET5E.tmp moved successfully.
C:\WINDOWS\SET5F.tmp moved successfully.
C:\WINDOWS\SET60.tmp moved successfully.
C:\WINDOWS\SET61.tmp moved successfully.
C:\WINDOWS\SET62.tmp moved successfully.
C:\WINDOWS\SET63.tmp moved successfully.
C:\WINDOWS\SET64.tmp moved successfully.
C:\WINDOWS\SET65.tmp moved successfully.
C:\WINDOWS\SET66.tmp moved successfully.
C:\WINDOWS\SET67.tmp moved successfully.
C:\WINDOWS\SET68.tmp moved successfully.
C:\WINDOWS\SET69.tmp moved successfully.
C:\WINDOWS\SET6A.tmp moved successfully.
C:\WINDOWS\SET6B.tmp moved successfully.
C:\WINDOWS\SET6C.tmp moved successfully.
C:\WINDOWS\SET6D.tmp moved successfully.
C:\WINDOWS\SET6E.tmp moved successfully.
C:\WINDOWS\SET6F.tmp moved successfully.
C:\WINDOWS\SET70.tmp moved successfully.
C:\WINDOWS\SET71.tmp moved successfully.
C:\WINDOWS\SET72.tmp moved successfully.
C:\WINDOWS\SET73.tmp moved successfully.
C:\WINDOWS\SET74.tmp moved successfully.
C:\WINDOWS\SET75.tmp moved successfully.
C:\WINDOWS\SET76.tmp moved successfully.
C:\WINDOWS\SET77.tmp moved successfully.
C:\WINDOWS\SET78.tmp moved successfully.
C:\WINDOWS\SET79.tmp moved successfully.
C:\WINDOWS\SET7A.tmp moved successfully.
C:\WINDOWS\SET7B.tmp moved successfully.
C:\WINDOWS\SET7C.tmp moved successfully.
C:\WINDOWS\SET7D.tmp moved successfully.
C:\WINDOWS\SET7E.tmp moved successfully.
C:\WINDOWS\SET7F.tmp moved successfully.
C:\WINDOWS\SET80.tmp moved successfully.
C:\WINDOWS\SET81.tmp moved successfully.
C:\WINDOWS\SET82.tmp moved successfully.
C:\WINDOWS\SET83.tmp moved successfully.
C:\WINDOWS\SET84.tmp moved successfully.
C:\WINDOWS\SET85.tmp moved successfully.
C:\WINDOWS\SET86.tmp moved successfully.
C:\WINDOWS\CSC\csc1.tmp moved successfully.
C:\WINDOWS\system32\d3d9caps.tmp moved successfully.
C:\WINDOWS\system32\CONFIG.TMP moved successfully.
C:\WINDOWS\system32\Com\COM3F2.tmp moved successfully.
C:\Documents and Settings\vf\Data aplikací\ESET\ESET Smart Security\Antispam folder moved successfully.
C:\Documents and Settings\vf\Data aplikací\ESET\ESET Smart Security folder moved successfully.
C:\Documents and Settings\vf\Data aplikací\ESET folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\avg9\Dumps folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\avg9\Temp folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\avg9\Log folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\avg9\CfgAll folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\avg9\Cfg folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\avg9\admincli folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\avg9\AvgApi folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\avg9\AvgAm folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\avg9\emc\Queue\IN\10110 folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\avg9\emc\Queue\IN folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\avg9\emc\Queue\OUT folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\avg9\emc\Queue\ACTIVE folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\avg9\emc\Queue\TEMP folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\avg9\emc\Queue folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\avg9\emc\Log folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\avg9\emc folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\avg9\update\backup folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\avg9\update\prepare\temp folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\avg9\update\prepare folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\avg9\update folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\avg9\scanlogs folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\avg9 folder moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56504 bytes

User: All Users

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: vf
->Temp folder emptied: 5722668 bytes
->Temporary Internet Files folder emptied: 9508426 bytes
->Java cache emptied: 0 bytes
->Opera cache emptied: 44225830 bytes
->Flash cache emptied: 2509 bytes

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Opera cache emptied: 10176207 bytes
->Flash cache emptied: 564 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16384 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34306 bytes
RecycleBin emptied: 136418518 bytes

Total Files Cleaned = 197,00 mb


[EMPTYFLASH]

User: Default User
->Flash cache emptied: 0 bytes

User: All Users

User: NetworkService

User: LocalService

User: vf
->Flash cache emptied: 0 bytes

User: Administrator

User: Guest
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.20.6 log created on 02072011_180624

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Re: Motji pls help

Napsal: 07 úno 2011 22:07
od motji
tys mi do toho začal fušovat? :D . prosím tě, pokud jsi dělal a combofix, postni mi sem pak log, určitě víš kde hledat, pokud jí to nešlo spustit, tak tam toho bude mít.

Co Tvoje pc?Vše v pořádku?
:arrow: Ještě znovu spustte OTL, klikněte na tlačítko vyčisti, uklidí po sobě :)

:arrow: Poprosím o nový log ze rsitu

Re: Motji pls help

Napsal: 08 úno 2011 10:14
od Frenki
Kamarádka uz si PC odvezla,už běhá dobře.Ale dám jí kontakt na tebe a povedeš ji krok za krokem.Moje pc-tedy našeho malého už běhá dobře.Jen mám malý problém,při startu PC se pokaždé oběví 2 okna desktop-poznámkový blok nevím čím to je dělá to asi půl roku.Nějak to způsobila naše 3.letá dcerka :)Jinak bydlím na vesnici tak mi sem nosí PC k opravám široké okolí. :D

Tady je ještě ten RSIT

Logfile of random's system information tool 1.06 (written by random/random)
Run by vf at 2011-02-08 10:07:00
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 19 GB (33%) free of 57 GB
Total RAM: 511 MB (49% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:07:10, on 8.2.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\IObit\Game Booster\gbtray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Opera\opera.exe
C:\WINDOWS\system32\wscntfy.exe
C:\totalcmd\TOTALCMD.EXE
C:\INSTALCE\RSIT.exe
C:\Program Files\trend micro\vf.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Blokovat všechny obrázky ze stejného serveru - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Hledat - C:\Program Files\Avant Browser\Search.htm
O8 - Extra context menu item: Otevřít v nové instanci programu - C:\Program Files\Avant Browser\OpenInNewBrowser.htm
O8 - Extra context menu item: Otevřít všechny odkazy na této stránce... - C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Přidat do seznamu blokovaných reklam - C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Zvýraznit - C:\Program Files\Avant Browser\Highlight.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: CrypKey License - CrypKey (Canada) Ltd. - C:\WINDOWS\system32\crypserv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 4922 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\RegCure.job
C:\WINDOWS\tasks\RegCure Program Check.job
C:\WINDOWS\tasks\Norton Security Scan for vf.job
C:\WINDOWS\tasks\Game_Booster_Startup.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-11-05 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2006-11-17 577536]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-08-02 281768]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe [2010-08-10 2349776]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-05-16 153136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-04-13 1135912]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
C:\Program Files\IncrediMail\bin\IncMail.exe [2009-07-15 251264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2001-10-26 3584]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoSecCpl"=0
"NoProfilePage"=0
"NoConfigPage"=0
"NoDevMgrPage"=0
"NoFileSysPage"=0
"NoVirtMemPage"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoAddPrinter"=0
"NoDeletePrinter"=0
"NoPrinterTabs"=0
"NoFavoritesMenu"=0
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\IncrediMail\bin\ImApp.exe"="C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\WINDOWS\System32\usmt\migwiz.exe"="C:\WINDOWS\System32\usmt\migwiz.exe:*:Enabled:Průvodce přenesením souborů a nastavení"
"C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe"="C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe:*:Disabled:CoD2MP_s"
"C:\WINDOWS\System32\mmc.exe"="C:\WINDOWS\System32\mmc.exe:*:Enabled:Konzola Microsoft Management Console"
"C:\WINDOWS\System32\dpvsetup.exe"="C:\WINDOWS\System32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2011-02-08 10:07:01 ----D---- C:\Program Files\trend micro
2011-02-08 10:07:00 ----D---- C:\rsit
2011-02-05 09:24:35 ----D---- C:\Program Files\Opera
2011-02-05 09:18:23 ----D---- C:\Program Files\VS Revo Group
2011-02-04 23:16:57 ----SHD---- C:\Recycled
2011-02-04 20:25:04 ----D---- C:\WINDOWS\system32\NtmsData
2011-02-04 20:17:13 ----D---- C:\Documents and Settings\vf\Data aplikací\Avira
2011-02-04 19:56:19 ----D---- C:\Program Files\Avira
2011-02-04 19:56:19 ----D---- C:\Documents and Settings\All Users\Data aplikací\Avira
2011-02-04 17:16:01 ----D---- C:\Documents and Settings\vf\Data aplikací\Malwarebytes
2011-02-04 17:15:50 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2011-02-04 17:15:47 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-02-04 14:30:55 ----D---- C:\Josef_Alois_Nahlovsky_-_Krusnohorske_pohadky
2011-02-04 13:15:23 ----A---- C:\diktaty.exe
2011-01-29 14:11:54 ----D---- C:\Program Files\Cenega Czech
2011-01-19 15:58:02 ----D---- C:\system
2011-01-17 17:28:25 ----D---- C:\Documents and Settings\All Users\Data aplikací\IObit

======List of files/folders modified in the last 1 months======

2011-02-08 10:06:38 ----AH---- C:\WINDOWS\WINCMD.INI
2011-02-08 10:06:12 ----AH---- C:\WINDOWS\win.ini
2011-02-08 10:04:10 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-02-05 21:35:46 ----AH---- C:\WINDOWS\NeroDigital.ini
2011-02-04 22:32:36 ----A---- C:\WINDOWS\system.ini
2011-01-29 07:31:26 ----A---- C:\WINDOWS\0x.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-14 41600]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2011-02-06 135096]
R1 NetworkX;NetworkX; C:\WINDOWS\System32\ckldrv.sys [2010-03-19 23360]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2010-04-12 59388]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2010-06-17 28520]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2011-02-06 61960]
R3 es1371;Creative AudioPCI (ES1371,ES1373) (WDM); C:\WINDOWS\system32\drivers\es1371mp.sys [2001-08-17 40704]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2004-08-03 32768]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-14 17152]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S1 es137140;SB AudioPCI 64V; C:\WINDOWS\system32\DRIVERS\es137140.sys []
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2007-03-08 4027840]
S3 BthEnum;Služba Bluetooth Enumerator; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-14 17024]
S3 BTHMODEM;Ovladač komunikace modemu Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-14 37888]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-14 101120]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-14 18944]
S3 cmuda;C-Media WDM Audio Interface; C:\WINDOWS\system32\drivers\cmuda.sys []
S3 npkcrypt;npkcrypt; \??\E:\Line ageII\system\npkcrypt.sys []
S3 npkycryp;npkycryp; \??\E:\Line ageII\system C\npkycryp.sys []
S3 PsSdk40;PsSdk40; \??\C:\WINDOWS\system32\Drivers\pssdk40.sys []
S3 PsSdkLBF;PsSdkLBF; \??\C:\WINDOWS\system32\Drivers\pssdklbf.sys []
S3 Revoflt;Revoflt; C:\WINDOWS\system32\DRIVERS\revoflt.sys [2009-12-30 27064]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-14 59136]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-12-28 721904]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2011-02-06 267944]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-08-02 135336]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 CrypKey License;CrypKey License; C:\WINDOWS\system32\crypserv.exe [2010-03-18 126976]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-11-05 153376]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-04-13 792112]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-05-16 271920]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]

-----------------EOF-----------------

Re: Motji pls help

Napsal: 08 úno 2011 14:16
od motji
Prosím Tě, dej mi screen, jak jsi to myslel s tím poznámkovým blokem po startu, dnes jsem nechápavá.
Kamarádku za mnou pošli, určitě tam něco zůstalo, ať to má čisté.
Přečti si prosím sz :)

Re: Motji pls help

Napsal: 09 úno 2011 14:07
od Frenki
Takže při spuštění PC se ojeví dvě okna pozn. bloku v jedom se píše:

y
/-+-+[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21787


a ve druhém : je čisto,prostě prázdné nějak to udělala malá a od té doby vždy při startu se ta okna objeví hlavičku mají desktop-pozn.blok

Re: Motji pls help

Napsal: 09 úno 2011 22:06
od motji
Promin, dnes tu jen nakukuju a potřebovala jsem si promyslet, co s tebou :D

:arrow: Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe
-uložte ho na plochu a spustte soubor OTL.exe.
-do bílého okna dole skopírujte tento skript:

Kód: Vybrat vše

netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
tcpip.sys
cryptsvc.dll
Changer.sys
JakNDis.sys
isapnp.sys
cdrom.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
CREATERESTOREPOINT
- zaškrtněte okénko Pro všechny uživatele.
-označte okénka Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
- Klikněte na tlačítko Prohledat
-po dokončení skenu se objeví logy OTL.Txt a Extras.txt, vložte je zde :)

Re: Motji pls help

Napsal: 10 úno 2011 14:24
od Frenki
netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
tcpip.sys
cryptsvc.dll
Changer.sys
JakNDis.sys
isapnp.sys
cdrom.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
CREATERESTOREPOINT
Všechny časy jsou v UTC+01:00
Stránka 5 z 6

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz