VIRY.CZ

peosím o kontrolu a popis stepbystep pro laika na odstranění havěti

Objekt "Spyware.NetScreenWatch Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "SpyGuarder Corrupted Adware/Spyware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "RegSort Corrupted Adware/Spyware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" odkazuje na neplatný objekt "C:\WINDOWS\system32\OnlineScannerUninstaller.exe". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" odkazuje na neplatný objekt "C:\Config.Msi\". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".002". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".rar". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{1C8DFA71-4079-4F02-B8BB-47B12C1A565F}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{1EFE09D3-6C77-4E6D-876F-76CB30D2056C}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{268789C4-53E6-4DDB-8F33-8D0F9E000BEA}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{298ED0E9-EF39-3BB9-8389-2FE41DC8FC80}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{2D1AC484-E516-408C-8825-ACB1C356AC7A}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{2F3AB6ED-951C-4CE7-8AC9-8546FDCF1F5A}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{309E2514-29D4-405C-B3B1-14D7231BFA16}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{4582C7EB-93F5-408D-9F29-5A5BE1E76845}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{494AD45E-E071-4819-8E15-E1041FBFF073}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{724309E5-E712-426C-B94D-B6B42511C29F}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{81719652-18E0-47B1-9A12-F82BF075D4DB}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{8B2F38F1-6D3C-4D87-AD2F-954AF6942800}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{971D6F8B-E8C5-49A4-9ED3-89C010B0D8D2}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{AC76BA86-7AD7-1029-7B44-A91000000001}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{AF5D3F34-843A-41BF-A0F3-2FBBA00BA9B9}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{BEEBFC3C-48B1-4A38-A3C5-81BA19DF5F40}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{C96D1542-585F-412D-8C5A-0240BDA164B9}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{CF24EDF1-E236-4332-83CB-4C701A9BCBF0}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{DAC0309E-07F6-45AD-B5BF-5B0DEF71FFEE}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{DB164C6E-8E4A-4730-97C6-DE8486EB367F}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{DF76B188-11DB-43DC-A389-10422995A979}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{ECD82B28-48BE-426C-B55B-6EC022616285}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{F0B7330E-24B8-43EA-8CD6-D114428A1CEC}". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{F4D03C19-DCA0-4B09-83E7-BE3B06C8D4DC}". Provedené akce: Ponecháno, neodstraněno!.

děkuji, jakl

Zdravim,

nic,co by stalo za pozornost-zbytky a docasne zalezitosti

Stahnete OTL

spustte, oznacte "Scan All Users,30days zmente na 7,kliknete na Run Scan,

po skonceni skenu sem vlozte obsah logu z OTL.txt.

OTL logfile created on: 10.1.2010 12:39:13 - Run 1
OTL by OldTimer - Version 3.1.23.0 Folder = c:\rozbal\záloha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 68,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 88,00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37,26 Gb Total Space | 15,34 Gb Free Space | 41,17% Space Free | Partition Type: NTFS
Drive D: | 6,01 Gb Total Space | 4,84 Gb Free Space | 80,65% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TATA
Current User Name: Jakl
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 7 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.01.10 12:38:22 | 00,543,744 | ---- | M] (OldTimer Tools) -- c:\rozbal\záloha\OTL.exe
PRC - [2009.09.24 07:50:10 | 03,520,256 | ---- | M] (Ghisler Software GmbH) -- C:\totalcmd\TOTALCMD.EXE
PRC - [2009.03.05 16:07:20 | 02,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008.08.28 11:29:26 | 01,223,680 | ---- | M] (Michel Krämer) -- C:\Program Files\Spamihilator\spamihilator.exe
PRC - [2008.04.14 04:22:47 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\snmp.exe
PRC - [2008.04.14 04:22:22 | 01,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.12.04 15:36:33 | 00,017,272 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2007.12.04 14:00:23 | 00,079,224 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2007.12.04 14:00:16 | 00,140,664 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2007.12.04 13:59:53 | 00,247,160 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2007.12.04 13:59:01 | 00,345,464 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2007.05.22 09:40:08 | 00,028,672 | R--- | M] (Monet+, a.s.) -- C:\WINDOWS\system32\xmesrv.exe
PRC - [2005.09.30 19:22:50 | 00,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2005.04.03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
PRC - [2004.12.06 20:31:50 | 00,036,975 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
PRC - [2004.08.17 15:49:26 | 00,111,616 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\$NtServicePackUninstall$\netdde.exe
PRC - [2004.04.15 10:05:40 | 01,949,696 | ---- | M] (Kerio Technologies) -- C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
PRC - [2004.04.15 10:05:14 | 02,510,848 | ---- | M] (Kerio Technologies) -- C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
PRC - [2003.04.16 13:00:00 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tcpsvcs.exe
PRC - [2003.04.16 13:00:00 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cidaemon.exe

========== Modules (SafeList) ==========

MOD - [2010.01.10 12:38:22 | 00,543,744 | ---- | M] (OldTimer Tools) -- c:\rozbal\záloha\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (NGRegClnSrv)
SRV - File not found [Disabled | Stopped] -- -- (DYXP)
SRV - File not found [Disabled | Stopped] -- -- (602SQL 8 FastCGI Client)
SRV - [2009.11.06 15:21:11 | 00,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008.07.29 18:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008.04.14 04:22:47 | 00,032,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\snmp.exe -- (SNMP)
SRV - [2008.04.14 04:21:53 | 00,105,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2007.12.04 15:36:33 | 00,017,272 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2007.12.04 14:00:16 | 00,140,664 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2007.12.04 13:59:53 | 00,247,160 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2007.12.04 13:59:01 | 00,345,464 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2007.05.22 09:40:08 | 00,028,672 | R--- | M] (Monet+, a.s.) [Auto | Running] -- C:\WINDOWS\system32\xmesrv.exe -- (xmengine service)
SRV - [2005.09.30 19:22:50 | 00,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2005.04.03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [Auto | Running] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004.08.17 15:49:26 | 00,111,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\WINDOWS\$NtServicePackUninstall$\netdde.exe -- (NetDDEdsdm)
SRV - [2004.08.17 15:49:26 | 00,111,616 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\WINDOWS\$NtServicePackUninstall$\netdde.exe -- (NetDDE)
SRV - [2004.04.15 10:05:40 | 01,949,696 | ---- | M] (Kerio Technologies) [Auto | Running] -- C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe -- (KPF4)
SRV - [2003.04.16 13:00:00 | 00,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\tcpsvcs.exe -- (SimpTcp)
SRV - [2003.04.16 13:00:00 | 00,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\tcpsvcs.exe -- (LPDSVC)
SRV - [2002.09.20 18:03:56 | 00,020,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\1b317d90c1351ab9de38a11aa74014e6\backup\hidserv.dll -- (HidServ)

========== Driver Services (SafeList) ==========

DRV - [2009.11.06 15:22:39 | 00,022,016 | ---- | M] (Feitian Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rockey4.sys -- (ROCKEYNT)
DRV - [2009.11.06 15:22:39 | 00,012,928 | ---- | M] (Feitian Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rockey4USB.sys -- (Rockey_USB)
DRV - [2009.02.13 18:00:29 | 00,022,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbsermpt.sys -- (usbsermpt)
DRV - [2008.04.13 19:45:29 | 00,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2007.12.04 15:55:46 | 00,094,544 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2007.12.04 15:53:39 | 00,023,152 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2007.12.04 15:51:52 | 00,042,912 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2007.12.04 15:49:02 | 00,026,624 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2007.11.13 11:25:52 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007.06.18 15:18:26 | 00,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2007.03.08 00:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2006.05.10 09:56:26 | 00,036,736 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidUsbK.sys -- (LHidUsbK)
DRV - [2004.08.17 15:43:40 | 00,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004.08.04 06:41:55 | 00,011,868 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2004.08.04 06:41:54 | 01,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hsfdpsp2.sys -- (HSF_DP)
DRV - [2004.08.04 06:41:48 | 00,685,056 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hsfcxts2.sys -- (winachsf)
DRV - [2004.08.04 06:41:46 | 00,220,032 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hsfbs2s2.sys -- (HSFHWBS2)
DRV - [2004.08.03 22:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004.08.03 21:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004.06.28 11:06:26 | 00,061,840 | R--- | M] (Gemplus) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\GTwinUSB.sys -- (GTwinUSB)
DRV - [2004.04.15 10:02:56 | 00,147,456 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fwdrv.sys -- (fwdrv)
DRV - [2003.04.16 13:00:00 | 00,542,879 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_MSFT.sys -- (hsf_msft)
DRV - [2003.04.16 13:00:00 | 00,488,383 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_V124.sys -- (V124)
DRV - [2003.04.16 13:00:00 | 00,391,199 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_K56K.sys -- (K56)
DRV - [2003.04.16 13:00:00 | 00,289,887 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FALL.sys -- (Fallback)
DRV - [2003.04.16 13:00:00 | 00,199,711 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FAXX.sys -- (SoftFax)
DRV - [2003.04.16 13:00:00 | 00,115,807 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FSKS.sys -- (Fsks)
DRV - [2003.04.16 13:00:00 | 00,067,167 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_BSC2.sys -- (basic2)
DRV - [2003.04.16 13:00:00 | 00,057,471 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_SAMP.sys -- (Rksample)
DRV - [2003.04.16 13:00:00 | 00,050,751 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_TONE.sys -- (Tones)
DRV - [2003.04.16 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2003.04.16 13:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM)
DRV - [2003.03.06 12:17:50 | 00,050,496 | R--- | M] ( ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WLANICB.sys -- (WLAN_ICB)
DRV - [2002.07.12 06:17:50 | 00,655,596 | ---- | M] (Avance Logic, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Avance AC97 Audio (WDM)
DRV - [2001.10.24 12:02:42 | 00,006,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\serscan.sys -- (StillCam)
DRV - [2001.08.17 23:00:04 | 00,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001.08.17 20:11:06 | 00,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)
DRV - [1999.02.10 21:08:44 | 00,120,544 | ---- | M] (Shuttle Technology.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\ppscan.sys -- (PPSCAN)
DRV - [1997.04.09 15:38:24 | 00,085,868 | ---- | M] (Silitek Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ppclass.sys -- (PPCLASS)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.seznam.cz/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.seznam.cz/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = http://www.seznam.cz/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.seznam.cz/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.seznam.cz/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.seznam.cz/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = c:\WINDOWS\
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Prev Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.seznam.cz
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: (371829 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 12819 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (PDF-XChange Viewer IE-Plugin) - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Program Files\Tracker Software\PDF-XChange Viewer\pdf-viewer\PDFXCviewIEPlugin.dll (Tracker Software Products Ltd.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [Spamihilator] C:\Program Files\Spamihilator\spamihilator.exe (Michel Krämer)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\NPJPI150_01.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 59 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] https in Důvěryhodné servery)
O15 - HKCU\..Trusted Domains: servis24.cz ([www] https in Důvěryhodné servery)
O15 - HKCU\..Trusted Domains: 68 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/microso ... 3107152245 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microso ... 3107139497 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} Reg Error: Value error. (Java Plug-in 1.5.0_01)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 () - http://www.countryradio.cz/img/zt11.gif
O24 - Desktop Components:1 () - http://www.livebox.cz/radia/radio/img/player-zel.gif
O24 - Desktop Components:2 (Aktuální domovská stránka) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004.04.10 08:56:54 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation)
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 7 Days ==========

[2010.01.10 12:34:57 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Jakl\Recent
[2010.01.10 07:08:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\rundll16.exe
[2010.01.10 07:08:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\logo1_.exe
[2010.01.10 06:53:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\MicroWorld
[2009.10.28 11:27:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Adobe
[2008.12.14 12:26:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Microsoft
[2008.10.30 03:06:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\PCHealth
[2008.02.02 06:35:48 | 00,077,824 | ---- | C] ( ) -- C:\WINDOWS\System32\GsBridge.dll
[2008.01.04 09:11:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Adobe
[2008.01.04 08:31:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Data aplikací\Adobe
[2007.06.24 09:35:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Data aplikací\pdf995
[2007.04.03 15:26:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Data aplikací\AdobeUM
[2005.06.18 07:28:28 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Data aplikací\Microsoft
[2005.06.18 07:28:28 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Data aplikací\Microsoft
[2005.06.18 07:27:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Microsoft
[2004.10.06 18:01:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Data aplikací\Macromedia
[2004.09.28 18:39:22 | 00,050,496 | R--- | C] ( ) -- C:\WINDOWS\System32\drivers\WLANICB.sys
[2004.04.22 07:16:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Identities
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 7 Days ==========

[2010.01.10 09:53:59 | 00,005,474 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2010.01.10 09:29:53 | 09,961,472 | ---- | M] () -- C:\Documents and Settings\Jakl\ntuser.dat
[2010.01.10 09:28:08 | 00,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.01.10 09:26:10 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.01.10 09:25:50 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.01.10 09:24:40 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Jakl\ntuser.ini
[2010.01.10 08:00:09 | 00,000,276 | ---- | M] () -- C:\Documents and Settings\Jakl\Dokumenty\pinfect.zip
[2010.01.10 07:08:22 | 00,000,054 | ---- | M] () -- C:\WINDOWS\Lic.xxx
[2010.01.09 08:38:09 | 00,000,315 | ---- | M] () -- C:\Documents and Settings\Jakl\Plocha\KATASTR.url
[2010.01.09 05:47:40 | 00,015,184 | -H-- | M] () -- C:\treeinfo.wc
[2010.01.09 04:57:21 | 00,371,829 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.01.07 13:59:58 | 00,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.01.05 19:42:40 | 00,000,048 | ---- | M] () -- C:\WINDOWS\wpd99.drv
[2010.01.05 11:03:50 | 00,000,062 | ---- | M] () -- C:\WINDOWS\System32\drivers\fwdrv.err
[2010.01.05 09:47:44 | 00,001,735 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Adobe Reader 9.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.01.10 08:00:09 | 00,000,276 | ---- | C] () -- C:\Documents and Settings\Jakl\Dokumenty\pinfect.zip
[2010.01.05 11:03:50 | 00,000,062 | ---- | C] () -- C:\WINDOWS\System32\drivers\fwdrv.err
[2010.01.05 09:47:44 | 00,001,735 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Adobe Reader 9.lnk
[2009.11.21 04:01:27 | 00,000,460 | ---- | C] () -- C:\WINDOWS\d.ini
[2009.11.06 15:22:39 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\Ry4CoInst.dll
[2009.02.04 08:29:35 | 00,000,120 | ---- | C] () -- C:\WINDOWS\PbkUser.INI
[2008.07.18 10:45:20 | 00,000,295 | ---- | C] () -- C:\WINDOWS\AMIPRO2.INI
[2008.07.18 10:35:53 | 00,004,722 | ---- | C] () -- C:\WINDOWS\AmiVISD.ini
[2007.11.26 16:51:48 | 00,060,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\cmcmqatt.sys
[2007.11.19 11:46:23 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007.08.02 04:28:45 | 00,000,856 | ---- | C] () -- C:\WINDOWS\_ISENV31.INI
[2007.07.05 04:10:34 | 00,000,043 | ---- | C] () -- C:\WINDOWS\hpfccopy.INI
[2007.07.05 04:07:57 | 00,000,000 | ---- | C] () -- C:\WINDOWS\hpqemlsz.INI
[2007.07.04 11:22:05 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\jdde.dll
[2007.07.04 09:30:22 | 00,000,124 | ---- | C] () -- C:\Documents and Settings\Jakl\Local Settings\Data aplikací\fusioncache.dat
[2007.07.04 09:16:46 | 00,015,723 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\hpzinstall.log
[2007.04.26 09:21:30 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\drivers\fwdrv.sys
[2007.04.26 03:39:07 | 00,000,293 | ---- | C] () -- C:\Documents and Settings\Jakl\Local Settings\Data aplikací\DelUnist.bat
[2007.04.26 03:33:41 | 00,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2007.03.06 06:24:29 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007.02.13 12:22:50 | 00,000,014 | ---- | C] () -- C:\WINDOWS\pagesuit.ini
[2006.09.06 09:35:10 | 00,059,392 | R--- | C] () -- C:\WINDOWS\System32\streamhlp.dll
[2006.04.28 12:19:30 | 00,003,995 | ---- | C] () -- C:\WINDOWS\hpdj5700.ini
[2006.04.28 12:18:45 | 00,000,414 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2006.04.11 05:17:33 | 00,000,000 | ---- | C] () -- C:\WINDOWS\mtstack16.INI
[2006.03.26 07:20:38 | 00,098,304 | ---- | C] () -- C:\Documents and Settings\Jakl\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006.03.11 05:09:14 | 00,000,173 | ---- | C] () -- C:\WINDOWS\easypad.INI
[2006.01.24 06:34:21 | 00,000,147 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2005.12.27 16:17:32 | 00,122,939 | ---- | C] () -- C:\WINDOWS\System32\perf32.ini
[2005.10.30 05:56:20 | 00,528,896 | ---- | C] () -- C:\WINDOWS\System32\AF10.DLL
[2005.10.29 04:56:03 | 00,352,256 | ---- | C] () -- C:\WINDOWS\System32\libtiff.dll
[2005.10.14 11:56:50 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005.10.14 11:56:50 | 00,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005.10.14 11:56:50 | 00,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005.10.14 11:56:50 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005.10.14 11:56:50 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005.10.14 11:56:50 | 00,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005.10.14 11:56:50 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2005.10.03 11:48:26 | 00,000,048 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2005.10.03 11:47:53 | 00,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2005.10.03 11:41:51 | 00,118,784 | ---- | C] () -- C:\WINDOWS\System32\pdfmona.dll
[2005.10.03 11:41:51 | 00,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2005.07.24 07:21:18 | 00,000,005 | ---- | C] () -- C:\WINDOWS\System32\SndDrv32b.ini
[2005.07.05 16:30:01 | 00,000,046 | -H-- | C] () -- C:\WINDOWS\System32\CA23042B-0876-4abc-9D76-29DCE1E858CC.dll
[2005.06.30 06:27:13 | 00,000,476 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2005.06.19 03:37:53 | 00,000,036 | ---- | C] () -- C:\WINDOWS\colwiz1.ini
[2005.05.12 18:33:26 | 00,000,026 | ---- | C] () -- C:\WINDOWS\ucmsp_32.ini
[2005.03.21 05:33:37 | 00,000,703 | ---- | C] () -- C:\WINDOWS\lotus.ini
[2005.03.21 05:33:37 | 00,000,048 | ---- | C] () -- C:\WINDOWS\winhelp.ini
[2005.03.21 05:33:35 | 00,011,208 | ---- | C] () -- C:\WINDOWS\AMIENV.DLL
[2005.03.21 05:33:35 | 00,010,014 | ---- | C] () -- C:\WINDOWS\AMILABEL.INI
[2005.03.21 05:33:35 | 00,004,508 | ---- | C] () -- C:\WINDOWS\AMIPRO.INI
[2005.03.21 05:33:35 | 00,002,673 | ---- | C] () -- C:\WINDOWS\AMICALC.INI
[2005.03.21 05:33:35 | 00,000,332 | ---- | C] () -- C:\WINDOWS\AMIFONT.INI
[2005.03.21 05:33:35 | 00,000,199 | ---- | C] () -- C:\WINDOWS\AMIDRAW.INI
[2005.03.21 05:33:34 | 00,023,822 | ---- | C] () -- C:\WINDOWS\AMIOW.INI
[2005.03.21 05:33:34 | 00,001,993 | ---- | C] () -- C:\WINDOWS\AMIIWP.INI
[2005.03.21 05:32:12 | 00,005,909 | ---- | C] () -- C:\WINDOWS\AMIWP.INI
[2005.03.21 05:27:07 | 00,008,283 | ---- | C] () -- C:\WINDOWS\AMIDW.INI
[2005.03.21 05:26:41 | 00,000,898 | ---- | C] () -- C:\WINDOWS\AMIEQN.INI
[2005.03.21 05:25:54 | 00,000,185 | ---- | C] () -- C:\WINDOWS\AMISMART.INI
[2005.03.21 05:24:22 | 00,000,104 | ---- | C] () -- C:\WINDOWS\AMIIMAGE.INI
[2004.10.11 06:11:07 | 00,000,239 | ---- | C] () -- C:\WINDOWS\Ikony.ini
[2004.09.28 18:39:23 | 00,008,414 | ---- | C] () -- C:\WINDOWS\WLANDOM.ini
[2004.09.07 13:56:07 | 00,000,032 | ---- | C] () -- C:\WINDOWS\render.ini
[2004.05.24 16:13:48 | 00,000,823 | ---- | C] () -- C:\WINDOWS\TSC.ini
[2004.05.15 07:52:11 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\SndDrv32x.ini
[2004.04.11 08:04:34 | 00,000,396 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004.04.10 12:26:00 | 00,002,344 | ---- | C] () -- C:\WINDOWS\vista32d.ini
[2004.04.10 12:25:26 | 00,000,228 | ---- | C] () -- C:\WINDOWS\ppdrv.ini
[2004.04.10 12:20:28 | 00,000,189 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2004.04.10 12:19:22 | 00,105,504 | ---- | C] () -- C:\WINDOWS\p6xx_32.dll
[2004.04.10 12:19:01 | 00,000,151 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2004.04.10 11:04:32 | 00,000,255 | ---- | C] () -- C:\WINDOWS\WDLS.INI
[2004.04.10 11:00:02 | 00,000,030 | ---- | C] () -- C:\WINDOWS\TextSpy.ini
[2004.04.10 09:44:22 | 00,005,474 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2004.04.10 09:38:02 | 00,079,360 | ---- | C] () -- C:\WINDOWS\System32\acdbres.dll
[2004.04.10 09:10:04 | 00,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2002.12.05 17:51:00 | 00,059,392 | R--- | C] () -- C:\WINDOWS\streamhlp.dll
[2002.11.01 15:17:50 | 00,000,256 | ---- | C] () -- C:\WINDOWS\aucfg.ini
[2002.07.04 14:05:34 | 00,000,269 | ---- | C] () -- C:\WINDOWS\tmupdate.ini
[2001.12.14 12:34:46 | 00,164,864 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[1999.07.23 12:46:48 | 00,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999.07.23 09:53:20 | 00,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Jakl\Plocha\DSD.EXE.pif:SummaryInformation
@Alternate Data Stream - 165 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:CB0AACC9
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:5C321E34
< End of report >

Log je ok,jsou s pc nejake problemy?

padání systému při stahování
připojení přes wifi 5,8
nelze vypozorovat v padání nějaké souvislosti...
nechce se mi přeinstalovat systém
díky za námahu

Tzn. system se restartuje pri downloadu?

Zkuste obnovit system k datu,kdy to problemy nedelalo,ale nemyslim,ze by to pomohlo.

CTETE POZORNE NAVOD,TENTO SOFT NETOLERUJE CHYBY V POSTUPU APLIKOVANI!

Klidne si nasledujici radky vytisknete,at vite,co se bude na obrazovce odehravat.

Budte prihlasen na pc s administratorskymi pravy.

stahnete a ulozte nejlepe na plochu ComboFix

v pripade,ze nepujde stranka nacist-stahnete odtud download , popr. nepujde ComboFix spustit - prejmenujte jej na grinder.com a postupujte dale dle instrukci.

hned po startu se zobrazi Zreknuti se prava zaruky na funkcnost software, pokracujte kliknutim na tlacitko Ano:

Obrázek

pote muze nasledovat upozorneni na nainstalovane emulatory CD mechanik,typicky Daemon Tools nebo Alcohol 120

Obrázek

odklepnout OK

Souhlasit s instalaci Recovery console(Konzola pro zotaveni)-nutno funkcni internet

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: upozorneni: Vypnete rezidentni stit u antiviru a antispywaru a zakazte docasne firewall-ComboFix by nemusel fungovat korektne-pokud budete mit stity vypnute a Combofix zahlasi,ze nejsou,pokracujte dal a potvrdte.

po restartu aplikace vytvori log, ulozeny na C:/Combofix.txt (pri opakovanem pouziti jsou logy oznaceny Combofix2.txt atd.), jeho obsah vlozte sem

cca po 5min se comp kousl
aplikace odstranila nastavení ve spybootu
přidala novou ikonu exploreru

Spybot odinstalujte a nahradte jej napr Spyware Terminatorem,Sbybot ma zastaraly engine.

A ten log z ComboFixu?

nainstaloval jsem
znovu spadl combofix, takže log nemám
při modré smrti hláška fwdrv.sys

další modrá smrt
hláška DRIVER_IRQL_NOT_LESS_EQUAL
tcpip.sys adress AE1EBF64 base at AE1D0000, DATEStamp 485b99ad

Pouzijte MBAM

instalace,uplny sken,vlozit sem log-NIC NEMAZAT!

Malwarebytes' Anti-Malware 1.44
Verze databáze: 3510
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

11.1.2010 13:56:35
mbam-log-2010-01-11 (13-56-17).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 118931
Uplynulý čas: 9 minute(s), 27 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 1
Infikované hodnoty registru: 0
Infikované datové položky registru: 1
Infikované adresáře: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3ba4271e-5c1e-48e2-b432-d8bf420dd31d} (Rogue.DeusCleaner) -> No action taken.

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel\Homepage (Hijack.Homepage) -> Bad: (1) Good: (0) -> No action taken.

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
(Nebyly nalezeny žádné škodlivé položky)

Dejte opravit,co MBAM nasel a udelejte jeste Uplny sken.

VIRY.CZ

prosím o kontrolu

prosím o kontrolu

Re: prosím o kontrolu

otl

Re: prosím o kontrolu

Re: prosím o kontrolu

Re: prosím o kontrolu

Re: prosím o kontrolu

Re: prosím o kontrolu

Re: prosím o kontrolu

Re: prosím o kontrolu

Re: prosím o kontrolu

Re: prosím o kontrolu

Re: prosím o kontrolu

Re: prosím o kontrolu

Re: prosím o kontrolu