antimalware-doctor ???

Zpráva

jacktenrek · #1 Příspěvek od **jacktenrek** » 08 črc 2010 14:54

zdravím chytili jsme do pracovniho nezabezpečeneho kompu antimalware-doctor a nelze s tim nic delat hned chvilku po spušteni vytíží pamet a je finito. Muže nekdo poradit co s tím? dekuji

#2 Příspěvek od **motji** » 08 črc 2010 16:39

Hezký podvečer

Do nouzového režimu se dostanete? (po restartu mačkejte F8 - nouzový režim s prací v síti)
Pokud to pujde, spusťte OTL

Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe
-uložte ho na plochu a spustte soubor OTL.exe.
-do bílého okna dole skopírujte tento skript:

Kód: Vybrat vše

netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
tcpip.sys
cryptsvc.dll
Changer.sys
JakNDis.sys
isapnp.sys
cdrom.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
CREATERESTOREPOINT

- zaškrtněte okénko Pro všechny uživatele.
-označte okénka Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
- Klikněte na tlačítko Prohledat
-po dokončení skenu se objeví logy OTL.Txt a Extras.txt, vložte je zde

jacktenrek · #3 Příspěvek od **jacktenrek** » 09 črc 2010 09:39

akorat jsem se nemohl dostat na nouzový režim, ale šlo to spustit přimo v klasickem režimu

otl :

OTL logfile created on: 9.7.2010 10:00:11 - Run 1
OTL by OldTimer - Version 3.2.8.1 Folder = C:\Documents and Settings\mspackova\Plocha
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

247,00 Mb Total Physical Memory | 47,00 Mb Available Physical Memory | 19,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): C:\pagefile.sys 800 2000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37,31 Gb Total Space | 16,54 Gb Free Space | 44,35% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 959,47 Mb Total Space | 280,96 Mb Free Space | 29,28% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: THYZA
Current User Name: mspackova
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.07.09 07:08:24 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mspackova\Plocha\OTL.exe
PRC - [2010.06.28 22:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010.06.28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009.12.16 10:40:46 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008.02.22 05:25:21 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
PRC - [2007.06.13 15:23:39 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004.11.17 16:48:40 | 000,090,112 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe

========== Modules (SafeList) ==========

MOD - [2010.07.09 07:08:24 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mspackova\Plocha\OTL.exe
MOD - [2006.08.25 17:51:20 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004.08.04 08:01:17 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - [2010.06.28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010.06.28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010.06.28 22:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2004.11.17 16:48:40 | 000,090,112 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
SRV - [2001.04.06 23:24:54 | 000,032,256 | ---- | M] (C-Dilla Ltd) [Disabled | Stopped] -- C:\WINDOWS\system32\drivers\CDANTSRV.EXE -- (C-DillaSrv)

========== Driver Services (SafeList) ==========

DRV - [2010.06.28 22:32:45 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010.06.28 22:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2005.12.19 13:46:27 | 000,014,940 | ---- | M] (Ericsson Mobile Communications AB) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Epiusb.sys -- (Epiusb)
DRV - [2005.02.11 11:24:24 | 000,079,488 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750obex.sys -- (k750obex)
DRV - [2005.02.11 11:22:48 | 000,081,728 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mgmt.sys -- (k750mgmt)
DRV - [2005.02.11 11:21:10 | 000,089,872 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mdm.sys -- (k750mdm)
DRV - [2005.02.11 11:21:02 | 000,006,576 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750mdfl.sys -- (k750mdfl)
DRV - [2005.02.11 11:19:20 | 000,055,216 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\k750bus.sys -- (k750bus) Sony Ericsson 750 driver (WDM)
DRV - [2004.08.04 08:07:42 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2004.08.04 08:07:42 | 000,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2004.06.26 13:22:00 | 000,006,016 | ---- | M] (RDV Soft) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vnccom.SYS -- (vnccom)
DRV - [2004.06.26 13:22:00 | 000,004,736 | ---- | M] (RDV Soft) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vncdrv.sys -- (vncdrv)
DRV - [2003.12.22 23:42:00 | 000,076,288 | ---- | M] (Rainbow Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2003.01.17 14:01:52 | 000,202,480 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97) Audio Driver (WDM)
DRV - [2002.10.28 10:23:38 | 000,038,528 | ---- | M] (ADMtek Incorporated.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\an983.sys -- (AN983)
DRV - [2002.08.21 20:59:24 | 000,109,568 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2002.03.01 13:04:06 | 000,048,420 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001.10.24 11:54:40 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde)
DRV - [2001.08.17 22:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001.08.17 22:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001.08.17 22:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001.08.17 22:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001.08.17 22:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001.08.17 21:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001.08.17 21:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001.08.17 21:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001.08.17 21:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001.08.17 21:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001.08.17 21:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc)
DRV - [2001.08.17 21:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001.08.17 21:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001.04.06 23:24:54 | 000,056,592 | ---- | M] (Macrovision) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CDANT.SYS -- (C-Dilla)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://cz_z1_srv001
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.fujitsu-siemens.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.fujitsu-siemens.com
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.fujitsu-siemens.com
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.fujitsu-siemens.com
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2000478354-839522115-682003330-3641\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2000478354-839522115-682003330-3641\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://cz_z1_srv001
IE - HKU\S-1-5-21-2000478354-839522115-682003330-3641\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://cz_z1_srv001/default.aspx"

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.03.25 08:10:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.03.25 08:08:17 | 000,000,000 | ---D | M]

[2010.03.25 08:14:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mspackova\Data aplikací\Mozilla\Extensions
[2010.03.25 08:14:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mspackova\Data aplikací\Mozilla\Firefox\Profiles\2e9dm9bc.default\extensions
[2010.03.25 08:08:19 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.03.16 20:17:17 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.03.16 20:17:17 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.03.16 20:17:17 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.03.16 20:17:17 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.03.16 20:17:17 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2002.09.23 14:00:00 | 000,000,737 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (WebTranslator) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\TRANSLAT\WEBIE.DLL ()
O3 - HKU\S-1-5-21-2000478354-839522115-682003330-3641\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Communicator] C:\Program Files\Microsoft Office Communicator\communicator.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WinPersonalizer] C:\Program Files\WinPersonalizer\Systray.exe File not found
O4 - HKU\S-1-5-21-2000478354-839522115-682003330-3641..\Run: [setup715newver0015.exe] C:\Documents and Settings\mspackova\Data aplikací\D55DC9AA26F66DA6B22F2B60B73B4DCF\setup715newver0015.exe ()
O4 - HKU\S-1-5-21-2000478354-839522115-682003330-3641..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\EPSON Status Monitor 3 Environment Check(2).lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE (SEIKO EPSON CORPORATION)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2000478354-839522115-682003330-3641\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: WebTran - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\TRANSLAT\WEBIE.DLL ()
O9 - Extra 'Tools' menuitem : &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLAT\WEBIE.DLL ()
O9 - Extra 'Tools' menuitem : Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\TRANSLAT\WEBIE.DLL ()
O9 - Extra 'Tools' menuitem : Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLAT\WEBIE.DLL ()
O15 - HKLM\..Trusted Domains: mojebanka.cz ([www] https in Důvěryhodné servery)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} http://www.spywarestormer.com/files2/Install.cab (CInstall Class)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... mv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {50E43D86-A74D-11D0-98CE-004005249458} https://www.mojebanka.cz/jars/confwiz/MVSGif.cab (AnimatedGif Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/sh ... wflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: IB App KB R9 https://www.mojebanka.cz/jars/ibapp.cab (Reg Error: Key error.)
O16 - DPF: KTPro SP KB R9 https://www.mojebanka.cz/jars/ktpsp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O16 - DPF: SH App KB R9 https://www.mojebanka.cz/jars/shapp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.249 217.197.150.168
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = TENZO.LOCAL
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (rundll32.exe) - File not found
O20 - HKLM Winlogon: Shell - (thxr.wgo) - File not found
O20 - HKLM Winlogon: Shell - (nwfdtx) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\mspackova\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\mspackova\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003.04.28 23:19:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: SENTINEL - C:\WINDOWS\System32\SNTI386.DLL (Rainbow Technologies, Inc.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVF - C:\WINDOWS\System32\DivX412.dll (DivXNetworks, Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivXNetworks, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.vp31 - C:\WINDOWS\System32\vp31vfw.dll (On2.com)
Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvid.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (61093680697573376)

========== Files/Folders - Created Within 30 Days ==========

[2010.07.09 09:57:21 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\mspackova\Plocha\OTL.exe
[2010.07.09 09:48:14 | 000,165,456 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010.07.09 09:48:14 | 000,017,744 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010.07.09 09:48:13 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010.07.09 09:48:11 | 000,100,176 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010.07.09 09:48:11 | 000,094,544 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010.07.09 09:48:09 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010.07.09 09:47:36 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010.07.09 09:44:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
[2010.07.09 07:39:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mspackova\Data aplikací\Malwarebytes
[2010.07.09 07:39:05 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.07.09 07:38:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
[2010.07.09 07:38:57 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.07.09 07:38:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.07.09 07:37:51 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\mspackova\Plocha\mbam-setup.exe
[2010.07.08 12:42:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
[2010.07.07 08:48:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mspackova\Data aplikací\D55DC9AA26F66DA6B22F2B60B73B4DCF
[47 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.07.09 10:06:01 | 000,000,940 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.07.09 09:58:45 | 000,001,706 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\avast! Free Antivirus.lnk
[2010.07.09 09:58:40 | 000,002,553 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010.07.09 09:52:00 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.07.09 09:51:58 | 000,000,936 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.07.09 09:51:49 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.07.09 09:51:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.07.09 09:38:31 | 007,864,320 | -H-- | M] () -- C:\Documents and Settings\mspackova\NTUSER.DAT
[2010.07.09 09:38:31 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\mspackova\ntuser.ini
[2010.07.09 09:37:37 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\ggfrih.sys
[2010.07.09 07:52:24 | 053,785,488 | ---- | M] () -- C:\Documents and Settings\mspackova\Plocha\setup_av_free.exe
[2010.07.09 07:39:09 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2010.07.09 07:18:06 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\mspackova\Plocha\mbam-setup.exe
[2010.07.09 07:14:36 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\mspackova\Plocha\rkill.com
[2010.07.09 07:08:24 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mspackova\Plocha\OTL.exe
[2010.07.08 15:15:47 | 000,001,624 | ---- | M] () -- C:\WINDOWS\lsrslt.ini
[2010.07.08 13:25:19 | 000,002,561 | ---- | M] () -- C:\Documents and Settings\mspackova\Plocha\Microsoft Office Word 2003.lnk
[2010.07.08 13:17:53 | 000,002,529 | ---- | M] () -- C:\Documents and Settings\mspackova\Plocha\Microsoft Office Outlook 2003.lnk
[2010.07.08 12:44:26 | 000,000,215 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2010.07.08 12:32:44 | 000,001,166 | -H-- | M] () -- C:\Documents and Settings\mspackova\Dokumenty\Default.rdp
[2010.07.08 12:28:55 | 000,002,139 | ---- | M] () -- C:\WINDOWS\WDICT32.INI
[2010.07.07 13:56:33 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\mspackova\intlname.ols
[2010.07.01 10:24:45 | 000,001,521 | ---- | M] () -- C:\Documents and Settings\mspackova\Plocha\Malování.lnk
[2010.06.28 22:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
[2010.06.28 22:57:12 | 000,165,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010.06.28 22:37:52 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010.06.28 22:37:30 | 000,165,456 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010.06.28 22:33:13 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010.06.28 22:32:45 | 000,100,176 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010.06.28 22:32:42 | 000,094,544 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010.06.28 22:32:33 | 000,017,744 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010.06.28 22:32:16 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010.06.24 09:32:33 | 000,004,525 | ---- | M] () -- C:\WINDOWS\WTRAN32.INI
[2010.06.24 09:32:33 | 000,000,000 | ---- | M] () -- C:\WINDOWS\XXLGSC
[2010.06.18 12:57:54 | 000,000,000 | ---- | M] () -- C:\WINDOWS\vtwcobfimjj0yvkyk4usd6yo.ini
[2010.06.17 07:37:13 | 000,003,514 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2010.06.14 07:28:34 | 000,366,638 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.06.14 07:28:34 | 000,365,100 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2010.06.14 07:28:34 | 000,052,622 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2010.06.14 07:28:34 | 000,046,252 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.06.14 07:28:33 | 000,832,136 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.06.14 07:25:37 | 000,325,912 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.06.11 15:50:49 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010.06.11 15:49:08 | 000,000,811 | ---- | M] () -- C:\WINDOWS\win.ini
[47 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.07.09 09:48:20 | 000,001,706 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\avast! Free Antivirus.lnk
[2010.07.09 09:41:31 | 053,785,488 | ---- | C] () -- C:\Documents and Settings\mspackova\Plocha\setup_av_free.exe
[2010.07.09 09:37:37 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\ggfrih.sys
[2010.07.09 07:39:09 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2010.07.09 07:37:43 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\mspackova\Plocha\rkill.com
[2010.07.08 12:44:26 | 000,000,215 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010.07.07 15:56:34 | 000,001,624 | ---- | C] () -- C:\WINDOWS\lsrslt.ini
[2010.07.01 10:24:45 | 000,001,521 | ---- | C] () -- C:\Documents and Settings\mspackova\Plocha\Malování.lnk
[2010.06.21 08:18:13 | 000,211,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ndis.sys
[2010.06.18 12:57:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vtwcobfimjj0yvkyk4usd6yo.ini
[2008.01.02 13:43:05 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDEEPL6200.ini
[2007.05.02 13:56:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI
[2006.04.06 09:31:34 | 000,000,032 | ---- | C] () -- C:\WINDOWS\postak.ini
[2005.11.28 14:17:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mpegableX4live.INI
[2005.08.10 15:21:33 | 000,000,033 | ---- | C] () -- C:\WINDOWS\WTRDCTM.INI
[2005.08.10 15:20:14 | 000,000,657 | ---- | C] () -- C:\WINDOWS\TRNCOM.INI
[2005.08.10 15:19:56 | 000,000,666 | ---- | C] () -- C:\WINDOWS\WEBTRAN4.INI
[2005.08.10 15:19:46 | 000,004,525 | ---- | C] () -- C:\WINDOWS\WTRAN32.INI
[2005.08.10 15:19:46 | 000,002,139 | ---- | C] () -- C:\WINDOWS\WDICT32.INI
[2005.06.29 09:58:02 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005.06.09 08:19:05 | 000,000,078 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2005.04.13 08:19:33 | 000,000,027 | ---- | C] () -- C:\WINDOWS\faxsetup.ini
[2005.02.17 12:31:58 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005.02.17 12:31:58 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005.02.17 12:31:58 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005.02.17 12:31:58 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005.02.17 12:31:58 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005.02.17 12:31:58 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005.02.17 12:31:58 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2005.01.26 12:17:17 | 000,003,267 | ---- | C] () -- C:\WINDOWS\winzip32.ini
[2005.01.04 18:18:04 | 000,000,417 | ---- | C] () -- C:\WINDOWS\XDCS_DO2.INI
[2003.10.02 12:43:56 | 000,233,525 | ---- | C] () -- C:\WINDOWS\System32\isutil.dll
[2003.10.02 12:43:54 | 000,000,271 | ---- | C] () -- C:\WINDOWS\apptune.ini
[2003.09.23 15:03:42 | 000,005,165 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2003.09.23 14:42:33 | 000,000,494 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003.04.29 20:07:42 | 000,001,138 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003.04.29 20:02:13 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003.04.29 20:02:10 | 000,000,042 | ---- | C] () -- C:\WINDOWS\AcrobatSetupStatus.ini
[2003.04.09 15:38:04 | 000,005,664 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002.12.10 16:18:42 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHEALR.DLL
[2002.05.16 02:38:40 | 000,091,136 | ---- | C] () -- C:\WINDOWS\System32\mp4fil32.dll
[2002.05.04 16:19:00 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\avisynthEx.dll
[2000.10.20 13:25:36 | 000,079,360 | ---- | C] () -- C:\WINDOWS\System32\acdbres.dll
[1999.01.22 19:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2003.04.29 20:00:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\administrator.TENZO\Data aplikací\InterTrust
[2010.07.09 09:44:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
[2010.04.08 13:46:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\MSScanAppDataDir
[2003.04.29 20:00:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Data aplikací\InterTrust
[2003.04.29 20:00:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Data aplikací\InterTrust
[2008.07.16 13:55:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kzambochova\Data aplikací\.bittorrent
[2008.07.16 13:55:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kzambochova\Data aplikací\Azureus
[2008.07.16 13:55:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kzambochova\Data aplikací\EDrawings
[2003.04.29 20:00:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kzambochova\Data aplikací\InterTrust
[2010.07.07 08:48:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mspackova\Data aplikací\D55DC9AA26F66DA6B22F2B60B73B4DCF
[2009.12.09 14:51:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mspackova\Data aplikací\EDrawings
[2003.04.29 20:00:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mspackova\Data aplikací\InterTrust
[2006.04.21 09:40:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PcTenzo\Data aplikací\.bittorrent
[2006.11.28 10:53:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PcTenzo\Data aplikací\Azureus
[2007.05.02 13:57:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PcTenzo\Data aplikací\EDrawings
[2003.04.29 20:00:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\PcTenzo\Data aplikací\InterTrust

========== Purity Check ==========

========== Custom Scans ==========

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"CTFMON.EXE" = C:\WINDOWS\system32\ctfmon.exe -- [2004.08.18 00:49:22 | 000,015,360 | ---- | M] (Microsoft Corporation)
"QuickTime Task" = "C:\Program Files\QuickTime\qttask.exe" -atboottime -- [2006.06.06 08:32:47 | 000,155,648 | ---- | M] (Apple Computer, Inc.)
"Skype" = "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized -- [2007.12.07 16:08:02 | 021,686,568 | R--- | M] (Skype Technologies S.A.)
"swg" = "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" -- [2009.12.16 10:40:46 | 000,039,408 | ---- | M] (Google Inc.)
"setup715newver0015.exe" = C:\Documents and Settings\mspackova\Data aplikací\D55DC9AA26F66DA6B22F2B60B73B4DCF\setup715newver0015.exe -- [2010.07.07 08:48:41 | 001,042,944 | ---- | M] ()

< c:\windows\*.* /U >
[3 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2009.12.02 08:33:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mspackova\Data aplikací\Adobe
[2010.07.07 08:48:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mspackova\Data aplikací\D55DC9AA26F66DA6B22F2B60B73B4DCF
[2009.12.09 14:51:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mspackova\Data aplikací\EDrawings
[2009.12.16 10:38:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mspackova\Data aplikací\Google
[2010.01.11 14:40:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mspackova\Data aplikací\Help
[2003.04.29 20:00:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mspackova\Data aplikací\Identities
[2003.04.29 20:00:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mspackova\Data aplikací\InterTrust
[2009.11.09 09:21:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mspackova\Data aplikací\Macromedia
[2010.07.09 07:39:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mspackova\Data aplikací\Malwarebytes
[2010.02.01 10:21:36 | 000,000,000 | --SD | M] -- C:\Documents and Settings\mspackova\Data aplikací\Microsoft
[2010.03.25 08:14:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mspackova\Data aplikací\Mozilla
[2010.07.09 09:54:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mspackova\Data aplikací\Skype
[2010.07.09 09:40:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mspackova\Data aplikací\skypePM
[2009.12.18 12:12:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mspackova\Data aplikací\Sun

< %APPDATA%\*.exe /s >
[2010.07.07 08:48:41 | 001,042,944 | ---- | M] () -- C:\Documents and Settings\mspackova\Data aplikací\D55DC9AA26F66DA6B22F2B60B73B4DCF\setup715newver0015.exe

< MD5 for: AGP440.SYS >
[2005.07.15 08:03:29 | 022,286,602 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2005.07.15 08:03:29 | 022,286,602 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\agp440.sys
[2004.08.04 08:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2004.08.04 08:07:41 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2002.09.23 14:00:00 | 010,174,968 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2005.07.15 08:03:29 | 022,286,602 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2002.09.23 14:00:00 | 010,174,968 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp1.cab:atapi.sys
[2002.09.20 18:17:54 | 010,174,968 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp1.cab:atapi.sys
[2005.07.15 08:03:29 | 022,286,602 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\atapi.sys
[2004.08.04 07:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2004.08.04 07:59:42 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: CDROM.SYS >
[2002.09.23 14:00:00 | 010,174,968 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:cdrom.sys
[2005.07.15 08:03:29 | 022,286,602 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2002.09.23 14:00:00 | 010,174,968 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp1.cab:cdrom.sys
[2002.09.20 18:17:54 | 010,174,968 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp1.cab:cdrom.sys
[2005.07.15 08:03:29 | 022,286,602 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\cdrom.sys
[2004.08.04 07:59:52 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2004.08.04 07:59:52 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\system32\drivers\cdrom.sys

< MD5 for: CRYPTSVC.DLL >
[2004.08.18 00:49:03 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[2004.08.18 00:49:03 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\system32\cryptsvc.dll
[2008.04.14 05:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2008.04.14 05:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\eventlog.dll
[2004.08.18 00:49:06 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2004.08.18 00:49:06 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\explorer.exe
[2004.08.18 00:49:22 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007.06.13 15:23:39 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=ED7B460B142A32097B8A8F6ECC941815 -- C:\WINDOWS\explorer.exe
[2007.06.13 15:23:39 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=ED7B460B142A32097B8A8F6ECC941815 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: HAL.DLL >
[2002.09.23 14:00:00 | 010,174,968 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:hal.dll
[2005.07.15 08:03:29 | 022,286,602 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2002.09.23 14:00:00 | 010,174,968 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp1.cab:hal.dll
[2002.09.20 18:17:54 | 010,174,968 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp1.cab:hal.dll
[2005.07.15 08:03:29 | 022,286,602 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:hal.dll
[2008.04.13 20:31:32 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\hal.dll
[2004.08.04 07:59:19 | 000,105,472 | ---- | M] (Microsoft Corporation) MD5=C321C95318495909A0066FB0EDC97287 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll
[2004.08.04 07:59:09 | 000,131,968 | ---- | M] (Microsoft Corporation) MD5=F9A0F579FC18036FFDD9E26E0D268CCD -- C:\WINDOWS\system32\HAL.DLL

< MD5 for: CHANGER.SYS >
[2005.07.15 08:03:29 | 022,286,602 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2005.07.15 08:03:29 | 022,286,602 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:Changer.sys
[2008.04.13 20:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\changer.sys
[2004.08.04 08:00:12 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=DAF1A8193B6CAF0FB858CADCC5C4AF4A -- C:\WINDOWS\ServicePackFiles\i386\changer.sys

< MD5 for: ISAPNP.SYS >
[2001.10.24 11:44:12 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\system32\dllcache\isapnp.sys
[2001.10.24 11:44:12 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\system32\drivers\isapnp.sys
[2008.04.14 04:27:53 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\isapnp.sys

< MD5 for: LSASS.EXE >
[2004.08.18 00:49:23 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[2004.08.18 00:49:23 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\system32\lsass.exe
[2008.04.14 05:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\lsass.exe

< MD5 for: NDIS.SYS >
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\ndis.sys
[2004.08.04 08:14:28 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys

< MD5 for: NETLOGON.DLL >
[2009.02.06 20:47:20 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=1F43B8C0F4C767FBED89711C30E704D9 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009.02.06 20:47:20 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=1F43B8C0F4C767FBED89711C30E704D9 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004.08.18 00:49:13 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2004.08.18 00:49:13 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\system32\netlogon.dll
[2008.04.14 05:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004.08.18 00:49:16 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2004.08.18 00:49:16 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\system32\scecli.dll
[2008.04.14 05:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\scecli.dll

< MD5 for: SMSS.EXE >
[2004.08.18 00:49:27 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\ServicePackFiles\i386\smss.exe
[2004.08.18 00:49:27 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\system32\smss.exe
[2002.09.23 14:00:00 | 000,481,792 | ---- | M] (Microsoft Corporation) MD5=223C19411FD6064E75AABDFCC63B4029 -- C:\WINDOWS\I386\SYSTEM32\SMSS.EXE
[2008.04.14 05:22:47 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\smss.exe

< MD5 for: SVCHOST.EXE >
[2008.04.14 05:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\svchost.exe
[2004.08.18 00:49:27 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2004.08.18 00:49:27 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\system32\svchost.exe

< MD5 for: TCPIP.SYS >
[2008.06.20 12:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 12:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\system32\drivers\tcpip.sys
[2008.04.13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\tcpip.sys
[2004.08.04 08:14:40 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\userinit.exe
[2004.08.18 00:49:27 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2004.08.18 00:49:27 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004.08.18 00:49:27 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2004.08.18 00:49:27 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\system32\winlogon.exe
[2008.04.14 05:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\winlogon.exe

< MD5 for: WS2_32.DLL >
[2004.08.18 00:49:20 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2004.08.18 00:49:20 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\system32\ws2_32.dll
[2008.04.14 05:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\SoftwareDistribution\Download\8fb85d68ee3649be8b622da7b69408ee\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[47 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2003.04.29 01:06:01 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2003.04.29 01:06:01 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2003.04.29 01:06:00 | 000,385,024 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >
[47 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k netsvcs

< %systemroot%\system32\drivers\*.sys /3 >
[2010.07.09 09:37:37 | 000,054,016 | ---- | M] () -- C:\WINDOWS\system32\drivers\ggfrih.sys

< %systemroot%\system32\*.* /3 >
[2010.07.09 09:58:40 | 000,002,553 | ---- | M] () -- C:\WINDOWS\system32\CONFIG.NT
[2010.07.08 12:44:26 | 000,000,215 | ---- | M] () -- C:\WINDOWS\system32\MRT.INI
[2010.07.09 09:52:00 | 000,001,158 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
[47 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< CREATERESTOREPOINT >
< End of report >

extras:

OTL Extras logfile created on: 9.7.2010 10:00:11 - Run 1
OTL by OldTimer - Version 3.2.8.1 Folder = C:\Documents and Settings\mspackova\Plocha
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

247,00 Mb Total Physical Memory | 47,00 Mb Available Physical Memory | 19,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): C:\pagefile.sys 800 2000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37,31 Gb Total Space | 16,54 Gb Free Space | 44,35% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 959,47 Mb Total Space | 280,96 Mb Free Space | 29,28% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: THYZA
Current User Name: mspackova
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.scr [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-2000478354-839522115-682003330-3641\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

jacktenrek · #4 Příspěvek od **jacktenrek** » 09 črc 2010 09:41

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe" = C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007 -- (Microsoft Corporation)
"C:\Program Files\UltraVNC\winvnc.exe" = C:\Program Files\UltraVNC\winvnc.exe:*:Enabled:VNC server for Win32 -- (UltraVNC)
"C:\Program Files\Microsoft Office Communicator\communicator.exe" = C:\Program Files\Microsoft Office Communicator\communicator.exe:*:Enabled:Microsoft Office Communicator 2007 R2 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Office\EXCEL.EXE" = C:\Program Files\Microsoft Office\Office\EXCEL.EXE:*:Enabled:Microsoft Excel for Windows -- File not found
"C:\Program Files\Cerberus\Cerberus.exe" = C:\Program Files\Cerberus\Cerberus.exe:*:Enabled:Cerberus FTP Server Application -- File not found
"C:\Cerberus\Cerberus.exe" = C:\Cerberus\Cerberus.exe:*:Enabled:Cerberus FTP Server Application -- File not found
"C:\Program Files\Sony Ericsson\Update Service\ma3platform.exe" = C:\Program Files\Sony Ericsson\Update Service\ma3platform.exe:*:Enabled:ma3platform -- File not found
"C:\petr\vlastní\download\StrongDC++\rc10\StrongDC.exe" = C:\petr\vlastní\download\StrongDC++\rc10\StrongDC.exe:*:Enabled:StrongDC++ -- File not found
"C:\Program Files\xerox\CentreWare54\Scanning_Svcs\cwscan32.exe" = C:\Program Files\xerox\CentreWare54\Scanning_Svcs\cwscan32.exe:*:Enabled:cwscan32 -- File not found
"C:\Program Files\Azureus\Azureus.exe" = C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus -- File not found
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found
"C:\Program Files\UltraVNC\winvnc.exe" = C:\Program Files\UltraVNC\winvnc.exe:*:Enabled:VNC server for Win32 -- (UltraVNC)
"C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe" = C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007 -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office Communicator\communicator.exe" = C:\Program Files\Microsoft Office Communicator\communicator.exe:*:Enabled:Microsoft Office Communicator 2007 R2 -- (Microsoft Corporation)
color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1611A5CF-50B8-4669-98BF-087A28A8CB49}" = Microsoft Conferencing Add-in for Microsoft Office Outlook
"{176B7642-72A8-49D0-8EC4-26D59D8E21B2}" = Klient Správy přístupových práv v systému Windows s aktualizací Service Pack 2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1ECD6EC8-7BB2-4CD5-A384-BAA371BC4D21}" = Volo View Express
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2515BF88-E42E-4AFA-A8E7-DF272762589B}" = Microsoft Office Live Meeting 2007
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{5081528F-5DD5-49BA-8213-9A6A13502497}" = Sentinel System Driver 5.41.1 (32-bit)
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{846232AE-EF8E-43F2-8540-B150A9EAE004}" = Microsoft .NET Framework (Czech)
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver
"{90120000-0020-0405-0000-0000000FF1CE}" = Sada Compatibility Pack pro systém Office 2007
"{91110405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{928EE567-49F9-4082-A7B3-9BB82CD3C0FE}" = Microsoft Office Communicator 2007 R2
"{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime
"{975C8028-51D8-44A9-9585-82E9810FE96A}" = hp LaserJet 1000
"{A8AD990E-355A-4413-8647-A9B168978423}_is1" = UltraVNC v1.0.2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1029-7B44-A80000000000}" = Adobe Reader 8 - Czech
"{D41B269A-C7C3-4AB1-A033-B18FBEFCB9F6}" = eDrawings 2007
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Klient Správy přístupových práv v systému Windows SP2, zpětná kompatibilita
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Autodesk Learning Assistance" = Autodesk Learning Assistance
"avast5" = avast! Free Antivirus
"BDE implementation_is1" = BDE version 5.1
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.2.7
"EB88B6218325D2AB47CFFBF7170236B60A6198FF" = Windows Driver Package - Microsoft Corporation (usbvideo) Image (05/25/2007 1.0.3656.0)
"EPL6200_6200L Referenční příručka" = EPL6200_6200L Referenční příručka
"EPSON Printer and Utilities" = Software tiskárny EPSON
"HijackThis" = HijackThis 1.99.1
"InstallShield_{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime
"IrfanView" = IrfanView (remove only)
"LMS" = C-Dilla Licence Management System
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework Full v1.0.3705 (1029)" = Microsoft .NET Framework (Czech) v1.0.3705
"Mozilla Firefox (3.6.2)" = Mozilla Firefox (3.6.2)
"PhotoFiltre" = PhotoFiltre
"Rainbow Sentinel Driver" = Sentinel System Driver
"SAPSproW" = SAPSproW
"Totalcmd" = Total Commander (Remove or Repair)
"Web Translator" = Web Translator
"WGA" = Windows Genuine Advantage Validation Tool
"Wincmd" = Windows Commander (Remove or Repair)
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinRAR archiver" = WinRAR
"WinZip" = WinZip
"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2000478354-839522115-682003330-3641\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Antimalware Doctor" = Antimalware Doctor

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9.7.2010 3:39:42 | Computer Name = THYZA | Source = Userenv | ID = 1054
Description = Systém Windows nemůže získat název řadiče domény vaší sítě. (Není
nainstalován ovladač Pracovní stanice. ). Zpracovávání zásad skupin bylo zastaveno.

Error - 9.7.2010 3:39:42 | Computer Name = THYZA | Source = Userenv | ID = 1054
Description = Systém Windows nemůže získat název řadiče domény vaší sítě. (Není
nainstalován ovladač Pracovní stanice. ). Zpracovávání zásad skupin bylo zastaveno.
Error - 9.7.2010 3:39:43 | Computer Name = THYZA | Source = UserInit | ID = 1000
Description = Skript \\TENZO.LOCAL\SysVol\TENZO.LOCAL\scripts\vsichni.bat nelze
spustit. Žádný ze síťových zprostředkovatelů tuto síťovou cestu nepřijal. .

Error - 9.7.2010 3:40:42 | Computer Name = THYZA | Source = AutoEnrollment | ID = 15
Description = Automatickému zápisu certifikátu pro Local System se nezdařilo kontaktovat
adresář Active Directory(0x80070836). Není nainstalován ovladač Pracovní stanice.

Zápis nebude proveden.

Error - 9.7.2010 3:51:57 | Computer Name = THYZA | Source = Google Update | ID = 20
Description =

Error - 9.7.2010 3:51:59 | Computer Name = THYZA | Source = Userenv | ID = 1054
Description = Systém Windows nemůže získat název řadiče domény vaší sítě. (Není
nainstalován ovladač Pracovní stanice. ). Zpracovávání zásad skupin bylo zastaveno.

Error - 9.7.2010 3:51:59 | Computer Name = THYZA | Source = Userenv | ID = 1054
Description = Systém Windows nemůže získat název řadiče domény vaší sítě. (Není
nainstalován ovladač Pracovní stanice. ). Zpracovávání zásad skupin bylo zastaveno.

Error - 9.7.2010 3:52:00 | Computer Name = THYZA | Source = UserInit | ID = 1000
Description = Skript \\TENZO.LOCAL\SysVol\TENZO.LOCAL\scripts\vsichni.bat nelze
spustit. Žádný ze síťových zprostředkovatelů tuto síťovou cestu nepřijal. .

Error - 9.7.2010 3:53:02 | Computer Name = THYZA | Source = AutoEnrollment | ID = 15
Description = Automatickému zápisu certifikátu pro Local System se nezdařilo kontaktovat
adresář Active Directory(0x80070836). Není nainstalován ovladač Pracovní stanice.

Zápis nebude proveden.

Error - 9.7.2010 4:06:56 | Computer Name = THYZA | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 8.7.2010 6:54:15 | Computer Name = THYZA | Source = Service Control Manager | ID = 7001
Description = Služba Kurýrní služba závisí na službě Rozhraní NetBIOS, která neuspěla
při spuštění v důsledku následující chyby: %%31

Error - 8.7.2010 6:54:15 | Computer Name = THYZA | Source = Service Control Manager | ID = 7001
Description = Služba Služby IPSEC závisí na službě Ovladač IPSEC, která neuspěla
při spuštění v důsledku následující chyby: %%31

Error - 8.7.2010 6:54:15 | Computer Name = THYZA | Source = Service Control Manager | ID = 7023
Description = Služba Server byla ukončena s následující chybou: %%2

Error - 8.7.2010 6:54:15 | Computer Name = THYZA | Source = Service Control Manager | ID = 7023
Description = Služba Brána Firewall / Sdílení připojení k Internetu (ICS) byla ukončena
s následující chybou: %%2

Error - 8.7.2010 6:54:15 | Computer Name = THYZA | Source = Service Control Manager | ID = 7023
Description = Služba Automatické aktualizace byla ukončena s následující chybou:
%%2147952450

Error - 8.7.2010 6:54:15 | Computer Name = THYZA | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: AFD IPSec MRxSmb NetBIOS NetBT Tcpip

Error - 8.7.2010 6:54:15 | Computer Name = THYZA | Source = Service Control Manager | ID = 7024
Description = Služba Služba inteligenꊡㆎ䯔ꃜ쬕�ଲ䊜榚렝쫌袕痶懚昕�斊艫싱蚪싈袢龄䷒뤺৳䙠䋆껡ᔛᣏ큓⃙곭勾믅法㡦䤬׷祚⥄歨໯跬鷴ᎅᴊヒវ砤쀐㢡À⍇쳈᷐蜋㔳톉컐駫挾ꑅ᳑侦ਲ⫤訣⬑Ὣശ혋혨湣⡠됱ⷖ渡뒟㜻䗭⇋拞贗鹭䥅䆮化铫喺人럦۬훰늾讣쀘慓ᡊ䥗揲䩥壭熯㥙걑覾逳鷾৺鋫ᓡꃂ㱞╏쥛꺶䍰슰ꑈ麗萎▝⮆쟢욶犥ᙑ㉥▣㏄Ꮩ錵㶬㆟䘬ꆚ㲥ࢇ쨙뎮好慆쉈ﶆ⌣镂㱅ᔎ퀥襽爡Ƀ佂躑酦㴐ܶ훙侬랸躉䞿쑘鷚㶡裩꠩斦⛇嗵啕啕啕啕啕啕啕啕啕啕啕啕啕啕啕啕啕啕啕啕啕啕啕啕啕啕啕啕啕啕啕啕啕啕啕啕啕啕啕啕啕啕啕ѕ䳁ၑ㫌㗍ত侀儕ꕧ馤揕ႌ첌聙撪ᆱ냩↠䕌磼궜މ죫牳䐕뤹閭幈ᛵ濛沫慕㺏硃辁笑ᨅⶐ䧇榊ᬧꤋ鄼璅﷤ꦕ瑒즜ﲲ뫚

핅攍牟杢ꍼ㕔륅噾ꢡ晔禃崶�릙峎䧉㨮定៘室솊�矖䈭ꭦ炖⡚츠㲥ꭢゔ矪㽍鴪躱⌆隫灲셹坲嫡౴渒⦆ᥔ㑻㛳콢㠟蚽௺ネ♵㼢��㬑갳蝀⌀ⓖ䭵펕递ॄ　Ỉ㰢㤽E�茉ꏅ곭䰷��䪌퉮搨蚑ᝋ욏ኽ�㯝谙Ⓞ唿슞뽧茒�㍂捤鑰嚂䁞ѕ蝬吥煇⾡㖲堰璘䕗츤嘺త䴎嵣즪࣢嫬䘳䲐ﷁ⪔寇☯Ӂ῭蚊뇔합腛憱ﯿӢ装㌇큨禛쁸귗樚轩ᷩꌙ啇¬븣榴뒶Ӱ⪟抋ㄺⶾ稲

#5 Příspěvek od **motji** » 09 črc 2010 09:52

Vy jste se ho snažil nějak odstranit ? Jak to vypadá ted, můžete normálně spouštět programy?
Jestli jste něco smazal mbamem, mohla bych vidět log? Najdete ho pod záložkou protokoly.

jacktenrek · #6 Příspěvek od **jacktenrek** » 09 črc 2010 09:57

ee byl me doporučen rkill když jsem ho dal dalo se s tim delat ale při resetu naběhl znova dal jsem rkill a pak spustil OtL. Udelal jsem neco špatně?

#7 Příspěvek od **motji** » 09 črc 2010 10:08

Ne, neudělal, já jen že v logu nebyl moc vidět

. Kdo Vám Rkill doporučil?

Spustte OTL
-do bílého okna dole skopírujte tento skript:

Kód: Vybrat vše

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WinPersonalizer] C:\Program Files\WinPersonalizer\Systray.exe File not found
O4 - HKU\S-1-5-21-2000478354-839522115-682003330-3641..\Run: [setup715newver0015.exe] C:\Documents and Settings\mspackova\Data aplikací\D55DC9AA26F66DA6B22F2B60B73B4DCF\setup715newver0015.exe ()
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: IB App KB R9 https://www.mojebanka.cz/jars/ibapp.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (rundll32.exe) - File not found
O20 - HKLM Winlogon: Shell - (thxr.wgo) - File not found
O20 - HKLM Winlogon: Shell - (nwfdtx) - File not found

:files
C:\Documents and Settings\mspackova\Data aplikací\D55DC9AA26F66DA6B22F2B60B73B4DCF
C:\WINDOWS\system32\*.tmp.dll /s
C:\WINDOWS\system32\SET*.tmp /s
C:\WINDOWS\*.tmp /s
C:\WINDOWS\System32\drivers\ggfrih.sys

:commands
[resethosts]
[emptytemp]
[EMPTYFLASH]
[Reboot]

-klikněte na tlačítko opravit.
-Následně se pc restartuje.
- Log vložte zde

tuto stránku znáte?
http://cz_z1_srv001

Obsah těchto souborů zkopírujte sem (klik pravým myšítkem - otevřít v notepadu)
C:\WINDOWS\lsrslt.ini
C:\WINDOWS\vtwcobfimjj0yvkyk4usd6yo.ini

Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe

-souhlaste s instalací konzole pro zotavení

- ComboFix je třeba spustit pod účtem s právy administrátora

- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary

- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano

- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna

- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, zkopírujte celý jeho obsah sem

jacktenrek · #8 Příspěvek od **jacktenrek** » 09 črc 2010 10:25

Obsah těchto souborů zkopírujte sem (klik pravým myšítkem - otevřít v notepadu)
C:\WINDOWS\lsrslt.ini
C:\WINDOWS\vtwcobfimjj0yvkyk4usd6yo.ini

tady trochu nechapu kam to mam zkopirovat sem na forum?

#9 Příspěvek od **motji** » 09 črc 2010 10:38

jacktenrek · #10 Příspěvek od **jacktenrek** » 09 črc 2010 11:35

combofix jede skoro hodinu a je provedeno jen bod obnoveni tot vše .... co s tím?

#11 Příspěvek od **motji** » 09 črc 2010 11:43

Dělal jste před tím ten OTL?

nechte ho ještě tak půl hodiny pracovat..pokud do té doby nepokročí ani o kousek, tak ho vypněte ve správci uloh

jacktenrek · #12 Příspěvek od **jacktenrek** » 09 črc 2010 11:47

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\WinPersonalizer deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2000478354-839522115-682003330-3641\Software\Microsoft\Windows\CurrentVersion\Run\\setup715newver0015.exe deleted successfully.
C:\Documents and Settings\mspackova\Data aplikací\D55DC9AA26F66DA6B22F2B60B73B4DCF\setup715newver0015.exe moved successfully.
File Animation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab not found.
Starting removal of ActiveX control DirectAnimation Java Classes
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\DirectAnimation Java Classes\ not found.
Starting removal of ActiveX control IB App KB R9
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\IB App KB R9\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\IB App KB R9\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\IB App KB R9\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:rundll32.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:thxr.wgo deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:nwfdtx deleted successfully.
========== FILES ==========
C:\Documents and Settings\mspackova\Data aplikací\D55DC9AA26F66DA6B22F2B60B73B4DCF folder moved successfully.
File\Folder C:\WINDOWS\system32\*.tmp.dll not found.
File\Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\000001_.tmp moved successfully.
C:\WINDOWS\002612_.tmp moved successfully.
C:\WINDOWS\msdownld.tmp folder moved successfully.
C:\WINDOWS\CSC\csc1.tmp moved successfully.
C:\WINDOWS\Installer\MSI16.tmp moved successfully.
C:\WINDOWS\Installer\MSI167.tmp moved successfully.
C:\WINDOWS\Installer\MSI1E.tmp moved successfully.
C:\WINDOWS\Installer\MSI3D.tmp moved successfully.
C:\WINDOWS\Installer\MSI4460.tmp moved successfully.
C:\WINDOWS\Installer\MSI4467.tmp moved successfully.
C:\WINDOWS\system32\CONFIG.TMP moved successfully.
C:\WINDOWS\system32\DM01198342.TMP moved successfully.
C:\WINDOWS\system32\DM011a1561.TMP moved successfully.
C:\WINDOWS\system32\DM01660726.TMP moved successfully.
C:\WINDOWS\system32\DM05651484.TMP moved successfully.
C:\WINDOWS\system32\DM056a1259.TMP moved successfully.
C:\WINDOWS\system32\DM056b0303.TMP moved successfully.
C:\WINDOWS\system32\DM056bdc8a.TMP moved successfully.
C:\WINDOWS\system32\DM056dbdfc.TMP moved successfully.
C:\WINDOWS\system32\DM0931cacd.TMP moved successfully.
C:\WINDOWS\system32\DM0936c9f9.TMP moved successfully.
C:\WINDOWS\system32\DM0936f37a.TMP moved successfully.
C:\WINDOWS\system32\DM093ae435.TMP moved successfully.
C:\WINDOWS\system32\DM093cbbc3.TMP moved successfully.
C:\WINDOWS\system32\DM093e3c0a.TMP moved successfully.
C:\WINDOWS\system32\DM0a2e2e01.TMP moved successfully.
C:\WINDOWS\system32\DM0bc59a7b.TMP moved successfully.
C:\WINDOWS\system32\DM0bc66f9e.TMP moved successfully.
C:\WINDOWS\system32\DM19241a07.TMP moved successfully.
C:\WINDOWS\system32\DM1feffcfa.TMP moved successfully.
C:\WINDOWS\system32\DM23e7ee37.TMP moved successfully.
C:\WINDOWS\system32\DM34ce96aa.TMP moved successfully.
C:\WINDOWS\system32\DM381e9527.TMP moved successfully.
C:\WINDOWS\system32\DM3ea2a080.TMP moved successfully.
C:\WINDOWS\system32\JS01198342.TMP moved successfully.
C:\WINDOWS\system32\JS011a1561.TMP moved successfully.
C:\WINDOWS\system32\JS01660726.TMP moved successfully.
C:\WINDOWS\system32\JS05651484.TMP moved successfully.
C:\WINDOWS\system32\JS056a1259.TMP moved successfully.
C:\WINDOWS\system32\JS056b0303.TMP moved successfully.
C:\WINDOWS\system32\JS056bdc8a.TMP moved successfully.
C:\WINDOWS\system32\JS056dbdfc.TMP moved successfully.
C:\WINDOWS\system32\JS0931cacd.TMP moved successfully.
C:\WINDOWS\system32\JS0936c9f9.TMP moved successfully.
C:\WINDOWS\system32\JS0936f37a.TMP moved successfully.
C:\WINDOWS\system32\JS093ae435.TMP moved successfully.
C:\WINDOWS\system32\JS093cbbc3.TMP moved successfully.
C:\WINDOWS\system32\JS093e3c0a.TMP moved successfully.
C:\WINDOWS\system32\JS0a2e2e01.TMP moved successfully.
C:\WINDOWS\system32\JS0bc59a7b.TMP moved successfully.
C:\WINDOWS\system32\JS0bc66f9e.TMP moved successfully.
C:\WINDOWS\system32\JS19241a07.TMP moved successfully.
C:\WINDOWS\system32\JS1feffcfa.TMP moved successfully.
C:\WINDOWS\system32\JS23e7ee37.TMP moved successfully.
C:\WINDOWS\system32\JS34ce96aa.TMP moved successfully.
C:\WINDOWS\system32\JS381e9527.TMP moved successfully.
C:\WINDOWS\system32\JS3ea2a080.TMP moved successfully.
C:\WINDOWS\Temp\exp11.tmp moved successfully.
C:\WINDOWS\Temp\exp1173.tmp moved successfully.
C:\WINDOWS\Temp\exp12.tmp moved successfully.
C:\WINDOWS\Temp\exp13.tmp moved successfully.
C:\WINDOWS\Temp\exp14.tmp moved successfully.
C:\WINDOWS\Temp\exp169E.tmp moved successfully.
C:\WINDOWS\Temp\exp1736.tmp moved successfully.
C:\WINDOWS\Temp\exp179A.tmp moved successfully.
C:\WINDOWS\Temp\exp1869.tmp moved successfully.
C:\WINDOWS\Temp\exp18BE.tmp moved successfully.
C:\WINDOWS\Temp\exp191C.tmp moved successfully.
C:\WINDOWS\Temp\exp197D.tmp moved successfully.
C:\WINDOWS\Temp\exp1A0B.tmp moved successfully.
C:\WINDOWS\Temp\exp1A0C.tmp moved successfully.
C:\WINDOWS\Temp\exp1B9D.tmp moved successfully.
C:\WINDOWS\Temp\exp1CF.tmp moved successfully.
C:\WINDOWS\Temp\exp1D22.tmp moved successfully.
C:\WINDOWS\Temp\exp1DD5.tmp moved successfully.
C:\WINDOWS\Temp\exp1E16.tmp moved successfully.
C:\WINDOWS\Temp\exp1F0B.tmp moved successfully.
C:\WINDOWS\Temp\exp2079.tmp moved successfully.
C:\WINDOWS\Temp\exp208E.tmp moved successfully.
C:\WINDOWS\Temp\exp22.tmp moved successfully.
C:\WINDOWS\Temp\exp2202.tmp moved successfully.
C:\WINDOWS\Temp\exp2256.tmp moved successfully.
C:\WINDOWS\Temp\exp2263.tmp moved successfully.
C:\WINDOWS\Temp\exp226F.tmp moved successfully.
C:\WINDOWS\Temp\exp22AD.tmp moved successfully.
C:\WINDOWS\Temp\exp22B8.tmp moved successfully.
C:\WINDOWS\Temp\exp23BF.tmp moved successfully.
C:\WINDOWS\Temp\exp23F3.tmp moved successfully.
C:\WINDOWS\Temp\exp2407.tmp moved successfully.
C:\WINDOWS\Temp\exp2419.tmp moved successfully.
C:\WINDOWS\Temp\exp2457.tmp moved successfully.
C:\WINDOWS\Temp\exp245C.tmp moved successfully.
C:\WINDOWS\Temp\exp25AC.tmp moved successfully.
C:\WINDOWS\Temp\exp25C3.tmp moved successfully.
C:\WINDOWS\Temp\exp26.tmp moved successfully.
C:\WINDOWS\Temp\exp261E.tmp moved successfully.
C:\WINDOWS\Temp\exp26C2.tmp moved successfully.
C:\WINDOWS\Temp\exp274E.tmp moved successfully.
C:\WINDOWS\Temp\exp277E.tmp moved successfully.
C:\WINDOWS\Temp\exp27D4.tmp moved successfully.
C:\WINDOWS\Temp\exp2924.tmp moved successfully.
C:\WINDOWS\Temp\exp2927.tmp moved successfully.
C:\WINDOWS\Temp\exp2A31.tmp moved successfully.
C:\WINDOWS\Temp\exp2ABB.tmp moved successfully.
C:\WINDOWS\Temp\exp2B31.tmp moved successfully.
C:\WINDOWS\Temp\exp2B6E.tmp moved successfully.
C:\WINDOWS\Temp\exp2B89.tmp moved successfully.
C:\WINDOWS\Temp\exp2C9.tmp moved successfully.
C:\WINDOWS\Temp\exp2CC5.tmp moved successfully.
C:\WINDOWS\Temp\exp2E34.tmp moved successfully.
C:\WINDOWS\Temp\exp2E41.tmp moved successfully.
C:\WINDOWS\Temp\exp2FE2.tmp moved successfully.
C:\WINDOWS\Temp\exp3.tmp moved successfully.
C:\WINDOWS\Temp\exp305.tmp moved successfully.
C:\WINDOWS\Temp\exp3171.tmp moved successfully.
C:\WINDOWS\Temp\exp318F.tmp moved successfully.
C:\WINDOWS\Temp\exp32D.tmp moved successfully.
C:\WINDOWS\Temp\exp3302.tmp moved successfully.
C:\WINDOWS\Temp\exp342.tmp moved successfully.
C:\WINDOWS\Temp\exp348D.tmp moved successfully.
C:\WINDOWS\Temp\exp34C.tmp moved successfully.
C:\WINDOWS\Temp\exp3602.tmp moved successfully.
C:\WINDOWS\Temp\exp367.tmp moved successfully.
C:\WINDOWS\Temp\exp36C.tmp moved successfully.
C:\WINDOWS\Temp\exp375F.tmp moved successfully.
C:\WINDOWS\Temp\exp3789.tmp moved successfully.
C:\WINDOWS\Temp\exp37D.tmp moved successfully.
C:\WINDOWS\Temp\exp38DC.tmp moved successfully.
C:\WINDOWS\Temp\exp39AF.tmp moved successfully.
C:\WINDOWS\Temp\exp3A70.tmp moved successfully.
C:\WINDOWS\Temp\exp3CBC.tmp moved successfully.
C:\WINDOWS\Temp\exp3E40.tmp moved successfully.
C:\WINDOWS\Temp\exp4.tmp moved successfully.
C:\WINDOWS\Temp\exp401E.tmp moved successfully.
C:\WINDOWS\Temp\exp40C4.tmp moved successfully.
C:\WINDOWS\Temp\exp40F.tmp moved successfully.
C:\WINDOWS\Temp\exp4134.tmp moved successfully.
C:\WINDOWS\Temp\exp42CF.tmp moved successfully.
C:\WINDOWS\Temp\exp4416.tmp moved successfully.
C:\WINDOWS\Temp\exp4460.tmp moved successfully.
C:\WINDOWS\Temp\exp45BE.tmp moved successfully.
C:\WINDOWS\Temp\exp45FC.tmp moved successfully.
C:\WINDOWS\Temp\exp4794.tmp moved successfully.
C:\WINDOWS\Temp\exp4AED.tmp moved successfully.
C:\WINDOWS\Temp\exp4B31.tmp moved successfully.
C:\WINDOWS\Temp\exp4C44.tmp moved successfully.
C:\WINDOWS\Temp\exp4DE4.tmp moved successfully.
C:\WINDOWS\Temp\exp4EE.tmp moved successfully.
C:\WINDOWS\Temp\exp4F93.tmp moved successfully.
C:\WINDOWS\Temp\exp4FA1.tmp moved successfully.
C:\WINDOWS\Temp\exp5.tmp moved successfully.
C:\WINDOWS\Temp\exp509.tmp moved successfully.
C:\WINDOWS\Temp\exp50A6.tmp moved successfully.
C:\WINDOWS\Temp\exp50F2.tmp moved successfully.
C:\WINDOWS\Temp\exp52F9.tmp moved successfully.
C:\WINDOWS\Temp\exp577D.tmp moved successfully.
C:\WINDOWS\Temp\exp58B0.tmp moved successfully.
C:\WINDOWS\Temp\exp594.tmp moved successfully.
C:\WINDOWS\Temp\exp598.tmp moved successfully.
C:\WINDOWS\Temp\exp5AE7.tmp moved successfully.
C:\WINDOWS\Temp\exp5C6F.tmp moved successfully.
C:\WINDOWS\Temp\exp5C76.tmp moved successfully.
C:\WINDOWS\Temp\exp5EDB.tmp moved successfully.
C:\WINDOWS\Temp\exp6.tmp moved successfully.
C:\WINDOWS\Temp\exp606C.tmp moved successfully.
C:\WINDOWS\Temp\exp65F.tmp moved successfully.
C:\WINDOWS\Temp\exp69AD.tmp moved successfully.
C:\WINDOWS\Temp\exp69E8.tmp moved successfully.
C:\WINDOWS\Temp\exp6BB6.tmp moved successfully.
C:\WINDOWS\Temp\exp6E04.tmp moved successfully.
C:\WINDOWS\Temp\exp7.tmp moved successfully.
C:\WINDOWS\Temp\exp708.tmp moved successfully.
C:\WINDOWS\Temp\exp7120.tmp moved successfully.
C:\WINDOWS\Temp\exp7858.tmp moved successfully.
C:\WINDOWS\Temp\exp7DAA.tmp moved successfully.
C:\WINDOWS\Temp\exp7E6.tmp moved successfully.
C:\WINDOWS\Temp\exp7F0.tmp moved successfully.
C:\WINDOWS\Temp\exp8.tmp moved successfully.
C:\WINDOWS\Temp\exp8A4C.tmp moved successfully.
C:\WINDOWS\Temp\exp8ABD.tmp moved successfully.
C:\WINDOWS\Temp\exp8B59.tmp moved successfully.
C:\WINDOWS\Temp\exp8C6A.tmp moved successfully.
C:\WINDOWS\Temp\exp90A2.tmp moved successfully.
C:\WINDOWS\Temp\exp9195.tmp moved successfully.
C:\WINDOWS\Temp\exp9565.tmp moved successfully.
C:\WINDOWS\Temp\exp970.tmp moved successfully.
C:\WINDOWS\Temp\exp97C.tmp moved successfully.
C:\WINDOWS\Temp\exp9851.tmp moved successfully.
C:\WINDOWS\Temp\expA055.tmp moved successfully.
C:\WINDOWS\Temp\expA821.tmp moved successfully.
C:\WINDOWS\Temp\expA90E.tmp moved successfully.
C:\WINDOWS\Temp\expAACC.tmp moved successfully.
C:\WINDOWS\Temp\expAC76.tmp moved successfully.
C:\WINDOWS\Temp\expAED.tmp moved successfully.
C:\WINDOWS\Temp\expAFF8.tmp moved successfully.
C:\WINDOWS\Temp\expB062.tmp moved successfully.
C:\WINDOWS\Temp\expB2A.tmp moved successfully.
C:\WINDOWS\Temp\expB304.tmp moved successfully.
C:\WINDOWS\Temp\expBFAC.tmp moved successfully.
C:\WINDOWS\Temp\expC267.tmp moved successfully.
C:\WINDOWS\Temp\expCF.tmp moved successfully.
C:\WINDOWS\Temp\expD2AC.tmp moved successfully.
C:\WINDOWS\Temp\expD542.tmp moved successfully.
C:\WINDOWS\Temp\expDA.tmp moved successfully.
C:\WINDOWS\Temp\expDCF.tmp moved successfully.
C:\WINDOWS\Temp\expDE30.tmp moved successfully.
C:\WINDOWS\Temp\expE85F.tmp moved successfully.
C:\WINDOWS\Temp\expEEE4.tmp moved successfully.
C:\WINDOWS\Temp\expEF90.tmp moved successfully.
C:\WINDOWS\Temp\expF9AD.tmp moved successfully.
C:\WINDOWS\Temp\expFF0D.tmp moved successfully.
C:\WINDOWS\Temp\GUR1.tmp moved successfully.
C:\WINDOWS\Temp\GUR2.tmp moved successfully.
C:\WINDOWS\Temp\JET2B41.tmp moved successfully.
C:\WINDOWS\Temp\JET5B8.tmp moved successfully.
C:\WINDOWS\Temp\JETD418.tmp moved successfully.
C:\WINDOWS\Temp\JETDB6B.tmp moved successfully.
C:\WINDOWS\Temp\JETE9E3.tmp moved successfully.
C:\WINDOWS\Temp\JETF349.tmp moved successfully.
C:\WINDOWS\Temp\JETF656.tmp moved successfully.
C:\WINDOWS\Temp\NOD1783.tmp moved successfully.
C:\WINDOWS\Temp\NOD1784.tmp moved successfully.
C:\WINDOWS\Temp\NOD3DD1.tmp moved successfully.
C:\WINDOWS\Temp\NOD3F5C.tmp moved successfully.
C:\WINDOWS\Temp\NOD3F5D.tmp moved successfully.
C:\WINDOWS\Temp\NOD440.tmp moved successfully.
C:\WINDOWS\Temp\NOD441.tmp moved successfully.
C:\WINDOWS\Temp\NOD5347.tmp moved successfully.
C:\WINDOWS\Temp\NOD5348.tmp moved successfully.
C:\WINDOWS\Temp\NOD7123.tmp moved successfully.
C:\WINDOWS\Temp\NOD7124.tmp moved successfully.
C:\WINDOWS\Temp\~ie101.tmp moved successfully.
C:\WINDOWS\Temp\~ie104.tmp moved successfully.
C:\WINDOWS\Temp\~ie107.tmp moved successfully.
C:\WINDOWS\Temp\~ie10A.tmp moved successfully.
C:\WINDOWS\Temp\~ie10D.tmp moved successfully.
C:\WINDOWS\Temp\~ie11.tmp moved successfully.
C:\WINDOWS\Temp\~ie110.tmp moved successfully.
C:\WINDOWS\Temp\~ie113.tmp moved successfully.
C:\WINDOWS\Temp\~ie116.tmp moved successfully.
C:\WINDOWS\Temp\~ie119.tmp moved successfully.
C:\WINDOWS\Temp\~ie11D.tmp moved successfully.
C:\WINDOWS\Temp\~ie12.tmp moved successfully.
C:\WINDOWS\Temp\~ie120.tmp moved successfully.
C:\WINDOWS\Temp\~ie123.tmp moved successfully.
C:\WINDOWS\Temp\~ie126.tmp moved successfully.
C:\WINDOWS\Temp\~ie129.tmp moved successfully.
C:\WINDOWS\Temp\~ie12C.tmp moved successfully.
C:\WINDOWS\Temp\~ie12F.tmp moved successfully.
C:\WINDOWS\Temp\~ie132.tmp moved successfully.
C:\WINDOWS\Temp\~ie135.tmp moved successfully.
C:\WINDOWS\Temp\~ie138.tmp moved successfully.
C:\WINDOWS\Temp\~ie13B.tmp moved successfully.
C:\WINDOWS\Temp\~ie13E.tmp moved successfully.
C:\WINDOWS\Temp\~ie14.tmp moved successfully.
C:\WINDOWS\Temp\~ie141.tmp moved successfully.
C:\WINDOWS\Temp\~ie144.tmp moved successfully.
C:\WINDOWS\Temp\~ie147.tmp moved successfully.
C:\WINDOWS\Temp\~ie14A.tmp moved successfully.
C:\WINDOWS\Temp\~ie14D.tmp moved successfully.
C:\WINDOWS\Temp\~ie15.tmp moved successfully.
C:\WINDOWS\Temp\~ie150.tmp moved successfully.
C:\WINDOWS\Temp\~ie153.tmp moved successfully.
C:\WINDOWS\Temp\~ie156.tmp moved successfully.
C:\WINDOWS\Temp\~ie159.tmp moved successfully.
C:\WINDOWS\Temp\~ie15C.tmp moved successfully.
C:\WINDOWS\Temp\~ie15F.tmp moved successfully.
C:\WINDOWS\Temp\~ie162.tmp moved successfully.
C:\WINDOWS\Temp\~ie165.tmp moved successfully.
C:\WINDOWS\Temp\~ie168.tmp moved successfully.
C:\WINDOWS\Temp\~ie16B.tmp moved successfully.
C:\WINDOWS\Temp\~ie16E.tmp moved successfully.
C:\WINDOWS\Temp\~ie17.tmp moved successfully.
C:\WINDOWS\Temp\~ie171.tmp moved successfully.
C:\WINDOWS\Temp\~ie174.tmp moved successfully.
C:\WINDOWS\Temp\~ie177.tmp moved successfully.
C:\WINDOWS\Temp\~ie17A.tmp moved successfully.
C:\WINDOWS\Temp\~ie17D.tmp moved successfully.
C:\WINDOWS\Temp\~ie18.tmp moved successfully.
C:\WINDOWS\Temp\~ie180.tmp moved successfully.
C:\WINDOWS\Temp\~ie183.tmp moved successfully.
C:\WINDOWS\Temp\~ie186.tmp moved successfully.
C:\WINDOWS\Temp\~ie18A.tmp moved successfully.
C:\WINDOWS\Temp\~ie18D.tmp moved successfully.
C:\WINDOWS\Temp\~ie190.tmp moved successfully.
C:\WINDOWS\Temp\~ie193.tmp moved successfully.
C:\WINDOWS\Temp\~ie196.tmp moved successfully.
C:\WINDOWS\Temp\~ie199.tmp moved successfully.
C:\WINDOWS\Temp\~ie19C.tmp moved successfully.
C:\WINDOWS\Temp\~ie19F.tmp moved successfully.
C:\WINDOWS\Temp\~ie1A.tmp moved successfully.
C:\WINDOWS\Temp\~ie1A2.tmp moved successfully.
C:\WINDOWS\Temp\~ie1A5.tmp moved successfully.
C:\WINDOWS\Temp\~ie1A8.tmp moved successfully.
C:\WINDOWS\Temp\~ie1AB.tmp moved successfully.
C:\WINDOWS\Temp\~ie1AE.tmp moved successfully.
C:\WINDOWS\Temp\~ie1B.tmp moved successfully.
C:\WINDOWS\Temp\~ie1B1.tmp moved successfully.
C:\WINDOWS\Temp\~ie1B4.tmp moved successfully.
C:\WINDOWS\Temp\~ie1B7.tmp moved successfully.
C:\WINDOWS\Temp\~ie1BA.tmp moved successfully.
C:\WINDOWS\Temp\~ie1BD.tmp moved successfully.
C:\WINDOWS\Temp\~ie1C0.tmp moved successfully.
C:\WINDOWS\Temp\~ie1C3.tmp moved successfully.
C:\WINDOWS\Temp\~ie1C6.tmp moved successfully.
C:\WINDOWS\Temp\~ie1C9.tmp moved successfully.
C:\WINDOWS\Temp\~ie1CC.tmp moved successfully.
C:\WINDOWS\Temp\~ie1CF.tmp moved successfully.
C:\WINDOWS\Temp\~ie1D.tmp moved successfully.
C:\WINDOWS\Temp\~ie1D2.tmp moved successfully.
C:\WINDOWS\Temp\~ie1D5.tmp moved successfully.
C:\WINDOWS\Temp\~ie1D8.tmp moved successfully.
C:\WINDOWS\Temp\~ie1DB.tmp moved successfully.
C:\WINDOWS\Temp\~ie1DE.tmp moved successfully.
C:\WINDOWS\Temp\~ie1E.tmp moved successfully.
C:\WINDOWS\Temp\~ie1E1.tmp moved successfully.
C:\WINDOWS\Temp\~ie1E4.tmp moved successfully.
C:\WINDOWS\Temp\~ie1E7.tmp moved successfully.
C:\WINDOWS\Temp\~ie1EA.tmp moved successfully.
C:\WINDOWS\Temp\~ie1ED.tmp moved successfully.
C:\WINDOWS\Temp\~ie1F0.tmp moved successfully.
C:\WINDOWS\Temp\~ie1F3.tmp moved successfully.
C:\WINDOWS\Temp\~ie1F6.tmp moved successfully.
C:\WINDOWS\Temp\~ie1F9.tmp moved successfully.
C:\WINDOWS\Temp\~ie1FC.tmp moved successfully.
C:\WINDOWS\Temp\~ie1FF.tmp moved successfully.
C:\WINDOWS\Temp\~ie20.tmp moved successfully.
C:\WINDOWS\Temp\~ie202.tmp moved successfully.
C:\WINDOWS\Temp\~ie205.tmp moved successfully.
C:\WINDOWS\Temp\~ie208.tmp moved successfully.
C:\WINDOWS\Temp\~ie20B.tmp moved successfully.
C:\WINDOWS\Temp\~ie20E.tmp moved successfully.
C:\WINDOWS\Temp\~ie21.tmp moved successfully.
C:\WINDOWS\Temp\~ie211.tmp moved successfully.
C:\WINDOWS\Temp\~ie214.tmp moved successfully.
C:\WINDOWS\Temp\~ie217.tmp moved successfully.
C:\WINDOWS\Temp\~ie21A.tmp moved successfully.
C:\WINDOWS\Temp\~ie21D.tmp moved successfully.
C:\WINDOWS\Temp\~ie220.tmp moved successfully.
C:\WINDOWS\Temp\~ie223.tmp moved successfully.
C:\WINDOWS\Temp\~ie226.tmp moved successfully.
C:\WINDOWS\Temp\~ie229.tmp moved successfully.
C:\WINDOWS\Temp\~ie22C.tmp moved successfully.
C:\WINDOWS\Temp\~ie22F.tmp moved successfully.
C:\WINDOWS\Temp\~ie23.tmp moved successfully.
C:\WINDOWS\Temp\~ie232.tmp moved successfully.
C:\WINDOWS\Temp\~ie235.tmp moved successfully.
C:\WINDOWS\Temp\~ie238.tmp moved successfully.
C:\WINDOWS\Temp\~ie23B.tmp moved successfully.
C:\WINDOWS\Temp\~ie23E.tmp moved successfully.
C:\WINDOWS\Temp\~ie24.tmp moved successfully.
C:\WINDOWS\Temp\~ie241.tmp moved successfully.
C:\WINDOWS\Temp\~ie244.tmp moved successfully.
C:\WINDOWS\Temp\~ie247.tmp moved successfully.
C:\WINDOWS\Temp\~ie24A.tmp moved successfully.
C:\WINDOWS\Temp\~ie24E.tmp moved successfully.
C:\WINDOWS\Temp\~ie251.tmp moved successfully.
C:\WINDOWS\Temp\~ie254.tmp moved successfully.
C:\WINDOWS\Temp\~ie257.tmp moved successfully.
C:\WINDOWS\Temp\~ie25A.tmp moved successfully.
C:\WINDOWS\Temp\~ie25D.tmp moved successfully.
C:\WINDOWS\Temp\~ie26.tmp moved successfully.
C:\WINDOWS\Temp\~ie260.tmp moved successfully.
C:\WINDOWS\Temp\~ie263.tmp moved successfully.
C:\WINDOWS\Temp\~ie266.tmp moved successfully.
C:\WINDOWS\Temp\~ie269.tmp moved successfully.
C:\WINDOWS\Temp\~ie26C.tmp moved successfully.
C:\WINDOWS\Temp\~ie26F.tmp moved successfully.
C:\WINDOWS\Temp\~ie27.tmp moved successfully.
C:\WINDOWS\Temp\~ie272.tmp moved successfully.
C:\WINDOWS\Temp\~ie275.tmp moved successfully.
C:\WINDOWS\Temp\~ie278.tmp moved successfully.
C:\WINDOWS\Temp\~ie27B.tmp moved successfully.
C:\WINDOWS\Temp\~ie27E.tmp moved successfully.
C:\WINDOWS\Temp\~ie287.tmp moved successfully.
C:\WINDOWS\Temp\~ie28A.tmp moved successfully.
C:\WINDOWS\Temp\~ie28D.tmp moved successfully.
C:\WINDOWS\Temp\~ie29.tmp moved successfully.
C:\WINDOWS\Temp\~ie290.tmp moved successfully.
C:\WINDOWS\Temp\~ie293.tmp moved successfully.
C:\WINDOWS\Temp\~ie296.tmp moved successfully.
C:\WINDOWS\Temp\~ie299.tmp moved successfully.
C:\WINDOWS\Temp\~ie29C.tmp moved successfully.
C:\WINDOWS\Temp\~ie29F.tmp moved successfully.
C:\WINDOWS\Temp\~ie2A.tmp moved successfully.
C:\WINDOWS\Temp\~ie2A2.tmp moved successfully.
C:\WINDOWS\Temp\~ie2A5.tmp moved successfully.
C:\WINDOWS\Temp\~ie2A8.tmp moved successfully.
C:\WINDOWS\Temp\~ie2AB.tmp moved successfully.
C:\WINDOWS\Temp\~ie2AE.tmp moved successfully.
C:\WINDOWS\Temp\~ie2B1.tmp moved successfully.
C:\WINDOWS\Temp\~ie2B4.tmp moved successfully.
C:\WINDOWS\Temp\~ie2B7.tmp moved successfully.
C:\WINDOWS\Temp\~ie2BA.tmp moved successfully.
C:\WINDOWS\Temp\~ie2BD.tmp moved successfully.
C:\WINDOWS\Temp\~ie2C.tmp moved successfully.
C:\WINDOWS\Temp\~ie2C0.tmp moved successfully.
C:\WINDOWS\Temp\~ie2C3.tmp moved successfully.
C:\WINDOWS\Temp\~ie2C6.tmp moved successfully.
C:\WINDOWS\Temp\~ie2C9.tmp moved successfully.
C:\WINDOWS\Temp\~ie2CC.tmp moved successfully.
C:\WINDOWS\Temp\~ie2CF.tmp moved successfully.
C:\WINDOWS\Temp\~ie2D.tmp moved successfully.
C:\WINDOWS\Temp\~ie2D2.tmp moved successfully.
C:\WINDOWS\Temp\~ie2D5.tmp moved successfully.
C:\WINDOWS\Temp\~ie2D8.tmp moved successfully.
C:\WINDOWS\Temp\~ie2DB.tmp moved successfully.
C:\WINDOWS\Temp\~ie2DE.tmp moved successfully.
C:\WINDOWS\Temp\~ie2E1.tmp moved successfully.
C:\WINDOWS\Temp\~ie2E5.tmp moved successfully.
C:\WINDOWS\Temp\~ie2E9.tmp moved successfully.
C:\WINDOWS\Temp\~ie2ED.tmp moved successfully.
C:\WINDOWS\Temp\~ie2F.tmp moved successfully.
C:\WINDOWS\Temp\~ie2F0.tmp moved successfully.
C:\WINDOWS\Temp\~ie2F3.tmp moved successfully.
C:\WINDOWS\Temp\~ie2F6.tmp moved successfully.
C:\WINDOWS\Temp\~ie2F9.tmp moved successfully.
C:\WINDOWS\Temp\~ie2FC.tmp moved successfully.
C:\WINDOWS\Temp\~ie2FF.tmp moved successfully.
C:\WINDOWS\Temp\~ie3.tmp moved successfully.
C:\WINDOWS\Temp\~ie30.tmp moved successfully.
C:\WINDOWS\Temp\~ie302.tmp moved successfully.
C:\WINDOWS\Temp\~ie305.tmp moved successfully.
C:\WINDOWS\Temp\~ie308.tmp moved successfully.
C:\WINDOWS\Temp\~ie30B.tmp moved successfully.
C:\WINDOWS\Temp\~ie30E.tmp moved successfully.
C:\WINDOWS\Temp\~ie311.tmp moved successfully.
C:\WINDOWS\Temp\~ie314.tmp moved successfully.
C:\WINDOWS\Temp\~ie317.tmp moved successfully.
C:\WINDOWS\Temp\~ie31C.tmp moved successfully.
C:\WINDOWS\Temp\~ie31F.tmp moved successfully.
C:\WINDOWS\Temp\~ie32.tmp moved successfully.
C:\WINDOWS\Temp\~ie322.tmp moved successfully.
C:\WINDOWS\Temp\~ie325.tmp moved successfully.
C:\WINDOWS\Temp\~ie328.tmp moved successfully.
C:\WINDOWS\Temp\~ie32B.tmp moved successfully.
C:\WINDOWS\Temp\~ie32E.tmp moved successfully.
C:\WINDOWS\Temp\~ie33.tmp moved successfully.
C:\WINDOWS\Temp\~ie331.tmp moved successfully.
C:\WINDOWS\Temp\~ie334.tmp moved successfully.
C:\WINDOWS\Temp\~ie337.tmp moved successfully.
C:\WINDOWS\Temp\~ie33A.tmp moved successfully.
C:\WINDOWS\Temp\~ie33D.tmp moved successfully.
C:\WINDOWS\Temp\~ie340.tmp moved successfully.
C:\WINDOWS\Temp\~ie343.tmp moved successfully.
C:\WINDOWS\Temp\~ie346.tmp moved successfully.
C:\WINDOWS\Temp\~ie349.tmp moved successfully.
C:\WINDOWS\Temp\~ie34C.tmp moved successfully.
C:\WINDOWS\Temp\~ie34F.tmp moved successfully.
C:\WINDOWS\Temp\~ie35.tmp moved successfully.
C:\WINDOWS\Temp\~ie352.tmp moved successfully.
C:\WINDOWS\Temp\~ie355.tmp moved successfully.
C:\WINDOWS\Temp\~ie358.tmp moved successfully.
C:\WINDOWS\Temp\~ie35B.tmp moved successfully.
C:\WINDOWS\Temp\~ie35E.tmp moved successfully.
C:\WINDOWS\Temp\~ie36.tmp moved successfully.
C:\WINDOWS\Temp\~ie361.tmp moved successfully.
C:\WINDOWS\Temp\~ie364.tmp moved successfully.
C:\WINDOWS\Temp\~ie367.tmp moved successfully.
C:\WINDOWS\Temp\~ie36A.tmp moved successfully.
C:\WINDOWS\Temp\~ie36D.tmp moved successfully.
C:\WINDOWS\Temp\~ie370.tmp moved successfully.
C:\WINDOWS\Temp\~ie373.tmp moved successfully.
C:\WINDOWS\Temp\~ie376.tmp moved successfully.
C:\WINDOWS\Temp\~ie379.tmp moved successfully.
C:\WINDOWS\Temp\~ie37C.tmp moved successfully.
C:\WINDOWS\Temp\~ie37F.tmp moved successfully.
C:\WINDOWS\Temp\~ie38.tmp moved successfully.
C:\WINDOWS\Temp\~ie382.tmp moved successfully.
C:\WINDOWS\Temp\~ie385.tmp moved successfully.
C:\WINDOWS\Temp\~ie388.tmp moved successfully.
C:\WINDOWS\Temp\~ie38B.tmp moved successfully.
C:\WINDOWS\Temp\~ie38E.tmp moved successfully.
C:\WINDOWS\Temp\~ie39.tmp moved successfully.
C:\WINDOWS\Temp\~ie391.tmp moved successfully.
C:\WINDOWS\Temp\~ie394.tmp moved successfully.
C:\WINDOWS\Temp\~ie397.tmp moved successfully.
C:\WINDOWS\Temp\~ie39A.tmp moved successfully.
C:\WINDOWS\Temp\~ie39D.tmp moved successfully.
C:\WINDOWS\Temp\~ie3A0.tmp moved successfully.
C:\WINDOWS\Temp\~ie3A3.tmp moved successfully.
C:\WINDOWS\Temp\~ie3A6.tmp moved successfully.
C:\WINDOWS\Temp\~ie3A9.tmp moved successfully.
C:\WINDOWS\Temp\~ie3AC.tmp moved successfully.
C:\WINDOWS\Temp\~ie3AF.tmp moved successfully.
C:\WINDOWS\Temp\~ie3B.tmp moved successfully.
C:\WINDOWS\Temp\~ie3B2.tmp moved successfully.
C:\WINDOWS\Temp\~ie3B5.tmp moved successfully.
C:\WINDOWS\Temp\~ie3B8.tmp moved successfully.
C:\WINDOWS\Temp\~ie3BB.tmp moved successfully.
C:\WINDOWS\Temp\~ie3BE.tmp moved successfully.
C:\WINDOWS\Temp\~ie3C.tmp moved successfully.
C:\WINDOWS\Temp\~ie3C1.tmp moved successfully.
C:\WINDOWS\Temp\~ie3C4.tmp moved successfully.
C:\WINDOWS\Temp\~ie3C7.tmp moved successfully.
C:\WINDOWS\Temp\~ie3CA.tmp moved successfully.
C:\WINDOWS\Temp\~ie3CD.tmp moved successfully.
C:\WINDOWS\Temp\~ie3D0.tmp moved successfully.
C:\WINDOWS\Temp\~ie3D3.tmp moved successfully.
C:\WINDOWS\Temp\~ie3D6.tmp moved successfully.
C:\WINDOWS\Temp\~ie3D9.tmp moved successfully.
C:\WINDOWS\Temp\~ie3DC.tmp moved successfully.
C:\WINDOWS\Temp\~ie3DF.tmp moved successfully.
C:\WINDOWS\Temp\~ie3E.tmp moved successfully.
C:\WINDOWS\Temp\~ie3E2.tmp moved successfully.
C:\WINDOWS\Temp\~ie3E5.tmp moved successfully.
C:\WINDOWS\Temp\~ie3E8.tmp moved successfully.
C:\WINDOWS\Temp\~ie3EB.tmp moved successfully.
C:\WINDOWS\Temp\~ie3EE.tmp moved successfully.
C:\WINDOWS\Temp\~ie3F.tmp moved successfully.
C:\WINDOWS\Temp\~ie3F1.tmp moved successfully.
C:\WINDOWS\Temp\~ie3F4.tmp moved successfully.
C:\WINDOWS\Temp\~ie3F7.tmp moved successfully.
C:\WINDOWS\Temp\~ie3FA.tmp moved successfully.
C:\WINDOWS\Temp\~ie3FD.tmp moved successfully.
C:\WINDOWS\Temp\~ie400.tmp moved successfully.
C:\WINDOWS\Temp\~ie403.tmp moved successfully.
C:\WINDOWS\Temp\~ie406.tmp moved successfully.
C:\WINDOWS\Temp\~ie409.tmp moved successfully.
C:\WINDOWS\Temp\~ie40C.tmp moved successfully.
C:\WINDOWS\Temp\~ie40F.tmp moved successfully.
C:\WINDOWS\Temp\~ie41.tmp moved successfully.
C:\WINDOWS\Temp\~ie412.tmp moved successfully.
C:\WINDOWS\Temp\~ie415.tmp moved successfully.
C:\WINDOWS\Temp\~ie418.tmp moved successfully.
C:\WINDOWS\Temp\~ie41B.tmp moved successfully.
C:\WINDOWS\Temp\~ie41E.tmp moved successfully.
C:\WINDOWS\Temp\~ie42.tmp moved successfully.
C:\WINDOWS\Temp\~ie421.tmp moved successfully.
C:\WINDOWS\Temp\~ie424.tmp moved successfully.
C:\WINDOWS\Temp\~ie427.tmp moved successfully.
C:\WINDOWS\Temp\~ie42A.tmp moved successfully.
C:\WINDOWS\Temp\~ie42E.tmp moved successfully.
C:\WINDOWS\Temp\~ie431.tmp moved successfully.
C:\WINDOWS\Temp\~ie434.tmp moved successfully.
C:\WINDOWS\Temp\~ie437.tmp moved successfully.
C:\WINDOWS\Temp\~ie43A.tmp moved successfully.
C:\WINDOWS\Temp\~ie43D.tmp moved successfully.
C:\WINDOWS\Temp\~ie44.tmp moved successfully.
C:\WINDOWS\Temp\~ie440.tmp moved successfully.
C:\WINDOWS\Temp\~ie443.tmp moved successfully.
C:\WINDOWS\Temp\~ie446.tmp moved successfully.
C:\WINDOWS\Temp\~ie449.tmp moved successfully.
C:\WINDOWS\Temp\~ie44C.tmp moved successfully.
C:\WINDOWS\Temp\~ie44F.tmp moved successfully.
C:\WINDOWS\Temp\~ie45.tmp moved successfully.
C:\WINDOWS\Temp\~ie452.tmp moved successfully.
C:\WINDOWS\Temp\~ie455.tmp moved successfully.
C:\WINDOWS\Temp\~ie458.tmp moved successfully.
C:\WINDOWS\Temp\~ie45B.tmp moved successfully.
C:\WINDOWS\Temp\~ie45E.tmp moved successfully.
C:\WINDOWS\Temp\~ie461.tmp moved successfully.
C:\WINDOWS\Temp\~ie464.tmp moved successfully.
C:\WINDOWS\Temp\~ie467.tmp moved successfully.
C:\WINDOWS\Temp\~ie46A.tmp moved successfully.
C:\WINDOWS\Temp\~ie46D.tmp moved successfully.
C:\WINDOWS\Temp\~ie47.tmp moved successfully.
C:\WINDOWS\Temp\~ie470.tmp moved successfully.
C:\WINDOWS\Temp\~ie473.tmp moved successfully.
C:\WINDOWS\Temp\~ie476.tmp moved successfully.
C:\WINDOWS\Temp\~ie479.tmp moved successfully.
C:\WINDOWS\Temp\~ie47C.tmp moved successfully.
C:\WINDOWS\Temp\~ie47F.tmp moved successfully.
C:\WINDOWS\Temp\~ie48.tmp moved successfully.
C:\WINDOWS\Temp\~ie482.tmp moved successfully.
C:\WINDOWS\Temp\~ie485.tmp moved successfully.
C:\WINDOWS\Temp\~ie488.tmp moved successfully.
C:\WINDOWS\Temp\~ie48B.tmp moved successfully.
C:\WINDOWS\Temp\~ie48E.tmp moved successfully.
C:\WINDOWS\Temp\~ie491.tmp moved successfully.
C:\WINDOWS\Temp\~ie494.tmp moved successfully.
C:\WINDOWS\Temp\~ie497.tmp moved successfully.
C:\WINDOWS\Temp\~ie49A.tmp moved successfully.
C:\WINDOWS\Temp\~ie49D.tmp moved successfully.
C:\WINDOWS\Temp\~ie4A.tmp moved successfully.
C:\WINDOWS\Temp\~ie4A0.tmp moved successfully.
C:\WINDOWS\Temp\~ie4A3.tmp moved successfully.
C:\WINDOWS\Temp\~ie4A6.tmp moved successfully.
C:\WINDOWS\Temp\~ie4A9.tmp moved successfully.
C:\WINDOWS\Temp\~ie4AC.tmp moved successfully.
C:\WINDOWS\Temp\~ie4AF.tmp moved successfully.
C:\WINDOWS\Temp\~ie4B2.tmp moved successfully.
C:\WINDOWS\Temp\~ie4B6.tmp moved successfully.
C:\WINDOWS\Temp\~ie4B9.tmp moved successfully.
C:\WINDOWS\Temp\~ie4BC.tmp moved successfully.
C:\WINDOWS\Temp\~ie4BF.tmp moved successfully.
C:\WINDOWS\Temp\~ie4C2.tmp moved successfully.
C:\WINDOWS\Temp\~ie4C5.tmp moved successfully.
C:\WINDOWS\Temp\~ie4C8.tmp moved successfully.
C:\WINDOWS\Temp\~ie4CB.tmp moved successfully.
C:\WINDOWS\Temp\~ie4CE.tmp moved successfully.
C:\WINDOWS\Temp\~ie4D.tmp moved successfully.
C:\WINDOWS\Temp\~ie4D1.tmp moved successfully.
C:\WINDOWS\Temp\~ie4D4.tmp moved successfully.
C:\WINDOWS\Temp\~ie4D7.tmp moved successfully.
C:\WINDOWS\Temp\~ie4DA.tmp moved successfully.
C:\WINDOWS\Temp\~ie4DD.tmp moved successfully.
C:\WINDOWS\Temp\~ie4E0.tmp moved successfully.
C:\WINDOWS\Temp\~ie4E3.tmp moved successfully.
C:\WINDOWS\Temp\~ie4E6.tmp moved successfully.
C:\WINDOWS\Temp\~ie4EA.tmp moved successfully.
C:\WINDOWS\Temp\~ie4ED.tmp moved successfully.
C:\WINDOWS\Temp\~ie4F0.tmp moved successfully.
C:\WINDOWS\Temp\~ie4F3.tmp moved successfully.
C:\WINDOWS\Temp\~ie4F6.tmp moved successfully.
C:\WINDOWS\Temp\~ie4F9.tmp moved successfully.
C:\WINDOWS\Temp\~ie4FC.tmp moved successfully.
C:\WINDOWS\Temp\~ie4FF.tmp moved successfully.
C:\WINDOWS\Temp\~ie50.tmp moved successfully.
C:\WINDOWS\Temp\~ie502.tmp moved successfully.
C:\WINDOWS\Temp\~ie505.tmp moved successfully.
C:\WINDOWS\Temp\~ie508.tmp moved successfully.
C:\WINDOWS\Temp\~ie50B.tmp moved successfully.
C:\WINDOWS\Temp\~ie50E.tmp moved successfully.
C:\WINDOWS\Temp\~ie511.tmp moved successfully.
C:\WINDOWS\Temp\~ie514.tmp moved successfully.
C:\WINDOWS\Temp\~ie517.tmp moved successfully.
C:\WINDOWS\Temp\~ie51A.tmp moved successfully.
C:\WINDOWS\Temp\~ie51D.tmp moved successfully.
C:\WINDOWS\Temp\~ie520.tmp moved successfully.
C:\WINDOWS\Temp\~ie523.tmp moved successfully.
C:\WINDOWS\Temp\~ie526.tmp moved successfully.
C:\WINDOWS\Temp\~ie529.tmp moved successfully.
C:\WINDOWS\Temp\~ie52C.tmp moved successfully.
C:\WINDOWS\Temp\~ie52F.tmp moved successfully.
C:\WINDOWS\Temp\~ie53.tmp moved successfully.
C:\WINDOWS\Temp\~ie532.tmp moved successfully.
C:\WINDOWS\Temp\~ie535.tmp moved successfully.
C:\WINDOWS\Temp\~ie538.tmp moved successfully.
C:\WINDOWS\Temp\~ie53B.tmp moved successfully.
C:\WINDOWS\Temp\~ie53E.tmp moved successfully.
C:\WINDOWS\Temp\~ie541.tmp moved successfully.
C:\WINDOWS\Temp\~ie544.tmp moved successfully.
C:\WINDOWS\Temp\~ie547.tmp moved successfully.
C:\WINDOWS\Temp\~ie54A.tmp moved successfully.
C:\WINDOWS\Temp\~ie54D.tmp moved successfully.
C:\WINDOWS\Temp\~ie550.tmp moved successfully.
C:\WINDOWS\Temp\~ie553.tmp moved successfully.
C:\WINDOWS\Temp\~ie556.tmp moved successfully.
C:\WINDOWS\Temp\~ie559.tmp moved successfully.
C:\WINDOWS\Temp\~ie55C.tmp moved successfully.
C:\WINDOWS\Temp\~ie55F.tmp moved successfully.
C:\WINDOWS\Temp\~ie56.tmp moved successfully.
C:\WINDOWS\Temp\~ie562.tmp moved successfully.
C:\WINDOWS\Temp\~ie565.tmp moved successfully.
C:\WINDOWS\Temp\~ie568.tmp moved successfully.
C:\WINDOWS\Temp\~ie56B.tmp moved successfully.
C:\WINDOWS\Temp\~ie56E.tmp moved successfully.
C:\WINDOWS\Temp\~ie571.tmp moved successfully.
C:\WINDOWS\Temp\~ie574.tmp moved successfully.
C:\WINDOWS\Temp\~ie577.tmp moved successfully.
C:\WINDOWS\Temp\~ie57A.tmp moved successfully.
C:\WINDOWS\Temp\~ie57D.tmp moved successfully.
C:\WINDOWS\Temp\~ie580.tmp moved successfully.
C:\WINDOWS\Temp\~ie583.tmp moved successfully.
C:\WINDOWS\Temp\~ie586.tmp moved successfully.
C:\WINDOWS\Temp\~ie589.tmp moved successfully.
C:\WINDOWS\Temp\~ie58C.tmp moved successfully.
C:\WINDOWS\Temp\~ie58F.tmp moved successfully.
C:\WINDOWS\Temp\~ie59.tmp moved successfully.
C:\WINDOWS\Temp\~ie592.tmp moved successfully.
C:\WINDOWS\Temp\~ie595.tmp moved successfully.
C:\WINDOWS\Temp\~ie598.tmp moved successfully.
C:\WINDOWS\Temp\~ie59B.tmp moved successfully.
C:\WINDOWS\Temp\~ie59E.tmp moved successfully.
C:\WINDOWS\Temp\~ie5A1.tmp moved successfully.
C:\WINDOWS\Temp\~ie5A4.tmp moved successfully.
C:\WINDOWS\Temp\~ie5A7.tmp moved successfully.
C:\WINDOWS\Temp\~ie5AA.tmp moved successfully.
C:\WINDOWS\Temp\~ie5AD.tmp moved successfully.
C:\WINDOWS\Temp\~ie5B0.tmp moved successfully.
C:\WINDOWS\Temp\~ie5B3.tmp moved successfully.
C:\WINDOWS\Temp\~ie5B6.tmp moved successfully.
C:\WINDOWS\Temp\~ie5B9.tmp moved successfully.
C:\WINDOWS\Temp\~ie5BC.tmp moved successfully.
C:\WINDOWS\Temp\~ie5BF.tmp moved successfully.
C:\WINDOWS\Temp\~ie5C.tmp moved successfully.
C:\WINDOWS\Temp\~ie5C2.tmp moved successfully.
C:\WINDOWS\Temp\~ie5C5.tmp moved successfully.
C:\WINDOWS\Temp\~ie5C8.tmp moved successfully.
C:\WINDOWS\Temp\~ie5F.tmp moved successfully.
C:\WINDOWS\Temp\~ie6.tmp moved successfully.
C:\WINDOWS\Temp\~ie62.tmp moved successfully.
C:\WINDOWS\Temp\~ie65.tmp moved successfully.
C:\WINDOWS\Temp\~ie68.tmp moved successfully.
C:\WINDOWS\Temp\~ie6B.tmp moved successfully.
C:\WINDOWS\Temp\~ie6E.tmp moved successfully.
C:\WINDOWS\Temp\~ie71.tmp moved successfully.
C:\WINDOWS\Temp\~ie74.tmp moved successfully.
C:\WINDOWS\Temp\~ie77.tmp moved successfully.
C:\WINDOWS\Temp\~ie7A.tmp moved successfully.
C:\WINDOWS\Temp\~ie7D.tmp moved successfully.
C:\WINDOWS\Temp\~ie80.tmp moved successfully.
C:\WINDOWS\Temp\~ie83.tmp moved successfully.
C:\WINDOWS\Temp\~ie87.tmp moved successfully.
C:\WINDOWS\Temp\~ie8A.tmp moved successfully.
C:\WINDOWS\Temp\~ie8D.tmp moved successfully.
C:\WINDOWS\Temp\~ie9.tmp moved successfully.
C:\WINDOWS\Temp\~ie90.tmp moved successfully.
C:\WINDOWS\Temp\~ie93.tmp moved successfully.
C:\WINDOWS\Temp\~ie96.tmp moved successfully.
C:\WINDOWS\Temp\~ie99.tmp moved successfully.
C:\WINDOWS\Temp\~ie9C.tmp moved successfully.
C:\WINDOWS\Temp\~ie9F.tmp moved successfully.
C:\WINDOWS\Temp\~ieA2.tmp moved successfully.
C:\WINDOWS\Temp\~ieA5.tmp moved successfully.
C:\WINDOWS\Temp\~ieA8.tmp moved successfully.
C:\WINDOWS\Temp\~ieAB.tmp moved successfully.
C:\WINDOWS\Temp\~ieAE.tmp moved successfully.
C:\WINDOWS\Temp\~ieB1.tmp moved successfully.
C:\WINDOWS\Temp\~ieB4.tmp moved successfully.
C:\WINDOWS\Temp\~ieB7.tmp moved successfully.
C:\WINDOWS\Temp\~ieBA.tmp moved successfully.
C:\WINDOWS\Temp\~ieBD.tmp moved successfully.
C:\WINDOWS\Temp\~ieC.tmp moved successfully.
C:\WINDOWS\Temp\~ieC0.tmp moved successfully.
C:\WINDOWS\Temp\~ieC3.tmp moved successfully.
C:\WINDOWS\Temp\~ieC6.tmp moved successfully.
C:\WINDOWS\Temp\~ieC9.tmp moved successfully.
C:\WINDOWS\Temp\~ieCC.tmp moved successfully.
C:\WINDOWS\Temp\~ieCF.tmp moved successfully.
C:\WINDOWS\Temp\~ieD2.tmp moved successfully.
C:\WINDOWS\Temp\~ieD5.tmp moved successfully.
C:\WINDOWS\Temp\~ieD8.tmp moved successfully.
C:\WINDOWS\Temp\~ieDB.tmp moved successfully.
C:\WINDOWS\Temp\~ieDE.tmp moved successfully.
C:\WINDOWS\Temp\~ieE.tmp moved successfully.
C:\WINDOWS\Temp\~ieE1.tmp moved successfully.
C:\WINDOWS\Temp\~ieE4.tmp moved successfully.
C:\WINDOWS\Temp\~ieE7.tmp moved successfully.
C:\WINDOWS\Temp\~ieEA.tmp moved successfully.
C:\WINDOWS\Temp\~ieED.tmp moved successfully.
C:\WINDOWS\Temp\~ieF.tmp moved successfully.
C:\WINDOWS\Temp\~ieF1.tmp moved successfully.
C:\WINDOWS\Temp\~ieF5.tmp moved successfully.
C:\WINDOWS\Temp\~ieF8.tmp moved successfully.
C:\WINDOWS\Temp\~ieFB.tmp moved successfully.
C:\WINDOWS\Temp\~ieFE.tmp moved successfully.
C:\WINDOWS\System32\drivers\ggfrih.sys moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: administrator.TENZO
->Temp folder emptied: 1332 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: Guest
->Temp folder emptied: 429 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: kzambochova
->Temp folder emptied: 50280214 bytes
->Temporary Internet Files folder emptied: 209728692 bytes
->Java cache emptied: 8292862 bytes
->Flash cache emptied: 44935 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 5221934 bytes

User: mspackova
->Temp folder emptied: 74981017 bytes
->Temporary Internet Files folder emptied: 262469954 bytes
->Java cache emptied: 26112 bytes
->FireFox cache emptied: 72093307 bytes
->Flash cache emptied: 2646 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: PcTenzo
->Temporary Internet Files folder emptied: 389974157 bytes
->Java cache emptied: 4122651 bytes
->Flash cache emptied: 36508 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1956372 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 57505 bytes
RecycleBin emptied: 107109945 bytes

Total Files Cleaned = 1 132,00 mb

[EMPTYFLASH]

User: Administrator

User: administrator.TENZO

User: All Users

User: Default User

User: Guest

User: kzambochova
->Flash cache emptied: 0 bytes

User: LocalService

User: mspackova
->Flash cache emptied: 0 bytes

User: NetworkService

User: PcTenzo
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

OTL by OldTimer - Version 3.2.8.1 log created on 07092010_112042

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

#13 Příspěvek od **motji** » 09 črc 2010 11:53

Co ted dělá combofix?

jacktenrek · #14 Příspěvek od **jacktenrek** » 09 črc 2010 11:55

komp uplne vytuhl - reset - spušteni znova - combofis start - a ted je ve fázy 5 ...

#15 Příspěvek od **motji** » 09 črc 2010 11:57

Aha. Combofix jste neměl znovu spouštět.

Pokud by Vám znovu vytuhl, tak combofix přejmenujte na cobra.com a než ho spustíte, tak použijte již dříve zmiňovaný Rkill.

Já ted musím od počítče a budu tu až večer, když tak mi tu nechejte log.

VIRY.CZ

antimalware-doctor ???

antimalware-doctor ???

Re: antimalware-doctor ???

Re: antimalware-doctor ???

Re: antimalware-doctor ???

Re: antimalware-doctor ???

Re: antimalware-doctor ???

Re: antimalware-doctor ???

Re: antimalware-doctor ???

Re: antimalware-doctor ???

Re: antimalware-doctor ???

Re: antimalware-doctor ???

Re: antimalware-doctor ???

Re: antimalware-doctor ???

Re: antimalware-doctor ???

Re: antimalware-doctor ???