VIRY.CZ

Zdravim,
chcem kamoske nainstalovat hru sims ale jak mile dam do daemonu iso subor to napise ze :
"system windows nemá prístup k určenému zarizeni, ceste nebo souboru. K pristupu k polozce pravdepodobne nemate patricna opravneni"
podla mna je za tym nejaky virus.
Vo pred dakujem za riesenie

Logfile of random's system information tool 1.06 (written by random/random)
Run by root at 2010-05-05 15:39:19
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 11 GB (19%) free of 57 GB
Total RAM: 1151 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:39:46, on 5. 5. 2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Documents and Settings\root\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\WINDOWS\tictl98.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\TiMsger.exe
C:\Documents and Settings\root\temp\TeamViewer\Version4\TeamViewer.exe
C:\Documents and Settings\root\My Documents\Downloads\RSIT.exe
C:\Program Files\trend micro\root.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://search13.net/search.php?clid=486&q=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search13.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search13.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\root\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: MyWebSearch Search Assistant BHO - {00a6faf1-072e-44cf-8957-5838f569a31d} - C:\Program Files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL
O2 - BHO: Podpora odkazu pre aplikáciu Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07b18ea1-a523-4961-b6bb-170de4475cca} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL (file missing)
O2 - BHO: tom for ie - {8aa217b9-d729-4ee0-aed7-e93d695e94a2} - C:\Program Files\Stylish Profile\tom4ie.dll (file missing)
O2 - BHO: QIPBHO - {a55f9c95-2bb1-4ea2-bc77-dfaab78832ce} - C:\Documents and Settings\root\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL (file missing)
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\root\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lock.lnk = C:\WINDOWS\tictl98.exe
O8 - Extra context menu item: &search - http://edits.mywebsearch.com/toolbaredi ... p=GRfox000
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: StylishProfile - {14cd42dd-abcd-3586-dcab-40e3693e3737} - C:\Program Files\Stylish Profile\ct.htm
O9 - Extra 'Tools' menuitem: StylishProfile - {14cd42dd-abcd-3586-dcab-40e3693e3737} - C:\Program Files\Stylish Profile\ct.htm
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\tifilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\tifilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\tifilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\tifilter.dll
O10 - Unknown file in Winsock LSP: c:\windows\tifilter.dll
O11 - Options group: [java_sun] Java (Sun)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 3015997812
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O16 - DPF: {e2883e8f-472f-4fb0-9522-ac9bf37916a7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device (apple mobile device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: Bonjour Service (bonjour service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: iPod Service (ipod service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (javaquickstarterservice) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Secondary Logon seclogonseclogon (seclogonseclogon) - Unknown owner - C:\WINDOWS\system32\ansik.exe (file missing)
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 9740 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-515967899-1801674531-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-515967899-1801674531-1003UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00a6faf1-072e-44cf-8957-5838f569a31d}]
MyWebSearch Search Assistant BHO - C:\Program Files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL [2009-12-25 54608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pre aplikáciu Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07b18ea1-a523-4961-b6bb-170de4475cca}]
mwsBar BHO - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8aa217b9-d729-4ee0-aed7-e93d695e94a2}]
TomBHO Class - C:\Program Files\Stylish Profile\tom4ie.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a55f9c95-2bb1-4ea2-bc77-dfaab78832ce}]
QIPBHO Class - C:\Documents and Settings\root\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll [2009-10-05 150768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{dbc80044-a445-435b-bc74-9c25c1c588a9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-01-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e7e6f031-17ce-4c07-bc86-eabfe594f69c}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-01-11 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{07B18EA9-A523-4961-B6BB-170DE4475CCA} - My Web Search - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2006-08-08 344064]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2005-09-22 14854144]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"SMSERIAL"=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2006-06-01 573440]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"MyWebSearch Email Plugin"=C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe []
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-08-13 177440]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2010-01-22 141608]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2010-03-24 2145000]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"BitTorrent DNA"=C:\Program Files\DNA\btdna.exe [2009-10-23 323392]
"MyWebSearch Email Plugin"=C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe []
"Google Update"=C:\Documents and Settings\root\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-19 135664]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Lock.lnk - C:\WINDOWS\tictl98.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-08-08 86016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\DNA\btdna.exe"="C:\Program Files\DNA\btdna.exe:*:Enabled:DNA"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\Counter-Strike 1.6\hl.exe"="C:\Program Files\Counter-Strike 1.6\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Documents and Settings\root\temp\TeamViewer\Version4\TeamViewer.exe"="C:\Documents and Settings\root\temp\TeamViewer\Version4\TeamViewer.exe:*:Disabled:TeamViewer Remote Control Application"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{31e34f0b-5b64-11de-804f-0018f3933762}]
shell\autorun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
shell\open(0)\command - E:\Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{362a873a-1f9a-11de-bff1-0018f3933762}]
shell\autorun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
shell\open(0)\command - E:\Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6832d825-d995-11dd-bf88-0018f3933762}]
shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
shell\Open(0)\command - E:\Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{792d309a-e8c6-11dd-bfa1-0018f3933762}]
shell\autorun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
shell\open(0)\command - E:\Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7f3aec58-57be-11df-80e7-0018f3933762}]
shell\AutoRun\command - E:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b2ae3075-868a-11de-8060-0018f3933762}]
shell\autorun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
shell\open(0)\command - E:\Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ec27d065-d778-11dd-bf81-0018f3933762}]
shell\autorun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
shell\open(0)\command - F:\Recycled\ctfmon.exe


======List of files/folders created in the last 1 months======

2010-05-05 15:39:21 ----D---- C:\Program Files\trend micro
2010-05-05 15:39:19 ----D---- C:\rsit
2010-05-05 00:41:08 ----D---- C:\Documents and Settings\root\Application Data\ESET
2010-05-05 00:10:35 ----D---- C:\Program Files\Absolute Uninstaller
2010-05-05 00:10:35 ----D---- C:\Documents and Settings\root\Application Data\GlarySoft
2010-05-04 22:44:22 ----D---- C:\Program Files\DAEMON Tools Lite
2010-05-04 22:43:57 ----D---- C:\Documents and Settings\root\Application Data\DAEMON Tools Lite
2010-05-04 22:43:51 ----D---- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
2010-05-04 18:51:32 ----D---- C:\Documents and Settings\root\Application Data\MechCAD
2010-04-18 11:38:10 ----D---- C:\Documents and Settings\root\Application Data\ICQ
2010-04-15 10:20:40 ----D---- C:\Program Files\ICQ6.5

======List of files/folders modified in the last 1 months======

2010-05-05 15:39:25 ----D---- C:\WINDOWS\Temp
2010-05-05 15:39:21 ----RD---- C:\Program Files
2010-05-05 15:32:33 ----D---- C:\WINDOWS\system32\Lang
2010-05-05 15:32:17 ----D---- C:\Program Files\DNA
2010-05-05 15:32:17 ----D---- C:\Documents and Settings\root\Application Data\DNA
2010-05-05 15:32:03 ----D---- C:\Program Files\Mozilla Firefox
2010-05-05 15:31:06 ----D---- C:\WINDOWS\system32
2010-05-05 15:30:19 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-05-05 15:26:19 ----D---- C:\WINDOWS\system32\drivers
2010-05-05 15:26:19 ----D---- C:\WINDOWS
2010-05-05 15:25:26 ----D---- C:\Documents and Settings\All Users\Application Data\avg9
2010-05-05 15:14:36 ----SHD---- C:\WINDOWS\Installer
2010-05-05 01:33:35 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-05-05 01:33:30 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-05-05 01:33:26 ----D---- C:\WINDOWS\system32\CatRoot2
2010-05-05 00:37:27 ----HD---- C:\WINDOWS\inf
2010-05-05 00:35:00 ----D---- C:\Program Files\ESET
2010-05-05 00:09:29 ----D---- C:\Documents and Settings\root\Application Data\LimeWire
2010-05-05 00:07:21 ----RD---- C:\Program Files\Skype
2010-05-05 00:06:27 ----D---- C:\Program Files\LimeWire
2010-05-04 23:35:55 ----D---- C:\WINDOWS\Prefetch
2010-04-28 16:24:15 ----D---- C:\Documents and Settings\root\Application Data\skypePM
2010-04-19 16:37:23 ----D---- C:\Documents and Settings\root\Application Data\Skype
2010-04-18 11:35:52 ----D---- C:\Program Files\ICQ6Toolbar
2010-04-15 10:24:19 ----D---- C:\Documents and Settings\All Users\Application Data\ICQ
2010-04-15 10:12:31 ----D---- C:\Documents and Settings\root\Application Data\Apple Computer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2010-03-24 114984]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2010-03-24 55232]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2010-03-24 139192]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2010-03-24 134488]
R2 TiFmon;TiFmon; \??\C:\WINDOWS\system32\drivers\TiFmon.sys []
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-08-08 1681408]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2010-03-24 32584]
R3 gearaspiwdm;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-09-23 3966976]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ATKACPI.sys [2007-08-28 5760]
R3 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2005-07-12 51328]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-14 79232]
R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2006-06-01 894336]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-14 17152]
S1 4350ffa4;4350ffa4; C:\WINDOWS\System32\drivers\4350ffa4.sys []
S3 ay03ft7w;ay03ft7w; C:\WINDOWS\system32\drivers\ay03ft7w.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 TiDrv;TiDrv; C:\WINDOWS\system32\DRIVERS\TiDrv.sys [2007-07-04 13849]
S3 usbaapl;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 apple mobile device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-08-08 401408]
R2 bonjour service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2010-03-24 810120]
R2 javaquickstarterservice;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-12-17 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R3 ipod service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-01-22 545576]
S2 seclogonseclogon;Secondary Logon seclogonseclogon; C:\WINDOWS\system32\ansik.exe srv []
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2010-03-24 33560]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

-----------------EOF-----------------

Zdravím


Vložte do PC všechny flash disky, které používáte.

Stáhněte na plochu UsbFix http://pagesperso-orange.fr/NosTools/Ch ... UsbFix.exe

• Spusťte, poté zvolte jazyk E - Enter
• Zvolte 2 - Enter (je možný restart PC)
• Po dokončení na Vás vyskočí log, vložte mi ho sem, případně ho najdete v C:\UsbFix.txt

Stáhněte na plochu CKScanner http://downloads.malwareremoval.com/CKScanner.exe

• Spusťte a klikněte na "Search For Files", po dokončení skenu klikněte na "Save List to File" -> "OK"
• Log s názvem ckfiles.txt bude uložený na ploše, obsah tohoto souboru sem vložte.

Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe

• Spusťte, poté do spodního políčka vložte následující skript.

• Označte položku Pro všechny uživatele.
• Označte položky Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
• Klikněte na tlačítko Prohledat
• Po dokončení, sem vložte logy OTL.Txt a Extras.txt

############################## | UsbFix V6.111 |

User : root (Administrators) # MSSR-73BE1D1923
Update on 03/05/2010 by El Desaparecido , C_XX & Chimay8
Start at: 17:23:01 | 5. 5. 2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

Intel(R) Celeron(R) M CPU 420 @ 1.60GHz
Systém Microsoft Windows XP Professional (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 7.0.5730.13
Windows Firewall Status : Enabled
AV : ESET Smart Security 4.2 4.2 [ Enabled | Updated ]
FW : ESET personal firewall[ Enabled ]4.2.40.0

C:\ -> Lokálny pevný disk # 55,88 Go (13,36 Go free) # NTFS
D:\ -> Disk CD-ROM
E:\ -> Disk CD-ROM
F:\ -> Vymeniteľný disk # 983,7 Mo (981,08 Mo free) # FAT
G:\ -> Vymeniteľný disk # 1,86 Go (1,08 Go free) # FAT

################## | Files # Infected Folders |

Deleted ! C:\Recycler\S-1-5-21-1659004503-515967899-1801674531-1003

################## | Registry |


################## | Mountpoints2 |


################## | Listing of the present files |

[11. 08. 2009 17:22|--a------|2106] C:\.flv
[29. 12. 2008 15:48|--a------|0] C:\AUTOEXEC.BAT
[29. 12. 2008 15:40|---hs----|211] C:\boot.ini
[29. 12. 2008 15:48|--a------|0] C:\CONFIG.SYS
[29. 12. 2008 15:48|-rahs----|0] C:\IO.SYS
[29. 12. 2008 15:48|-rahs----|0] C:\MSDOS.SYS
[04. 08. 2004 14:00|-rahs----|47564] C:\NTDETECT.COM
[30. 12. 2008 11:04|-rahs----|250048] C:\ntldr
[?|?|?] C:\pagefile.sys
[05. 05. 2010 17:26|--a------|1480] C:\UsbFix.txt
[06. 07. 2009 12:50|--a------|92073] C:\yt.htm
[24. 11. 2008 22:53|---h-----|1033216] F:\~WRL1459.tmp
[21. 12. 2009 06:44|--a------|362398] F:\21x30cm.JPG
[13. 06. 2010 19:18|--a------|1223508] F:\10x15cm.JPG
[20. 04. 2010 21:09|--a------|32256] F:\Ropa.doc

################## | Vaccination |

# C:\autorun.inf -> Autorun.inf created by UsbFix (El Desaparecido).
# F:\autorun.inf -> Autorun.inf created by UsbFix (El Desaparecido).
# G:\autorun.inf -> Autorun.inf created by UsbFix (El Desaparecido).

################## | Upload |

Please send the file : C:\UsbFix_Upload_Me_MSSR-73BE1D1923.zip : http://chiquitine.changelog.fr/Sample/Upload.php
Thank you for your contribution .

################## | ! End of report # UsbFix V6.111 ! |


CKScanner

CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files\tilocker\crypt.dll
c:\windows\system32\crypt.dll
scanner sequence 3.LB.11
----- EOF -----

U UsbFixu musíte zvolit možnost 2.

OTL logfile created on: 5. 5. 2010 17:32:39 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\root\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000041B | Country: Slovakia | Language: SKY | Date Format: d. M. yyyy

1,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 65,00% Memory free
3,00 Gb Paging File | 2,00 Gb Available in Paging File | 91,00% Paging File free
Paging file location(s): C:\pagefile.sys 1728 3456 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55,88 Gb Total Space | 13,36 Gb Free Space | 23,91% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 3,78 Gb Total Space | 3,22 Gb Free Space | 85,13% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MSSR-73BE1D1923
Current User Name: root
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.05.05 16:04:12 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\root\Desktop\OTL.exe
PRC - [2010.03.24 20:31:50 | 000,810,120 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2008.04.14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003.08.06 21:24:20 | 012,037,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE


========== Modules (SafeList) ==========

MOD - [2010.05.05 16:04:12 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\root\Desktop\OTL.exe
MOD - [2008.04.14 06:40:22 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (seclogonseclogon)
SRV - [2010.03.24 20:39:48 | 000,033,560 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2010.03.24 20:31:50 | 000,810,120 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)


========== Driver Services (SafeList) ==========

DRV - [2010.05.04 22:45:10 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010.04.11 16:03:24 | 000,000,000 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\4350ffa4.sys -- (4350ffa4)
DRV - [2010.03.24 20:33:50 | 000,055,232 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2010.03.24 20:33:50 | 000,032,584 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2010.03.24 20:33:46 | 000,134,488 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2010.03.24 20:31:06 | 000,114,984 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010.03.24 20:23:52 | 000,139,192 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2009.02.07 21:25:04 | 000,045,614 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tifmon.sys -- (TiFmon)
DRV - [2008.04.13 23:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007.08.28 06:58:00 | 000,005,760 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2007.07.04 12:46:08 | 000,013,849 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TiDrv.sys -- (TiDrv)
DRV - [2006.08.08 22:59:14 | 001,681,408 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006.06.01 15:03:00 | 000,894,336 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2005.09.23 19:56:28 | 003,966,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005.07.12 20:00:30 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2004.08.04 00:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2001.08.17 14:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1659004503-515967899-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search13.net/
IE - HKU\S-1-5-21-1659004503-515967899-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search13.net/
IE - HKU\S-1-5-21-1659004503-515967899-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search13.net/
IE - HKU\S-1-5-21-1659004503-515967899-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search13.net/
IE - HKU\S-1-5-21-1659004503-515967899-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search13.net/
IE - HKU\S-1-5-21-1659004503-515967899-1801674531-1003\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1659004503-515967899-1801674531-1003\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\root\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
IE - HKU\S-1-5-21-1659004503-515967899-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1659004503-515967899-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "http://search13.net/search.php?clid=486&q="
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search13.net?clid=486"
FF - prefs.js..extensions.enabledItems: {6236BA26-C117-4007-928C-DE0716C7FA82}:1.0.2
FF - prefs.js..extensions.enabledItems: {6236BA26-C117-4007-928C-DE0716C7FA99}:1.0.1
FF - prefs.js..extensions.enabledItems: {6236BA26-C117-4007-928C-DE0716C7FA81}:1.0.2
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {6236BA26-C117-4007-928C-DE0716C7FA80}:1.0.22
FF - prefs.js..extensions.enabledItems: {6236BA26-C117-4007-928C-DE0716C7FA96}:1.0.2
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.5
FF - prefs.js..keyword.URL: "http://www.mywebsearch.com/jsp/cfg_redi ... searchfor="


FF - HKLM\software\mozilla\Firefox\extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\firefox\ [2010.05.05 15:48:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.05.05 00:05:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.05.03 22:47:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010.05.05 00:35:05 | 000,000,000 | ---D | M]

[2009.09.22 20:22:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\root\Application Data\Mozilla\Extensions
[2009.09.22 20:22:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\root\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010.05.05 00:50:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\root\Application Data\Mozilla\Firefox\Profiles\rg6sqeve.default\extensions
[2010.02.03 22:01:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\root\Application Data\Mozilla\Firefox\Profiles\rg6sqeve.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA80}
[2009.11.19 17:36:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\root\Application Data\Mozilla\Firefox\Profiles\rg6sqeve.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA81}
[2010.02.03 22:01:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\root\Application Data\Mozilla\Firefox\Profiles\rg6sqeve.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA82}
[2010.02.03 22:01:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\root\Application Data\Mozilla\Firefox\Profiles\rg6sqeve.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA96}
[2009.11.19 17:36:28 | 000,000,000 | ---D | M] (FBFan) -- C:\Documents and Settings\root\Application Data\Mozilla\Firefox\Profiles\rg6sqeve.default\extensions\{6236BA26-C117-4007-928C-DE0716C7FA99}
[2010.03.18 18:33:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\root\Application Data\Mozilla\Firefox\Profiles\rg6sqeve.default\extensions\staged-xpis
[2009.02.20 21:06:57 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\root\Application Data\Mozilla\Firefox\Profiles\rg6sqeve.default\searchplugins\ask.xml
[2010.05.04 18:55:18 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\root\Application Data\Mozilla\Firefox\Profiles\rg6sqeve.default\searchplugins\icqplugin-1.xml
[2009.10.29 17:51:32 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\root\Application Data\Mozilla\Firefox\Profiles\rg6sqeve.default\searchplugins\icqplugin-10.xml
[2009.12.20 11:41:28 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\root\Application Data\Mozilla\Firefox\Profiles\rg6sqeve.default\searchplugins\icqplugin-11.xml
[2010.01.08 18:04:05 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\root\Application Data\Mozilla\Firefox\Profiles\rg6sqeve.default\searchplugins\icqplugin-12.xml
[2010.02.23 21:50:32 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\root\Application Data\Mozilla\Firefox\Profiles\rg6sqeve.default\searchplugins\icqplugin-13.xml
[2010.04.15 12:14:05 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\root\Application Data\Mozilla\Firefox\Profiles\rg6sqeve.default\searchplugins\icqplugin-14.xml
[2009.03.06 08:11:09 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\root\Application Data\Mozilla\Firefox\Profiles\rg6sqeve.default\searchplugins\icqplugin-2.xml
[2009.03.29 12:35:53 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\root\Application Data\Mozilla\Firefox\Profiles\rg6sqeve.default\searchplugins\icqplugin-3.xml
[2009.04.26 16:03:49 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\root\Application Data\Mozilla\Firefox\Profiles\rg6sqeve.default\searchplugins\icqplugin-4.xml
[2009.05.01 07:36:06 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\root\Application Data\Mozilla\Firefox\Profiles\rg6sqeve.default\searchplugins\icqplugin-5.xml
[2009.06.13 09:33:24 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\root\Application Data\Mozilla\Firefox\Profiles\rg6sqeve.default\searchplugins\icqplugin-6.xml
[2009.08.27 21:53:58 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\root\Application Data\Mozilla\Firefox\Profiles\rg6sqeve.default\searchplugins\icqplugin-7.xml
[2009.09.01 11:49:22 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\root\Application Data\Mozilla\Firefox\Profiles\rg6sqeve.default\searchplugins\icqplugin-8.xml
[2009.09.14 20:29:57 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\root\Application Data\Mozilla\Firefox\Profiles\rg6sqeve.default\searchplugins\icqplugin-9.xml
[2009.08.25 10:40:18 | 000,000,944 | ---- | M] () -- C:\Documents and Settings\root\Application Data\Mozilla\Firefox\Profiles\rg6sqeve.default\searchplugins\icqplugin.xml
[2009.10.11 18:47:23 | 000,001,993 | ---- | M] () -- C:\Documents and Settings\root\Application Data\Mozilla\Firefox\Profiles\rg6sqeve.default\searchplugins\mj-snr.xml
[2009.08.25 22:34:24 | 000,009,941 | ---- | M] () -- C:\Documents and Settings\root\Application Data\Mozilla\Firefox\Profiles\rg6sqeve.default\searchplugins\mywebsearch.xml
[2009.11.13 15:49:51 | 000,002,061 | ---- | M] () -- C:\Documents and Settings\root\Application Data\Mozilla\Firefox\Profiles\rg6sqeve.default\searchplugins\qipsearch.xml
[2010.05.05 00:49:40 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.04.15 10:24:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2009.10.05 19:34:50 | 000,118,000 | ---- | M] () -- C:\Program Files\Mozilla Firefox\components\qippipe.dll
[2008.09.04 02:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2008.03.31 21:06:24 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2008.03.31 21:06:24 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2008.01.27 11:57:20 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2008.01.27 11:57:20 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2008.03.31 21:06:24 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2004.08.04 14:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Podpora odkazu pre aplikáciu Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (TomBHO Class) - {8aa217b9-d729-4ee0-aed7-e93d695e94a2} - C:\Program Files\Stylish Profile\tom4ie.dll File not found
O2 - BHO: (QIPBHO Class) - {a55f9c95-2bb1-4ea2-bc77-dfaab78832ce} - C:\Documents and Settings\root\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found
O4 - HKU\S-1-5-21-1659004503-515967899-1801674531-1003..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-1659004503-515967899-1801674531-1003..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Lock.lnk = C:\WINDOWS\tictl98.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1659004503-515967899-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-1659004503-515967899-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 255
O7 - HKU\S-1-5-21-1659004503-515967899-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 0
O9 - Extra Button: StylishProfile - {14cd42dd-abcd-3586-dcab-40e3693e3737} - C:\Program Files\Stylish Profile\ct.htm ()
O9 - Extra 'Tools' menuitem : StylishProfile - {14cd42dd-abcd-3586-dcab-40e3693e3737} - C:\Program Files\Stylish Profile\ct.htm ()
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\tifilter.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\tifilter.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\tifilter.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\tifilter.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\tifilter.dll ()
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupda ... 3015997812 (WUWebControl Class)
O16 - DPF: {8ad9c840-044e-11d1-b3e9-00805f499d93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {cafeefac-0016-0000-0018-abcdeffedcba} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {cafeefac-ffff-ffff-ffff-abcdeffedcba} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} http://icq.oberon-media.com/Gameshell/G ... meHost.cab (Oberon Flash Game Host)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/sh ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {e2883e8f-472f-4fb0-9522-ac9bf37916a7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\root\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\root\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O27 - HKLM IFEO\ashdisp.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\ashenhcd.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\ashserv.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\ashupd.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\aswupdsv.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avadmin.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avcenter.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avconfig.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avconsol.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avgnt.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avgrssvc.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avguard.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avmonitor.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avp.com: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avp.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avp32.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avscan.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\bdagent.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\ccenter.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\drwadins.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\drwebupw.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\filemon.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\gfring3.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\guardgui.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\guardxservice.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\guardxup.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\kasmain.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\kastask.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\kav32.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\kavdx.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\kavpf.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\kavpfw.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\kavstart.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\kpfw32.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\kpfw32x.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\navapsvc.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\navapw32.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\navigator.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\navnt.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\navstub.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\navw32.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\navwnt.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\niu.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\nod32.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\nod32krn.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\nvcc.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\ollydbg.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\preupd.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\pskdr.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\regmon.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\regtool.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\scan32.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\sffnup.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\vba32arkit.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\vba32ldr.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\vsserv.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\zanda.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\zlh.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\zonealarm.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\zoneband.dll: Debugger - ntsd -d (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.12.29 15:48:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010.05.05 16:44:28 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008.12.29 15:47:30 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (55745656140070912)

========== Files/Folders - Created Within 30 Days ==========

[2010.05.05 17:20:07 | 000,000,000 | ---D | C] -- C:\UsbFix
[2010.05.05 16:44:28 | 000,000,000 | RHSD | C] -- C:\autorun.inf
[2010.05.05 16:04:17 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\root\Desktop\OTL.exe
[2010.05.05 15:39:21 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.05.05 15:39:19 | 000,000,000 | ---D | C] -- C:\rsit
[2010.05.05 15:27:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\root\Desktop\daj este alt ct
[2010.05.05 00:41:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\root\Local Settings\Application Data\ESET
[2010.05.05 00:41:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\root\Application Data\ESET
[2010.05.05 00:37:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ESET
[2010.05.05 00:10:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\root\Application Data\GlarySoft
[2010.05.05 00:10:35 | 000,000,000 | ---D | C] -- C:\Program Files\Absolute Uninstaller
[2010.05.04 23:43:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\root\Desktop\Nový priečinok
[2010.05.04 22:57:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\root\Desktop\The sims2
[2010.05.04 22:44:22 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2010.05.04 22:43:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\root\Application Data\DAEMON Tools Lite
[2010.05.04 22:43:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010.05.04 18:56:58 | 009,641,984 | ---- | C] (www.milionar.pc.cz) -- C:\Documents and Settings\root\Desktop\milionar.exe
[2010.05.04 18:51:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\root\Application Data\MechCAD
[2010.05.04 18:44:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\root\WINDOWS
[2010.05.03 15:35:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\root\Desktop\matika
[2010.04.19 16:11:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\root\Desktop\TVZ
[2010.04.18 11:38:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\root\Application Data\ICQ
[2010.04.15 19:21:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\root\Desktop\26.-28.3.10-Tureň
[2010.04.15 10:20:40 | 000,000,000 | ---D | C] -- C:\Program Files\ICQ6.5
[2010.04.15 10:10:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\root\Desktop\Hangover
[2010.04.12 14:58:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\root\Desktop\Nový priečinok (2)
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.05.05 17:32:00 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-515967899-1801674531-1003UA.job
[2010.05.05 17:26:21 | 000,001,308 | ---- | M] () -- C:\UsbFix_Upload_Me_MSSR-73BE1D1923.zip
[2010.05.05 17:23:02 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.05.05 17:22:54 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.05.05 17:22:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.05.05 17:21:43 | 004,980,736 | ---- | M] () -- C:\Documents and Settings\root\ntuser.dat
[2010.05.05 17:21:43 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\root\ntuser.ini
[2010.05.05 16:04:12 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\root\Desktop\OTL.exe
[2010.05.05 15:59:35 | 000,451,584 | ---- | M] () -- C:\Documents and Settings\root\Desktop\CKScanner.exe
[2010.05.05 15:54:04 | 001,779,081 | ---- | M] () -- C:\Documents and Settings\root\Desktop\UsbFix.exe
[2010.05.05 12:15:36 | 003,618,721 | ---- | M] () -- C:\Documents and Settings\root\Desktop\pitbull feat. akon - shut it down.mp3
[2010.05.05 12:12:32 | 003,986,526 | ---- | M] () -- C:\Documents and Settings\root\Desktop\edward maya feat. vika jigulina - stereo love.mp3
[2010.05.05 12:00:46 | 003,563,969 | ---- | M] () -- C:\Documents and Settings\root\Desktop\owl city - fireflies.mp3
[2010.05.05 10:32:07 | 000,001,036 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-515967899-1801674531-1003Core.job
[2010.05.05 00:10:35 | 000,000,705 | ---- | M] () -- C:\Documents and Settings\root\Desktop\Absolute Uninstaller.lnk
[2010.05.05 00:10:35 | 000,000,161 | ---- | M] () -- C:\Documents and Settings\root\Desktop\Glary Utilities Freeware.url
[2010.05.05 00:03:38 | 043,368,960 | ---- | M] () -- C:\Documents and Settings\root\Desktop\ess_nt32_sky.msi
[2010.05.04 22:45:21 | 000,001,613 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools Lite.lnk
[2010.05.04 22:45:10 | 000,691,696 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010.05.01 23:32:19 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\root\Desktop\Google Chrome.lnk
[2010.04.25 10:09:10 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\root\Desktop\Suicide.doc
[2010.04.20 22:46:04 | 000,066,048 | ---- | M] () -- C:\Documents and Settings\root\Desktop\Občianska.jpg
[2010.04.20 21:09:31 | 000,032,256 | ---- | M] () -- C:\Documents and Settings\root\Desktop\Ropa.doc
[2010.04.20 08:25:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010.04.15 19:45:38 | 000,782,966 | ---- | M] () -- C:\Documents and Settings\root\Desktop\JA a romi.jpg
[2010.04.15 19:21:14 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\root\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.15 10:27:21 | 000,001,487 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ICQ6.5.lnk
[2010.04.15 10:12:54 | 000,018,028 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010.04.15 10:12:28 | 000,002,187 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2010.04.11 16:03:24 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\4350ffa4.sys
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.05.05 17:26:21 | 000,001,308 | ---- | C] () -- C:\UsbFix_Upload_Me_MSSR-73BE1D1923.zip
[2010.05.05 15:59:32 | 000,451,584 | ---- | C] () -- C:\Documents and Settings\root\Desktop\CKScanner.exe
[2010.05.05 15:53:38 | 001,779,081 | ---- | C] () -- C:\Documents and Settings\root\Desktop\UsbFix.exe
[2010.05.05 12:11:56 | 003,618,721 | ---- | C] () -- C:\Documents and Settings\root\Desktop\pitbull feat. akon - shut it down.mp3
[2010.05.05 12:08:58 | 003,986,526 | ---- | C] () -- C:\Documents and Settings\root\Desktop\edward maya feat. vika jigulina - stereo love.mp3
[2010.05.05 11:57:29 | 003,563,969 | ---- | C] () -- C:\Documents and Settings\root\Desktop\owl city - fireflies.mp3
[2010.05.05 00:10:35 | 000,000,705 | ---- | C] () -- C:\Documents and Settings\root\Desktop\Absolute Uninstaller.lnk
[2010.05.05 00:10:35 | 000,000,161 | ---- | C] () -- C:\Documents and Settings\root\Desktop\Glary Utilities Freeware.url
[2010.05.05 00:04:23 | 043,368,960 | ---- | C] () -- C:\Documents and Settings\root\Desktop\ess_nt32_sky.msi
[2010.05.04 22:45:20 | 000,001,613 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools Lite.lnk
[2010.05.04 22:45:07 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010.04.25 10:09:09 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\root\Desktop\Suicide.doc
[2010.04.20 22:46:04 | 000,066,048 | ---- | C] () -- C:\Documents and Settings\root\Desktop\Občianska.jpg
[2010.04.20 21:09:31 | 000,032,256 | ---- | C] () -- C:\Documents and Settings\root\Desktop\Ropa.doc
[2010.04.15 19:35:59 | 000,782,966 | ---- | C] () -- C:\Documents and Settings\root\Desktop\JA a romi.jpg
[2010.04.15 10:27:21 | 000,001,487 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\ICQ6.5.lnk
[2010.04.15 10:12:54 | 000,018,028 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009.12.23 11:48:31 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009.12.23 11:48:31 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009.06.07 22:49:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\4350ffa4.sys
[2009.02.07 21:25:05 | 000,011,131 | ---- | C] () -- C:\WINDOWS\System32\kownport.ini
[2009.02.07 21:25:04 | 000,159,744 | ---- | C] () -- C:\WINDOWS\tifilter.dll
[2009.02.07 21:25:04 | 000,122,880 | ---- | C] () -- C:\WINDOWS\drvdll.dll
[2009.02.07 21:25:04 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\crypt.dll
[2009.02.07 21:25:04 | 000,045,614 | ---- | C] () -- C:\WINDOWS\System32\drivers\tifmon.sys
[2009.02.07 21:25:04 | 000,045,056 | ---- | C] () -- C:\WINDOWS\kbdll.dll
[2009.02.07 21:25:04 | 000,013,849 | ---- | C] () -- C:\WINDOWS\tidrv.sys
[2009.02.07 21:25:04 | 000,013,849 | ---- | C] () -- C:\WINDOWS\System32\drivers\TiDrv.sys
[2009.02.07 21:25:04 | 000,003,188 | ---- | C] () -- C:\WINDOWS\System32\gwebdef.ini
[2009.02.07 21:25:04 | 000,000,215 | ---- | C] () -- C:\WINDOWS\iconcfg.ini
[2009.02.07 21:25:04 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\chartdef.ini
[2009.02.07 21:25:04 | 000,000,164 | ---- | C] () -- C:\WINDOWS\System32\sexwebdef.ini
[2009.02.07 21:25:04 | 000,000,150 | ---- | C] () -- C:\WINDOWS\System32\man.ini
[2009.02.07 21:25:04 | 000,000,078 | ---- | C] () -- C:\WINDOWS\System32\gamedef.ini
[2009.02.07 21:24:36 | 000,000,021 | ---- | C] () -- C:\WINDOWS\System32\tilang.ini
[2008.12.30 12:14:34 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007.08.28 06:58:00 | 000,005,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATKACPI.sys
[2003.04.07 12:38:32 | 000,005,746 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2010.05.05 15:25:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010.05.04 22:44:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009.01.01 14:00:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2009.07.09 00:09:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2010.04.15 10:24:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ
[2009.07.09 10:21:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Merscom
[2010.02.16 17:04:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009.09.14 17:59:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009.07.09 10:48:45 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\root\Application Data\.#
[2010.01.23 01:43:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\root\Application Data\BitTorrent
[2010.05.04 22:51:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\root\Application Data\DAEMON Tools Lite
[2010.05.05 17:21:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\root\Application Data\DNA
[2010.05.05 00:41:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\root\Application Data\ESET
[2009.12.23 11:48:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\root\Application Data\GetRightToGo
[2010.05.05 00:10:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\root\Application Data\GlarySoft
[2010.04.26 18:39:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\root\Application Data\ICQ
[2010.05.05 00:09:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\root\Application Data\LimeWire
[2010.05.04 21:51:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\root\Application Data\MechCAD
[2009.07.09 00:03:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\root\Application Data\My Games
[2009.11.13 15:50:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\root\Application Data\QIP
[2009.07.07 22:59:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\root\Application Data\TeamViewer

========== Purity Check ==========



========== Custom Scans ==========


< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"CTFMON.EXE" = C:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 06:42:18 | 000,015,360 | ---- | M] (Microsoft Corporation)
"BitTorrent DNA" = "C:\Program Files\DNA\btdna.exe" -- [2009.10.23 14:51:22 | 000,323,392 | ---- | M] (BitTorrent, Inc.)
"Google Update" = "C:\Documents and Settings\root\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c -- [2009.11.19 18:17:38 | 000,135,664 | ---- | M] (Google Inc.)
"DAEMON Tools Lite" = "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun -- [2010.04.01 11:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd)

< c:\windows\*.* /U >
[4 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >
[2009.01.26 21:16:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2009.12.13 12:47:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2009.09.20 17:22:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010.05.05 15:25:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010.05.04 22:44:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009.01.01 14:00:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2009.07.09 00:09:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2010.04.15 10:24:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ
[2009.07.09 10:21:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Merscom
[2009.01.12 21:21:12 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2010.03.03 10:07:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Norton
[2010.03.01 22:58:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2009.07.28 17:32:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NOS
[2009.11.06 23:13:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype
[2009.01.09 22:20:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony Corporation
[2010.02.16 15:25:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010.03.01 22:58:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2010.02.16 17:04:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008.12.30 10:02:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009.09.14 17:59:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}

< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2009.02.04 15:56:14 | 000,075,112 | ---- | M] (GEAR Software, Inc.) -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}\x86\DifXInstall32.exe
[2010.01.22 20:51:36 | 000,072,488 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
[2009.11.24 19:06:03 | 000,079,144 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe

< %APPDATA%\*. >
[2009.07.09 10:48:45 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\root\Application Data\.#
[2009.08.20 15:33:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\root\Application Data\Adobe
[2010.04.15 10:12:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\root\Application Data\Apple Computer
[2010.01.23 01:43:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\root\Application Data\BitTorrent
[2010.05.04 22:51:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\root\Application Data\DAEMON Tools Lite
[2010.05.05 17:21:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\root\Application Data\DNA
[2010.05.05 00:41:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\root\Application Data\ESET
[2009.12.23 11:48:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\root\Application Data\GetRightToGo
[2010.05.05 00:10:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\root\Application Data\GlarySoft
[2009.07.08 20:21:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\root\Application Data\Help
[2010.04.26 18:39:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\root\Application Data\ICQ
[2008.12.29 16:25:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\root\Application Data\Identities
[2010.05.05 00:09:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\root\Application Data\LimeWire
[2008.12.30 12:45:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\root\Application Data\Macromedia
[2010.05.04 21:51:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\root\Application Data\MechCAD
[2010.05.05 17:31:57 | 000,000,000 | --SD | M] -- C:\Documents and Settings\root\Application Data\Microsoft
[2008.12.31 22:27:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\root\Application Data\Mozilla
[2009.07.09 00:03:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\root\Application Data\My Games
[2009.11.13 15:50:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\root\Application Data\QIP
[2010.04.19 16:37:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\root\Application Data\Skype
[2010.04.28 16:24:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\root\Application Data\skypePM
[2009.01.12 21:11:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\root\Application Data\Sony Corporation
[2009.01.01 14:53:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\root\Application Data\Sun
[2009.07.07 22:59:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\root\Application Data\TeamViewer

< %APPDATA%\*.exe /s >
[2009.09.22 20:22:28 | 000,163,840 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\root\Application Data\LimeWire\browser\xulrunner\crashreporter.exe
[2009.09.22 20:22:32 | 000,196,608 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\root\Application Data\LimeWire\browser\xulrunner\updater.exe
[2009.09.22 20:22:32 | 000,014,848 | ---- | M] () -- C:\Documents and Settings\root\Application Data\LimeWire\browser\xulrunner\xpcshell.exe
[2009.09.22 20:22:32 | 000,077,824 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\root\Application Data\LimeWire\browser\xulrunner\xpicleanup.exe
[2009.09.22 20:22:32 | 000,266,240 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\root\Application Data\LimeWire\browser\xulrunner\xpidl.exe
[2009.09.22 20:22:32 | 000,018,432 | ---- | M] () -- C:\Documents and Settings\root\Application Data\LimeWire\browser\xulrunner\xpt_dump.exe
[2009.09.22 20:22:33 | 000,014,336 | ---- | M] () -- C:\Documents and Settings\root\Application Data\LimeWire\browser\xulrunner\xpt_link.exe
[2009.09.22 20:22:34 | 000,073,728 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\root\Application Data\LimeWire\browser\xulrunner\xulrunner-stub.exe
[2009.09.22 20:22:34 | 000,102,400 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\root\Application Data\LimeWire\browser\xulrunner\xulrunner.exe
[2009.07.06 13:03:11 | 001,878,984 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\root\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe


< MD5 for: AGP440.SYS >
[2004.08.04 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.04.14 06:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.04.14 06:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.14 01:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.14 01:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004.08.04 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.04.14 06:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 06:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.04 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: CDROM.SYS >
[2004.08.04 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2008.04.14 06:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008.04.14 06:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008.04.14 01:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008.04.14 01:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2004.08.04 14:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys

< MD5 for: CRYPTSVC.DLL >
[2004.08.04 14:00:00 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=10654F9DDCEA9C46CFB77554231BE73B -- C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll
[2008.04.14 06:41:52 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=3D4E199942E29207970E04315D02AD3B -- C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[2008.04.14 06:41:52 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=3D4E199942E29207970E04315D02AD3B -- C:\WINDOWS\system32\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2008.04.14 06:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 06:41:54 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004.08.04 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008.04.14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008.04.14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004.08.04 14:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: HAL.DLL >
[2004.08.04 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2008.04.14 06:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2008.04.14 06:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll
[2008.04.14 01:01:34 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll
[2008.04.14 01:01:30 | 000,131,840 | ---- | M] (Microsoft Corporation) MD5=6F61D3287A6A15A08A9433222C09D17F -- C:\WINDOWS\system32\HAL.DLL
[2004.08.04 14:00:00 | 000,131,968 | ---- | M] (Microsoft Corporation) MD5=F9A0F579FC18036FFDD9E26E0D268CCD -- C:\WINDOWS\$NtServicePackUninstall$\hal.dll

< MD5 for: CHANGER.SYS >
[2004.08.04 14:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2008.04.14 06:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
[2008.04.14 06:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Changer.sys
[2008.04.14 01:11:00 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\ServicePackFiles\i386\changer.sys

< MD5 for: ISAPNP.SYS >
[2008.04.14 06:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2008.04.14 06:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:isapnp.sys
[2008.04.14 01:06:42 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=05A299EC56E52649B1CF2FC52D20F2D7 -- C:\WINDOWS\ServicePackFiles\i386\isapnp.sys
[2008.04.14 01:06:42 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=05A299EC56E52649B1CF2FC52D20F2D7 -- C:\WINDOWS\system32\drivers\isapnp.sys
[2004.08.04 14:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=E504F706CCB699C2596E9A3DA1596E87 -- C:\WINDOWS\$NtServicePackUninstall$\isapnp.sys

< MD5 for: LSASS.EXE >
[2004.08.04 14:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=84885F9B82F4D55C6146EBF6065D75D2 -- C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
[2008.04.14 06:42:26 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=BF2466B3E18E970D8A976FB95FC1CA85 -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[2008.04.14 06:42:26 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=BF2466B3E18E970D8A976FB95FC1CA85 -- C:\WINDOWS\system32\lsass.exe

< MD5 for: NDIS.SYS >
[2008.04.14 01:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008.04.14 01:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2004.08.04 14:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

< MD5 for: NETLOGON.DLL >
[2008.04.14 06:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 06:42:02 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004.08.04 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004.08.04 14:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008.04.14 06:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 06:42:06 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SMSS.EXE >
[2008.04.14 06:42:38 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=5F816C1F539266D2D4C78694239DA0B5 -- C:\WINDOWS\ServicePackFiles\i386\smss.exe
[2008.04.14 06:42:38 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=5F816C1F539266D2D4C78694239DA0B5 -- C:\WINDOWS\system32\smss.exe
[2004.08.04 14:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=BD7FB0957C716F1A60333AEE04DE2178 -- C:\WINDOWS\$NtServicePackUninstall$\smss.exe

< MD5 for: SVCHOST.EXE >
[2008.04.14 06:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008.04.14 06:42:38 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2004.08.04 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: TCPIP.SYS >
[2008.04.14 01:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.04.14 01:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2004.08.04 14:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys

< MD5 for: USERINIT.EXE >
[2004.08.04 14:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008.04.14 06:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 06:42:40 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004.08.04 14:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 06:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 06:42:40 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WS2_32.DLL >
[2008.04.14 06:42:12 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008.04.14 06:42:12 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
[2004.08.04 14:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010.05.04 22:45:10 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys

< %systemroot%\System32\config\*.sav >
[2008.12.29 16:32:39 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008.12.29 16:32:39 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008.12.29 16:32:39 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %fystemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %fystemRoot%\system32\svchost.exe -k netsvcs

< %systemroot%\system32\drivers\*.sys /3 >
[2010.05.04 22:45:10 | 000,691,696 | ---- | M] () -- C:\WINDOWS\system32\drivers\sptd.sys

< %systemroot%\system32\*.* /3 >
[2010.05.05 17:23:02 | 000,002,206 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

========== Alternate Data Streams ==========

@Alternate Data Stream - 161 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F38450C8
@Alternate Data Stream - 156 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:26FD8642
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E4FBF8BD
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C210B4D5
< End of report >

OTL Extras logfile created on: 5. 5. 2010 17:32:39 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\root\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000041B | Country: Slovakia | Language: SKY | Date Format: d. M. yyyy

1,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 65,00% Memory free
3,00 Gb Paging File | 2,00 Gb Available in Paging File | 91,00% Paging File free
Paging file location(s): C:\pagefile.sys 1728 3456 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55,88 Gb Total Space | 13,36 Gb Free Space | 23,91% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 3,78 Gb Total Space | 3,22 Gb Free Space | 85,13% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MSSR-73BE1D1923
Current User Name: root
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-1659004503-515967899-1801674531-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Counter-Strike 1.6\hl.exe" = C:\Program Files\Counter-Strike 1.6\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"C:\Documents and Settings\root\temp\TeamViewer\Version4\TeamViewer.exe" = C:\Documents and Settings\root\temp\TeamViewer\Version4\TeamViewer.exe:*:Disabled:TeamViewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\ICQ6.5\ICQ.exe" = C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-b8ac-41ce-8346-3d777245c35b}" = Bonjour
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{1f1c2dfc-2d24-3e06-bcb8-725134adf989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 18
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{3ac54383-31d1-4907-961b-b12cbb1d0ae8}" = MobileMe Control Panel
"{3fa365df-2d68-45ed-8f83-8c8a33e65143}" = Apple Application Support
"{5ee7d259-d137-4438-9a5f-42f432ec0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{6956856f-b6b3-4be0-ba0b-8f495be32033}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{90120000-0020-041B-0000-0000000FF1CE}" = Balík Compatibility Pack pre systém Office 2007
"{9012041B-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{938B7504-41A5-42EE-8ECC-5E4B976E8876}" = ESET Smart Security
"{a6fdf86a-f541-4e7b-aea0-8849a2a700d5}" = iTunes
"{aadea55d-c834-4bcb-98a3-4b8d1c18f4ee}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1051-7B44-A81200000003}" = Adobe Reader 8 - Slovak
"{afa9d219-a7fd-4240-8793-e5c7c9d715f4}" = IKEA Home Planner
"{b7050cbdb2504b34bc2a9ca0a692cc29}" = DivX Plus Web Player
"{d103c4ba-f905-437a-8049-db24763bbe36}" = Skype™ 4.1
"{d6e4e5d6-7693-4bb4-95ba-21f38fafee90}" = Safari
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Absolute Uninstaller_is1" = Absolute Uninstaller 2.7.0.616
"adobe flash player activex" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0 CE" = Adobe Photoshop 7.0 CE
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"BSPlayer1" = BSPlayer
"Counter-Strike 1.6" = Counter-Strike 1.6
"Counter-strike 1.6 CZ" = Counter-strike 1.6 CZ
"desetiprsty5" = DesetiPrsty5 5.2
"free video to iphone converter_is1" = Free Video to iPhone Converter version 2.2
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"pq_dvd_to_iphone_video_suite" = PQ DVD to iPhone Video Suite (remove only)
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"stylish profile" = Stylish Profile
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archivátor

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1659004503-515967899-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
"google chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1. 4. 2010 14:53:32 | Computer Name = MSSR-73BE1D1923 | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikácia chrome.exe, verzia 0.0.0.0, zablokovaný modul
hungapp, verzia 0.0.0.0, adresa zablokovania 0x00000000.

Error - 4. 4. 2010 3:24:42 | Computer Name = MSSR-73BE1D1923 | Source = ESENT | ID = 490
Description = svchost (916) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "Proces nemôže
získať prístup k súboru, pretože daný súbor práve používa iný proces. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 4. 4. 2010 3:24:42 | Computer Name = MSSR-73BE1D1923 | Source = ESENT | ID = 470
Description = Catalog Database (916) Database C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
is partially attached. Attachment stage: 3. Error: -1032.

Error - 10. 4. 2010 10:08:16 | Computer Name = MSSR-73BE1D1923 | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikácia ImageReady.exe, verzia 7.0.0.0, zablokovaný
modul hungapp, verzia 0.0.0.0, adresa zablokovania 0x00000000.

Error - 14. 4. 2010 16:57:04 | Computer Name = MSSR-73BE1D1923 | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikácia chrome.exe, verzia 0.0.0.0, zablokovaný modul
hungapp, verzia 0.0.0.0, adresa zablokovania 0x00000000.

Error - 14. 4. 2010 16:57:07 | Computer Name = MSSR-73BE1D1923 | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikácia chrome.exe, verzia 0.0.0.0, zablokovaný modul
hungapp, verzia 0.0.0.0, adresa zablokovania 0x00000000.

Error - 19. 4. 2010 10:09:02 | Computer Name = MSSR-73BE1D1923 | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikácia Skype.exe, verzia 4.1.0.179, zablokovaný modul
hungapp, verzia 0.0.0.0, adresa zablokovania 0x00000000.

Error - 19. 4. 2010 10:09:05 | Computer Name = MSSR-73BE1D1923 | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikácia Skype.exe, verzia 4.1.0.179, zablokovaný modul
hungapp, verzia 0.0.0.0, adresa zablokovania 0x00000000.

Error - 28. 4. 2010 15:49:24 | Computer Name = MSSR-73BE1D1923 | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikácia firefox.exe, verzia 1.9.0.3725, zablokovaný
modul hungapp, verzia 0.0.0.0, adresa zablokovania 0x00000000.

Error - 4. 5. 2010 7:38:31 | Computer Name = MSSR-73BE1D1923 | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikácia chrome.exe, verzia 0.0.0.0, zablokovaný modul
hungapp, verzia 0.0.0.0, adresa zablokovania 0x00000000.

[ System Events ]
Error - 5. 5. 2010 11:06:25 | Computer Name = MSSR-73BE1D1923 | Source = Service Control Manager | ID = 7000
Description = Spustenie služby Background Intelligent Transfer Service zlyhalo kvôli
nasledujúcej chybe: %%2

Error - 5. 5. 2010 11:06:25 | Computer Name = MSSR-73BE1D1923 | Source = Service Control Manager | ID = 7000
Description = Spustenie služby Automatic Updates zlyhalo kvôli nasledujúcej chybe:
%%2

Error - 5. 5. 2010 11:18:04 | Computer Name = MSSR-73BE1D1923 | Source = DCOM | ID = 10005
Description = Server DCOM zistil chybu %2 pri pokuse spustiť službu BITS s argumentmi
potrebnú na spustenie servera: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 5. 5. 2010 11:18:04 | Computer Name = MSSR-73BE1D1923 | Source = Service Control Manager | ID = 7000
Description = Spustenie služby Background Intelligent Transfer Service zlyhalo kvôli
nasledujúcej chybe: %%2

Error - 5. 5. 2010 11:18:06 | Computer Name = MSSR-73BE1D1923 | Source = DCOM | ID = 10005
Description = Server DCOM zistil chybu %2 pri pokuse spustiť službu BITS s argumentmi
potrebnú na spustenie servera: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 5. 5. 2010 11:18:08 | Computer Name = MSSR-73BE1D1923 | Source = DCOM | ID = 10005
Description = Server DCOM zistil chybu %2 pri pokuse spustiť službu BITS s argumentmi
potrebnú na spustenie servera: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 5. 5. 2010 11:18:09 | Computer Name = MSSR-73BE1D1923 | Source = Service Control Manager | ID = 7000
Description = Spustenie služby Background Intelligent Transfer Service zlyhalo kvôli
nasledujúcej chybe: %%2

Error - 5. 5. 2010 11:18:09 | Computer Name = MSSR-73BE1D1923 | Source = Service Control Manager | ID = 7000
Description = Spustenie služby Background Intelligent Transfer Service zlyhalo kvôli
nasledujúcej chybe: %%2

Error - 5. 5. 2010 11:22:57 | Computer Name = MSSR-73BE1D1923 | Source = Service Control Manager | ID = 7000
Description = Spustenie služby Background Intelligent Transfer Service zlyhalo kvôli
nasledujúcej chybe: %%2

Error - 5. 5. 2010 11:22:57 | Computer Name = MSSR-73BE1D1923 | Source = Service Control Manager | ID = 7000
Description = Spustenie služby Automatic Updates zlyhalo kvôli nasledujúcej chybe:
%%2


< End of report >

Spusťte OTL a do spodního okna vložte následující skript. Poté klikněte na Opravit, PC se restartuje, log vložte sem.


Doporučuji odinstalovat:
BitTorrent BitTorrent
BitTorrent DNA

P2P sítě a jejich klienti jsou potenciálním bezpečnostním rizikem, prakticky neustále jsou zdrojem virů, zbytečně se vystavujete riziku.



Tohle otestujte na http://www.virustotal.com/cs/
C:\WINDOWS\drvdll.dll
C:\WINDOWS\tidrv.sys
C:\WINDOWS\system32\drivers\TiDrv.sys
C:\WINDOWS\tifilter.dll

(Soubor nehledejte, jenom vložíte tučně označenou cestu, v případě hlášky "Soubor již byl testován" dejte otestovat znovu. Výsledek analýzy sem v podobě odkazu vložte.)

All processes killed
========== OTL ==========
Service seclogonseclogon stopped successfully!
Service seclogonseclogon deleted successfully!
Service 4350ffa4 stopped successfully!
Service 4350ffa4 deleted successfully!
C:\WINDOWS\system32\drivers\4350ffa4.sys moved successfully.
Registry value HKEY_USERS\S-1-5-21-1659004503-515967899-1801674531-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Prefs.js: "http://search13.net/search.php?clid=486&q=" removed from browser.search.defaulturl
Prefs.js: "Ask" removed from browser.search.order.1
Prefs.js: "http://search13.net?clid=486" removed from browser.startup.homepage
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\m3ffxtbr@mywebsearch.com deleted successfully.
C:\Program Files\MyWebSearch\bar\firefox\chrome folder moved successfully.
C:\Program Files\MyWebSearch\bar\firefox folder moved successfully.
HKU\S-1-5-21-1659004503-515967899-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKU\S-1-5-21-1659004503-515967899-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
HKU\S-1-5-21-1659004503-515967899-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKU\S-1-5-21-1659004503-515967899-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Search\\CustomizeSearch| /E : value set successfully!
HKU\S-1-5-21-1659004503-515967899-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8aa217b9-d729-4ee0-aed7-e93d695e94a2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8aa217b9-d729-4ee0-aed7-e93d695e94a2}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Lock.lnk moved successfully.
C:\WINDOWS\tictl98.exe moved successfully.
Starting removal of ActiveX control {e2883e8f-472f-4fb0-9522-ac9bf37916a7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashdisp.exe\ deleted successfully.
C:\WINDOWS\System32\ntsd.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashenhcd.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashserv.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashupd.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswupdsv.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avadmin.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconfig.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconsol.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgnt.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avgrssvc.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avguard.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avmonitor.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.com\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp32.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avscan.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdagent.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccenter.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwadins.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwebupw.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\filemon.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gfring3.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardgui.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardxservice.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardxup.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kasmain.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kastask.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kav32.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavdx.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavpf.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavpfw.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavstart.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kpfw32.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kpfw32x.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navapsvc.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navapw32.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navigator.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navnt.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navstub.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navw32.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navwnt.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\niu.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krn.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nvcc.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ollydbg.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\preupd.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pskdr.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regmon.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regtool.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\scan32.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sffnup.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vba32arkit.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vba32ldr.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vsserv.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zanda.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zlh.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zonealarm.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zoneband.dll\ deleted successfully.
File ntsd -d not found.
C:\WINDOWS\002854_.tmp deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\Documents and Settings\root\Desktop\CKScanner.exe moved successfully.
C:\Documents and Settings\root\Application Data\.# folder moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:F38450C8 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:26FD8642 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:E4FBF8BD deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C210B4D5 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 98135799 bytes

User: root
->Temp folder emptied: 1172691911 bytes
->Temporary Internet Files folder emptied: 96599377 bytes
->Java cache emptied: 6512227 bytes
->FireFox cache emptied: 105340164 bytes
->Google Chrome cache emptied: 173494829 bytes
->Apple Safari cache emptied: 31066232 bytes
->Flash cache emptied: 5493827 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 64320978 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 20992 bytes

Total Files Cleaned = 1 673,00 mb


[EMPTYFLASH]

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: root
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

Restore points cleared and new OTL Restore Point set!
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

OTL by OldTimer - Version 3.2.4.1 log created on 05052010_181005

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

OK, ještě virustotal.

Caroprd111 píše:OK, ještě virustotal.

C:\WINDOWS\drvdll.dll cisty
C:\WINDOWS\tidrv.sys cisty
C:\WINDOWS\system32\drivers\TiDrv.sys cisty
C:\WINDOWS\tifilter.dll cisty


Dakujem (: uz vsetko fici jak ma

Stáhněte MBAM http://www.viry.cz/forum/viewtopic.php?f=29&t=67229

• Podle návodu v odkazu nainstalujte, poté dejte úplný sken.
• Nic nemažte MBAM má občas falešné detekce a mohl by smazat např. systémové soubory.
• Log vložte sem.

+

Start > Spustit (Win + R) > napište regedit.exe > OK

• Najděte následující klíče klíče (je možné, že tam některý nebude)

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BITS
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wuauserv
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BITS
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\wuauserv
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BITS
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\wuauserv
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv

• Najďěte složky BITS a wuauserv (u všech klíčů výše uvedených), klikněte na ně pravým tlačítkem myši, vyberte možnost "Oprávnění". Dejte "Povolit vše".

Potom v pravém okénku najdete hodnotu ImagePath, klikněte na ni pravým tl. myši a zvolte možnost "Změnit".
Zobrazí se Vám okénko s cestou (%fystemRoot%\system32\svchost.exe -k netsvcs)
Vy musíte přepsat písmenko F na s
aby cesta byla (%systemRoot%\system32\svchost.exe -k netsvcs)

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verzia databázy: 4069

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

5. 5. 2010 20:23:57
mbam-log-2010-05-05 (20-23-57).txt

Typ kontroly: Úplná kontrola (C:\|)
Objektov kontrolovaných: 170856
Uplynulý čas: 1 hod, 8 min, 39 sek

Infikované služby pamäte: 0
Infikované moduly pamäte: 0
Infikované registračné kľúče: 37
Infikované registračné hodnoty: 1
Infikované položky registračných dát: 6
Infikované priečinky: 4
Infikované súbory: 37

Infikované služby pamäte:
(Škodlivé položky neboli zistené)

Infikované moduly pamäte:
(Škodlivé položky neboli zistené)

Infikované registračné kľúče:
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{84da4fdf-a1cf-4195-8688-3e961f505983} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@mywebsearch.com/Plugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Infikované registračné hodnoty:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Quarantined and deleted successfully.

Infikované položky registračných dát:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.SearchPage) -> Bad: (http://search13.net/) Good: (http://www.Google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully.

Infikované priečinky:
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Infikované súbory:
C:\Program Files\MyWebSearch\bar\Message\COMMON\8_step1.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\ask_logo.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\autoup.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\autoup.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\bkwebfet.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\bkzwinky.jpg (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\blubtn2d.png (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\blubtn2r.png (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\blubtn3d.png (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\blubtn3r.png (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\center.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\index.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\logo_ZJ.png (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\logo_ZR.png (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\mid_dots.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\mws_logo.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\protect.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\rebbtnbg.png (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\rebbtnn1.png (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\rebbtnn2.png (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\rebbtny1.png (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\rebbtny2.png (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\rebclose.png (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\rebut.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\rebut2.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\rebut3.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\rebut3b.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\reb_bg.png (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\repmidsm.png (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\shield.png (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\shocked.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\stop.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\systray.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\systrayp.htm (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\tp_grad.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Message\COMMON\warn.gif (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\root\Application Data\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.

Moc dik za vsetko

Jak to vypadá s PC

No je o trosku rychlejsi ... (: ten sims mi tam isiel nainstalovat ale este nieco vyhadzovalo exploer.exe chybu ked som chcel spustil/kopirovat nejaky film do toho notebooku ale to uz je jedno staci jej ze jej tam ide sims a net

DIKES