VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

falesny antivir Malware Defense me neustale tabuje

https://forum.viry.cz:443/viewtopic.php?t=95862

Stránka 1 z 3

falesny antivir Malware Defense me neustale tabuje

Napsal: 06 led 2010 18:36
od FatalError.cz
Problém:

Před několika dny mě začalo vyskakovat okno které upozorňovalo na falesnou hrozbu a nebizelo mi koupi falešného antiviru s názvem Malware Defense, zprvu jsem okno zavřel (CTRL+F4) a chvíli byl pokoj, potom ale okno začalo vyskakovat pravidelně a neustále mě shazovalo aktivní okna a vracet do windows, potom se program dokonce sám nainstaloval, snažil jsem se ho smazat a zbavit se všeho okolo včetně *.dll a registru... ale ne zcela úspěšně, okno mi už sice nevyskakuje a program v počítači asi taky neni ale neustále mě to shazuje aktivní okna nebo mě vrací zpět na plochu zhruba ve 30 vteřinových intervalech.

Byl bych vám nesmírně vděčný kdyby se někdo mohl podívat na můj LOG a říct mi jestli existuje nějaké řešení nebo jestli mám počítač zformátovat ?!

LOG:

Logfile of random's system information tool 1.06 (written by random/random)
Run by DirectoR at 2010-01-06 18:13:12
Microsoft Windows XP Professional Service Pack 3
System drive C: has 3 GB (19%) free of 15 GB
Total RAM: 1022 MB (40% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:13:14, on 6.1.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
D:\Warcraft ENG\w3dr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\DOCUME~1\DirectoR\LOCALS~1\Temp\settdebugx.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Hamachi\hamachi-2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
d:\oracle\app\oracle\product\10.2.0\server\bin\ORACLE.EXE
D:\oracle\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\QIP\qip.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Documents and Settings\DirectoR\Desktop\RSIT.exe
C:\Documents and Settings\DirectoR\Desktop\DirectoR.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = start.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R3 - URLSearchHook: QIPBHO Class - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\DirectoR\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: QIPBHO - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\DirectoR\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [w3dr.exe] D:\Warcraft ENG\w3dr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [settdebugx.exe] C:\DOCUME~1\DirectoR\LOCALS~1\Temp\settdebugx.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://www.battlefieldheroes.com/stati ... 0.21.0.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - D:\oracle\app\oracle\product\10.2.0\server\BIN\omtsreco.exe
O23 - Service: OracleServiceXE - Oracle Corporation - d:\oracle\app\oracle\product\10.2.0\server\bin\ORACLE.EXE
O23 - Service: OracleXEClrAgent - Unknown owner - D:\oracle\app\oracle\product\10.2.0\server\bin\OraClrAgnt.exe
O23 - Service: OracleXETNSListener - Unknown owner - D:\oracle\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 6724 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}]
PC Tools Browser Guard BHO - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2009-11-10 395216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955}]
QIPBHO Class - C:\Documents and Settings\DirectoR\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll [2009-06-17 119808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{472734EA-242A-422B-ADF8-83D1E48CC825} - PC Tools Browser Guard - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2009-11-10 395216]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AtiPTA"=C:\WINDOWS\system32\atiptaxx.exe [2006-02-22 344064]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-07-01 67584]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2008-02-29 76304]
"w3dr.exe"=D:\Warcraft ENG\w3dr.exe [2008-08-03 61440]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2009-04-23 691656]
"settdebugx.exe"=C:\DOCUME~1\DirectoR\LOCALS~1\Temp\settdebugx.exe [2010-01-03 716800]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-12-05 122880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2008-05-02 72208]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Garena\Garena.exe"="C:\Program Files\Garena\Garena.exe:*:Enabled:Garena"
"D:\Warcraft ENG\Warcraft III.exe"="D:\Warcraft ENG\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\mIRC\mirc.exe"="C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
"C:\Program Files\QIP\qip.exe"="C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\Garena\Garena.exe"="C:\Garena\Garena.exe:*:Enabled:Garena"
"D:\garena\Garena.exe"="D:\garena\Garena.exe:*:Enabled:Garena"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"D:\games\CoD\iw3mp.exe"="D:\games\CoD\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{97d80ca4-79f8-11de-8b92-0050fc33073b}]
shell\AutoRun\command - G:\WDSetup.exe


======List of files/folders created in the last 1 months======

2010-01-06 18:12:33 ----D---- C:\rsit
2010-01-06 08:26:37 ----A---- C:\WINDOWS\system32\krl32mainweq.dll
2010-01-05 16:17:53 ----A---- C:\WINDOWS\ntbtlog.txt
2010-01-03 15:41:02 ----A---- C:\WINDOWS\SGDetectionTool.dll
2010-01-03 15:41:02 ----A---- C:\WINDOWS\BDTSupport.dll
2010-01-03 15:41:01 ----A---- C:\WINDOWS\PCTBDRes.dll
2010-01-03 15:41:01 ----A---- C:\WINDOWS\PCTBDCore.dll
2010-01-03 15:38:38 ----D---- C:\Program Files\Spyware Doctor
2010-01-03 15:38:38 ----D---- C:\Program Files\Common Files\PC Tools
2010-01-03 15:38:38 ----D---- C:\Documents and Settings\DirectoR\Application Data\PC Tools
2010-01-03 15:38:38 ----D---- C:\Documents and Settings\All Users\Application Data\PC Tools
2010-01-03 15:38:24 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2010-01-03 04:53:54 ----A---- C:\Documents and Settings\All Users\Application Data\sysReserve.ini
2010-01-03 02:15:50 ----D---- C:\Documents and Settings\All Users\Application Data\Blizzard Entertainment
2009-12-23 00:06:01 ----D---- C:\Documents and Settings\DirectoR\Application Data\VitySoft

======List of files/folders modified in the last 1 months======

2010-01-06 18:03:58 ----D---- C:\WINDOWS\Temp
2010-01-06 18:03:58 ----D---- C:\WINDOWS\system32
2010-01-06 18:02:58 ----D---- C:\Program Files\Mozilla Firefox
2010-01-06 18:02:01 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-06 17:56:54 ----D---- C:\WINDOWS
2010-01-06 17:43:04 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-06 17:33:43 ----D---- C:\Documents and Settings\DirectoR\Application Data\NoNameScript
2010-01-06 15:57:09 ----D---- C:\Program Files\mIRC
2010-01-06 08:38:39 ----D---- C:\WINDOWS\Prefetch
2010-01-05 16:18:17 ----D---- C:\Documents and Settings
2010-01-05 15:00:55 ----RD---- C:\Program Files
2010-01-05 15:00:55 ----D---- C:\WINDOWS\system32\drivers
2010-01-04 16:59:43 ----D---- C:\Program Files\Garena
2010-01-03 15:38:57 ----SHD---- C:\WINDOWS\Installer
2010-01-03 15:38:56 ----D---- C:\WINDOWS\WinSxS
2010-01-03 15:38:38 ----D---- C:\Program Files\Common Files
2010-01-03 13:00:22 ----D---- C:\Program Files\Yahoo!
2010-01-03 12:59:58 ----HD---- C:\WINDOWS\inf
2010-01-03 12:59:58 ----D---- C:\Program Files\Nokia
2010-01-03 12:59:49 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-01-03 12:59:29 ----D---- C:\WINDOWS\system32\appmgmt
2009-12-27 16:01:32 ----A---- C:\WINDOWS\NeroDigital.ini
2009-12-23 19:13:44 ----A---- C:\WINDOWS\system32\PnkBstrB.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-13 37760]
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2004-02-24 400384]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-07-01 626977]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-12-05 2782208]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-04-23 26176]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-04-23 26176]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2008-02-29 20240]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2008-02-29 35344]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2008-02-29 36880]
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2008-02-29 28944]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 SCREAMINGBDRIVER;Screaming Bee Audio; C:\WINDOWS\system32\drivers\ScreamingBAudio.sys [2008-11-22 23064]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]
S3 a2cemr5e;a2cemr5e; C:\WINDOWS\system32\drivers\a2cemr5e.sys []
S3 GarenaPEngine;GarenaPEngine; \??\C:\DOCUME~1\DirectoR\LOCALS~1\Temp\PHY8.tmp []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys []
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-12-05 495616]
R2 Browser Defender Update Service;Browser Defender Update Service; C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe [2009-11-10 112592]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; C:\Program Files\Hamachi\hamachi-2.exe [2009-10-29 1074568]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-25 153376]
R2 OracleServiceXE;OracleServiceXE; d:\oracle\app\oracle\product\10.2.0\server\bin\ORACLE.EXE [2006-02-02 59064320]
R2 OracleXETNSListener;OracleXETNSListener; D:\oracle\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe [2006-02-02 204800]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-10-29 75064]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2009-12-23 215104]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2007-09-28 593920]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe [2008-05-02 121360]
S3 OracleMTSRecoveryService;OracleMTSRecoveryService; D:\oracle\app\oracle\product\10.2.0\server\BIN\omtsreco.exe [2006-02-02 57616]
S3 OracleXEClrAgent;OracleXEClrAgent; D:\oracle\app\oracle\product\10.2.0\server\bin\OraClrAgnt.exe [2006-02-02 45056]
S3 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-10-30 359624]
S3 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2009-11-06 1141712]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-11-11 620544]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2006-10-15 38912]
S3 WMConnectCDS;Windows Media Connect Service; C:\Program Files\Windows Media Connect 2\wmccds.exe [2005-10-07 855552]
S4 OracleJobSchedulerXE;OracleJobSchedulerXE; d:\oracle\app\oracle\product\10.2.0\server\Bin\extjob.exe [2006-02-02 102400]

-----------------EOF-----------------

Re: falesny antivir Malware Defense me neustale tabuje

Napsal: 06 led 2010 18:39
od pitimir
Ahoj.

Stiahni OTL. Uloz na plochu a spust dvojklikom subor "OTL.exe". Otvori sa okno programu, v nom zaskrtni "Scan All Users", "Lop" aj "Purity Check" a "File Scan" zmen na 7 dni miesto 30. Do policka pod nazvom "Custom Scans/Fixes" skopiruj:

Kód: Vybrat vše

netsvcs
%SYSTEMDRIVE%\*.exe
%SYSTEMDRIVE%\eventlog.dll /s /md5
%SYSTEMDRIVE%\scecli.dll /s /md5
%SYSTEMDRIVE%\netlogon.dll /s /md5
%SYSTEMDRIVE%\cngaudit.dll /s /md5
%SYSTEMDRIVE%\sceclt.dll /s /md5
%SYSTEMDRIVE%\ntelogon.dll /s /md5
%SYSTEMDRIVE%\logevent.dll /s /md5
%SYSTEMDRIVE%\iaStor.sys /s /md5
%SYSTEMDRIVE%\nvstor.sys /s /md5
%SYSTEMDRIVE%\atapi.sys /s /md5
%SYSTEMDRIVE%\IdeChnDr.sys /s /md5
%SYSTEMDRIVE%\viasraid.sys /s /md5
%SYSTEMDRIVE%\AGP440.sys /s /md5
%SYSTEMDRIVE%\vaxscsi.sys /s /md5
%SYSTEMDRIVE%\nvatabus.sys /s /md5
%SYSTEMDRIVE%\viamraid.sys /s /md5
%SYSTEMDRIVE%\nvata.sys /s /md5
%SYSTEMROOT%\*. /mp /s
CREATERESTOREPOINT
%SYSTEMROOT%\system32\*.dll /lockedfiles
%SYSTEMROOT%\Tasks\*.job /lockedfiles
Potom klikni na "Run Scan". Zacne scan pocitaca, po jeho ukonceni sa otvoria dva reporty - obsah oboch potrebujem vidiet.

Re: falesny antivir Malware Defense me neustale tabuje

Napsal: 06 led 2010 20:03
od FatalError.cz
Ahoj, trochu jsem to zvoral... kvuli tomu ze se s pocitacem nedalo nic delat jsem si shodil explorer v tskmasteru a zapomel jsem na to takze jsem udelal ten tvuj scan a dostal z neho dva logy jak si psal, potom jsem si ale vzpomel ze je vyplej explorer a zazmatkoval jsem, takze jsem smazal ty dva logy zapnul znova explorer a znova udelal scan kterej mi vyhodil uz jenom jeden log (postuju ho dole...) omlouvam se. =(((

Nevim tedka jak se dostat k tomu druhymu logu... =(

Re: falesny antivir Malware Defense me neustale tabuje

Napsal: 06 led 2010 20:03
od FatalError.cz
OTL logfile created on: 6.1.2010 19:57:33 - Run 3
OTL by OldTimer - Version 3.1.21.0 Folder = C:\Documents and Settings\DirectoR\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000405 | Country: Czech Republic | Language: CSY | Date Format: d.M.yyyy

1 022,00 Mb Total Physical Memory | 277,00 Mb Available Physical Memory | 27,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 59,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 14,65 Gb Total Space | 2,73 Gb Free Space | 18,62% Space Free | Partition Type: NTFS
Drive D: | 97,13 Gb Total Space | 15,21 Gb Free Space | 15,66% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ALCKOR
Current User Name: DirectoR
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 7 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.01.06 19:56:11 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DirectoR\Desktop\OTL.exe
PRC - [2010.01.03 04:53:56 | 00,716,800 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\DirectoR\Local Settings\Temp\settdebugx.exe
PRC - [2009.12.23 19:13:44 | 00,215,104 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrB.exe
PRC - [2009.12.17 00:27:35 | 00,307,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009.11.10 10:28:08 | 00,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2009.10.29 18:32:37 | 00,075,064 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe
PRC - [2009.10.29 12:27:54 | 01,074,568 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\Hamachi\hamachi-2.exe
PRC - [2009.10.22 03:14:22 | 00,471,040 | ---- | M] (Blizzard Entertainment) -- D:\Warcraft ENG\war3.exe
PRC - [2009.09.06 12:11:48 | 03,224,848 | ---- | M] (Garena Interactive PTE LTD) -- C:\Program Files\Garena\Garena.exe
PRC - [2009.07.25 04:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009.07.25 04:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009.04.23 14:51:38 | 00,691,656 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe
PRC - [2009.02.12 17:35:06 | 03,276,288 | ---- | M] (The Author of QIP) -- C:\Program Files\QIP\qip.exe
PRC - [2008.05.02 02:44:08 | 00,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2008.05.02 02:40:56 | 00,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008.04.14 01:12:22 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2008.04.14 01:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.12.05 03:53:58 | 00,495,616 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2006.02.02 00:49:14 | 00,204,800 | ---- | M] () -- D:\oracle\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE
PRC - [2006.02.02 00:43:44 | 59,064,320 | ---- | M] (Oracle Corporation) -- d:\oracle\app\oracle\product\10.2.0\server\BIN\oracle.exe
PRC - [2004.07.01 18:23:32 | 00,067,584 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2003.12.22 15:36:14 | 00,561,152 | ---- | M] () -- C:\Program Files\Ventrilo\Ventrilo.exe


========== Modules (SafeList) ==========

MOD - [2010.01.06 19:56:11 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DirectoR\Desktop\OTL.exe
MOD - [2008.05.02 02:42:50 | 00,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll
MOD - [2008.05.02 02:38:54 | 00,064,016 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\GameHook.dll
MOD - [2006.12.01 22:54:32 | 00,626,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll


========== Win32 Services (SafeList) ==========

SRV - [2009.12.23 19:13:44 | 00,215,104 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PnkBstrB.exe -- (PnkBstrB)
SRV - [2009.11.10 10:28:08 | 00,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009.11.06 14:29:22 | 01,141,712 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009.10.30 11:18:16 | 00,359,624 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009.10.29 18:32:37 | 00,075,064 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA)
SRV - [2009.10.29 12:27:54 | 01,074,568 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2009.07.25 04:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2008.11.11 08:38:06 | 00,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008.05.02 02:42:06 | 00,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2007.12.05 03:53:58 | 00,495,616 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2007.09.28 21:05:00 | 00,593,920 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)
SRV - [2006.02.02 00:51:06 | 00,045,056 | ---- | M] () [On_Demand | Stopped] -- D:\oracle\app\oracle\product\10.2.0\server\bin\OraClrAgnt.exe -- (OracleXEClrAgent)
SRV - [2006.02.02 00:49:14 | 00,204,800 | ---- | M] () [Auto | Running] -- D:\oracle\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE -- (OracleXETNSListener)
SRV - [2006.02.02 00:47:28 | 00,057,616 | ---- | M] (Oracle Corporation) [On_Demand | Stopped] -- D:\oracle\app\oracle\product\10.2.0\server\BIN\omtsreco.exe -- (OracleMTSRecoveryService)
SRV - [2006.02.02 00:44:06 | 00,102,400 | ---- | M] () [Disabled | Stopped] -- d:\oracle\app\oracle\product\10.2.0\server\Bin\extjob.exe -- (OracleJobSchedulerXE)
SRV - [2006.02.02 00:43:44 | 59,064,320 | ---- | M] (Oracle Corporation) [Auto | Running] -- d:\oracle\app\oracle\product\10.2.0\server\bin\ORACLE.EXE -- (OracleServiceXE)
SRV - [2005.10.07 03:12:30 | 00,855,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)
SRV - [2005.04.04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2010.01.06 18:42:21 | 00,025,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Documents and Settings\DirectoR\Local Settings\Temp\SHOF.tmp -- (GarenaPEngine)
DRV - [2009.11.09 11:20:12 | 00,207,792 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009.07.17 00:06:09 | 00,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.04.23 10:15:06 | 00,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2008.11.22 12:53:18 | 00,023,064 | -H-- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER)
DRV - [2008.08.26 08:26:12 | 00,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.04.13 19:45:29 | 00,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008.04.13 17:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2008.02.29 03:13:46 | 00,028,944 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2008.02.29 03:13:24 | 00,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008.02.29 03:13:16 | 00,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008.02.29 03:12:48 | 00,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2007.12.05 06:26:40 | 02,782,208 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007.03.08 00:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2004.08.03 23:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004.07.01 14:49:00 | 00,626,977 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004.02.24 11:08:52 | 00,400,384 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2001.08.23 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2001.08.17 15:00:04 | 00,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

IE - HKU\S-1-5-21-1614895754-1326574676-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKU\S-1-5-21-1614895754-1326574676-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
IE - HKU\S-1-5-21-1614895754-1326574676-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
IE - HKU\S-1-5-21-1614895754-1326574676-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
IE - HKU\S-1-5-21-1614895754-1326574676-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = start.qip.ru
IE - HKU\S-1-5-21-1614895754-1326574676-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
IE - HKU\S-1-5-21-1614895754-1326574676-725345543-1003\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1614895754-1326574676-725345543-1003\..\URLSearchHook: {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\DirectoR\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
IE - HKU\S-1-5-21-1614895754-1326574676-725345543-1003\S-1-5-21-1614895754-1326574676-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.21.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.01.05 17:15:04 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009.12.17 00:27:45 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2008.12.09 13:41:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DirectoR\Application Data\Mozilla\Extensions
[2010.01.03 19:17:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DirectoR\Application Data\Mozilla\Firefox\Profiles\lypyg7i2.default\extensions
[2009.07.03 09:10:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DirectoR\Application Data\Mozilla\Firefox\Profiles\lypyg7i2.default\extensions\battlefieldheroespatcher@ea.com
[2009.07.24 11:57:02 | 00,002,061 | ---- | M] () -- C:\Documents and Settings\DirectoR\Application Data\Mozilla\Firefox\Profiles\lypyg7i2.default\searchplugins\qipsearch.xml
[2010.01.03 19:17:37 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009.09.10 20:31:01 | 00,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2009.09.10 20:31:01 | 00,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2009.09.10 20:31:01 | 00,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2009.09.10 20:31:01 | 00,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2009.09.10 20:31:01 | 00,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (QIPBHO Class) - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\DirectoR\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKU\S-1-5-21-1614895754-1326574676-725345543-1003\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AtiPTA] C:\WINDOWS\System32\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [w3dr.exe] D:\Warcraft ENG\W3DR.exe (VT Software)
O4 - HKU\S-1-5-21-1614895754-1326574676-725345543-1003..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1614895754-1326574676-725345543-1003..\Run: [settdebugx.exe] C:\Documents and Settings\DirectoR\Local Settings\Temp\settdebugx.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1614895754-1326574676-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/stati ... 0.21.0.cab (Battlefield Heroes Updater)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.11.06 03:27:13 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{97d80ca4-79f8-11de-8b92-0050fc33073b}\Shell\AutoRun\command - "" = G:\WDSetup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008.11.06 03:26:36 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Error starting restore point: 31
Error closing restore point: The sequence number is invalid.

========== Files/Folders - Created Within 7 Days ==========

[2010.01.06 19:40:21 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\DirectoR\Desktop\OTL.exe
[2010.01.06 18:12:33 | 00,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\DirectoR\Desktop\DirectoR.exe
[2010.01.06 18:12:33 | 00,000,000 | ---D | C] -- C:\rsit
[2010.01.06 18:08:27 | 00,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\DirectoR\Desktop\HijackThis.exe
[2010.01.06 18:02:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\LogMeIn Hamachi
[2010.01.05 15:00:46 | 05,061,520 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\DirectoR\Desktop\mbam-setup.exe
[2010.01.03 18:38:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DirectoR\Desktop\Silvestr 2009
[2010.01.03 15:41:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DirectoR\Local Settings\Application Data\Threat Expert
[2010.01.03 15:41:02 | 00,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2010.01.03 15:41:01 | 01,640,400 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2010.01.03 15:41:01 | 00,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2010.01.03 15:38:54 | 00,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2010.01.03 15:38:50 | 00,207,792 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010.01.03 15:38:50 | 00,087,784 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010.01.03 15:38:43 | 00,070,408 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010.01.03 15:38:38 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010.01.03 15:38:38 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010.01.03 15:38:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DirectoR\Application Data\PC Tools
[2010.01.03 15:38:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010.01.03 15:38:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010.01.03 15:36:08 | 34,355,312 | ---- | C] (PC Tools ) -- C:\Documents and Settings\DirectoR\Desktop\7.0.0.514c-sdrevenue-setup.exe
[2010.01.03 02:15:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Blizzard Entertainment
[2008.11.09 07:33:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008.11.06 03:31:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2008.11.06 03:27:10 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008.11.06 03:27:10 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 7 Days ==========

[2010.01.06 19:56:11 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DirectoR\Desktop\OTL.exe
[2010.01.06 18:12:00 | 00,781,909 | ---- | M] () -- C:\Documents and Settings\DirectoR\Desktop\RSIT.exe
[2010.01.06 18:08:28 | 00,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\DirectoR\Desktop\HijackThis.exe
[2010.01.06 18:08:28 | 00,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\DirectoR\Desktop\DirectoR.exe
[2010.01.06 17:54:14 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.01.06 17:54:11 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.01.06 17:42:43 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\DirectoR\ntuser.ini
[2010.01.06 17:42:41 | 03,670,016 | -H-- | M] () -- C:\Documents and Settings\DirectoR\NTUSER.DAT
[2010.01.06 16:28:53 | 00,055,808 | ---- | M] () -- C:\Documents and Settings\DirectoR\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.01.06 08:26:37 | 00,000,871 | ---- | M] () -- C:\WINDOWS\System32\krl32mainweq.dll
[2010.01.05 21:37:22 | 06,392,934 | -H-- | M] () -- C:\Documents and Settings\DirectoR\Local Settings\Application Data\IconCache.db
[2010.01.05 15:00:51 | 05,061,520 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\DirectoR\Desktop\mbam-setup.exe
[2010.01.04 16:44:23 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.01.03 17:41:47 | 69,763,0720 | ---- | M] () -- C:\Documents and Settings\DirectoR\Desktop\windows-xp-sp3-cz-cd-key-v-image.iso
[2010.01.03 15:38:45 | 00,001,657 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010.01.03 15:38:00 | 34,355,312 | ---- | M] (PC Tools ) -- C:\Documents and Settings\DirectoR\Desktop\7.0.0.514c-sdrevenue-setup.exe
[2010.01.03 14:22:14 | 00,000,444 | ---- | M] () -- C:\Documents and Settings\DirectoR\Desktop\Shortcut to Wow.exe.lnk
[2010.01.03 14:21:09 | 00,215,941 | ---- | M] () -- C:\Documents and Settings\DirectoR\Desktop\finale.JPG
[2010.01.03 04:53:54 | 00,000,008 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\sysReserve.ini
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.01.06 18:11:54 | 00,781,909 | ---- | C] () -- C:\Documents and Settings\DirectoR\Desktop\RSIT.exe
[2010.01.06 08:26:37 | 00,000,871 | ---- | C] () -- C:\WINDOWS\System32\krl32mainweq.dll
[2010.01.03 17:24:14 | 69,763,0720 | ---- | C] () -- C:\Documents and Settings\DirectoR\Desktop\windows-xp-sp3-cz-cd-key-v-image.iso
[2010.01.03 15:41:02 | 00,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2010.01.03 15:41:02 | 00,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2010.01.03 15:41:02 | 00,000,880 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2010.01.03 15:41:02 | 00,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2010.01.03 15:41:01 | 01,152,444 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2010.01.03 15:38:54 | 00,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat
[2010.01.03 15:38:50 | 00,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2010.01.03 15:38:50 | 00,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2010.01.03 15:38:45 | 00,001,657 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2010.01.03 15:38:43 | 00,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2010.01.03 14:22:14 | 00,000,444 | ---- | C] () -- C:\Documents and Settings\DirectoR\Desktop\Shortcut to Wow.exe.lnk
[2010.01.03 14:21:09 | 00,215,941 | ---- | C] () -- C:\Documents and Settings\DirectoR\Desktop\finale.JPG
[2010.01.03 04:53:54 | 00,000,008 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sysReserve.ini
[2009.10.29 17:23:24 | 00,000,272 | ---- | C] () -- C:\WINDOWS\game.ini
[2009.10.04 11:19:29 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2009.10.04 11:19:29 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2009.10.04 11:19:29 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2009.10.04 11:18:13 | 00,000,198 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2009.07.28 23:25:54 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.07.17 00:06:08 | 00,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009.07.03 09:22:05 | 00,138,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009.07.03 09:22:04 | 00,022,328 | ---- | C] () -- C:\Documents and Settings\DirectoR\Application Data\PnkBstrK.sys
[2008.12.16 19:49:06 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008.11.26 22:20:20 | 00,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008.11.26 22:20:18 | 01,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008.11.26 22:20:18 | 00,282,624 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008.11.26 22:20:17 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008.11.26 22:20:16 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008.11.26 22:20:16 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008.11.06 04:18:26 | 00,055,808 | ---- | C] () -- C:\Documents and Settings\DirectoR\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.11.05 23:07:49 | 00,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2008.11.05 23:07:47 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2008.11.05 19:48:51 | 00,000,011 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.ini

========== LOP Check ==========

[2009.07.17 00:09:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009.08.28 10:31:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2009.04.01 10:51:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2009.04.01 10:55:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2009.01.21 15:26:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Screaming Bee
[2010.01.06 19:58:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009.03.29 14:45:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DirectoR\Application Data\Acreon
[2009.07.17 00:10:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DirectoR\Application Data\DAEMON Tools Lite
[2009.04.05 21:47:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DirectoR\Application Data\Dev-Cpp
[2009.04.01 10:59:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DirectoR\Application Data\Nokia
[2010.01.06 17:33:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DirectoR\Application Data\NoNameScript
[2009.04.01 11:00:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DirectoR\Application Data\PC Suite
[2009.01.21 15:26:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DirectoR\Application Data\Screaming Bee
[2009.01.24 20:16:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DirectoR\Application Data\uTorrent
[2009.12.23 00:06:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DirectoR\Application Data\VitySoft

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< %SYSTEMDRIVE%\eventlog.dll /s /md5 >
[2004.08.03 23:56:44 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008.04.14 01:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 01:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %SYSTEMDRIVE%\scecli.dll /s /md5 >
[2004.08.03 23:56:46 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008.04.14 01:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 01:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %SYSTEMDRIVE%\netlogon.dll /s /md5 >
[2004.08.03 23:56:46 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008.04.14 01:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 01:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %SYSTEMDRIVE%\cngaudit.dll /s /md5 >

< %SYSTEMDRIVE%\sceclt.dll /s /md5 >

< %SYSTEMDRIVE%\ntelogon.dll /s /md5 >

< %SYSTEMDRIVE%\logevent.dll /s /md5 >

< %SYSTEMDRIVE%\iaStor.sys /s /md5 >

< %SYSTEMDRIVE%\nvstor.sys /s /md5 >

< %SYSTEMDRIVE%\atapi.sys /s /md5 >
[2004.08.03 21:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2008.04.13 19:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 19:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >

< %SYSTEMDRIVE%\viasraid.sys /s /md5 >

< %SYSTEMDRIVE%\AGP440.sys /s /md5 >
[2008.04.13 19:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 19:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >

< %SYSTEMDRIVE%\nvatabus.sys /s /md5 >

< %SYSTEMDRIVE%\viamraid.sys /s /md5 >

< %SYSTEMDRIVE%\nvata.sys /s /md5 >

< %SYSTEMROOT%\*. /mp /s >

< %SYSTEMROOT%\system32\*.dll /lockedfiles >
[2008.04.14 01:11:52 | 00,357,888 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2008.04.14 01:11:52 | 00,205,312 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %SYSTEMROOT%\Tasks\*.job /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 180 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >

Re: falesny antivir Malware Defense me neustale tabuje

Napsal: 06 led 2010 20:28
od pitimir
No program hlasi spustenie dokonca 3x...kazdopadne je uz neskoro.

Skopiruj v OTL do policka pod nazvom "Custom Scans/Fixes":

Kód: Vybrat vše

:otl
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKU\S-1-5-21-1614895754-1326574676-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
IE - HKU\S-1-5-21-1614895754-1326574676-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
IE - HKU\S-1-5-21-1614895754-1326574676-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
IE - HKU\S-1-5-21-1614895754-1326574676-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = start.qip.ru
IE - HKU\S-1-5-21-1614895754-1326574676-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
IE - HKU\S-1-5-21-1614895754-1326574676-725345543-1003\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1614895754-1326574676-725345543-1003\..\URLSearchHook: {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\DirectoR\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
[2009.07.24 11:57:02 | 00,002,061 | ---- | M] () -- C:\Documents and Settings\DirectoR\Application Data\Mozilla\Firefox\Profiles\lypyg7i2.default\searchplugins\qipsearch.xml
O2 - BHO: (QIPBHO Class) - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\DirectoR\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKU\S-1-5-21-1614895754-1326574676-725345543-1003..\Run: [settdebugx.exe] C:\Documents and Settings\DirectoR\Local Settings\Temp\settdebugx.exe (Microsoft Corporation)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/stati ... 0.21.0.cab (Battlefield Heroes Updater)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O33 - MountPoints2\{97d80ca4-79f8-11de-8b92-0050fc33073b}\Shell\AutoRun\command - "" = G:\WDSetup.exe -- File not found
[2010.01.06 08:26:37 | 00,000,871 | ---- | M] () -- C:\WINDOWS\System32\krl32mainweq.dll
@Alternate Data Stream - 180 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

:commands
[emptytemp]
[reboot]
Klikni na "Run Fix". Program zacne pracovat, mozny je restart PC. Po nom by sa ti mal objavit log, ten by som rad videl.

Re: falesny antivir Malware Defense me neustale tabuje

Napsal: 06 led 2010 20:40
od FatalError.cz
Error: Unable to interpret <OTL logfile created on: 6.1.2010 19:57:33 - Run 3> in the current context!
Error: Unable to interpret <OTL by OldTimer - Version 3.1.21.0 Folder = C:\Documents and Settings\DirectoR\Desktop> in the current context!
Error: Unable to interpret <Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation> in the current context!
Error: Unable to interpret <Internet Explorer (Version = 6.0.2900.5512)> in the current context!
Error: Unable to interpret <Locale: 00000405 | Country: Czech Republic | Language: CSY | Date Format: d.M.yyyy> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <1 022,00 Mb Total Physical Memory | 277,00 Mb Available Physical Memory | 27,00% Memory free> in the current context!
Error: Unable to interpret <2,00 Gb Paging File | 1,00 Gb Available in Paging File | 59,00% Paging File free> in the current context!
Error: Unable to interpret <Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files> in the current context!
Error: Unable to interpret <Drive C: | 14,65 Gb Total Space | 2,73 Gb Free Space | 18,62% Space Free | Partition Type: NTFS> in the current context!
Error: Unable to interpret <Drive D: | 97,13 Gb Total Space | 15,21 Gb Free Space | 15,66% Space Free | Partition Type: NTFS> in the current context!
Error: Unable to interpret <E: Drive not present or media not loaded> in the current context!
Error: Unable to interpret <F: Drive not present or media not loaded> in the current context!
Error: Unable to interpret <G: Drive not present or media not loaded> in the current context!
Error: Unable to interpret <H: Drive not present or media not loaded> in the current context!
Error: Unable to interpret <I: Drive not present or media not loaded> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Computer Name: ALCKOR> in the current context!
Error: Unable to interpret <Current User Name: DirectoR> in the current context!
Error: Unable to interpret <Logged in as Administrator.> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Current Boot Mode: Normal> in the current context!
Error: Unable to interpret <Scan Mode: All users> in the current context!
Error: Unable to interpret <Company Name Whitelist: Off> in the current context!
Error: Unable to interpret <Skip Microsoft Files: Off> in the current context!
Error: Unable to interpret <File Age = 7 Days> in the current context!
Error: Unable to interpret <Output = Standard> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Processes (SafeList) ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <PRC - [2010.01.06 19:56:11 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DirectoR\Desktop\OTL.exe> in the current context!
Error: Unable to interpret <PRC - [2010.01.03 04:53:56 | 00,716,800 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\DirectoR\Local Settings\Temp\settdebugx.exe> in the current context!
Error: Unable to interpret <PRC - [2009.12.23 19:13:44 | 00,215,104 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrB.exe> in the current context!
Error: Unable to interpret <PRC - [2009.12.17 00:27:35 | 00,307,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe> in the current context!
Error: Unable to interpret <PRC - [2009.11.10 10:28:08 | 00,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe> in the current context!
Error: Unable to interpret <PRC - [2009.10.29 18:32:37 | 00,075,064 | ---- | M] () -- C:\WINDOWS\system32\PnkBstrA.exe> in the current context!
Error: Unable to interpret <PRC - [2009.10.29 12:27:54 | 01,074,568 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\Hamachi\hamachi-2.exe> in the current context!
Error: Unable to interpret <PRC - [2009.10.22 03:14:22 | 00,471,040 | ---- | M] (Blizzard Entertainment) -- D:\Warcraft ENG\war3.exe> in the current context!
Error: Unable to interpret <PRC - [2009.09.06 12:11:48 | 03,224,848 | ---- | M] (Garena Interactive PTE LTD) -- C:\Program Files\Garena\Garena.exe> in the current context!
Error: Unable to interpret <PRC - [2009.07.25 04:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe> in the current context!
Error: Unable to interpret <PRC - [2009.07.25 04:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe> in the current context!
Error: Unable to interpret <PRC - [2009.04.23 14:51:38 | 00,691,656 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe> in the current context!
Error: Unable to interpret <PRC - [2009.02.12 17:35:06 | 03,276,288 | ---- | M] (The Author of QIP) -- C:\Program Files\QIP\qip.exe> in the current context!
Error: Unable to interpret <PRC - [2008.05.02 02:44:08 | 00,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe> in the current context!
Error: Unable to interpret <PRC - [2008.05.02 02:40:56 | 00,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe> in the current context!
Error: Unable to interpret <PRC - [2008.04.14 01:12:22 | 00,093,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe> in the current context!
Error: Unable to interpret <PRC - [2008.04.14 01:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe> in the current context!
Error: Unable to interpret <PRC - [2007.12.05 03:53:58 | 00,495,616 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe> in the current context!
Error: Unable to interpret <PRC - [2006.02.02 00:49:14 | 00,204,800 | ---- | M] () -- D:\oracle\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE> in the current context!
Error: Unable to interpret <PRC - [2006.02.02 00:43:44 | 59,064,320 | ---- | M] (Oracle Corporation) -- d:\oracle\app\oracle\product\10.2.0\server\BIN\oracle.exe> in the current context!
Error: Unable to interpret <PRC - [2004.07.01 18:23:32 | 00,067,584 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE> in the current context!
Error: Unable to interpret <PRC - [2003.12.22 15:36:14 | 00,561,152 | ---- | M] () -- C:\Program Files\Ventrilo\Ventrilo.exe> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Modules (SafeList) ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <MOD - [2010.01.06 19:56:11 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DirectoR\Desktop\OTL.exe> in the current context!
Error: Unable to interpret <MOD - [2008.05.02 02:42:50 | 00,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll> in the current context!
Error: Unable to interpret <MOD - [2008.05.02 02:38:54 | 00,064,016 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\GameHook.dll> in the current context!
Error: Unable to interpret <MOD - [2006.12.01 22:54:32 | 00,626,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Win32 Services (SafeList) ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <SRV - [2009.12.23 19:13:44 | 00,215,104 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PnkBstrB.exe -- (PnkBstrB)> in the current context!
Error: Unable to interpret <SRV - [2009.11.10 10:28:08 | 00,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)> in the current context!
Error: Unable to interpret <SRV - [2009.11.06 14:29:22 | 01,141,712 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)> in the current context!
Error: Unable to interpret <SRV - [2009.10.30 11:18:16 | 00,359,624 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)> in the current context!
Error: Unable to interpret <SRV - [2009.10.29 18:32:37 | 00,075,064 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PnkBstrA.exe -- (PnkBstrA)> in the current context!
Error: Unable to interpret <SRV - [2009.10.29 12:27:54 | 01,074,568 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\Hamachi\hamachi-2.exe -- (Hamachi2Svc)> in the current context!
Error: Unable to interpret <SRV - [2009.07.25 04:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)> in the current context!
Error: Unable to interpret <SRV - [2008.11.11 08:38:06 | 00,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)> in the current context!
Error: Unable to interpret <SRV - [2008.05.02 02:42:06 | 00,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)> in the current context!
Error: Unable to interpret <SRV - [2007.12.05 03:53:58 | 00,495,616 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)> in the current context!
Error: Unable to interpret <SRV - [2007.09.28 21:05:00 | 00,593,920 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\ati2sgag.exe -- (ATI Smart)> in the current context!
Error: Unable to interpret <SRV - [2006.02.02 00:51:06 | 00,045,056 | ---- | M] () [On_Demand | Stopped] -- D:\oracle\app\oracle\product\10.2.0\server\bin\OraClrAgnt.exe -- (OracleXEClrAgent)> in the current context!
Error: Unable to interpret <SRV - [2006.02.02 00:49:14 | 00,204,800 | ---- | M] () [Auto | Running] -- D:\oracle\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE -- (OracleXETNSListener)> in the current context!
Error: Unable to interpret <SRV - [2006.02.02 00:47:28 | 00,057,616 | ---- | M] (Oracle Corporation) [On_Demand | Stopped] -- D:\oracle\app\oracle\product\10.2.0\server\BIN\omtsreco.exe -- (OracleMTSRecoveryService)> in the current context!
Error: Unable to interpret <SRV - [2006.02.02 00:44:06 | 00,102,400 | ---- | M] () [Disabled | Stopped] -- d:\oracle\app\oracle\product\10.2.0\server\Bin\extjob.exe -- (OracleJobSchedulerXE)> in the current context!
Error: Unable to interpret <SRV - [2006.02.02 00:43:44 | 59,064,320 | ---- | M] (Oracle Corporation) [Auto | Running] -- d:\oracle\app\oracle\product\10.2.0\server\bin\ORACLE.EXE -- (OracleServiceXE)> in the current context!
Error: Unable to interpret <SRV - [2005.10.07 03:12:30 | 00,855,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)> in the current context!
Error: Unable to interpret <SRV - [2005.04.04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Driver Services (SafeList) ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <DRV - [2010.01.06 18:42:21 | 00,025,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Documents and Settings\DirectoR\Local Settings\Temp\SHOF.tmp -- (GarenaPEngine)> in the current context!
Error: Unable to interpret <DRV - [2009.11.09 11:20:12 | 00,207,792 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)> in the current context!
Error: Unable to interpret <DRV - [2009.07.17 00:06:09 | 00,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)> in the current context!
Error: Unable to interpret <DRV - [2009.04.23 10:15:06 | 00,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)> in the current context!
Error: Unable to interpret <DRV - [2008.11.22 12:53:18 | 00,023,064 | -H-- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ScreamingBAudio.sys -- (SCREAMINGBDRIVER)> in the current context!
Error: Unable to interpret <DRV - [2008.08.26 08:26:12 | 00,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)> in the current context!
Error: Unable to interpret <DRV - [2008.04.13 19:45:29 | 00,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)> in the current context!
Error: Unable to interpret <DRV - [2008.04.13 17:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)> in the current context!
Error: Unable to interpret <DRV - [2008.02.29 03:13:46 | 00,028,944 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)> in the current context!
Error: Unable to interpret <DRV - [2008.02.29 03:13:24 | 00,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)> in the current context!
Error: Unable to interpret <DRV - [2008.02.29 03:13:16 | 00,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)> in the current context!
Error: Unable to interpret <DRV - [2008.02.29 03:12:48 | 00,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)> in the current context!
Error: Unable to interpret <DRV - [2007.12.05 06:26:40 | 02,782,208 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)> in the current context!
Error: Unable to interpret <DRV - [2007.03.08 00:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)> in the current context!
Error: Unable to interpret <DRV - [2004.08.03 23:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)> in the current context!
Error: Unable to interpret <DRV - [2004.07.01 14:49:00 | 00,626,977 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)> in the current context!
Error: Unable to interpret <DRV - [2004.02.24 11:08:52 | 00,400,384 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)> in the current context!
Error: Unable to interpret <DRV - [2001.08.23 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)> in the current context!
Error: Unable to interpret <DRV - [2001.08.17 15:00:04 | 00,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Standard Registry (SafeList) ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Internet Explorer ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes> in the current context!
Error: Unable to interpret <IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-1614895754-1326574676-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-1614895754-1326574676-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-1614895754-1326574676-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-1614895754-1326574676-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-1614895754-1326574676-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = start.qip.ru> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-1614895754-1326574676-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-1614895754-1326574676-725345543-1003\..\URLSearchHook: - Reg Error: Key error. File not found> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-1614895754-1326574676-725345543-1003\..\URLSearchHook: {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\DirectoR\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)> in the current context!
Error: Unable to interpret <IE - HKU\S-1-5-21-1614895754-1326574676-725345543-1003\S-1-5-21-1614895754-1326574676-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== FireFox ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.21.0> in the current context!
Error: Unable to interpret <FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.01.05 17:15:04 | 00,000,000 | ---D | M]> in the current context!
Error: Unable to interpret <FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009.12.17 00:27:45 | 00,000,000 | ---D | M]> in the current context!
Error: Unable to interpret <FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[2008.12.09 13:41:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DirectoR\Application Data\Mozilla\Extensions> in the current context!
Error: Unable to interpret <[2010.01.03 19:17:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DirectoR\Application Data\Mozilla\Firefox\Profiles\lypyg7i2.default\extensions> in the current context!
Error: Unable to interpret <[2009.07.03 09:10:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DirectoR\Application Data\Mozilla\Firefox\Profiles\lypyg7i2.default\extensions\battlefieldheroespatcher@ea.com> in the current context!
Error: Unable to interpret <[2009.07.24 11:57:02 | 00,002,061 | ---- | M] () -- C:\Documents and Settings\DirectoR\Application Data\Mozilla\Firefox\Profiles\lypyg7i2.default\searchplugins\qipsearch.xml> in the current context!
Error: Unable to interpret <[2010.01.03 19:17:37 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions> in the current context!
Error: Unable to interpret <[2009.09.10 20:31:01 | 00,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml> in the current context!
Error: Unable to interpret <[2009.09.10 20:31:01 | 00,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml> in the current context!
Error: Unable to interpret <[2009.09.10 20:31:01 | 00,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml> in the current context!
Error: Unable to interpret <[2009.09.10 20:31:01 | 00,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml> in the current context!
Error: Unable to interpret <[2009.09.10 20:31:01 | 00,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <O1 HOSTS File: (734 bytes) - C:\WINDOWS\system32\drivers\etc\hosts> in the current context!
Error: Unable to interpret <O1 - Hosts: 127.0.0.1 localhost> in the current context!
Error: Unable to interpret <O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)> in the current context!
Error: Unable to interpret <O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)> in the current context!
Error: Unable to interpret <O2 - BHO: (QIPBHO Class) - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\DirectoR\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)> in the current context!
Error: Unable to interpret <O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)> in the current context!
Error: Unable to interpret <O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)> in the current context!
Error: Unable to interpret <O3 - HKU\S-1-5-21-1614895754-1326574676-725345543-1003\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [AtiPTA] C:\WINDOWS\System32\atiptaxx.exe (ATI Technologies, Inc.)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [KernelFaultCheck] File not found> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [w3dr.exe] D:\Warcraft ENG\W3DR.exe (VT Software)> in the current context!
Error: Unable to interpret <O4 - HKU\S-1-5-21-1614895754-1326574676-725345543-1003..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)> in the current context!
Error: Unable to interpret <O4 - HKU\S-1-5-21-1614895754-1326574676-725345543-1003..\Run: [settdebugx.exe] C:\Documents and Settings\DirectoR\Local Settings\Temp\settdebugx.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)> in the current context!
Error: Unable to interpret <O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1> in the current context!
Error: Unable to interpret <O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145> in the current context!
Error: Unable to interpret <O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145> in the current context!
Error: Unable to interpret <O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145> in the current context!
Error: Unable to interpret <O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145> in the current context!
Error: Unable to interpret <O7 - HKU\S-1-5-21-1614895754-1326574676-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145> in the current context!
Error: Unable to interpret <O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.> in the current context!
Error: Unable to interpret <O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} https://www.battlefieldheroes.com/stati ... 0.21.0.cab (Battlefield Heroes Updater)> in the current context!
Error: Unable to interpret <O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)> in the current context!
Error: Unable to interpret <O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)> in the current context!
Error: Unable to interpret <O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)> in the current context!
Error: Unable to interpret <O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)> in the current context!
Error: Unable to interpret <O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138> in the current context!
Error: Unable to interpret <O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)> in the current context!
Error: Unable to interpret <O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)> in the current context!
Error: Unable to interpret <O32 - HKLM CDRom: AutoRun - 1> in the current context!
Error: Unable to interpret <O32 - AutoRun File - [2008.11.06 03:27:13 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{97d80ca4-79f8-11de-8b92-0050fc33073b}\Shell\AutoRun\command - "" = G:\WDSetup.exe -- File not found> in the current context!
Error: Unable to interpret <O34 - HKLM BootExecute: (autocheck autochk *) - File not found> in the current context!
Error: Unable to interpret <O35 - comfile [open] -- "%1" %*> in the current context!
Error: Unable to interpret <O35 - exefile [open] -- "%1" %*> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <NetSvcs: 6to4 - File not found> in the current context!
Error: Unable to interpret <NetSvcs: Ias - C:\WINDOWS\system32\ias [2008.11.06 03:26:36 | 00,000,000 | ---D | M]> in the current context!
Error: Unable to interpret <NetSvcs: Iprip - File not found> in the current context!
Error: Unable to interpret <NetSvcs: Irmon - File not found> in the current context!
Error: Unable to interpret <NetSvcs: NWCWorkstation - File not found> in the current context!
Error: Unable to interpret <NetSvcs: Nwsapagent - File not found> in the current context!
Error: Unable to interpret <NetSvcs: WmdmPmSp - File not found> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <CREATERESTOREPOINT> in the current context!
Error: Unable to interpret <Error starting restore point: 31> in the current context!
Error: Unable to interpret <Error closing restore point: The sequence number is invalid.> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Files/Folders - Created Within 7 Days ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[2010.01.06 19:40:21 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\DirectoR\Desktop\OTL.exe> in the current context!
Error: Unable to interpret <[2010.01.06 18:12:33 | 00,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\DirectoR\Desktop\DirectoR.exe> in the current context!
Error: Unable to interpret <[2010.01.06 18:12:33 | 00,000,000 | ---D | C] -- C:\rsit> in the current context!
Error: Unable to interpret <[2010.01.06 18:08:27 | 00,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\DirectoR\Desktop\HijackThis.exe> in the current context!
Error: Unable to interpret <[2010.01.06 18:02:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\LogMeIn Hamachi> in the current context!
Error: Unable to interpret <[2010.01.05 15:00:46 | 05,061,520 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\DirectoR\Desktop\mbam-setup.exe> in the current context!
Error: Unable to interpret <[2010.01.03 18:38:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DirectoR\Desktop\Silvestr 2009> in the current context!
Error: Unable to interpret <[2010.01.03 15:41:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DirectoR\Local Settings\Application Data\Threat Expert> in the current context!
Error: Unable to interpret <[2010.01.03 15:41:02 | 00,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll> in the current context!
Error: Unable to interpret <[2010.01.03 15:41:01 | 01,640,400 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll> in the current context!
Error: Unable to interpret <[2010.01.03 15:41:01 | 00,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll> in the current context!
Error: Unable to interpret <[2010.01.03 15:38:54 | 00,233,136 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys> in the current context!
Error: Unable to interpret <[2010.01.03 15:38:50 | 00,207,792 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys> in the current context!
Error: Unable to interpret <[2010.01.03 15:38:50 | 00,087,784 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys> in the current context!
Error: Unable to interpret <[2010.01.03 15:38:43 | 00,070,408 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys> in the current context!
Error: Unable to interpret <[2010.01.03 15:38:38 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor> in the current context!
Error: Unable to interpret <[2010.01.03 15:38:38 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools> in the current context!
Error: Unable to interpret <[2010.01.03 15:38:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\DirectoR\Application Data\PC Tools> in the current context!
Error: Unable to interpret <[2010.01.03 15:38:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools> in the current context!
Error: Unable to interpret <[2010.01.03 15:38:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP> in the current context!
Error: Unable to interpret <[2010.01.03 15:36:08 | 34,355,312 | ---- | C] (PC Tools ) -- C:\Documents and Settings\DirectoR\Desktop\7.0.0.514c-sdrevenue-setup.exe> in the current context!
Error: Unable to interpret <[2010.01.03 02:15:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Blizzard Entertainment> in the current context!
Error: Unable to interpret <[2008.11.09 07:33:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft> in the current context!
Error: Unable to interpret <[2008.11.06 03:31:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft> in the current context!
Error: Unable to interpret <[2008.11.06 03:27:10 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft> in the current context!
Error: Unable to interpret <[2008.11.06 03:27:10 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft> in the current context!
Error: Unable to interpret <[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]> in the current context!
Error: Unable to interpret <[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Files - Modified Within 7 Days ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[2010.01.06 19:56:11 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DirectoR\Desktop\OTL.exe> in the current context!
Error: Unable to interpret <[2010.01.06 18:12:00 | 00,781,909 | ---- | M] () -- C:\Documents and Settings\DirectoR\Desktop\RSIT.exe> in the current context!
Error: Unable to interpret <[2010.01.06 18:08:28 | 00,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\DirectoR\Desktop\HijackThis.exe> in the current context!
Error: Unable to interpret <[2010.01.06 18:08:28 | 00,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\DirectoR\Desktop\DirectoR.exe> in the current context!
Error: Unable to interpret <[2010.01.06 17:54:14 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT> in the current context!
Error: Unable to interpret <[2010.01.06 17:54:11 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat> in the current context!
Error: Unable to interpret <[2010.01.06 17:42:43 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\DirectoR\ntuser.ini> in the current context!
Error: Unable to interpret <[2010.01.06 17:42:41 | 03,670,016 | -H-- | M] () -- C:\Documents and Settings\DirectoR\NTUSER.DAT> in the current context!
Error: Unable to interpret <[2010.01.06 16:28:53 | 00,055,808 | ---- | M] () -- C:\Documents and Settings\DirectoR\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini> in the current context!
Error: Unable to interpret <[2010.01.06 08:26:37 | 00,000,871 | ---- | M] () -- C:\WINDOWS\System32\krl32mainweq.dll> in the current context!
Error: Unable to interpret <[2010.01.05 21:37:22 | 06,392,934 | -H-- | M] () -- C:\Documents and Settings\DirectoR\Local Settings\Application Data\IconCache.db> in the current context!
Error: Unable to interpret <[2010.01.05 15:00:51 | 05,061,520 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\DirectoR\Desktop\mbam-setup.exe> in the current context!
Error: Unable to interpret <[2010.01.04 16:44:23 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl> in the current context!
Error: Unable to interpret <[2010.01.03 17:41:47 | 69,763,0720 | ---- | M] () -- C:\Documents and Settings\DirectoR\Desktop\windows-xp-sp3-cz-cd-key-v-image.iso> in the current context!
Error: Unable to interpret <[2010.01.03 15:38:45 | 00,001,657 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk> in the current context!
Error: Unable to interpret <[2010.01.03 15:38:00 | 34,355,312 | ---- | M] (PC Tools ) -- C:\Documents and Settings\DirectoR\Desktop\7.0.0.514c-sdrevenue-setup.exe> in the current context!
Error: Unable to interpret <[2010.01.03 14:22:14 | 00,000,444 | ---- | M] () -- C:\Documents and Settings\DirectoR\Desktop\Shortcut to Wow.exe.lnk> in the current context!
Error: Unable to interpret <[2010.01.03 14:21:09 | 00,215,941 | ---- | M] () -- C:\Documents and Settings\DirectoR\Desktop\finale.JPG> in the current context!
Error: Unable to interpret <[2010.01.03 04:53:54 | 00,000,008 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\sysReserve.ini> in the current context!
Error: Unable to interpret <[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]> in the current context!
Error: Unable to interpret <[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Files Created - No Company Name ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[2010.01.06 18:11:54 | 00,781,909 | ---- | C] () -- C:\Documents and Settings\DirectoR\Desktop\RSIT.exe> in the current context!
Error: Unable to interpret <[2010.01.06 08:26:37 | 00,000,871 | ---- | C] () -- C:\WINDOWS\System32\krl32mainweq.dll> in the current context!
Error: Unable to interpret <[2010.01.03 17:24:14 | 69,763,0720 | ---- | C] () -- C:\Documents and Settings\DirectoR\Desktop\windows-xp-sp3-cz-cd-key-v-image.iso> in the current context!
Error: Unable to interpret <[2010.01.03 15:41:02 | 00,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll> in the current context!
Error: Unable to interpret <[2010.01.03 15:41:02 | 00,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml> in the current context!
Error: Unable to interpret <[2010.01.03 15:41:02 | 00,000,880 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml> in the current context!
Error: Unable to interpret <[2010.01.03 15:41:02 | 00,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip> in the current context!
Error: Unable to interpret <[2010.01.03 15:41:01 | 01,152,444 | ---- | C] () -- C:\WINDOWS\UDB.zip> in the current context!
Error: Unable to interpret <[2010.01.03 15:38:54 | 00,007,387 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctgntdi.cat> in the current context!
Error: Unable to interpret <[2010.01.03 15:38:50 | 00,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat> in the current context!
Error: Unable to interpret <[2010.01.03 15:38:50 | 00,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat> in the current context!
Error: Unable to interpret <[2010.01.03 15:38:45 | 00,001,657 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk> in the current context!
Error: Unable to interpret <[2010.01.03 15:38:43 | 00,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat> in the current context!
Error: Unable to interpret <[2010.01.03 14:22:14 | 00,000,444 | ---- | C] () -- C:\Documents and Settings\DirectoR\Desktop\Shortcut to Wow.exe.lnk> in the current context!
Error: Unable to interpret <[2010.01.03 14:21:09 | 00,215,941 | ---- | C] () -- C:\Documents and Settings\DirectoR\Desktop\finale.JPG> in the current context!
Error: Unable to interpret <[2010.01.03 04:53:54 | 00,000,008 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sysReserve.ini> in the current context!
Error: Unable to interpret <[2009.10.29 17:23:24 | 00,000,272 | ---- | C] () -- C:\WINDOWS\game.ini> in the current context!
Error: Unable to interpret <[2009.10.04 11:19:29 | 00,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll> in the current context!
Error: Unable to interpret <[2009.10.04 11:19:29 | 00,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll> in the current context!
Error: Unable to interpret <[2009.10.04 11:19:29 | 00,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll> in the current context!
Error: Unable to interpret <[2009.10.04 11:18:13 | 00,000,198 | ---- | C] () -- C:\WINDOWS\SIERRA.INI> in the current context!
Error: Unable to interpret <[2009.07.28 23:25:54 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini> in the current context!
Error: Unable to interpret <[2009.07.17 00:06:08 | 00,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys> in the current context!
Error: Unable to interpret <[2009.07.03 09:22:05 | 00,138,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys> in the current context!
Error: Unable to interpret <[2009.07.03 09:22:04 | 00,022,328 | ---- | C] () -- C:\Documents and Settings\DirectoR\Application Data\PnkBstrK.sys> in the current context!
Error: Unable to interpret <[2008.12.16 19:49:06 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI> in the current context!
Error: Unable to interpret <[2008.11.26 22:20:20 | 00,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll> in the current context!
Error: Unable to interpret <[2008.11.26 22:20:18 | 01,559,040 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll> in the current context!
Error: Unable to interpret <[2008.11.26 22:20:18 | 00,282,624 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll> in the current context!
Error: Unable to interpret <[2008.11.26 22:20:17 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll> in the current context!
Error: Unable to interpret <[2008.11.26 22:20:16 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll> in the current context!
Error: Unable to interpret <[2008.11.26 22:20:16 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest> in the current context!
Error: Unable to interpret <[2008.11.06 04:18:26 | 00,055,808 | ---- | C] () -- C:\Documents and Settings\DirectoR\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini> in the current context!
Error: Unable to interpret <[2008.11.05 23:07:49 | 00,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini> in the current context!
Error: Unable to interpret <[2008.11.05 23:07:47 | 00,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll> in the current context!
Error: Unable to interpret <[2008.11.05 19:48:51 | 00,000,011 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.ini> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== LOP Check ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[2009.07.17 00:09:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite> in the current context!
Error: Unable to interpret <[2009.08.28 10:31:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET> in the current context!
Error: Unable to interpret <[2009.04.01 10:51:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations> in the current context!
Error: Unable to interpret <[2009.04.01 10:55:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite> in the current context!
Error: Unable to interpret <[2009.01.21 15:26:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Screaming Bee> in the current context!
Error: Unable to interpret <[2010.01.06 19:58:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP> in the current context!
Error: Unable to interpret <[2009.03.29 14:45:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DirectoR\Application Data\Acreon> in the current context!
Error: Unable to interpret <[2009.07.17 00:10:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DirectoR\Application Data\DAEMON Tools Lite> in the current context!
Error: Unable to interpret <[2009.04.05 21:47:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DirectoR\Application Data\Dev-Cpp> in the current context!
Error: Unable to interpret <[2009.04.01 10:59:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DirectoR\Application Data\Nokia> in the current context!
Error: Unable to interpret <[2010.01.06 17:33:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DirectoR\Application Data\NoNameScript> in the current context!
Error: Unable to interpret <[2009.04.01 11:00:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DirectoR\Application Data\PC Suite> in the current context!
Error: Unable to interpret <[2009.01.21 15:26:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DirectoR\Application Data\Screaming Bee> in the current context!
Error: Unable to interpret <[2009.01.24 20:16:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DirectoR\Application Data\uTorrent> in the current context!
Error: Unable to interpret <[2009.12.23 00:06:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\DirectoR\Application Data\VitySoft> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Purity Check ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Custom Scans ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret << %SYSTEMDRIVE%\*.exe >> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret << %SYSTEMDRIVE%\eventlog.dll /s /md5 >> in the current context!
Error: Unable to interpret <[2004.08.03 23:56:44 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll> in the current context!
Error: Unable to interpret <[2008.04.14 01:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll> in the current context!
Error: Unable to interpret <[2008.04.14 01:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll> in the current context!
Error: Unable to interpret <[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret << %SYSTEMDRIVE%\scecli.dll /s /md5 >> in the current context!
Error: Unable to interpret <[2004.08.03 23:56:46 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll> in the current context!
Error: Unable to interpret <[2008.04.14 01:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll> in the current context!
Error: Unable to interpret <[2008.04.14 01:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll> in the current context!
Error: Unable to interpret <[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret << %SYSTEMDRIVE%\netlogon.dll /s /md5 >> in the current context!
Error: Unable to interpret <[2004.08.03 23:56:46 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll> in the current context!
Error: Unable to interpret <[2008.04.14 01:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll> in the current context!
Error: Unable to interpret <[2008.04.14 01:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll> in the current context!
Error: Unable to interpret <[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret << %SYSTEMDRIVE%\cngaudit.dll /s /md5 >> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret << %SYSTEMDRIVE%\sceclt.dll /s /md5 >> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret << %SYSTEMDRIVE%\ntelogon.dll /s /md5 >> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret << %SYSTEMDRIVE%\logevent.dll /s /md5 >> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret << %SYSTEMDRIVE%\iaStor.sys /s /md5 >> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret << %SYSTEMDRIVE%\nvstor.sys /s /md5 >> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret << %SYSTEMDRIVE%\atapi.sys /s /md5 >> in the current context!
Error: Unable to interpret <[2004.08.03 21:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys> in the current context!
Error: Unable to interpret <[2008.04.13 19:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys> in the current context!
Error: Unable to interpret <[2008.04.13 19:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret << %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 >> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret << %SYSTEMDRIVE%\viasraid.sys /s /md5 >> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret << %SYSTEMDRIVE%\AGP440.sys /s /md5 >> in the current context!
Error: Unable to interpret <[2008.04.13 19:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys> in the current context!
Error: Unable to interpret <[2008.04.13 19:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret << %SYSTEMDRIVE%\vaxscsi.sys /s /md5 >> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret << %SYSTEMDRIVE%\nvatabus.sys /s /md5 >> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret << %SYSTEMDRIVE%\viamraid.sys /s /md5 >> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret << %SYSTEMDRIVE%\nvata.sys /s /md5 >> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret << %SYSTEMROOT%\*. /mp /s >> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret << %SYSTEMROOT%\system32\*.dll /lockedfiles >> in the current context!
Error: Unable to interpret <[2008.04.14 01:11:52 | 00,357,888 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll> in the current context!
Error: Unable to interpret <[2008.04.14 01:11:52 | 00,205,312 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll> in the current context!
Error: Unable to interpret <[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret << %SYSTEMROOT%\Tasks\*.job /lockedfiles >> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Alternate Data Streams ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 180 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2> in the current context!
Error: Unable to interpret <@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8> in the current context!
Error: Unable to interpret << End of report >> in the current context!

OTL by OldTimer - Version 3.1.21.0 log created on 01062010_204019

Re: falesny antivir Malware Defense me neustale tabuje

Napsal: 06 led 2010 23:52
od pitimir
Chlape chlape...trochu menej zmatkov a bolo by to lepsie ;)
Vies ako sa hovori...praca chvatna, malo platna. A to sa tyka aj nasho pripadu. Skopiroval si tam totizto svoj predosly log z OTL a nie moj skript ;)

Takze znova a este raz.

Re: falesny antivir Malware Defense me neustale tabuje

Napsal: 07 led 2010 23:34
od FatalError.cz
Omlouvam ze pisu az ted, ale byl jsem dneska celej den v praci a ted jsem se teprve dostal domu...

Uplne te chapu, sry uz si sam pripadam jako idiot, je u toho desne zmatkoval a porad zmatkuju protoze sem nevedel jestli jsem mel znova zaskrtavat ty veci jako predtim nebo znova pustit ten program a jenom to tam nakopirovat... takze tenhle log co ti ted poslu jsem ziskal naprosto opicim zpusobem a to sice zapnul jsem znova OTL nic jsem nenastavoval ani nezaskrtaval, jenom jsem nakopiroval ten kod a zapnul fix, tak doufam ze ti to konecne pomuze. =(

Re: falesny antivir Malware Defense me neustale tabuje

Napsal: 07 led 2010 23:34
od FatalError.cz
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
Unable to set value : HKU\S-1-5-21-1614895754-1326574676-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E!
Unable to set value : HKU\S-1-5-21-1614895754-1326574676-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E!
Unable to set value : HKU\S-1-5-21-1614895754-1326574676-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E!
Unable to set value : HKU\S-1-5-21-1614895754-1326574676-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E!
Unable to set value : HKU\S-1-5-21-1614895754-1326574676-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E!
Registry value HKEY_USERS\S-1-5-21-1614895754-1326574676-725345543-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1614895754-1326574676-725345543-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{95289393-33EA-4F8D-B952-483415B9C955} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95289393-33EA-4F8D-B952-483415B9C955}\ deleted successfully.
C:\Documents and Settings\DirectoR\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll moved successfully.
C:\Documents and Settings\DirectoR\Application Data\Mozilla\Firefox\Profiles\lypyg7i2.default\searchplugins\qipsearch.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95289393-33EA-4F8D-B952-483415B9C955}\ not found.
File C:\Documents and Settings\DirectoR\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck not found.
Registry value HKEY_USERS\S-1-5-21-1614895754-1326574676-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run\\settdebugx.exe deleted successfully.
C:\Documents and Settings\DirectoR\Local Settings\Temp\settdebugx.exe moved successfully.
Starting removal of ActiveX control {784797A8-342D-4072-9486-03C8D0F2F0A1}
C:\WINDOWS\Downloaded Program Files\BFHUpdater.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{784797A8-342D-4072-9486-03C8D0F2F0A1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{784797A8-342D-4072-9486-03C8D0F2F0A1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{784797A8-342D-4072-9486-03C8D0F2F0A1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{784797A8-342D-4072-9486-03C8D0F2F0A1}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {D27CDB6E-AE6D-11CF-96B8-444553540000}
C:\WINDOWS\Downloaded Program Files\swflash.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{97d80ca4-79f8-11de-8b92-0050fc33073b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{97d80ca4-79f8-11de-8b92-0050fc33073b}\ not found.
File G:\WDSetup.exe not found.
C:\WINDOWS\system32\krl32mainweq.dll moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 709768 bytes
->Temporary Internet Files folder emptied: 201447 bytes
->FireFox cache emptied: 2185767 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: DirectoR
->Temp folder emptied: 253851546 bytes
->Temporary Internet Files folder emptied: 21845991 bytes
->Java cache emptied: 43819332 bytes
->FireFox cache emptied: 116538415 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33666 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2162283 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
Windows Temp folder emptied: 33717806 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 149887 bytes

Total Files Cleaned = 453,00 mb


OTL by OldTimer - Version 3.1.21.0 log created on 01072010_232416

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Re: falesny antivir Malware Defense me neustale tabuje

Napsal: 08 led 2010 09:42
od pitimir
No vidis, hned to vyzera lepsie :)
Este ta poprosim o CF, nech mame istotu:

Stiahni ComboFix, najlepsie na plochu. Vypni vsetky otvorene aplikacie, ako aj rezidenty antiviru, antispywaru a firewall. Spust program cez ucet s administratorskymi pravami a postupuj podla instrukcii. Cely sken bude trvat cca 10 minut. Pocas neho moze byt PC restartovane. Log, ktory ComboFix vytvori, najdes na adrese "C:\ComboFix.txt".
Ten vloz sem.

Pozor: Kym ComboFix nevytvori log, na nic neklikat, nic nestlacat !!

Re: falesny antivir Malware Defense me neustale tabuje

Napsal: 08 led 2010 17:45
od FatalError.cz
Hm ten programek nejde spustit, nevim proc ale mam pocit ze to bude mit neco spolecnyho s tim virem protoze jeste nez jsem to tu zacal resit s tebou, tak jsem zkousel treba zapnout Malwarebyte Anti-Malware taky se nepustil, zkousel jsem obnovu systemu taky nereaguje, proste nektery veci prestali uplne fungovat... a nefungujou ani v nouzovym rezimu.

Re: falesny antivir Malware Defense me neustale tabuje

Napsal: 08 led 2010 19:46
od pitimir
Pozrieme sa na to :)

1) Stiahni si Win32kDiag, najlepsie na plochu. Spust dvojklikom, po skonceni scanu by sa ti mal zobrazit textovy subor. Jeho obsah sem vloz.


2) Stiahni a uloz Junction, najlepsie na plochu. Extrahuj a subor Junction.exe presun ho do "%SystemRoot%" (vacsinou "C:\Windows"). Potom spravis nasledovne:

Start -> Spustit -> (napis) cmd /c junction -s c:\ >log.txt&log.txt& del log.txt
Enter.

Zacne scan, po jeho skonceni sa ti zobrazi textovy dokument. Jeho obsah sem skopiruj.

Re: falesny antivir Malware Defense me neustale tabuje

Napsal: 09 led 2010 00:36
od FatalError.cz
Ten prvni link je rozbitej a nemuzu stahnout ten programek...

Re: falesny antivir Malware Defense me neustale tabuje

Napsal: 09 led 2010 08:59
od pitimir
Mne slape v poriadku...skus >>tento<< alebo >>tento<< mirror.

Re: falesny antivir Malware Defense me neustale tabuje

Napsal: 09 led 2010 13:42
od FatalError.cz
Po spusteni se mi objevi prikazovej radek, kterej jenom nahlasi "Coudnt get backup privileges!" a stisknutim klavesy se cmd zase zavre ale nevyhodi zadnej textak... =(
Všechny časy jsou v UTC+01:00
Stránka 1 z 3

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz