Prosím o kontrolu logu. Pomalý počítač.

Zpráva

burrry · #1 Příspěvek od **burrry** » 21 dub 2010 11:06

Dobrý den, zničeho nic se mi vytěžuje počítač na 100%, chtěl jsem aktualizovat Avast na novou verzi, což se nepovedlo, tak jsem ho chtěl odinstalizovat, ale to nejde.

Logfile of random's system information tool 1.06 (written by random/random)
Run by Michael at 2010-04-21 11:49:03
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 93 GB (71%) free of 131 GB
Total RAM: 511 MB (56% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:50:09, on 21.4.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Alwil Software\Avast4\aswRunDll.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\aswRunDll.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Documents and Settings\Michael\My Documents\Nová složka\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\Michael.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Program Files\TRANSLAT\WEBIE.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Program Files\TRANSLAT\WEBIE.DLL
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [TO2SSM_McciTrayApp] C:\Program Files\TO2SSM\McciTrayApp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O4 - Startup: monxga32.exe
O4 - Startup: WebTime.lnk = C:\Program Files\Software by Design\WebTime.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Program Files\TRANSLAT\WEBIE.DLL
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Program Files\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Program Files\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Program Files\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Program Files\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Program Files\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Program Files\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Machine Debug Manager (MDM) - Motive Communications, Inc. - (no file)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 9879 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-04 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2009-12-15 1218000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\Program Files\TRANSLAT\WEBIE.DLL [2007-09-08 360448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-04-06 279664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [2010-04-06 812528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-12 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-04-12 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\Program Files\TRANSLAT\WEBIE.DLL [2007-09-08 360448]
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - &Crawler lišta - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2009-12-15 1218000]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-04-06 279664]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2003-09-30 155648]
"OpwareSE4"=C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [2006-03-21 69632]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2006-01-02 45056]
"C-Media Mixer"=Mixer.exe /startup []
"TO2SSM_McciTrayApp"=C:\Program Files\TO2SSM\McciTrayApp.exe [2008-08-15 1473536]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-04-04 36272]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-27 152872]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-10-14 68856]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2009-06-25 1414144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MotionSD STUDIO - SD Browser auto start -.lnk]
C:\PROGRA~1\PANASO~1\MOTION~1\SD_BRO~1\AUTOLA~1.EXE [2007-08-31 66952]

C:\Documents and Settings\Michael\Start Menu\Programs\Startup
monxga32.exe
WebTime.lnk - C:\Program Files\Software by Design\WebTime.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-05-03 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
WgaLogon.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2007-04-15 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe"="C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-04-21 11:49:12 ----D---- C:\Program Files\trend micro
2010-04-21 11:49:03 ----D---- C:\rsit
2010-04-17 22:42:54 ----SHD---- C:\RECYCLER
2010-04-17 17:37:42 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$
2010-04-17 17:36:53 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2010-04-17 14:36:02 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2010-04-17 14:35:39 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2010-04-17 14:33:43 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2010-04-17 14:33:06 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2010-04-12 00:39:00 ----A---- C:\WINDOWS\system32\javaws.exe
2010-04-12 00:39:00 ----A---- C:\WINDOWS\system32\javaw.exe
2010-04-12 00:39:00 ----A---- C:\WINDOWS\system32\java.exe

======List of files/folders modified in the last 1 months======

2010-04-21 11:49:12 ----RD---- C:\Program Files
2010-04-21 11:49:09 ----D---- C:\WINDOWS\Prefetch
2010-04-21 11:48:26 ----AD---- C:\WINDOWS
2010-04-21 11:48:26 ----A---- C:\WINDOWS\TRNCOM.INI
2010-04-21 11:14:15 ----D---- C:\Program Files\CCleaner
2010-04-21 07:46:04 ----D---- C:\WINDOWS\Temp
2010-04-21 07:07:07 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-21 03:17:00 ----D---- C:\WINDOWS\pss
2010-04-21 03:09:30 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-21 03:06:22 ----SHD---- C:\System Volume Information
2010-04-21 03:06:22 ----D---- C:\WINDOWS\system32\Restore
2010-04-21 02:52:32 ----A---- C:\WINDOWS\win.ini
2010-04-21 02:43:32 ----D---- C:\WINDOWS\system32\drivers
2010-04-19 11:54:26 ----D---- C:\Program Files\Mozilla Firefox
2010-04-19 01:30:44 ----A---- C:\WINDOWS\CMMIXER.INI
2010-04-17 22:45:53 ----D---- C:\WINDOWS\system32
2010-04-17 21:20:44 ----A---- C:\WINDOWS\system.ini
2010-04-17 21:14:50 ----D---- C:\WINDOWS\AppPatch
2010-04-17 21:14:44 ----D---- C:\Program Files\Common Files
2010-04-17 17:38:03 ----HD---- C:\WINDOWS\inf
2010-04-17 17:37:51 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-04-17 17:37:35 ----HD---- C:\WINDOWS\$hf_mig$
2010-04-17 14:35:28 ----SHD---- C:\WINDOWS\Installer
2010-04-17 14:35:28 ----D---- C:\Config.Msi
2010-04-17 14:33:30 ----D---- C:\WINDOWS\ie8updates
2010-04-17 13:16:23 ----D---- C:\Program Files\Common Files\Motive
2010-04-17 12:44:48 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-04-16 12:57:39 ----SD---- C:\WINDOWS\Tasks
2010-04-16 12:57:33 ----D---- C:\Program Files\Google
2010-04-12 00:37:54 ----A---- C:\WINDOWS\system32\deploytk.dll
2010-04-12 00:37:34 ----D---- C:\Program Files\Java
2010-04-08 11:35:34 ----A---- C:\WINDOWS\MAILTRAN.INI
2010-04-06 18:52:07 ----D---- C:\Program Files\rajce

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-25 27408]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-09-15 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-25 48560]
R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2006-02-20 33408]
R1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\system32\DRIVERS\p3.sys [2007-04-15 42496]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-09-15 94160]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2004-08-04 88448]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2001-08-23 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2001-08-23 55936]
R2 rspndr;Link-Layer Topology Discovery Responder; C:\WINDOWS\system32\DRIVERS\rspndr.sys [2007-04-15 62336]
R3 ac97intc;Intel(r) 82801 Audio Driver Install Service (WDM); C:\WINDOWS\system32\drivers\ac97intc.sys [2001-08-17 96256]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-25 23120]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-05-03 1540608]
R3 cmpci;C-Media PCI Audio Driver (WDM); C:\WINDOWS\system32\drivers\cmaudio.sys [2002-11-19 377358]
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
R3 HCF_MSFT;HCF_MSFT; C:\WINDOWS\system32\DRIVERS\HCF_MSFT.sys [2001-08-17 907456]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-23 9600]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2007-04-15 59264]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2007-04-15 20608]
S3 DigitalJoystickEnabler;Digtial Game Device Driver; C:\WINDOWS\system32\drivers\g2kgame.sys []
S3 kbfiltr;Keyboard Filter; C:\WINDOWS\system32\DRIVERS\kbfiltr.sys []
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys []
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-02-09 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-02-09 22016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-08-24 47360]
S3 PSI;PSI; C:\WINDOWS\system32\DRIVERS\psi_mf.sys [2009-06-17 12648]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-02-09 7808]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2004-08-03 25600]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-02-09 7808]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 WDC_SAM;WD SCSI Pass Thru driver; C:\WINDOWS\system32\DRIVERS\wdcsam.sys [2008-05-06 11520]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2007-04-15 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]
S4 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-08-05 721904]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-25 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-25 138680]
R2 bgsvcgen;B's Recorder GOLD Library General Service; C:\WINDOWS\system32\bgsvcgen.exe [2006-12-28 122512]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-12 153376]
R2 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2007-10-15 303104]
R2 NwSapAgent;SAP Agent; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-25 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-25 352920]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-06-02 637952]
R3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-19 913408]
S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-05-03 413696]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-05-03 520192]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-04-16 135664]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-04-16 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#2 Příspěvek od **Caroprd111** » 21 dub 2010 13:35

Zdravím

Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe

Spusťte, poté do spodního políčka vložte následující skript.

Kód: Vybrat vše

netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys 
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys 
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
tcpip.sys
cryptsvc.dll
Changer.sys
JakNDis.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav 
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
CREATERESTOREPOINT

Označte položku Pro všechny uživatele.
Označte položky Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Klikněte na tlačítko Prohledat
Po dokončení, sem vložte logy OTL.Txt a Extras.txt

burrry · #3 Příspěvek od **burrry** » 21 dub 2010 19:01

Tak jsem OTL spustil asi v 15.20 a doposud stále scanuje tak doufám, že jsem vše zadal správně, ale trvá to dost dlouho, ne?

#4 Příspěvek od **Caroprd111** » 21 dub 2010 19:06

Skenuje nebo se zasekl

burrry · #5 Příspěvek od **burrry** » 21 dub 2010 19:22

Stále scanuje, cpu je na 100, tak asi proto to jede tak pomalu.

#6 Příspěvek od **Caroprd111** » 21 dub 2010 19:25

Restartujte PC a zkuste spustit OTL v nouzovém režimu.

burrry · #7 Příspěvek od **burrry** » 21 dub 2010 22:58

Tak jsem to nechal doběhnou v normálním modu a zde je výsledek.
1. ČÁST
OTL logfile created on: 21.4.2010 16:15:34 - Run 1
OTL by OldTimer - Version 3.2.1.3 Folder = C:\Documents and Settings\Michael\My Documents\Stažené soubory
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Czech Republic | Language: CSY | Date Format: d.M.yyyy

511,00 Mb Total Physical Memory | 108,00 Mb Available Physical Memory | 21,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 52,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 127,99 Gb Total Space | 90,35 Gb Free Space | 70,59% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MIW
Current User Name: Michael
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.04.21 16:11:29 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael\My Documents\Stažené soubory\OTL.exe
PRC - [2010.04.21 13:13:25 | 003,037,696 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
PRC - [2010.04.21 13:13:12 | 000,488,960 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\sp_rsser.exe
PRC - [2010.04.03 02:06:51 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009.12.02 10:47:08 | 002,752,560 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\Setup\avast.setup
PRC - [2009.11.25 01:51:35 | 000,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009.11.25 01:51:21 | 000,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009.11.25 01:48:48 | 000,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009.11.25 01:43:56 | 000,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2007.06.27 19:04:00 | 001,213,736 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007.06.27 19:03:40 | 000,152,872 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2007.06.13 13:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.12.28 22:18:00 | 000,122,512 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\system32\bgsvcgen.exe
PRC - [2006.03.21 13:19:40 | 000,069,632 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
PRC - [2006.01.02 16:41:22 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2003.03.20 23:21:00 | 001,855,488 | ---- | M] (C-Media Electronic Inc. (www.cmedia.com.tw)) -- C:\WINDOWS\mixer.exe

========== Modules (SafeList) ==========

MOD - [2010.04.21 16:11:29 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Michael\My Documents\Stažené soubory\OTL.exe
MOD - [2007.04.15 23:23:58 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2005.12.19 19:16:10 | 000,135,168 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (MDM)
SRV - [2010.04.21 13:13:12 | 000,488,960 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files\Spyware Terminator\sp_rsser.exe -- (sp_rssrv)
SRV - [2009.11.25 01:51:35 | 000,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009.11.25 01:51:21 | 000,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009.11.25 01:48:48 | 000,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009.11.25 01:43:56 | 000,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009.06.02 10:10:08 | 000,637,952 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008.07.29 19:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2006.12.28 22:18:00 | 000,122,512 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\WINDOWS\System32\bgsvcgen.exe -- (bgsvcgen)

========== Driver Services (SafeList) ==========

DRV - [2010.04.21 13:13:10 | 000,142,592 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2)
DRV - [2009.11.25 01:49:07 | 000,048,560 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009.11.25 01:48:57 | 000,023,120 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009.11.25 01:47:54 | 000,027,408 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009.09.15 12:56:14 | 000,094,160 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009.09.15 12:55:30 | 000,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2009.09.15 12:55:19 | 000,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009.08.05 13:06:51 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2009.06.17 14:20:34 | 000,012,648 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2009.02.09 08:37:56 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009.02.09 08:37:48 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009.02.09 08:37:46 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009.02.09 08:37:46 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.05.06 17:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2006.05.03 18:50:42 | 001,540,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006.02.20 20:17:00 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdrbsdrv.sys -- (cdrbsdrv)
DRV - [2004.08.04 08:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004.08.04 00:03:36 | 000,088,448 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2004.08.03 22:59:34 | 000,034,688 | ---- | M] (Toshiba Corp.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\lbrtfdc.sys -- (lbrtfdc)
DRV - [2002.11.19 00:51:40 | 000,377,358 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmaudio.sys -- (cmpci) C-Media PCI Audio Driver (WDM)
DRV - [2001.08.23 14:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2001.08.23 14:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2001.08.17 15:28:02 | 000,907,456 | ---- | M] (Conexant) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HCF_MSFT.sys -- (HCF_MSFT)
DRV - [2001.08.17 14:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel(r) 82801 Audio Driver Install Service (WDM)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

IE - HKU\S-1-5-21-1715567821-1336601894-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-21-1715567821-1336601894-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/
IE - HKU\S-1-5-21-1715567821-1336601894-1801674531-1003\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1715567821-1336601894-1801674531-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1715567821-1336601894-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - prefs.js..extensions.enabledItems: {4176DFF4-4698-11DE-BEEB-45DA55D89593}:0.7.4
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..keyword.URL: "http://mystart.incredimail.com/?loc=ff_ ... v2&search="

FF - HKLM\software\mozilla\Firefox\extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009.07.09 08:48:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}: C:\Program Files\Crawler\Toolbar\firefox\ [2010.01.15 19:43:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.06 18:52:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.16 12:32:08 | 000,000,000 | ---D | M]

[2009.01.11 20:49:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\mozilla\Extensions
[2010.04.21 03:41:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\mozilla\Firefox\Profiles\o8t0423d.default\extensions
[2010.02.26 17:34:30 | 000,000,000 | ---D | M] (Flagfox) -- C:\Documents and Settings\Michael\Application Data\mozilla\Firefox\Profiles\o8t0423d.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}(2)
[2009.09.02 11:21:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Michael\Application Data\mozilla\Firefox\Profiles\o8t0423d.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.03.13 02:46:50 | 000,000,000 | ---D | M] (AniWeather) -- C:\Documents and Settings\Michael\Application Data\mozilla\Firefox\Profiles\o8t0423d.default\extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}
[2009.10.09 10:02:36 | 000,000,000 | ---D | M] (Xoopit for Gmail) -- C:\Documents and Settings\Michael\Application Data\mozilla\Firefox\Profiles\o8t0423d.default\extensions\{fc76dc89-03b7-47fe-ab1d-b317b062bba8}
[2009.09.26 18:41:58 | 000,002,234 | ---- | M] () -- C:\Documents and Settings\Michael\Application Data\Mozilla\FireFox\Profiles\o8t0423d.default\searchplugins\askcom.xml
[2009.08.05 13:14:37 | 000,002,399 | ---- | M] () -- C:\Documents and Settings\Michael\Application Data\Mozilla\FireFox\Profiles\o8t0423d.default\searchplugins\daemon-search.xml
[2010.04.19 11:05:37 | 000,002,311 | ---- | M] () -- C:\Documents and Settings\Michael\Application Data\Mozilla\FireFox\Profiles\o8t0423d.default\searchplugins\filmova-databaze-fdbcz.xml
[2010.04.19 11:05:37 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Michael\Application Data\Mozilla\FireFox\Profiles\o8t0423d.default\searchplugins\icqplugin-1.xml
[2009.12.18 12:32:46 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\Michael\Application Data\Mozilla\FireFox\Profiles\o8t0423d.default\searchplugins\icqplugin-10.xml
[2010.01.13 01:55:22 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\Michael\Application Data\Mozilla\FireFox\Profiles\o8t0423d.default\searchplugins\icqplugin-11.xml
[2010.01.15 16:45:11 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\Michael\Application Data\Mozilla\FireFox\Profiles\o8t0423d.default\searchplugins\icqplugin-12.xml
[2010.02.18 17:51:12 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Michael\Application Data\Mozilla\FireFox\Profiles\o8t0423d.default\searchplugins\icqplugin-13.xml
[2010.03.23 11:49:33 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Michael\Application Data\Mozilla\FireFox\Profiles\o8t0423d.default\searchplugins\icqplugin-14.xml
[2009.04.25 04:02:45 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Michael\Application Data\Mozilla\FireFox\Profiles\o8t0423d.default\searchplugins\icqplugin-2.xml
[2009.04.30 02:00:40 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Michael\Application Data\Mozilla\FireFox\Profiles\o8t0423d.default\searchplugins\icqplugin-3.xml
[2009.06.30 18:05:27 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Michael\Application Data\Mozilla\FireFox\Profiles\o8t0423d.default\searchplugins\icqplugin-4.xml
[2009.07.25 18:50:21 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Michael\Application Data\Mozilla\FireFox\Profiles\o8t0423d.default\searchplugins\icqplugin-5.xml
[2009.08.04 10:57:18 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Michael\Application Data\Mozilla\FireFox\Profiles\o8t0423d.default\searchplugins\icqplugin-6.xml
[2009.08.05 13:18:06 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\Michael\Application Data\Mozilla\FireFox\Profiles\o8t0423d.default\searchplugins\icqplugin-7.xml
[2009.09.26 18:41:56 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\Michael\Application Data\Mozilla\FireFox\Profiles\o8t0423d.default\searchplugins\icqplugin-8.xml
[2009.11.06 18:52:40 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\Michael\Application Data\Mozilla\FireFox\Profiles\o8t0423d.default\searchplugins\icqplugin-9.xml
[2009.04.14 10:56:14 | 000,000,944 | ---- | M] () -- C:\Documents and Settings\Michael\Application Data\Mozilla\FireFox\Profiles\o8t0423d.default\searchplugins\icqplugin.xml
[2010.01.15 16:31:43 | 000,002,149 | ---- | M] () -- C:\Documents and Settings\Michael\Application Data\Mozilla\FireFox\Profiles\o8t0423d.default\searchplugins\MyStart Search.xml
[2010.04.21 03:41:45 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.01.16 02:50:40 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.01.16 02:50:40 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.01.16 02:50:40 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.01.16 02:50:40 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.01.16 02:50:40 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2010.04.17 20:40:23 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: () - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O2 - BHO: (WebTransBHO Class) - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Program Files\TRANSLAT\WEBIE.DLL ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Crawler lišta) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O3 - HKLM\..\Toolbar: (WebTranslator) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Program Files\TRANSLAT\WEBIE.DLL ()
O3 - HKU\S-1-5-21-1715567821-1336601894-1801674531-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1715567821-1336601894-1801674531-1003\..\Toolbar\WebBrowser: (&Crawler lišta) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [C-Media Mixer] C:\WINDOWS\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw))
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [SpywareTerminator] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)
O4 - HKLM..\Run: [TO2SSM_McciTrayApp] C:\Program Files\TO2SSM\McciTrayApp.exe (Motive Communications, Inc.)
O4 - HKU\S-1-5-21-1715567821-1336601894-1801674531-1003..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-1715567821-1336601894-1801674531-1003..\Run: [SpywareTerminatorUpdate] C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
O4 - HKU\.DEFAULT..\RunOnce: [ShowDeskFix] File not found
O4 - HKU\S-1-5-18..\RunOnce: [ShowDeskFix] File not found
O4 - Startup: C:\Documents and Settings\Michael\Start Menu\Programs\Startup\monxga32.exe ()
O4 - Startup: C:\Documents and Settings\Michael\Start Menu\Programs\Startup\WebTime.lnk = C:\Program Files\Software by Design\WebTime.exe (Software Design)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1715567821-1336601894-1801674531-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1715567821-1336601894-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1715567821-1336601894-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1715567821-1336601894-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Program Files\TRANSLAT\WEBIE.DLL ()
O9 - Extra 'Tools' menuitem : &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Program Files\TRANSLAT\WEBIE.DLL ()
O9 - Extra 'Tools' menuitem : Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Program Files\TRANSLAT\WEBIE.DLL ()
O9 - Extra 'Tools' menuitem : Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Program Files\TRANSLAT\WEBIE.DLL ()
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Michael\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Michael\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2007.09.02 07:29:51 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.divxa32 - C:\WINDOWS\System32\divxa32.acm (Kristal StudioDFileDescription)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\Iac25_32.ax (Intel Corporation)
Drivers32: msacm.imc - C:\WINDOWS\System32\IMC32.acm (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3fhg - C:\WINDOWS\System32\mp3fhg.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.vorbis - C:\WINDOWS\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\WINDOWS\System32\divx.dll (DivX, Inc.)
Drivers32: VIDC.DVSD - C:\WINDOWS\System32\pdvcodec.dll (Matsushita Electric Industrial Co., Ltd.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\WINDOWS\System32\frapsvid.dll ()
Drivers32: VIDC.HFYU - C:\WINDOWS\System32\huffyuv.dll (Disappearing Inc.)
Drivers32: vidc.i263 - C:\WINDOWS\System32\I263_32.drv (Intel Corporation)
Drivers32: vidc.I420 - C:\WINDOWS\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\Ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\Ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\Ir50_32.dll (Intel Corporation)
Drivers32: VIDC.MP42 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: VIDC.MPG4 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: VIDC.VP60 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP61 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP62 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP70 - C:\WINDOWS\System32\vp7vfw.dll (On2.com)
Drivers32: VIDC.wmv3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: VIDC.X264 - C:\WINDOWS\System32\x264vfw.dll ()
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\Iyvu9_32.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (55745600305496064)

========== Files/Folders - Created Within 30 Days ==========

[2010.04.21 13:13:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\Application Data\Spyware Terminator
[2010.04.21 13:12:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
[2010.04.21 13:12:45 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Terminator
[2010.04.21 11:49:12 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.04.21 11:49:03 | 000,000,000 | ---D | C] -- C:\rsit
[2010.04.21 02:59:30 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Michael\Recent
[2010.04.17 22:42:54 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010.04.17 12:46:05 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\drivers\lbrtfdc.sys
[2010.04.17 12:46:05 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\dllcache\lbrtfdc.sys
[2010.04.17 12:42:27 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i2omgmt.sys
[2010.04.17 12:40:23 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\changer.sys
[2010.04.17 12:40:23 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\changer.sys
[2010.04.16 12:45:36 | 000,457,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2010.04.12 00:39:00 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010.04.12 00:39:00 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010.04.12 00:39:00 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010.04.09 16:00:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\My Documents\Nová složka (4)
[2010.03.23 14:53:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Michael\My Documents\PŮJČKA
[2009.06.22 12:45:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2009.05.17 17:39:56 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009.03.21 22:10:28 | 000,160,768 | ---- | C] (Firelight Technologies Pty, Ltd) -- C:\Program Files\fmod.dll
[2009.03.04 00:25:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2008.03.09 13:54:03 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2008.01.08 18:31:31 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2007.10.25 17:52:02 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Michael\Application Data\pcouffin.sys
[2007.09.02 07:37:18 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft

========== Files - Modified Within 30 Days ==========

[2010.04.21 17:07:17 | 000,000,940 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.04.21 16:12:27 | 000,000,702 | ---- | M] () -- C:\WINDOWS\TRNCOM.INI
[2010.04.21 16:01:14 | 000,000,714 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.04.21 16:00:40 | 000,000,936 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.04.21 15:59:51 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.04.21 15:59:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.04.21 15:59:25 | 536,203,264 | -HS- | M] () -- C:\hiberfil.sys
[2010.04.21 13:13:59 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Terminator.lnk
[2010.04.21 13:13:10 | 000,142,592 | ---- | M] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2010.04.21 12:19:08 | 012,320,768 | ---- | M] () -- C:\Documents and Settings\Michael\ntuser.dat
[2010.04.21 12:19:08 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Michael\ntuser.ini
[2010.04.21 02:49:16 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.04.19 11:54:23 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Michael\Application Data\avdrn.dat
[2010.04.19 01:30:44 | 000,000,101 | ---- | M] () -- C:\WINDOWS\CMMIXER.INI
[2010.04.17 23:23:19 | 000,072,432 | ---- | M] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010.04.17 23:19:58 | 000,281,336 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.04.17 21:20:44 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.04.17 20:40:23 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.04.17 12:44:48 | 000,512,960 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.04.17 12:44:48 | 000,435,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.04.17 12:44:48 | 000,068,156 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.04.16 12:32:09 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010.04.15 01:14:01 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010.04.12 00:37:55 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010.04.12 00:37:55 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010.04.12 00:37:55 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010.04.12 00:37:55 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010.04.12 00:37:54 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2010.04.08 11:35:34 | 000,000,222 | ---- | M] () -- C:\WINDOWS\MAILTRAN.INI
[2010.04.02 06:31:44 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.03.30 03:55:20 | 000,011,264 | ---- | M] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

burrry · #8 Příspěvek od **burrry** » 21 dub 2010 23:00

2.ČÁST

========== Files Created - No Company Name ==========

[2010.04.21 13:13:59 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Terminator.lnk
[2010.04.21 13:13:10 | 000,142,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2010.04.19 11:54:23 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Michael\Application Data\avdrn.dat
[2010.04.16 12:57:39 | 000,000,940 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.04.16 12:57:38 | 000,000,936 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.02.27 02:33:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Title.INI
[2010.02.27 01:20:39 | 000,000,028 | ---- | C] () -- C:\WINDOWS\MotionSDSTUDIO.INI
[2010.02.24 18:13:53 | 012,320,768 | ---- | C] () -- C:\Documents and Settings\Michael\ntuser.dat
[2009.11.22 15:24:07 | 000,013,295 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009.11.22 15:23:46 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009.03.30 19:17:55 | 000,011,264 | ---- | C] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.03.21 22:10:29 | 000,003,505 | ---- | C] () -- C:\Program Files\release notes.txt
[2009.03.21 22:10:28 | 001,024,000 | ---- | C] () -- C:\Program Files\Milan's GUI 4.exe
[2009.03.21 22:10:28 | 000,000,199 | ---- | C] () -- C:\Program Files\config.ini
[2009.02.16 22:08:56 | 000,182,272 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2008.12.16 00:47:17 | 000,029,376 | ---- | C] () -- C:\WINDOWS\sysguard.ini
[2008.09.26 01:52:22 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2008.09.18 19:35:31 | 000,004,096 | -H-- | C] () -- C:\Documents and Settings\Michael\Local Settings\Application Data\keyfile3.drm
[2008.08.24 22:12:45 | 000,000,668 | ---- | C] () -- C:\Documents and Settings\Michael\Application Data\vso_ts_preview.xml
[2008.08.09 17:24:13 | 000,000,020 | ---- | C] () -- C:\WINDOWS\level.ini
[2008.04.24 01:21:35 | 000,000,125 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
[2008.01.26 17:51:15 | 000,000,028 | ---- | C] () -- C:\WINDOWS\PresetsManager.INI
[2008.01.24 03:33:56 | 000,000,101 | ---- | C] () -- C:\WINDOWS\CMMIXER.INI
[2008.01.03 23:37:27 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2007.12.30 21:36:39 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\Michael\intlname.ols
[2007.10.25 17:52:07 | 000,000,033 | ---- | C] () -- C:\Documents and Settings\Michael\Application Data\pcouffin.log
[2007.10.25 17:52:03 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Michael\Application Data\pcouffin.cat
[2007.10.25 17:52:02 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Michael\Application Data\pcouffin.inf
[2007.09.09 13:17:17 | 000,000,702 | ---- | C] () -- C:\WINDOWS\TRNCOM.INI
[2007.09.08 17:17:59 | 000,000,222 | ---- | C] () -- C:\WINDOWS\MAILTRAN.INI
[2007.09.08 14:56:41 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Michael\default.pls
[2007.09.06 14:20:15 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007.09.06 13:11:06 | 000,000,419 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2007.09.06 12:50:51 | 000,004,758 | ---- | C] () -- C:\WINDOWS\WTRAN32.INI
[2007.09.06 12:50:41 | 000,002,135 | ---- | C] () -- C:\WINDOWS\WDICT32.INI
[2007.09.03 05:53:28 | 000,000,278 | -HS- | C] () -- C:\Documents and Settings\Michael\ntuser.ini
[2007.09.03 05:53:27 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\Michael\ntuser.dat.LOG
[2007.09.02 21:59:38 | 000,654,848 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2007.09.02 21:59:37 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2007.09.02 21:59:37 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2007.09.02 21:59:35 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007.09.02 21:59:33 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007.09.02 21:59:33 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2007.09.02 21:56:53 | 000,000,384 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007.09.02 21:37:32 | 000,000,025 | ---- | C] () -- C:\WINDOWS\mixerdef.ini
[2007.09.02 21:34:23 | 000,039,279 | ---- | C] () -- C:\WINDOWS\cmijack.ini
[2007.09.02 21:34:23 | 000,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2007.09.02 21:34:23 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2004.12.10 14:35:06 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\frapsvid.dll
[2003.04.09 15:38:04 | 000,005,664 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001.12.27 05:38:04 | 000,054,765 | ---- | C] () -- C:\WINDOWS\System32\drivers\LMFilt.sys
[1998.03.25 20:12:00 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\vbzlib.dll

========== LOP Check ==========

[2008.12.29 14:55:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009.08.05 13:16:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009.09.15 18:15:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2009.03.12 16:38:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ
[2010.01.15 16:34:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
[2009.07.09 08:43:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2010.03.18 12:36:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2008.04.21 16:05:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2010.02.27 01:14:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panasonic
[2008.01.08 18:29:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2007.09.06 13:11:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010.04.21 13:23:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
[2007.11.03 17:51:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008.08.24 23:10:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2007.11.01 01:52:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Canon
[2009.08.05 13:18:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\DAEMON Tools
[2009.08.05 13:42:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\DAEMON Tools Lite
[2009.11.25 23:07:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\DAEMON Tools Pro
[2009.03.12 21:03:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\ICQ
[2007.10.07 16:13:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\JLC's Software
[2009.07.24 10:50:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Nokia
[2009.11.26 00:15:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\OpenOffice.org
[2008.01.12 19:40:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\PC Suite
[2007.09.06 13:11:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\ScanSoft
[2009.06.14 14:25:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\shrink_pic
[2010.04.21 13:26:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Spyware Terminator
[2009.02.16 22:10:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\ubi.com
[2009.11.17 18:09:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Uniblue
[2008.09.07 13:40:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Vso

========== Purity Check ==========

========== Custom Scans ==========

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" -- [2007.06.27 19:03:40 | 000,152,872 | ---- | M] (Nero AG)
"WMPNSCFG" = C:\Program Files\Windows Media Player\WMPNSCFG.exe -- [2006.10.19 05:05:26 | 000,204,288 | ---- | M] (Microsoft Corporation)
"SpywareTerminatorUpdate" = "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe" -- [2010.04.21 13:13:25 | 003,037,696 | ---- | M] (Crawler.com)

< c:\windows\*.* /U >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >
[2010.03.02 17:52:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2009.01.29 22:07:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2008.12.29 14:55:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009.08.05 13:16:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009.03.30 19:10:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DVD Shrink
[2009.09.15 18:15:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts
[2009.11.17 19:13:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2009.03.12 16:38:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ
[2010.01.15 16:34:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
[2009.07.09 08:43:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2007.09.06 13:11:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2010.01.15 18:49:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009.09.11 02:38:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2009.09.10 13:50:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
[2009.09.20 20:07:41 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2009.10.01 22:24:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Motive
[2010.03.18 12:36:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2007.09.02 21:59:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nero
[2008.04.21 16:05:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2010.02.27 01:14:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panasonic
[2008.01.08 18:29:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2007.09.06 13:11:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010.04.21 13:23:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
[2010.03.12 01:36:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun
[2007.09.06 12:52:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2007.11.03 17:51:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008.08.24 23:10:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2007.09.03 06:12:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage

< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2009.07.09 08:43:35 | 033,921,368 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Nokia_PC_Suite_7_1_30_9_cze.exe
[2009.07.09 08:44:44 | 000,095,232 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\pcswpcsi.exe
[2009.07.09 08:44:44 | 000,008,192 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstCCD.exe
[2009.07.09 08:44:44 | 000,010,240 | ---- | M] (Nokia) -- C:\Documents and Settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCS.exe
[2009.07.09 08:44:44 | 000,061,440 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
[2009.05.17 17:12:19 | 034,658,864 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Nokia_PC_Suite_7_1_26_0_cze.exe
[2009.05.17 17:13:16 | 000,008,192 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstCCD.exe
[2009.05.17 17:13:16 | 000,010,240 | ---- | M] (Nokia) -- C:\Documents and Settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstPCS.exe
[2009.05.17 17:13:16 | 000,061,440 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Installations\{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
[2010.04.21 13:13:12 | 000,006,144 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Spyware Terminator\sp_rsdel.exe

< %APPDATA%\*. >
[2008.10.25 14:55:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Adobe
[2008.04.11 13:44:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Ahead
[2007.09.06 19:43:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\ArcSoft
[2007.10.20 10:36:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\ATI
[2007.11.01 01:52:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Canon
[2009.08.05 13:18:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\DAEMON Tools
[2009.08.05 13:42:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\DAEMON Tools Lite
[2009.11.25 23:07:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\DAEMON Tools Pro
[2007.09.06 20:21:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\DVD Shrink
[2007.10.20 11:31:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Google
[2007.09.06 10:49:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Help
[2009.03.12 21:03:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\ICQ
[2007.09.03 05:53:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Identities
[2010.02.27 00:49:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\InstallShield
[2007.10.07 16:13:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\JLC's Software
[2007.09.03 06:10:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Macromedia
[2010.01.15 18:49:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Malwarebytes
[2007.09.08 16:09:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Media Player Classic
[2008.09.16 21:54:47 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Michael\Application Data\Microsoft
[2009.10.01 22:26:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Motive
[2009.01.11 20:49:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Mozilla
[2009.07.24 10:50:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Nokia
[2009.11.26 00:15:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\OpenOffice.org
[2008.01.12 19:40:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\PC Suite
[2007.10.20 07:58:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Real
[2007.09.06 13:11:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\ScanSoft
[2009.06.14 14:25:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\shrink_pic
[2010.04.21 13:26:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Spyware Terminator
[2007.09.18 12:32:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Sun
[2009.11.21 14:18:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\SUPERAntiSpyware.com
[2008.05.31 18:28:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\TVU networks
[2009.02.16 22:10:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\ubi.com
[2009.11.17 18:09:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Uniblue
[2008.09.07 13:40:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\Vso
[2009.03.21 14:09:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Michael\Application Data\WinRAR

< %APPDATA%\*.exe /s >
[2009.11.17 18:04:29 | 000,007,406 | R--- | M] () -- C:\Documents and Settings\Michael\Application Data\Microsoft\Installer\{F656DC79-013A-4683-8692-B938FC00B941}\_1f222e89.exe
[2009.11.17 18:04:28 | 000,007,406 | R--- | M] () -- C:\Documents and Settings\Michael\Application Data\Microsoft\Installer\{F656DC79-013A-4683-8692-B938FC00B941}\_278f32f7.exe
[2009.11.17 18:04:28 | 000,005,390 | R--- | M] () -- C:\Documents and Settings\Michael\Application Data\Microsoft\Installer\{F656DC79-013A-4683-8692-B938FC00B941}\_2b1e3dbf.exe
[2009.11.17 18:04:29 | 000,005,390 | R--- | M] () -- C:\Documents and Settings\Michael\Application Data\Microsoft\Installer\{F656DC79-013A-4683-8692-B938FC00B941}\_32f64b00.exe
[2009.11.17 18:04:29 | 000,007,406 | R--- | M] () -- C:\Documents and Settings\Michael\Application Data\Microsoft\Installer\{F656DC79-013A-4683-8692-B938FC00B941}\_3ae40b1.exe
[2009.11.17 18:04:29 | 000,007,406 | R--- | M] () -- C:\Documents and Settings\Michael\Application Data\Microsoft\Installer\{F656DC79-013A-4683-8692-B938FC00B941}\_40906ca4.exe
[2009.11.17 18:04:29 | 000,005,390 | R--- | M] () -- C:\Documents and Settings\Michael\Application Data\Microsoft\Installer\{F656DC79-013A-4683-8692-B938FC00B941}\_476e6d56.exe
[2009.11.17 18:04:29 | 000,005,390 | R--- | M] () -- C:\Documents and Settings\Michael\Application Data\Microsoft\Installer\{F656DC79-013A-4683-8692-B938FC00B941}\_53162e39.exe
[2009.11.17 18:04:29 | 000,007,406 | R--- | M] () -- C:\Documents and Settings\Michael\Application Data\Microsoft\Installer\{F656DC79-013A-4683-8692-B938FC00B941}\_5b502783.exe
[2009.11.17 18:04:29 | 000,007,406 | R--- | M] () -- C:\Documents and Settings\Michael\Application Data\Microsoft\Installer\{F656DC79-013A-4683-8692-B938FC00B941}\_6bd8471b.exe
[2009.11.17 18:04:28 | 000,005,390 | R--- | M] () -- C:\Documents and Settings\Michael\Application Data\Microsoft\Installer\{F656DC79-013A-4683-8692-B938FC00B941}\_6c674a8d.exe
[2009.11.17 18:04:29 | 000,007,406 | R--- | M] () -- C:\Documents and Settings\Michael\Application Data\Microsoft\Installer\{F656DC79-013A-4683-8692-B938FC00B941}\_70a0d66.exe
[2009.11.17 18:04:29 | 000,005,390 | R--- | M] () -- C:\Documents and Settings\Michael\Application Data\Microsoft\Installer\{F656DC79-013A-4683-8692-B938FC00B941}\_78312047.exe
[2009.11.17 18:04:28 | 000,005,390 | R--- | M] () -- C:\Documents and Settings\Michael\Application Data\Microsoft\Installer\{F656DC79-013A-4683-8692-B938FC00B941}\_78681ee0.exe
[2009.11.17 18:04:29 | 000,005,390 | R--- | M] () -- C:\Documents and Settings\Michael\Application Data\Microsoft\Installer\{F656DC79-013A-4683-8692-B938FC00B941}\_7b0921de.exe
[2009.11.17 18:04:28 | 000,007,406 | R--- | M] () -- C:\Documents and Settings\Michael\Application Data\Microsoft\Installer\{F656DC79-013A-4683-8692-B938FC00B941}\_7eba3de2.exe
[2006.06.23 07:36:03 | 000,198,656 | ---- | M] () -- C:\Documents and Settings\Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\MAILTRAN.EXE
[2002.03.27 15:42:36 | 000,114,688 | R--- | M] () -- C:\Documents and Settings\Michael\Application Data\ubi.com\Core\cabarc.exe
[2002.03.28 09:53:50 | 000,126,976 | R--- | M] () -- C:\Documents and Settings\Michael\Application Data\ubi.com\Core\GLPatcher2.exe

< MD5 for: AGP440.SYS >
[2004.08.04 01:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: CRYPTSVC.DLL >
[2007.04.15 23:21:59 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=87F3E2D2A3231F820F9248DB90090F42 -- C:\WINDOWS\system32\cryptsvc.dll
[2007.04.15 23:21:59 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=87F3E2D2A3231F820F9248DB90090F42 -- C:\WINDOWS\system32\dllcache\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2004.08.04 01:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004.08.04 01:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2007.04.15 23:22:04 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=42D32722B805D7DF42D30487A0BCBD78 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[2007.06.13 13:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\explorer.exe
[2007.06.13 13:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: HAL.DLL >
[2007.04.15 23:22:07 | 000,131,712 | ---- | M] (Microsoft Corporation) MD5=F9A83D160C80EE6F45AA577CB101B83F -- C:\WINDOWS\system32\hal.dll

< MD5 for: CHANGER.SYS >
[2004.08.03 23:00:14 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=DAF1A8193B6CAF0FB858CADCC5C4AF4A -- C:\WINDOWS\system32\dllcache\changer.sys
[2004.08.03 23:00:14 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=DAF1A8193B6CAF0FB858CADCC5C4AF4A -- C:\WINDOWS\system32\drivers\changer.sys

< MD5 for: LSASS.EXE >
[2004.08.04 01:56:52 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=84885F9B82F4D55C6146EBF6065D75D2 -- C:\WINDOWS\system32\dllcache\lsass.exe
[2004.08.04 01:56:52 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=84885F9B82F4D55C6146EBF6065D75D2 -- C:\WINDOWS\system32\lsass.exe

< MD5 for: NDIS.SYS >
[2004.08.04 00:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\dllcache\ndis.sys
[2004.08.04 00:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\drivers\ndis.sys

< MD5 for: NETLOGON.DLL >
[2009.02.06 20:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2009.02.06 20:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\system32\netlogon.dll
[2004.08.04 01:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtUninstallKB968389$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004.08.04 01:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004.08.04 01:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SMSS.EXE >
[2004.08.17 16:49:28 | 000,164,864 | ---- | M] (Microsoft Corporation) MD5=3C100B7FDB179B63829103DF6541337F -- C:\cmdcons\SYSTEM32\SMSS.EXE
[2004.08.04 01:56:58 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=BD7FB0957C716F1A60333AEE04DE2178 -- C:\WINDOWS\system32\dllcache\smss.exe
[2004.08.04 01:56:58 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=BD7FB0957C716F1A60333AEE04DE2178 -- C:\WINDOWS\system32\smss.exe

< MD5 for: SVCHOST.EXE >
[2004.08.04 01:56:58 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2004.08.04 01:56:58 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: TCPIP.SYS >
[2008.06.20 12:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\SoftwareDistribution\Download\663e7188bbb3d768555f5280d384ddab\SP2GDR\tcpip.sys
[2007.10.30 18:53:32 | 000,360,832 | ---- | M] (Microsoft Corporation) MD5=64798ECFA43D78C7178375FCDD16D8C8 -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2007.10.30 18:53:32 | 000,360,832 | ---- | M] (Microsoft Corporation) MD5=64798ECFA43D78C7178375FCDD16D8C8 -- C:\WINDOWS\system32\drivers\tcpip.sys
[2008.06.20 12:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\SoftwareDistribution\Download\663e7188bbb3d768555f5280d384ddab\SP2QFE\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\SoftwareDistribution\Download\663e7188bbb3d768555f5280d384ddab\SP3GDR\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\SoftwareDistribution\Download\663e7188bbb3d768555f5280d384ddab\SP3QFE\tcpip.sys
[2007.04.15 23:23:36 | 000,360,704 | ---- | M] (Microsoft Corporation) MD5=E6B15BCC470953E600EF7ADED3CAB142 -- C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys

< MD5 for: USERINIT.EXE >
[2004.08.04 01:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\dllcache\userinit.exe
[2004.08.04 01:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004.08.04 01:56:58 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2004.08.04 01:56:58 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WS2_32.DLL >
[2004.08.04 01:56:48 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\system32\dllcache\ws2_32.dll
[2004.08.04 01:56:48 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2006.05.03 18:12:26 | 000,286,720 | ---- | M] (ATI Technologies Inc.) Unable to obtain MD5 -- C:\WINDOWS\system32\ATIDEMGR.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2007.09.01 23:57:19 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2007.09.01 23:57:19 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2007.09.01 23:57:18 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >
[2006.05.03 18:12:26 | 000,286,720 | ---- | M] (ATI Technologies Inc.) Unable to obtain MD5 -- C:\WINDOWS\system32\ATIDEMGR.dll

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Boot.bak:SummaryInformation
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0295CBF7
< End of report >

burrry · #9 Příspěvek od **burrry** » 21 dub 2010 23:02

OTL Extras logfile created on: 21.4.2010 16:15:34 - Run 1
OTL by OldTimer - Version 3.2.1.3 Folder = C:\Documents and Settings\Michael\My Documents\Stažené soubory
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Czech Republic | Language: CSY | Date Format: d.M.yyyy

511,00 Mb Total Physical Memory | 108,00 Mb Available Physical Memory | 21,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 52,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 127,99 Gb Total Space | 90,35 Gb Free Space | 70,59% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MIW
Current User Name: Michael
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-1715567821-1336601894-1801674531-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe" = C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup -- (Nero AG)
"C:\Program Files\ICQ6.5\ICQ.exe" = C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0C973594-7DDF-4BD0-84ED-3517F7622037}" = PC Connectivity Solution
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160" = Canon MP160
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 19
"{29D851C2-048C-4B5E-8D1F-25D473342BB5}" = ScanSoft OmniPage SE 4.0
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{360B6B2C-B04F-46E9-95D5-3F7C49155F36}" = Motiv Podzim
"{3D39E775-DDDA-4327-B747-0BDC5F191331}" = Nokia PC Suite
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52D02A2B-03D2-4E34-A358-DC5D951FD296}" = Nokia Connectivity Cable Driver
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5AEDCB07-25E3-4136-BE1E-BB2A2944355D}" = Game Graphic Studio
"{5FA65FE5-2AAC-4D00-BF0A-5EDC961BC691}" = Multimedia Keyboard
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{6177EC93-286D-4456-B4B6-FE6281A5F397}" = Sid Meier's Civilization III Gold
"{63A121E2-0489-4A16-BA1E-888609852211}" = Motiv Léto
"{6EF72FC6-842E-4FE6-BF88-BFBF03C9DA74}" = Windows Workflow Foundation CS Language Pack
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7CCEBC24-62DB-4280-A8EC-BFA49F167920}" = Software Update for Web Folders
"{7F947BFE-C2DF-4779-9909-5BEE746BD0C4}" = Microsoft .NET Framework 2.0 Language Pack - CSY
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{90110405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0405-0000-0000000FF1CE}" = Sada Compatibility Pack pro systém Office 2007
"{91C0B95B-B83A-4828-A775-BBE2DD421029}" = Nero 7 Ultra Edition
"{9AF46AB7-DD4C-4C74-00BC-A618C5BA1D4C}" = Tiger Woods PGA TOUR 07
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA47D951-588B-48A5-8183-21C44B1EA6EA}" = VRWriter4
"{AAB6D0F8-02B3-4E89-B24C-0BB153C21445}" = Windows Presentation Foundation Language Pack (CSY)
"{AC76BA86-7AD7-1029-7B44-A93000000001}" = Adobe Reader 9.3.2 - Czech
"{AEDDF5A3-29CE-11D5-A8C2-000102246AAE}" = ubi.com
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CDCBF62D-8E74-44A5-91AD-44AB4C2EFD89}" = InterVideo FilterSDK for Panasonic
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3CB41F2-EB29-432F-8554-46109E44D3D9}" = Hearts of Iron
"{D8979435-753B-40AE-9318-5E712C160A71}" = Windows Communication Foundation Language Pack - CSY
"{E045A5E3-0FC6-4AC2-BBE3-C49D68BA54DA}" = MotionSD STUDIO 1.3E
"{EA9FAF16-0E5C-42C4-9742-9AF8D5F6D69B}" = ATI Catalyst Control Center
"{EBB794ED-D282-4334-92FB-254481EFF514}" = Pro Evolution Soccer 6
"{F656DC79-013A-4683-8692-B938FC00B941}" = DkZ Studio
"{FB09515C-8E3E-4E0F-A1F2-032F38DEC185}" = Microsoft .NET Framework 3.0 Czech Language Pack
"{FEC7CD2E-2BB5-40C3-9592-078F64677E6C}" = PC TWIN SHOCK
"504244733D18C8F63FF584AEB290E3904E791693" = Balíček ovladače systému Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"avast!" = avast! Antivirus
"CCleaner" = CCleaner
"CToolbar_UNINSTALL" = Crawler Toolbar with Web Security Guard
"Čtyřka 3.30_is1" = Čtyřka 3.30
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"E8A6D621B6D3FC5D43C68C549D959DE76EEF5D84" = Balíček ovladače systému Windows - Nokia Modem (06/01/2009 4.1)
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"F779F5541ABD99C95C03B0FD5E3C058B22DA0FF7" = Balíček ovladače systému Windows - Nokia Modem (06/01/2009 7.01.0.3)
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"InstallShield_{D3CB41F2-EB29-432F-8554-46109E44D3D9}" = Hearts of Iron
"InstallShield_{EBB794ED-D282-4334-92FB-254481EFF514}" = Pro Evolution Soccer 6
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 1.71
"Microsoft .NET Framework 2.0 Language Pack - CSY" = Microsoft .NET Framework 2.0 Language Pack - CSY
"Microsoft .NET Framework 3.0 Czech Language Pack" = Microsoft .NET Framework 3.0 Czech Language Pack
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MP Navigator 3.0" = Canon MP Navigator 3.0
"MSNINST" = MSN
"Nokia PC Suite" = Nokia PC Suite
"O2 Internet Konfigurator" = O2 Internet Konfigurator
"Operation Flashpoint" = Operation Flashpoint uninstall
"PCI Audio Driver" = PCI Audio Driver
"PhotoFiltre" = PhotoFiltre
"Picasa 3" = Picasa 3
"rajče.net_is1" = rajče verze 56 sestavení 151
"Registrace uživatele zařízení Canon MP160" = Registrace uživatele zařízení Canon MP160
"Room Arranger" = Room Arranger
"Secunia PSI" = Secunia PSI
"Spyware Terminator_is1" = Spyware Terminator
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Web Translator" = Web Translator
"WebTime" = WebTime
"WIC" = Windows Imaging Component
"WinAce Archiver" = WinAce Archiver
"WinRAR archiver" = WinRAR
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"Xvid_is1" = Xvid 1.1.3 final uninstall
"YouTube Downloader_is1" = YouTube Downloader 2.5

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 3.2.2009 21:01:39 | Computer Name = MIW | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of http://cz.static.etargetnet.com/generic ... nt:verdana
failed, 0000A413.

Error - 3.2.2009 21:01:54 | Computer Name = MIW | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of http://cz.static.etargetnet.com/generic ... nt:verdana
failed, 0000A413.

Error - 12.2.2009 5:37:54 | Computer Name = MIW | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of http://1.im.cz/ad/im.js failed, 0000A413.

Error - 25.9.2009 9:21:39 | Computer Name = MIW | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of D:\EASO\commonImages\bg2.jpg failed, 0000001E.

Error - 25.9.2009 9:22:02 | Computer Name = MIW | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of D:\EASO\commonImages\bg3.jpg failed, 0000A420.

Error - 25.9.2009 12:37:15 | Computer Name = MIW | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of D:\EASO\commonImages\cards\40.jpg failed, 0000A420.

Error - 8.11.2009 18:30:03 | Computer Name = MIW | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of http://www.livesport.cz/x/feed/r_1_1 failed, 0000A413.

Error - 9.11.2009 21:26:39 | Computer Name = MIW | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of http://css.yandex.net/css/images/r6/GalleryPreview.js failed, 0000A413.

Error - 26.2.2010 11:07:30 | Computer Name = MIW | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of C:\Documents and Settings\Michael\Local Settings\Temporary Internet Files\Content.IE5\I096Y2GN\rstrui[1]
failed, 00000005.

Error - 16.4.2010 6:41:32 | Computer Name = MIW | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of C:\WINDOWS\SoftwareDistribution\Download\47049a18863e1cca24613f032b7df448\BIT1944.tmp
failed, 00000026.

[ System Events ]
Error - 21.4.2010 10:01:37 | Computer Name = MIW | Source = Service Control Manager | ID = 7000
Description = Služba Machine Debug Manager neuspěla při spuštění v důsledku následující
chyby: %%3

Error - 21.4.2010 10:01:37 | Computer Name = MIW | Source = Service Control Manager | ID = 7000
Description = Služba Machine Debug Manager neuspěla při spuštění v důsledku následující
chyby: %%3

Error - 21.4.2010 10:09:04 | Computer Name = MIW | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %3 při pokusu o spuštění služby MDM s argumenty
za účelem spuštění serveru: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

Error - 21.4.2010 10:09:04 | Computer Name = MIW | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %3 při pokusu o spuštění služby MDM s argumenty
za účelem spuštění serveru: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

Error - 21.4.2010 10:09:06 | Computer Name = MIW | Source = Service Control Manager | ID = 7000
Description = Služba Machine Debug Manager neuspěla při spuštění v důsledku následující
chyby: %%3

Error - 21.4.2010 10:09:06 | Computer Name = MIW | Source = Service Control Manager | ID = 7000
Description = Služba Machine Debug Manager neuspěla při spuštění v důsledku následující
chyby: %%3

Error - 21.4.2010 10:09:25 | Computer Name = MIW | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %3 při pokusu o spuštění služby MDM s argumenty
za účelem spuštění serveru: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

Error - 21.4.2010 10:09:25 | Computer Name = MIW | Source = Service Control Manager | ID = 7000
Description = Služba Machine Debug Manager neuspěla při spuštění v důsledku následující
chyby: %%3

Error - 21.4.2010 10:09:30 | Computer Name = MIW | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %3 při pokusu o spuštění služby MDM s argumenty
za účelem spuštění serveru: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

Error - 21.4.2010 10:09:30 | Computer Name = MIW | Source = Service Control Manager | ID = 7000
Description = Služba Machine Debug Manager neuspěla při spuštění v důsledku následující
chyby: %%3

< End of report >

#10 Příspěvek od **Caroprd111** » 22 dub 2010 13:06

Spusťte OTL a do spodního okna vložte následující skript.

Kód: Vybrat vše

:OTL
FF - prefs.js..browser.search.defaultengine: "Ask.com"
IE - HKU\S-1-5-21-1715567821-1336601894-1801674531-1003\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1715567821-1336601894-1801674531-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
FF - prefs.js..browser.search.order.1: "Ask.com"
O4 - HKU\.DEFAULT..\RunOnce: [ShowDeskFix] File not found
O4 - HKU\S-1-5-18..\RunOnce: [ShowDeskFix] File not found
O4 - Startup: C:\Documents and Settings\Michael\Start Menu\Programs\Startup\monxga32.exe ()
[2010.04.19 11:54:23 | 000,000,004 | ---- | M] () -- C:\Documents and Settings\Michael\Application Data\avdrn.dat
@Alternate Data Stream - 88 bytes -> C:\Boot.bak:SummaryInformation
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0295CBF7

:Commands
[EMPTYTEMP] 
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[CREATERESTOREPOINT]

Poté klikněte na Opravit, PC se restartuje, log vložte sem.

Obrázek

Tohle otestujte na http://www.virustotal.com/cs/
C:\WINDOWS\System32\drivers\LMFilt.sys

(Soubor nehledejte, jenom vložíte tučně označenou cestu, v případě hlášky "Soubor již byl testován" dejte otestovat znovu. Výsledek analýzy sem v podobě odkazu vložte.)

burrry · #11 Příspěvek od **burrry** » 22 dub 2010 13:54

Log z OTL.

All processes killed
========== OTL ==========
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Registry value HKEY_USERS\S-1-5-21-1715567821-1336601894-1801674531-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1715567821-1336601894-1801674531-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
Prefs.js: "Ask.com" removed from browser.search.order.1
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ShowDeskFix deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ShowDeskFix not found.
File move failed. C:\Documents and Settings\Michael\Start Menu\Programs\Startup\monxga32.exe scheduled to be moved on reboot.
C:\Documents and Settings\Michael\Application Data\avdrn.dat moved successfully.
ADS C:\Boot.bak:SummaryInformation deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0295CBF7 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 1058312 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Michael
->Temp folder emptied: 18904441 bytes
->Temporary Internet Files folder emptied: 396377 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 35220237 bytes
->Flash cache emptied: 671 bytes

User: NetworkService
->Temp folder emptied: 995336 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Nová složka

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1126328 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 55,00 mb

[EMPTYFLASH]

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: Michael
->Flash cache emptied: 0 bytes

User: NetworkService

User: Nová složka

Total Flash Files Cleaned = 0,00 mb

Restore points cleared and new OTL Restore Point set!
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

OTL by OldTimer - Version 3.2.1.3 log created on 04222010_143606

Files\Folders moved on Reboot...
C:\Documents and Settings\Michael\Start Menu\Programs\Startup\monxga32.exe moved successfully.
C:\Documents and Settings\Michael\Local Settings\Temp\~DF2DA2.tmp moved successfully.
C:\Documents and Settings\Michael\Local Settings\Application Data\Mozilla\Firefox\Profiles\o8t0423d.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Michael\Local Settings\Application Data\Mozilla\Firefox\Profiles\o8t0423d.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Michael\Local Settings\Application Data\Mozilla\Firefox\Profiles\o8t0423d.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Michael\Local Settings\Application Data\Mozilla\Firefox\Profiles\o8t0423d.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Michael\Local Settings\Application Data\Mozilla\Firefox\Profiles\o8t0423d.default\urlclassifier3.sqlite moved successfully.
File\Folder C:\WINDOWS\temp\ZLT032dd.TMP not found!

Registry entries deleted on Reboot...

#12 Příspěvek od **Caroprd111** » 22 dub 2010 13:57

Ok, ještě ten virustotal.

burrry · #13 Příspěvek od **burrry** » 22 dub 2010 14:15

Na VT nelze soubor vložit, neustále vyskakuje tabulka najít soubor, co s tím? Jinak CPU už jede na 55%, schvost. exe už nebere těch 98%.

#14 Příspěvek od **Caroprd111** » 22 dub 2010 14:30

Testování vynechte. Jak to vypadá s PC

burrry · #15 Příspěvek od **burrry** » 22 dub 2010 14:36

No, počítač vypadá, že se chová normálně, tak snad to bude dobrý. Mám sem vložit ještě log rsit?

VIRY.CZ

Prosím o kontrolu logu. Pomalý počítač.

Prosím o kontrolu logu. Pomalý počítač.

Re: Prosím o kontrolu logu. Pomalý počítač.

Re: Prosím o kontrolu logu. Pomalý počítač.

Re: Prosím o kontrolu logu. Pomalý počítač.

Re: Prosím o kontrolu logu. Pomalý počítač.

Re: Prosím o kontrolu logu. Pomalý počítač.

Re: Prosím o kontrolu logu. Pomalý počítač.

Re: Prosím o kontrolu logu. Pomalý počítač.

Re: Prosím o kontrolu logu. Pomalý počítač.

Re: Prosím o kontrolu logu. Pomalý počítač.

Re: Prosím o kontrolu logu. Pomalý počítač.

Re: Prosím o kontrolu logu. Pomalý počítač.

Re: Prosím o kontrolu logu. Pomalý počítač.

Re: Prosím o kontrolu logu. Pomalý počítač.

Re: Prosím o kontrolu logu. Pomalý počítač.