Kontrola logu

Zpráva

Mr.Hol · #1 Příspěvek od **Mr.Hol** » 27 led 2010 19:14

Dobrý den

Prosím o kontrolu uvedeného logu. Výkon CPU neklesá pod 50%, i když není spuštěný žádný program, který by mohl takový výkon odebírat.

Logfile of random's system information tool 1.06 (written by random/random)
Run by Uživatel at 2010-01-27 19:08:24
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 130 GB (43%) free of 305 GB
Total RAM: 2943 MB (79% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:08:24, on 27.1.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATK Hotkey\Hcontrol.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\ATK Hotkey\ATKOSD.exe
C:\Program Files\ATK Hotkey\KBFiltr.exe
C:\Program Files\ATK Hotkey\WDC.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\QIP\qip.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\Uživatel\Plocha\RSIT.exe
C:\Program Files\trend micro\Uživatel.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatche ... tbid=60341
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/b/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60341
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60341
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60341
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60341
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.qip.ru/search?query=%s&from=IE
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O1 - Hosts: 94.232.248.66 browser-security.microsoft.com
O1 - Hosts: 94.232.248.66 antivaresys.com
O1 - Hosts: 94.232.248.66 http://www.antivaresys.com
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [ATKHOTKEY] "C:\Program Files\ATK Hotkey\Hcontrol.exe"
O4 - HKLM\..\Run: [ATKOSD2] "C:\Program Files\ATKOSD2\ATKOSD2.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [Wireless Console 2] "C:\Program Files\Wireless Console 2\wcourier.exe"
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [ACMON] "C:\Program Files\ASUS\Splendid\ACMON.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ACROMOUSE] C:\Program Files\Tech\Office Program Selector\2.0\ACROMAPP.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: algqeh32.exe
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{0FB23C71-9EDB-43F7-9BB7-766D8F4A2E7F}: NameServer = 10.12.0.1,10.6.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{3177557D-4A84-4BA9-A758-945B7BA9FEBD}: NameServer = 10.12.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{0FB23C71-9EDB-43F7-9BB7-766D8F4A2E7F}: NameServer = 10.12.0.1,10.6.0.1
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: Konfigurační služba Atheros (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Služba inteligentního přenosu na pozadí (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Služba modelu COM pro zápis na disk CD (IMAPI) ImapiServiceShellHWDetection (ImapiServiceShellHWDetection) - Unknown owner - C:\WINDOWS\system32\adptifd.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Automatické aktualizace (wuauserv) - Unknown owner - C:\WINDOWS\
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/UIVATE~1/LOCALS~1/Temp/msohtmlclip1/01/clip_image001.jpg

--
End of file - 12277 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2009-05-27 1215488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-04-23 312928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll [2009-03-02 636216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-12-15 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-12-15 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2008-07-17 691656]
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - &Crawler lišta - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2009-05-27 1215488]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ATKHOTKEY"=C:\Program Files\ATK Hotkey\Hcontrol.exe [2007-07-12 225280]
"ATKOSD2"=C:\Program Files\ATKOSD2\ATKOSD2.exe [2007-10-17 7737344]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-10-30 16269312]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"SMSERIAL"=C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2006-11-22 630784]
"Wireless Console 2"=C:\Program Files\Wireless Console 2\wcourier.exe [2007-07-05 1040384]
"ACU"=C:\Program Files\Atheros\ACU.exe [2007-10-23 376921]
"ATKMEDIA"=C:\Program Files\ASUS\ATK Media\DMEDIA.EXE [2006-11-02 61440]
"ASUS Live Update"=C:\Program Files\ASUS\ASUS Live Update\ALU.exe [2007-11-30 51768]
"Power_Gear"=C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe [2006-07-26 90112]
"ACMON"=C:\Program Files\ASUS\Splendid\ACMON.exe [2007-07-10 851968]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"ACROMOUSE"=C:\Program Files\Tech\Office Program Selector\2.0\ACROMAPP.exe [2005-04-29 554496]
"NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-02-18 2221352]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-04-23 198160]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
""= []
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"CTSyncU.exe"=C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe [2006-09-28 700416]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2008-02-28 1828136]
"BitComet"=C:\Program Files\BitComet\BitComet.exe [2009-03-09 2564408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
C:\Program Files\BitComet\BitComet.exe [2009-03-09 2564408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-07-24 490952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2008-02-28 570664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe [2009-05-28 2176000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files\Valve\Steam\Steam.exe [2009-07-26 1217784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Uživatel^Nabídka Start^Programy^Po spuštění^CCC.lnk]
C:\PROGRA~1\ATITEC~1\ATI.ACE\CORE-S~1\CCC.exe [2006-09-29 49152]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

C:\Documents and Settings\Uživatel\Nabídka Start\Programy\Po spuštění
algqeh32.exe
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-02-02 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digiwet.dll

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableProfileQuota"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Valve\Steam\SteamApps\forcce\condition zero\hl.exe"="C:\Program Files\Valve\Steam\SteamApps\forcce\condition zero\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Valve\Steam\SteamApps\forcce\counter-strike\hl.exe"="C:\Program Files\Valve\Steam\SteamApps\forcce\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Documents and Settings\Uživatel\Plocha\Quake_III_Arena\Quake III Arena\quake3.exe"="C:\Documents and Settings\Uživatel\Plocha\Quake_III_Arena\Quake III Arena\quake3.exe:*:Enabled:quake3"
"C:\Program Files\Valve\hl.exe"="C:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Documents and Settings\Uživatel\Plocha\Gamesy\Quake_III_Arena\Quake III Arena\quake3.exe"="C:\Documents and Settings\Uživatel\Plocha\Gamesy\Quake_III_Arena\Quake III Arena\quake3.exe:*:Enabled:quake3"
"C:\Program Files\QIP\qip.exe"="C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\Program Files\Games\Duke Nukem\Manhattan Project\prism3d.exe"="C:\Program Files\Games\Duke Nukem\Manhattan Project\prism3d.exe:*:Enabled:prism3d"
"C:\Documents and Settings\Uživatel\Plocha\Manhattan Project\prism3d.exe"="C:\Documents and Settings\Uživatel\Plocha\Manhattan Project\prism3d.exe:*:Disabled:prism3d"
"C:\Documents and Settings\Uživatel\Plocha\GAMES\Manhattan Project\prism3d.exe"="C:\Documents and Settings\Uživatel\Plocha\GAMES\Manhattan Project\prism3d.exe:*:Enabled:prism3d"
"C:\Program Files\TmNationsForever\TmForever.exe"="C:\Program Files\TmNationsForever\TmForever.exe:*:Enabled:TmForever"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a8707562-8636-11dd-80d0-001fc6dfb4b9}]
shell\AutoRun\command - F:\WD_Windows_Tools\Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d0dd6d52-bacc-11dd-81a7-0022430a0a03}]
shell\AUtoplay\command - eopc.pif
shell\AutoRun\command - eopc.pif
shell\exPLore\command - eopc.pif
shell\opeN\command - eopc.pif

======File associations======

.scr - open - "C:\WINDOWS\notepad.exe" "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2010-01-27 19:06:53 ----D---- C:\Program Files\trend micro
2010-01-27 19:06:51 ----D---- C:\rsit
2010-01-14 21:43:06 ----D---- C:\Documents and Settings\Uživatel\Data aplikací\TigerPlayer
2010-01-14 21:41:58 ----D---- C:\Program Files\MpcStar
2010-01-08 09:51:19 ----D---- C:\Program Files\Microsoft Silverlight
2009-12-29 20:30:58 ----D---- C:\Program Files\AVIJOINER
2009-12-29 18:23:33 ----D---- C:\Program Files\AoA Video Joiner

======List of files/folders modified in the last 1 months======

2010-01-27 19:07:04 ----D---- C:\WINDOWS\Prefetch
2010-01-27 19:06:53 ----D---- C:\Program Files
2010-01-27 18:56:37 ----D---- C:\Program Files\Mozilla Firefox
2010-01-27 17:44:38 ----D---- C:\Program Files\BitComet
2010-01-27 17:44:31 ----HD---- C:\WINDOWS\inf
2010-01-27 17:42:30 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-27 17:41:33 ----D---- C:\WINDOWS\Temp
2010-01-27 13:39:58 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-27 12:30:01 ----A---- C:\WINDOWS\WirelessFTP.INI
2010-01-26 15:58:32 ----A---- C:\WINDOWS\NeroDigital.ini
2010-01-21 21:57:52 ----D---- C:\Downloads
2010-01-20 18:49:09 ----D---- C:\WINDOWS
2010-01-20 17:28:04 ----D---- C:\Documents and Settings\Uživatel\Data aplikací\XnView
2010-01-18 18:24:21 ----D---- C:\Documents and Settings\All Users\Data aplikací\TrackMania
2010-01-14 23:47:53 ----D---- C:\WINDOWS\system32
2010-01-10 13:51:45 ----D---- C:\Program Files\Yahoo!
2010-01-08 09:51:25 ----SHD---- C:\WINDOWS\Installer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-02-05 26944]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-02-05 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-02-05 51376]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-08-09 53920]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R1 Tosrfcom;Bluetooth RFCOMM; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2007-05-24 64000]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-02-05 94032]
R2 CdaC15BA;CdaC15BA; \??\C:\WINDOWS\system32\drivers\CDAC15BA.SYS []
R2 NwlnkIpx;Transportní protokol kompatibilní s NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-14 88320]
R2 NwlnkNb;Služba NWLink pro rozhraní NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2008-04-14 63232]
R2 NwlnkSpx;Protokol NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2008-04-14 55936]
R3 AR5211;Atheros Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\ar5211.sys [2007-10-26 549184]
R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l251x86.sys [2007-08-21 30208]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-02-02 1975296]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-11-03 4394496]
R3 kbfiltr;Keyboard Filter; C:\WINDOWS\system32\DRIVERS\kbfiltr.sys [2007-01-24 5632]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-04-14 12160]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ATKACPI.sys [2007-08-24 5760]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2008-04-14 5888]
R3 RTSTOR;USB Mass Stroage Device; C:\WINDOWS\system32\drivers\RTSTOR.SYS [2006-06-09 27520]
R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2006-11-22 982272]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\WINDOWS\system32\DRIVERS\snp2uvc.sys [2007-10-01 1769984]
R3 tosporte;Bluetooth COM Port; C:\WINDOWS\system32\DRIVERS\tosporte.sys [2006-10-10 41600]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-14 17152]
R3 WSIMD;wsimd Service; C:\WINDOWS\system32\DRIVERS\wsimd.sys [2007-07-03 57344]
S1 e7a37a8b;e7a37a8b; C:\WINDOWS\System32\drivers\e7a37a8b.sys []
S2 netsik;netsik; \??\C:\WINDOWS\system32\drivers\netsik.sys []
S3 a10bnfjy;a10bnfjy; C:\WINDOWS\system32\drivers\a10bnfjy.sys []
S3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-02-05 23152]
S3 BVRPMPR5;BVRPMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\drivers\BVRPMPR5.SYS []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 hamachi_oem;PlayLinc Adapter; C:\WINDOWS\system32\DRIVERS\gan_adapter.sys [2006-08-28 10664]
S3 lvupdtio;lvupdtio; C:\WINDOWS\system32\drivers\lvupdtio.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 tosrfbd;Bluetooth RFBUS; C:\WINDOWS\system32\DRIVERS\tosrfbd.sys [2007-04-24 113920]
S3 tosrfbnp;Bluetooth RFBNEP; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2006-11-20 36480]
S3 Tosrfhid;Bluetooth RFHID; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2007-03-01 73728]
S3 tosrfnds;Bluetooth Personal Area Network; C:\WINDOWS\system32\DRIVERS\tosrfnds.sys [2005-01-06 18612]
S3 tosrfusb;Bluetooth USB Controller; C:\WINDOWS\system32\DRIVERS\tosrfusb.sys [2007-06-11 41856]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACS;Konfigurační služba Atheros; C:\WINDOWS\system32\acs.exe [2007-10-23 364629]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-02-02 446464]
R2 C-DillaCdaC11BA;C-DillaCdaC11BA; C:\WINDOWS\system32\drivers\CDAC11BA.EXE [2009-12-01 54784]
R2 Creative Service for CDROM Access;Creative Service for CDROM Access; C:\WINDOWS\system32\CTsvcCDA.exe [1999-12-12 44032]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-02-18 877864]
R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-06-15 71096]
R2 NwSapAgent;Agent SAP; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2009-05-28 487424]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-02-25 125048]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-02-28 529704]
S2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-02-05 18752]
S2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-02-05 138680]
S2 ImapiServiceShellHWDetection;Služba modelu COM pro zápis na disk CD (IMAPI) ImapiServiceShellHWDetection; C:\WINDOWS\system32\adptifd.exe srv []
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-01-28 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-02-05 254040]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-02-05 352920]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]

-----------------EOF-----------------

pitimir · #2 Příspěvek od **pitimir** » 27 led 2010 19:58

Ahoj,. vitaj na fore

Mas tam malware, takze:

Stiahni OTL. Uloz na plochu a spust dvojklikom subor "OTL.exe". Otvori sa okno programu, v nom zaskrtni "Scan All Users", "Lop" aj "Purity Check" a "File Scan" zmen na 7 dni miesto 30. Do policka pod nazvom "Custom Scans/Fixes" skopiruj:

Kód: Vybrat vše

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Potom klikni na "Run Scan". Zacne scan pocitaca, po jeho ukonceni sa otvoria dva reporty - obsah oboch potrebujem vidiet.

Mr.Hol · #3 Příspěvek od **Mr.Hol** » 27 led 2010 21:00

Snad jsem udělal vše, tak jak jsem měl

. Bohužel to budu muset rozdělit do 2 zpráv

OTL:

OTL logfile created on: 27.1.2010 20:48:12 - Run 1
OTL by OldTimer - Version 3.1.27.0 Folder = C:\Documents and Settings\Uživatel\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 76,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 88,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298,08 Gb Total Space | 126,77 Gb Free Space | 42,53% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ASUSF5RL
Current User Name: Uživatel
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 7 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.01.27 20:39:34 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Uživatel\Plocha\OTL.exe
PRC - [2010.01.06 19:41:44 | 00,307,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009.12.01 18:00:41 | 00,054,784 | ---- | M] (Macrovision) -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE
PRC - [2009.10.11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009.10.11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009.05.28 17:03:22 | 00,487,424 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\sp_rsser.exe
PRC - [2009.05.27 09:38:46 | 02,428,368 | ---- | M] (Crawler.com) -- C:\Program Files\Crawler\Toolbar\CToolbar.exe
PRC - [2009.04.23 19:34:21 | 00,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2008.12.09 16:00:52 | 03,259,392 | ---- | M] (The Author of QIP) -- C:\Program Files\QIP\qip.exe
PRC - [2008.06.15 14:34:20 | 00,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2008.04.14 13:00:00 | 01,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.02.28 17:07:58 | 01,828,136 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2008.02.28 17:07:48 | 00,529,704 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
PRC - [2008.02.18 16:29:12 | 00,877,864 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
PRC - [2007.11.30 10:20:44 | 00,051,768 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe
PRC - [2007.10.23 18:35:40 | 00,364,629 | ---- | M] (Atheros) -- C:\WINDOWS\system32\acs.exe
PRC - [2007.10.17 18:04:00 | 07,737,344 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe
PRC - [2007.07.12 09:25:28 | 00,225,280 | ---- | M] () -- C:\Program Files\ATK Hotkey\HControl.exe
PRC - [2007.07.10 16:33:58 | 00,106,496 | ---- | M] () -- C:\Program Files\ATK Hotkey\WDC.exe
PRC - [2007.07.10 09:59:56 | 00,851,968 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe
PRC - [2007.05.23 15:56:14 | 02,420,736 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe
PRC - [2007.04.17 12:39:42 | 00,077,824 | ---- | M] () -- C:\Program Files\ATK Hotkey\KBFiltr.exe
PRC - [2007.02.25 20:55:18 | 00,125,048 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2007.02.02 07:55:08 | 00,446,464 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2006.12.19 09:30:26 | 00,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\WINDOWS\system32\IoctlSvc.exe
PRC - [2006.11.22 10:31:26 | 00,630,784 | R--- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
PRC - [2006.11.02 07:27:32 | 00,061,440 | ---- | M] (ASUSTeK Computer INC.) -- C:\Program Files\ASUS\ATK Media\DMedia.exe
PRC - [2006.10.30 12:49:54 | 16,269,312 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTHDCPL.exe
PRC - [2006.09.29 08:57:36 | 00,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
PRC - [2006.09.29 08:57:30 | 00,049,152 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
PRC - [2006.07.26 17:01:06 | 00,090,112 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
PRC - [2005.07.06 14:43:42 | 00,155,648 | ---- | M] (ASUSTeK) -- C:\WINDOWS\system32\ACEngSvr.exe
PRC - [1999.12.12 18:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTSVCCDA.EXE

========== Modules (SafeList) ==========

MOD - [2010.01.27 20:39:34 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Uživatel\Plocha\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (ImapiServiceShellHWDetection) Služba modelu COM pro zápis na disk CD (IMAPI)
SRV - [2009.12.01 18:00:41 | 00,054,784 | ---- | M] (Macrovision) [Auto | Running] -- C:\WINDOWS\system32\drivers\CDAC11BA.EXE -- (C-DillaCdaC11BA)
SRV - [2009.10.11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009.05.28 17:03:22 | 00,487,424 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files\Spyware Terminator\sp_rsser.exe -- (sp_rssrv)
SRV - [2009.02.05 21:08:40 | 00,138,680 | ---- | M] (ALWIL Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009.02.05 21:08:26 | 00,254,040 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009.02.05 21:06:04 | 00,352,920 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009.02.05 21:01:25 | 00,018,752 | ---- | M] (ALWIL Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009.01.28 19:54:40 | 00,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2008.06.15 14:34:20 | 00,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2008.02.28 17:07:48 | 00,529,704 | ---- | M] (Nero AG) [On_Demand | Running] -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2008.02.18 16:29:12 | 00,877,864 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe -- (Nero BackItUp Scheduler 3)
SRV - [2007.10.23 18:35:40 | 00,364,629 | ---- | M] (Atheros) [Auto | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2007.08.24 02:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2007.02.25 20:55:18 | 00,125,048 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2007.02.02 07:55:08 | 00,446,464 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2006.12.19 09:30:26 | 00,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\WINDOWS\system32\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)
SRV - [2006.10.26 12:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [1999.12.12 18:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\WINDOWS\system32\CTSVCCDA.EXE -- (Creative Service for CDROM Access)

========== Driver Services (SafeList) ==========

DRV - [2009.12.01 18:00:43 | 00,012,464 | ---- | M] (Macrovision Europe Ltd) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CDAC15BA.SYS -- (CdaC15BA)
DRV - [2009.05.28 17:03:22 | 00,142,592 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2)
DRV - [2009.02.05 21:08:10 | 00,094,032 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2009.02.05 21:07:23 | 00,114,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2009.02.05 21:07:12 | 00,020,560 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2009.02.05 21:06:20 | 00,051,376 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2009.02.05 21:06:10 | 00,023,152 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2009.02.05 21:05:11 | 00,026,944 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008.10.12 18:36:15 | 00,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008.09.16 01:14:18 | 00,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2008.04.14 13:00:00 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008.04.14 13:00:00 | 00,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008.04.14 13:00:00 | 00,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2008.04.14 13:00:00 | 00,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2008.04.14 13:00:00 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2008.04.14 13:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2008.04.14 13:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rootmdm.sys -- (ROOTMODEM)
DRV - [2007.10.26 01:20:36 | 00,549,184 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2007.10.01 07:59:46 | 01,769,984 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2007.08.24 04:46:48 | 00,005,760 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2007.08.21 09:50:54 | 00,030,208 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l251x86.sys -- (AtcL002)
DRV - [2007.07.03 18:46:24 | 00,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2007.06.11 13:25:28 | 00,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (tosrfusb)
DRV - [2007.05.24 13:27:30 | 00,064,000 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2007.04.24 12:20:06 | 00,113,920 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2007.03.01 15:53:10 | 00,073,728 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2007.02.02 08:03:24 | 01,975,296 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007.01.24 11:08:40 | 00,005,632 | R--- | M] ( ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2006.11.22 10:35:00 | 00,982,272 | R--- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2006.11.20 16:55:16 | 00,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2006.11.03 02:32:30 | 04,394,496 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006.10.10 18:33:00 | 00,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2006.09.05 23:56:44 | 00,044,224 | R--- | M] (BVRP Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2006.08.28 23:54:56 | 00,010,664 | ---- | M] (Applied Networking Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gan_adapter.sys -- (hamachi_oem)
DRV - [2006.06.09 23:07:28 | 00,027,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTSTOR.sys -- (RTSTOR)
DRV - [2005.01.06 12:42:00 | 00,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004.08.09 12:33:26 | 00,114,016 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prohlp02.sys -- (prohlp02)
DRV - [2004.08.09 12:29:28 | 00,053,920 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\prodrv06.sys -- (prodrv06)
DRV - [2004.07.19 15:49:54 | 00,007,040 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prosync1.sys -- (prosync1)
DRV - [2003.12.01 16:20:52 | 00,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp01.sys -- (sfhlp01)
DRV - [2001.08.17 20:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60341
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60341

IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-606747145-527237240-1417001333-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
IE - HKU\S-1-5-21-606747145-527237240-1417001333-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
IE - HKU\S-1-5-21-606747145-527237240-1417001333-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
IE - HKU\S-1-5-21-606747145-527237240-1417001333-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.atcomet.com/b/
IE - HKU\S-1-5-21-606747145-527237240-1417001333-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru
IE - HKU\S-1-5-21-606747145-527237240-1417001333-1004\..\URLSearchHook: {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
IE - HKU\S-1-5-21-606747145-527237240-1417001333-1004\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-606747145-527237240-1417001333-1004\S-1-5-21-606747145-527237240-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Crawler Search"
FF - prefs.js..browser.search.order.1: "Crawler Search"
FF - prefs.js..browser.search.param.yahoo-fr: "megaup"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "megaup"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://seznam.cz/"
FF - prefs.js..extensions.enabledItems: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB}:1.07
FF - prefs.js..extensions.enabledItems: {4B3803EA-5230-4DC3-A7FC-33638F3D3542}:1.3
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090920.2
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.1.20080205
FF - prefs.js..keyword.URL: "http://www.crawler.com/search/dispatche ... 60341&qkw="

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009.04.23 19:34:35 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}: C:\Program Files\Crawler\Toolbar\firefox\ [2009.05.28 17:04:13 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.01.07 14:40:00 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.01.06 19:41:51 | 00,000,000 | ---D | M]

[2008.09.19 17:48:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Extensions
[2010.01.27 18:37:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\16c95atr.default\extensions
[2008.10.29 23:43:18 | 00,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\16c95atr.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009.06.14 10:01:00 | 00,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\16c95atr.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2009.09.26 22:17:46 | 00,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\16c95atr.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2008.10.12 18:39:53 | 00,000,523 | ---- | M] () -- C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\16c95atr.default\searchplugins\daemon-search.xml
[2010.01.22 12:14:00 | 00,000,951 | ---- | M] () -- C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\16c95atr.default\searchplugins\icqplugin.xml
[2009.04.17 18:55:40 | 00,002,061 | ---- | M] () -- C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\16c95atr.default\searchplugins\qipsearch.xml
[2010.01.27 18:37:32 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008.11.11 08:38:54 | 00,663,552 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
[2007.07.26 11:05:16 | 00,001,329 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml
[2008.03.31 20:06:24 | 00,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2008.03.31 20:06:24 | 00,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2009.04.17 19:11:11 | 00,002,061 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\qipsearch.xml
[2008.01.27 10:57:20 | 00,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2008.01.27 10:57:20 | 00,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2008.03.31 20:06:24 | 00,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2009.05.28 17:10:22 | 00,000,148 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 94.232.248.66 browser-security.microsoft.com
O1 - Hosts: 94.232.248.66 antivaresys.com
O1 - Hosts: 94.232.248.66 www.antivaresys.com
O2 - BHO: (Podpora odkazu pro Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: () - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll (BitComet)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (&Crawler lišta) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O3 - HKU\S-1-5-21-606747145-527237240-1417001333-1004\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\S-1-5-21-606747145-527237240-1417001333-1004\..\Toolbar\WebBrowser: (&Crawler lišta) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O4 - HKLM..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe (ATK)
O4 - HKLM..\Run: [ACROMOUSE] C:\Program Files\Tech\Office Program Selector\2.0\ACROMAPP.EXE ()
O4 - HKLM..\Run: [ACU] C:\Program Files\Atheros\ACU.exe (Atheros Communications, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe ()
O4 - HKLM..\Run: [ATKHOTKEY] C:\Program Files\ATK Hotkey\Hcontrol.exe ()
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUSTeK Computer INC.)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files\ATKOSD2\ATKOSD2.exe ()
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe ()
O4 - HKU\S-1-5-21-606747145-527237240-1417001333-1004..\Run: [] File not found
O4 - HKU\S-1-5-21-606747145-527237240-1417001333-1004..\Run: [BitComet] C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O4 - HKU\S-1-5-21-606747145-527237240-1417001333-1004..\Run: [CTSyncU.exe] C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe ()
O4 - HKU\S-1-5-21-606747145-527237240-1417001333-1004..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKU\S-1-5-21-606747145-527237240-1417001333-1004..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth Manager.lnk = C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
O4 - Startup: C:\Documents and Settings\Uživatel\Nabídka Start\Programy\Po spuštění\algqeh32.exe ()
O4 - Startup: C:\Documents and Settings\Uživatel\Nabídka Start\Programy\Po spuštění\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-606747145-527237240-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-606747145-527237240-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O9 - Extra Button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll (BitComet)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/UIVATE~1/LOCALS~1/Temp/msohtmlclip1/01/clip_image001.jpg
O24 - Desktop Components:1 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O27 - HKLM IFEO\a2service.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\ArcaCheck.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\arcavir.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\ashDisp.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\ashEnhcd.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\ashServ.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\ashUpd.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\aswUpdSv.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avadmin.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avcls.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avconfig.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avscan.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avz.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avz_se.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avz4.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\bdinit.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\caav.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\caavguiscan.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\casecuritycenter.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\ccupdate.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\cfp.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\cfpupdat.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\cmdagent.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\drwadins.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\DRWEB32.EXE: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\drwebupw.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\FAMEH32.EXE: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\filemon.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\FPAVServer.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\fpscan.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\FPWin.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\fsav32.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\fsgk32st.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\FSMA32.EXE: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\GFRing3.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\guardgui.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\guardxservice.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\guardxup.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\KAVPF.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\navigator.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\NAVSTUB.EXE: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\niu.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\Nvcc.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\OllyDBG.EXE: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\preupd.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\procexp.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\pskdr.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\regmon.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\RegTool.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\SfFnUp.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\Vba32arkit.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\vba32ldr.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\Zanda.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\zapro.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\Zlh.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\zoneband.dll: Debugger - ntsd -d (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digiwet.dll) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.09.19 10:39:15 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008.12.25 14:44:35 | 00,000,000 | ---D | M] - C:\AutoRun -- [ NTFS ]
O32 - AutoRun File - [2005.08.05 00:15:54 | 00,585,728 | ---- | M] (Electronic Arts Inc.) - C:\AutoRunGUI.dll -- [ NTFS ]
O33 - MountPoints2\{a8707562-8636-11dd-80d0-001fc6dfb4b9}\Shell\AutoRun\command - "" = F:\WD_Windows_Tools\Setup.exe -- File not found
O33 - MountPoints2\{d0dd6d52-bacc-11dd-81a7-0022430a0a03}\Shell\AUtoplay\coMmAnD - "" = eopc.pif
O33 - MountPoints2\{d0dd6d52-bacc-11dd-81a7-0022430a0a03}\Shell\AutoRun\command - "" = eopc.pif
O33 - MountPoints2\{d0dd6d52-bacc-11dd-81a7-0022430a0a03}\Shell\exPLore\COMmAnD - "" = eopc.pif
O33 - MountPoints2\{d0dd6d52-bacc-11dd-81a7-0022430a0a03}\Shell\opeN\coMmAnd - "" = eopc.pif
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008.09.19 12:20:25 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (55453963436163072)

========== Files/Folders - Created Within 7 Days ==========

[2010.01.27 20:39:33 | 00,548,864 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Uživatel\Plocha\OTL.exe
[2010.01.27 19:06:53 | 00,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.01.27 19:06:51 | 00,000,000 | ---D | C] -- C:\rsit
[2010.01.21 11:44:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Uživatel\Plocha\OCHRANA
[2009.06.26 17:02:29 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Data aplikací\Microsoft
[2009.06.26 17:02:29 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Data aplikací\Microsoft
[2009.06.26 17:02:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Microsoft
[2009.06.26 17:02:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Microsoft
[2008.10.01 17:31:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\ESET
[2008.09.19 10:48:11 | 00,005,632 | R--- | C] ( ) -- C:\WINDOWS\System32\drivers\kbfiltr.sys
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 7 Days ==========

[2010.01.27 20:45:19 | 07,602,176 | -H-- | M] () -- C:\Documents and Settings\Uživatel\NTUSER.DAT
[2010.01.27 20:39:34 | 00,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Uživatel\Plocha\OTL.exe
[2010.01.27 19:05:01 | 00,781,909 | ---- | M] () -- C:\Documents and Settings\Uživatel\Plocha\RSIT.exe
[2010.01.27 17:40:49 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.01.27 17:40:45 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.01.27 12:30:01 | 00,000,098 | ---- | M] () -- C:\WINDOWS\WirelessFTP.INI
[2010.01.26 17:25:31 | 00,026,112 | ---- | M] () -- C:\Documents and Settings\Uživatel\Plocha\Seznam filmu - sehnat, stahnut apod..doc
[2010.01.26 15:58:32 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.01.26 12:35:04 | 85,650,677 | ---- | M] () -- C:\Documents and Settings\Uživatel\Plocha\Brennan Heart @ Tragoodia.mp3
[2010.01.25 19:38:25 | 93,372,9744 | ---- | M] () -- C:\Documents and Settings\Uživatel\Plocha\Klub rvacu - Fight Club (1999)-CZ.avi
[2010.01.24 22:42:04 | 00,221,696 | ---- | M] () -- C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.01.24 12:08:11 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.01.22 00:44:01 | 02,109,918 | -H-- | M] () -- C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\IconCache.db
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.01.27 19:05:00 | 00,781,909 | ---- | C] () -- C:\Documents and Settings\Uživatel\Plocha\RSIT.exe
[2010.01.26 12:29:32 | 85,650,677 | ---- | C] () -- C:\Documents and Settings\Uživatel\Plocha\Brennan Heart @ Tragoodia.mp3
[2010.01.25 17:05:01 | 93,372,9744 | ---- | C] () -- C:\Documents and Settings\Uživatel\Plocha\Klub rvacu - Fight Club (1999)-CZ.avi
[2009.11.28 23:27:35 | 00,000,016 | ---- | C] () -- C:\Documents and Settings\NetworkService\Data aplikací\cbqozg.dat
[2009.11.28 23:27:30 | 00,000,004 | ---- | C] () -- C:\Documents and Settings\Uživatel\Data aplikací\avdrn.dat
[2009.05.28 17:03:22 | 00,142,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2009.03.14 21:19:35 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.02.07 21:37:30 | 00,000,632 | ---- | C] () -- C:\WINDOWS\CoD.INI
[2008.12.27 19:11:11 | 00,000,600 | ---- | C] () -- C:\WINDOWS\Rtcw.INI
[2008.11.21 22:47:52 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008.11.21 22:45:16 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008.11.21 22:45:16 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008.11.21 22:44:16 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008.10.13 18:45:51 | 00,000,098 | ---- | C] () -- C:\WINDOWS\WirelessFTP.INI
[2008.10.12 18:36:15 | 00,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008.10.04 13:04:14 | 00,000,024 | ---- | C] () -- C:\WINDOWS\ATKPF.ini
[2008.09.22 11:23:26 | 00,221,696 | ---- | C] () -- C:\Documents and Settings\Uživatel\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.09.19 11:48:53 | 00,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2008.09.19 10:59:28 | 00,028,160 | R--- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2008.09.19 10:59:27 | 01,769,984 | R--- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2008.09.19 10:46:58 | 00,005,760 | R--- | C] () -- C:\WINDOWS\System32\drivers\ATKACPI.sys
[2006.12.05 12:05:04 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005.10.14 10:56:50 | 00,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005.10.14 10:56:50 | 00,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005.10.14 10:56:50 | 00,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005.10.14 10:56:50 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005.10.14 10:56:50 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005.10.14 10:56:50 | 00,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005.10.14 10:56:50 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2005.07.22 20:30:18 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll

========== LOP Check ==========

[2009.04.18 19:34:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Ableton
[2009.12.01 17:59:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Autodesk
[2008.09.19 11:47:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ESET
[2008.09.25 11:10:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ICQ
[2009.09.27 18:17:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
[2009.10.23 14:38:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2010.01.18 18:24:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TrackMania
[2009.09.20 13:25:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Domov\Data aplikací\Spyware Terminator
[2009.04.18 19:35:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\Ableton
[2008.12.18 22:28:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\Astro Gemini Software
[2009.07.19 20:29:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\Audacity
[2009.10.31 14:51:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\Auslogics
[2009.12.01 18:01:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\Autodesk
[2008.10.14 14:17:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\Canneverbe_Limited
[2008.10.12 18:36:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\DAEMON Tools
[2009.01.15 11:29:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\IrfanView
[2008.10.12 18:49:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\Leadertech
[2009.04.18 19:34:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\Live 6.0.7
[2008.12.13 23:12:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\Opera
[2009.04.17 18:55:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\QIP
[2009.10.23 13:41:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\Sachy
[2009.09.27 18:00:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\Spyware Terminator
[2010.01.14 21:44:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\TigerPlayer
[2009.06.19 22:12:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\Toshiba
[2010.01.20 17:28:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Uživatel\Data aplikací\XnView

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >
[2008.04.14 13:00:00 | 20,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2008.04.14 13:00:00 | 20,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 13:00:00 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008.04.14 13:00:00 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008.04.14 13:00:00 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008.04.14 13:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008.04.14 13:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008.04.14 13:00:00 | 00,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008.04.14 13:00:00 | 00,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

========== Alternate Data Streams ==========

@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:C5E118DF
< End of report >

Mr.Hol · #4 Příspěvek od **Mr.Hol** » 27 led 2010 21:01

EXTRAS:

OTL Extras logfile created on: 27.1.2010 20:48:12 - Run 1
OTL by OldTimer - Version 3.1.27.0 Folder = C:\Documents and Settings\Uživatel\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 76,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 88,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298,08 Gb Total Space | 126,77 Gb Free Space | 42,53% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ASUSF5RL
Current User Name: Uživatel
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 7 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-606747145-527237240-1417001333-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [Prozkoumat v XnView] -- "C:\Program Files\XnView\xnview.exe" "%1" (XnView, http://www.xnview.com)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"23460:TCP" = 23460:TCP:*:Enabled:BitComet 23460 TCP
"23460:UDP" = 23460:UDP:*:Enabled:BitComet 23460 UDP
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Valve\Steam\SteamApps\forcce\condition zero\hl.exe" = C:\Program Files\Valve\Steam\SteamApps\forcce\condition zero\hl.exe:*:Enabled:Half-Life Launcher -- File not found
"C:\Program Files\Valve\Steam\SteamApps\forcce\counter-strike\hl.exe" = C:\Program Files\Valve\Steam\SteamApps\forcce\counter-strike\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"C:\Documents and Settings\Uživatel\Plocha\Quake_III_Arena\Quake III Arena\quake3.exe" = C:\Documents and Settings\Uživatel\Plocha\Quake_III_Arena\Quake III Arena\quake3.exe:*:Enabled:quake3 -- File not found
"C:\Program Files\Valve\hl.exe" = C:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"C:\Documents and Settings\Uživatel\Plocha\Gamesy\Quake_III_Arena\Quake III Arena\quake3.exe" = C:\Documents and Settings\Uživatel\Plocha\Gamesy\Quake_III_Arena\Quake III Arena\quake3.exe:*:Enabled:quake3 -- File not found
"C:\Program Files\QIP\qip.exe" = C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager -- (The Author of QIP)
"C:\Program Files\Games\Duke Nukem\Manhattan Project\prism3d.exe" = C:\Program Files\Games\Duke Nukem\Manhattan Project\prism3d.exe:*:Enabled:prism3d -- File not found
"C:\Documents and Settings\Uživatel\Plocha\Manhattan Project\prism3d.exe" = C:\Documents and Settings\Uživatel\Plocha\Manhattan Project\prism3d.exe:*:Disabled:prism3d -- File not found
"C:\Documents and Settings\Uživatel\Plocha\GAMES\Manhattan Project\prism3d.exe" = C:\Documents and Settings\Uživatel\Plocha\GAMES\Manhattan Project\prism3d.exe:*:Enabled:prism3d -- ()
"C:\Program Files\TmNationsForever\TmForever.exe" = C:\Program Files\TmNationsForever\TmForever.exe:*:Enabled:TmForever -- ()

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FF2C26-DBCE-DADA-BEE5-0928E0F8F623}" = CCC Help German
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{05F4ABAC-8697-2291-16D8-4BFD7DD78B59}" = CCC Help Japanese
"{07C85A90-668F-A807-5C67-975E0777A9E8}" = Catalyst Control Center Localization Russian
"{0A755762-EED8-47AB-A446-505766F93D43}" = Atheros Communications Inc.(R) L2 Fast Ethernet Driver
"{0EA06F05-4320-E4DC-4374-E6C0986C964D}" = Catalyst Control Center Localization Finnish
"{137C5C08-8B6F-497A-1529-502359B3BA88}" = Catalyst Control Center Localization Polish
"{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}" = ATK Media
"{13B792AA-C078-43A4-8A3A-8B12D629940D}" = Counter-Strike 1.6
"{17EE76BB-5264-8946-DA8F-D564ED25EDDD}" = CCC Help English
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{20AC583C-A6FB-410A-807D-25308225C201}" = Paint.NET v3.35
"{259C0ABB-A3B2-4D70-008F-BF7EE491B70B}" = Need for Speed™ Carbon
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 17
"{27599825-6BD9-1081-D1CC-0BFC01157204}" = CCC Help Hungarian
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{2E13776F-DEAF-7C83-C2A9-3BF073D51BFD}" = Catalyst Control Center Localization Swedish
"{3482A5D0-F16D-A6C9-397F-8D85EA61BF93}" = Catalyst Control Center Localization Norwegian
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3C3CA756-9FB1-60D9-4435-6D9FEB42C637}" = Catalyst Control Center Localization Dutch
"{3E4039F8-5DA8-0414-B7E1-8DA8C8FC1565}" = Catalyst Control Center Localization Thai
"{4462AD13-F2AA-4CBD-9F95-293C38EED870}" = Power4 Gear
"{48D4215F-414F-1554-8534-E3D8156C0666}" = Skins
"{4A0FAC3C-852D-C0A3-1715-6F844C184CF0}" = CCC Help Portuguese
"{4B29B49E-F274-58CE-25D2-791570F1619A}" = CCC Help French
"{4B546AE5-DF17-6D39-A846-A9ECD0153C9A}" = Catalyst Control Center Localization Greek
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5783F2D7-0201-0409-0002-0060B0CE6BBA}" = AutoCAD 2004
"{57EF4BC7-0C52-1872-C0CE-AEAB996E5626}" = Catalyst Control Center Localization Korean
"{5B701396-48C3-A3FA-43DB-FF975446759C}" = Catalyst Control Center Localization French
"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2
"{5ECA8F33-8F8E-1042-2082-5F02E64D6140}" = CCC Help Polish
"{675DD7FA-42A2-4527-9770-344AD4D40872}" = Duke Nukem Manhattan Project
"{68B84920-CD46-8C5B-DABE-EC0FF6F0C703}" = Catalyst Control Center Localization German
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AF75C96-2093-51F4-0412-501CB317A7F9}" = CCC Help Thai
"{6D219284-A368-A0A5-AA55-8BAAE9EA60CC}" = Catalyst Control Center Localization Japanese
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{732442CA-AFFC-E75D-C586-2A3C71D8CFFE}" = CCC Help Finnish
"{767EE8DA-A2AA-00A9-1A21-9584E00867B8}" = Catalyst Control Center Core Implementation
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{815B5312-F7B5-EDD5-A899-B0228C3C7F3A}" = CCC Help Turkish
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{857D4360-762B-978B-76AD-491AA719E47A}" = ccc-core-static
"{86552A3A-0437-319B-46C5-569FC9F7ACA9}" = ccc-utility
"{8795CBED-55E2-4693-9F14-84EC446935BE}" = SpeechRedist
"{89EAD7B4-1CAC-CC9E-F040-FE041A2EA77C}" = Catalyst Control Center Localization Spanish
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8BE3174F-3BFE-8822-4493-A0519D1E4E94}" = Catalyst Control Center Localization Portuguese
"{90120000-0010-0405-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Czech) 12
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}_HOMESTUDENTR_{CB5EC6E0-FC8C-469B-A067-DEC8C6D17C59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}_HOMESTUDENTR_{CB5EC6E0-FC8C-469B-A067-DEC8C6D17C59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}_HOMESTUDENTR_{CB5EC6E0-FC8C-469B-A067-DEC8C6D17C59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}_HOMESTUDENTR_{3C3813E1-C370-4F32-9639-8B43C7C780CD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-001F-041B-0000-0000000FF1CE}_HOMESTUDENTR_{F67648A4-713E-4298-BBAD-A83D8283B0F3}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}_HOMESTUDENTR_{2659571A-3405-4486-B7D8-2F125BC0E3B2}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}_HOMESTUDENTR_{CB5EC6E0-FC8C-469B-A067-DEC8C6D17C59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00B2-0405-0000-0000000FF1CE}" = Doplněk Microsoft Save as PDF or XPS pro aplikace sady Microsoft Office 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{9862E0CB-4727-4FFC-963A-E22A9E9EC10C}" = Creative ZEN V Series (R2)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D7802F0-3C39-ED52-10D9-AE8A7FB5A94C}" = Catalyst Control Center Localization Hungarian
"{9F303CF8-2998-4541-C9F7-C3AAEC2B88B0}" = Catalyst Control Center Graphics Full Existing
"{A042FD6F-D051-ECE5-71C9-52ABFE36EBF9}" = Catalyst Control Center Localization Czech
"{A125DDDB-E0C0-08E0-F04C-7B5409DFFC79}" = Catalyst Control Center Graphics Light
"{AB1E9EC2-42E4-E801-83BB-AAFF86DDEC7E}" = CCC Help Czech
"{AC76BA86-7AD7-1029-7B44-A81200000003}" = Adobe Reader 8 - Czech
"{B02A3921-F7B7-C73F-395B-8172C9EE4006}" = Catalyst Control Center Localization Italian
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BD17DEF2-8970-E4F5-337A-C10DE4D33F29}" = CCC Help Korean
"{BE282C23-5484-47FF-B2C1-EBEA5C891029}" = Nero 8
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C0FC1C14-4824-4A73-87A6-9E888C9C3102}" = ASUS Splendid Video Enhancement Technology
"{C5A2542D-CF79-3EE6-7673-2CEDA2338172}" = CCC Help Greek
"{C69B9631-B617-B714-7FE2-6FCD5B891ACD}" = Catalyst Control Center Localization Chinese Traditional
"{C6D7BC96-A608-0908-F6E7-53C118423087}" = CCC Help Chinese Standard
"{C8A4038E-4DA5-879D-A353-7443FC3EE22C}" = CCC Help Spanish
"{C9B7D4A2-7A42-96BC-DE77-6EB23F1116A8}" = CCC Help Swedish
"{CE344E77-B015-C6D0-9A1B-0EA0043E7A52}" = CCC Help Russian
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D9D45F79-D38C-9BCA-4023-6F3E365D5D25}" = CCC Help Dutch
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DCE907E3-4D72-4CD3-A08A-BEFC8C7A5869}" = Branding
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{DF5A03CC-D5AA-43D8-B948-D9903F2AF94A}" = Counter-Strike(TM)
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag
"{E1BBBAC5-2857-4155-82A6-54492CE88620}" = Opera 9.64
"{E4BCF2E7-B181-C240-B6EC-04A8FA633EEF}" = Catalyst Control Center Graphics Full New
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E91EBA1F-DA25-58B2-365F-FB76BDC81F86}" = Catalyst Control Center Localization Turkish
"{EA2F03AD-BF9D-EECC-F24C-549046AEC17A}" = Catalyst Control Center Localization Danish
"{EE78C2A7-1413-105B-DC86-3F9FA6B10C2F}" = CCC Help Danish
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2AAE965-966C-104E-ECCD-9F111A83139C}" = CCC Help Italian
"{F3AEE6A8-5FA3-F9AA-8CA7-D1AAD6352065}" = Catalyst Control Center Localization Chinese Standard
"{F7F564DD-A790-D01A-5390-6D1386AA5621}" = CCC Help Norwegian
"{FD9B0D38-7B82-5A3A-E046-D8DBF3F06A93}" = CCC Help Chinese Traditional
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All ATI Software" = Softarová utilita ATI - Odinstalovat
"AoA Video Joiner_is1" = AoA Video Joiner
"ATI Display Driver" = ATI Display Driver
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.5 (Unicode)
"Autodesk Express Viewer" = Autodesk Express Viewer
"avast!" = avast! Antivirus
"AVI Joiner_is1" = AVI Joiner version 1.0
"BitComet" = BitComet 1.10
"blimpss" = blimpss Screen Saver
"BSPlayer1" = BSPlayer
"CCleaner" = CCleaner (remove only)
"CdaC13Ba" = SafeCast Shared Components
"CDex" = CDex extraction audio
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0
"Creative Removable Disk Manager" = Creative Removable Disk Manager
"CToolbar_UNINSTALL" = Crawler Toolbar with Web Security Guard
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"GOM Player" = GOM Player
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IrfanView" = IrfanView (remove only)
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox (3.0.17)" = Mozilla Firefox (3.0.17)
"MPEG2 Codec(libmpeg2/mad)" = MPEG2 Codec(libmpeg2/mad)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Native Instruments Service Center" = Native Instruments Service Center
"Project IGI" = Project IGI
"QIP 2005_is1" = QIP 2005 8080
"RealPlayer 6.0" = RealPlayer
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"Spyware Terminator_is1" = Spyware Terminator
"SysInfo" = Creative System Information
"Tech Office Program Selector" = Office Program Selector 2.0
"TmNationsForever_is1" = TmNationsForever
"USB 2.0 1.3M UVC WebCam" = USB 2.0 1.3M UVC WebCam
"VLC media player" = VLC media player 0.9.2
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XnView_is1" = XnView 1.94.2
"YInstHelper" = Yahoo! Install Manager
"ZENcast Organizer" = ZENcast Organizer

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-606747145-527237240-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"QIP 2005" = QIP 2005 8092

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 27.5.2009 10:42:14 | Computer Name = ASUSF5RL | Source = avast! | ID = 33554522
Description = aswChestInterface - Program vyvolal nestandardní stav. Informace o
chybě: CChestListView::LoadFiles() chestOpenList() failed: 2147422219.

Error - 27.5.2009 10:42:37 | Computer Name = ASUSF5RL | Source = avast! | ID = 33554522
Description = aswChestInterface - Program vyvolal nestandardní stav. Informace o
chybě: CChestListView::OnCreate() !m_strErrorWnd.IsEmpty().

Error - 26.12.2009 10:03:20 | Computer Name = ASUSF5RL | Source = avast! | ID = 33554522
Description = Chyba v aswChestC: chestOpenList Error 1753.

Error - 26.12.2009 10:03:20 | Computer Name = ASUSF5RL | Source = avast! | ID = 33554522
Description = aswChestInterface - Program vyvolal nestandardní stav. Informace o
chybě: CChestListView::LoadFiles() chestOpenList() failed: 2147422219.

Error - 26.12.2009 10:03:40 | Computer Name = ASUSF5RL | Source = avast! | ID = 33554522
Description = aswChestInterface - Program vyvolal nestandardní stav. Informace o
chybě: CChestListView::OnCreate() !m_strErrorWnd.IsEmpty().

Error - 25.1.2010 15:30:15 | Computer Name = ASUSF5RL | Source = avast! | ID = 33554522
Description = Chyba v aswChestC: chestOpenList Error 1753.

Error - 25.1.2010 15:30:15 | Computer Name = ASUSF5RL | Source = avast! | ID = 33554522
Description = aswChestInterface - Program vyvolal nestandardní stav. Informace o
chybě: CChestListView::LoadFiles() chestOpenList() failed: 2147422219.

Error - 25.1.2010 15:30:17 | Computer Name = ASUSF5RL | Source = avast! | ID = 33554522
Description = aswChestInterface - Program vyvolal nestandardní stav. Informace o
chybě: CChestListView::OnCreate() !m_strErrorWnd.IsEmpty().

Error - 25.1.2010 15:32:38 | Computer Name = ASUSF5RL | Source = avast! | ID = 33554522
Description = Chyba v aswChestC: chestOpenList Error 1753.

Error - 25.1.2010 15:32:38 | Computer Name = ASUSF5RL | Source = avast! | ID = 33554522
Description = aswChestInterface - Program vyvolal nestandardní stav. Informace o
chybě: CChestListView::LoadFiles() chestOpenList() failed: 2147422219.

[ Application Events ]
Error - 10.1.2010 16:57:30 | Computer Name = ASUSF5RL | Source = Application Error | ID = 1000
Description = Chybující aplikace gom.exe, verze 2.1.9.3754, chybující modul viscommpgdec.dll,
verze 9.0.0.0, adresa chyby 0x00003119.

Error - 10.1.2010 16:57:49 | Computer Name = ASUSF5RL | Source = Application Error | ID = 1000
Description = Chybující aplikace bsplayer.exe, verze 1.3.7.826, chybující modul
viscommpgdec.dll, verze 9.0.0.0, adresa chyby 0x00003119.

Error - 10.1.2010 16:58:26 | Computer Name = ASUSF5RL | Source = Application Error | ID = 1000
Description = Chybující aplikace showtime.exe, verze 4.3.2.0, chybující modul viscommpgdec.dll,
verze 9.0.0.0, adresa chyby 0x00003119.

Error - 10.1.2010 17:22:41 | Computer Name = ASUSF5RL | Source = Application Error | ID = 1000
Description = Chybující aplikace bsplayer.exe, verze 1.3.7.826, chybující modul
bsplayer.exe, verze 1.3.7.826, adresa chyby 0x00002260.

Error - 15.1.2010 16:28:37 | Computer Name = ASUSF5RL | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace firefox.exe, verze 1.9.0.3642, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 23.1.2010 9:00:37 | Computer Name = ASUSF5RL | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace firefox.exe, verze 1.9.0.3642, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 24.1.2010 17:14:34 | Computer Name = ASUSF5RL | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 ccc.exe, P2 2.0.0.0, P3 451d264f, P4 log.foundation,
P5 2.0.2560.25959, P6 459d549f, P7 24, P8 0, P9 system.exception, P10 NIL.

Error - 25.1.2010 15:04:24 | Computer Name = ASUSF5RL | Source = .NET Runtime 2.0 Error Reporting | ID = 5000
Description = EventType clr20r3, P1 ccc.exe, P2 2.0.0.0, P3 451d264f, P4 log.foundation,
P5 2.0.2560.25959, P6 459d549f, P7 24, P8 0, P9 system.exception, P10 NIL.

Error - 27.1.2010 15:46:31 | Computer Name = ASUSF5RL | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace OTL.exe, verze 3.1.27.0, zablokovaný modul hungapp,
verze 0.0.0.0, adresa bloku 0x00000000.

Error - 27.1.2010 15:46:32 | Computer Name = ASUSF5RL | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace OTL.exe, verze 3.1.27.0, zablokovaný modul hungapp,
verze 0.0.0.0, adresa bloku 0x00000000.

[ System Events ]
Error - 27.1.2010 7:27:55 | Computer Name = ASUSF5RL | Source = Service Control Manager | ID = 7000
Description = Služba Automatické aktualizace neuspěla při spuštění v důsledku následující
chyby: %%2

Error - 27.1.2010 7:56:08 | Computer Name = ASUSF5RL | Source = Service Control Manager | ID = 7000
Description = Služba lvupdtio neuspěla při spuštění v důsledku následující chyby:
%%2

Error - 27.1.2010 12:41:30 | Computer Name = ASUSF5RL | Source = Service Control Manager | ID = 7009
Description = Vypršel časový limit (30000 milisekund) čekání na připojení služby
avast! iAVS4 Control Service.

Error - 27.1.2010 12:41:30 | Computer Name = ASUSF5RL | Source = Service Control Manager | ID = 7000
Description = Služba avast! iAVS4 Control Service neuspěla při spuštění v důsledku
následující chyby: %%1053

Error - 27.1.2010 12:41:30 | Computer Name = ASUSF5RL | Source = Service Control Manager | ID = 7009
Description = Vypršel časový limit (30000 milisekund) čekání na připojení služby
avast! Antivirus.

Error - 27.1.2010 12:41:30 | Computer Name = ASUSF5RL | Source = Service Control Manager | ID = 7000
Description = Služba avast! Antivirus neuspěla při spuštění v důsledku následující
chyby: %%1053

Error - 27.1.2010 12:41:30 | Computer Name = ASUSF5RL | Source = Service Control Manager | ID = 7000
Description = Služba Služba inteligentního přenosu na pozadí neuspěla při spuštění
v důsledku následující chyby: %%2

Error - 27.1.2010 12:41:30 | Computer Name = ASUSF5RL | Source = Service Control Manager | ID = 7000
Description = Služba Automatické aktualizace neuspěla při spuštění v důsledku následující
chyby: %%2

Error - 27.1.2010 12:51:00 | Computer Name = ASUSF5RL | Source = Service Control Manager | ID = 7000
Description = Služba lvupdtio neuspěla při spuštění v důsledku následující chyby:
%%2

Error - 27.1.2010 13:11:05 | Computer Name = ASUSF5RL | Source = ACPIEC | ID = 327681
Description = \Device\ACPIEC: Hardware vloženého řadiče (EC) neodpověděl v daném
časovém limitu. To může znamenat, že došlo k chybě v hardwaru řadiče nebo ve firmwaru
nebo že je nesprávně navržen systém BIOS, který k vloženému řadiči přistupuje nebezpečným
způsobem. Řadič EC v případě možnosti zopakuje transakci, která se nezdařila.

< End of report >

pitimir · #5 Příspěvek od **pitimir** » 27 led 2010 21:45

Pekne

Skopiruj v OTL do policka pod nazvom "Custom Scans/Fixes":

Kód: Vybrat vše

:otl
SRV - File not found [Auto | Stopped] -- -- (ImapiServiceShellHWDetection) Služba modelu COM pro zápis na disk CD (IMAPI)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKU\S-1-5-21-606747145-527237240-1417001333-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
IE - HKU\S-1-5-21-606747145-527237240-1417001333-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
IE - HKU\S-1-5-21-606747145-527237240-1417001333-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
IE - HKU\S-1-5-21-606747145-527237240-1417001333-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru
IE - HKU\S-1-5-21-606747145-527237240-1417001333-1004\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
FF - prefs.js..browser.search.param.yahoo-fr: "megaup"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "megaup"
[2008.10.29 23:43:18 | 00,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\16c95atr.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009.06.14 10:01:00 | 00,000,000 | ---D | M] (BitComet Video Downloader) -- C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\16c95atr.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
[2008.10.12 18:39:53 | 00,000,523 | ---- | M] () -- C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\16c95atr.default\searchplugins\daemon-search.xml
[2010.01.22 12:14:00 | 00,000,951 | ---- | M] () -- C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\16c95atr.default\searchplugins\icqplugin.xml
[2009.04.17 18:55:40 | 00,002,061 | ---- | M] () -- C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\16c95atr.default\searchplugins\qipsearch.xml
[2008.11.11 08:38:54 | 00,663,552 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
[2009.04.17 19:11:11 | 00,002,061 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\qipsearch.xml
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll (BitComet)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\S-1-5-21-606747145-527237240-1417001333-1004\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKU\S-1-5-21-606747145-527237240-1417001333-1004..\Run: [] File not found
O4 - HKU\S-1-5-21-606747145-527237240-1417001333-1004..\Run: [BitComet] C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O4 - Startup: C:\Documents and Settings\Uživatel\Nabídka Start\Programy\Po spuštění\algqeh32.exe ()
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll (BitComet)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O27 - HKLM IFEO\a2service.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\ArcaCheck.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\arcavir.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\ashDisp.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\ashEnhcd.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\ashServ.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\ashUpd.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\aswUpdSv.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avadmin.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avcls.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avconfig.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avscan.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avz.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avz_se.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\avz4.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\bdinit.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\caav.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\caavguiscan.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\casecuritycenter.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\ccupdate.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\cfp.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\cfpupdat.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\cmdagent.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\drwadins.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\DRWEB32.EXE: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\drwebupw.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\FAMEH32.EXE: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\filemon.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\FPAVServer.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\fpscan.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\FPWin.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\fsav32.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\fsgk32st.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\FSMA32.EXE: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\GFRing3.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\guardgui.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\guardxservice.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\guardxup.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\KAVPF.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\navigator.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\NAVSTUB.EXE: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\niu.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\Nvcc.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\OllyDBG.EXE: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\preupd.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\procexp.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\pskdr.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\regmon.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\RegTool.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\SfFnUp.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\Vba32arkit.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\vba32ldr.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\Zanda.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\zapro.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\Zlh.exe: Debugger - ntsd -d (Microsoft Corporation)
O27 - HKLM IFEO\zoneband.dll: Debugger - ntsd -d (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digiwet.dll) - File not found
O33 - MountPoints2\{a8707562-8636-11dd-80d0-001fc6dfb4b9}\Shell\AutoRun\command - "" = F:\WD_Windows_Tools\Setup.exe -- File not found
O33 - MountPoints2\{d0dd6d52-bacc-11dd-81a7-0022430a0a03}\Shell\AUtoplay\coMmAnD - "" = eopc.pif
O33 - MountPoints2\{d0dd6d52-bacc-11dd-81a7-0022430a0a03}\Shell\AutoRun\command - "" = eopc.pif
O33 - MountPoints2\{d0dd6d52-bacc-11dd-81a7-0022430a0a03}\Shell\exPLore\COMmAnD - "" = eopc.pif
O33 - MountPoints2\{d0dd6d52-bacc-11dd-81a7-0022430a0a03}\Shell\opeN\coMmAnd - "" = eopc.pif
[2009.11.28 23:27:30 | 00,000,004 | ---- | C] () -- C:\Documents and Settings\Uživatel\Data aplikací\avdrn.dat

:files
 C:\Program Files\DAEMON Tools Toolbar
C:\Documents and Settings\LocalService\Local Settings\Data aplikací\ESET
C:\Documents and Settings\All Users\Data aplikací\ESET
@C:\Documents and Settings\All Users\Data aplikací\TEMP:C5E118DF

:commands
[resethosts]
[emptytemp]
[reoobt]

Klikni na "Run Fix". Program zacne pracovat, mozny je restart PC. Po nom by sa ti mal objavit log, ten by som rad videl.

Mr.Hol · #6 Příspěvek od **Mr.Hol** » 27 led 2010 22:08

All processes killed
========== OTL ==========
Error: No service named ImapiServiceShellHWDetection) Služba modelu COM pro zápis na disk CD (IMAPI was found to stop!
Unable to stop service ImapiServiceShellHWDetection) Služba modelu COM pro zápis na disk CD (IMAPI!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
Unable to set value : HKU\S-1-5-21-606747145-527237240-1417001333-1004\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E!
Unable to set value : HKU\S-1-5-21-606747145-527237240-1417001333-1004\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E!
Unable to set value : HKU\S-1-5-21-606747145-527237240-1417001333-1004\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E!
Unable to set value : HKU\S-1-5-21-606747145-527237240-1417001333-1004\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E!
Registry value HKEY_USERS\S-1-5-21-606747145-527237240-1417001333-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
Prefs.js: "megaup" removed from browser.search.param.yahoo-fr
Prefs.js: "megaup" removed from browser.search.param.yahoo-fr-cjkt
C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\16c95atr.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\META-INF folder moved successfully.
C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\16c95atr.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults\preferences folder moved successfully.
C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\16c95atr.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults folder moved successfully.
C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\16c95atr.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components folder moved successfully.
C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\16c95atr.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\chrome folder moved successfully.
C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\16c95atr.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\cache\default folder moved successfully.
C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\16c95atr.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\cache folder moved successfully.
C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\16c95atr.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} folder moved successfully.
C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\16c95atr.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\META-INF folder moved successfully.
C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\16c95atr.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\defaults\preferences folder moved successfully.
C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\16c95atr.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\defaults folder moved successfully.
C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\16c95atr.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components folder moved successfully.
C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\16c95atr.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\chrome\skin folder moved successfully.
C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\16c95atr.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\chrome\locale\zh-CN folder moved successfully.
C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\16c95atr.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\chrome\locale\en-US folder moved successfully.
C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\16c95atr.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\chrome\locale folder moved successfully.
C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\16c95atr.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\chrome\content folder moved successfully.
C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\16c95atr.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\chrome folder moved successfully.
C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\16c95atr.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB} folder moved successfully.
C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\16c95atr.default\searchplugins\daemon-search.xml moved successfully.
C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\16c95atr.default\searchplugins\icqplugin.xml moved successfully.
C:\Documents and Settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\16c95atr.default\searchplugins\qipsearch.xml moved successfully.
C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\qipsearch.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}\ deleted successfully.
C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.
C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-606747145-527237240-1417001333-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
File C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-606747145-527237240-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-606747145-527237240-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Run\\BitComet deleted successfully.
C:\Program Files\BitComet\BitComet.exe moved successfully.
File move failed. C:\Documents and Settings\Uživatel\Nabídka Start\Programy\Po spuštění\algqeh32.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Stáhnout odkaz s použitím BitCometu\ deleted successfully.
File C:\Program Files\BitComet\BitComet.exe not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Stáhnout všechna videa s použitím BitCometu\ deleted successfully.
File C:\Program Files\BitComet\BitComet.exe not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Stáhnout všechny odkazy s použitím BitCometu\ deleted successfully.
File C:\Program Files\BitComet\BitComet.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A}\ not found.
File C:\Program Files\BitComet\tools\BitCometBHO_1.3.3.2.dll not found.
Starting removal of ActiveX control {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {D27CDB6E-AE6D-11CF-96B8-444553540000}
C:\WINDOWS\Downloaded Program Files\swflash.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D27CDB6E-AE6D-11CF-96B8-444553540000}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\a2service.exe\ deleted successfully.
C:\WINDOWS\System32\ntsd.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ArcaCheck.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\arcavir.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashDisp.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashEnhcd.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashServ.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ashUpd.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\aswUpdSv.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avadmin.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcls.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avconfig.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avscan.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz_se.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avz4.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bdinit.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\caav.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\caavguiscan.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\casecuritycenter.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccupdate.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfp.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cfpupdat.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmdagent.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwadins.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DRWEB32.EXE\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\drwebupw.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FAMEH32.EXE\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\filemon.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPAVServer.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fpscan.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FPWin.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsav32.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\fsgk32st.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\FSMA32.EXE\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GFRing3.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardgui.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardxservice.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guardxup.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPF.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navigator.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\NAVSTUB.EXE\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\niu.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Nvcc.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OllyDBG.EXE\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\preupd.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\procexp.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pskdr.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regmon.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RegTool.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SfFnUp.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Vba32arkit.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vba32ldr.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Zanda.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zapro.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Zlh.exe\ deleted successfully.
File ntsd -d not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\zoneband.dll\ deleted successfully.
File ntsd -d not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders:digiwet.dll deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a8707562-8636-11dd-80d0-001fc6dfb4b9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a8707562-8636-11dd-80d0-001fc6dfb4b9}\ not found.
File F:\WD_Windows_Tools\Setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d0dd6d52-bacc-11dd-81a7-0022430a0a03}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d0dd6d52-bacc-11dd-81a7-0022430a0a03}\ not found.
File eopc.pif not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d0dd6d52-bacc-11dd-81a7-0022430a0a03}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d0dd6d52-bacc-11dd-81a7-0022430a0a03}\ not found.
File eopc.pif not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d0dd6d52-bacc-11dd-81a7-0022430a0a03}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d0dd6d52-bacc-11dd-81a7-0022430a0a03}\ not found.
File eopc.pif not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d0dd6d52-bacc-11dd-81a7-0022430a0a03}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d0dd6d52-bacc-11dd-81a7-0022430a0a03}\ not found.
File eopc.pif not found.
C:\Documents and Settings\Uživatel\Data aplikací\avdrn.dat moved successfully.
========== FILES ==========
C:\Program Files\DAEMON Tools Toolbar\Resources folder moved successfully.
C:\Program Files\DAEMON Tools Toolbar\FirefoxDTT\components folder moved successfully.
C:\Program Files\DAEMON Tools Toolbar\FirefoxDTT\chrome folder moved successfully.
C:\Program Files\DAEMON Tools Toolbar\FirefoxDTT folder moved successfully.
C:\Program Files\DAEMON Tools Toolbar folder moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Data aplikací\ESET\ESET NOD32 Antivirus\Quarantine folder moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Data aplikací\ESET\ESET NOD32 Antivirus folder moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Data aplikací\ESET folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\ESET\ESET NOD32 Antivirus folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\ESET folder moved successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:C5E118DF deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Domov
->Temp folder emptied: 7445236 bytes
->Temporary Internet Files folder emptied: 3681721 bytes
->Java cache emptied: 49631343 bytes
->FireFox cache emptied: 50956174 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes

User: Uivatel
->Temp folder emptied: 0 bytes

User: Uži

User: Uživatel
->Temp folder emptied: 7163081 bytes
->Temporary Internet Files folder emptied: 21812247 bytes
->Java cache emptied: 37871310 bytes
->FireFox cache emptied: 65262355 bytes
->Opera cache emptied: 34090051 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2351732 bytes
%systemroot%\System32 .tmp files removed: 3613640 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 12288 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 3910642119 bytes

Total Files Cleaned = 4 000,00 mb

Error: Unable to interpret <[reoobt]> in the current context!

OTL by OldTimer - Version 3.1.27.0 log created on 01272010_220127

Files\Folders moved on Reboot...
C:\Documents and Settings\Uživatel\Nabídka Start\Programy\Po spuštění\algqeh32.exe moved successfully.

Registry entries deleted on Reboot...

pitimir · #7 Příspěvek od **pitimir** » 28 led 2010 17:39

Vyborne

Dalsi krok:

Stiahni ComboFix, najlepsie na plochu. Vypni vsetky otvorene aplikacie, ako aj rezidenty antiviru, antispywaru a firewall. Spust program cez ucet s administratorskymi pravami a postupuj podla instrukcii. Cely sken bude trvat cca 10 minut. Pocas neho moze byt PC restartovane. Log, ktory ComboFix vytvori, najdes na adrese "C:\ComboFix.txt".
Ten vloz sem.

Pozor: Kym ComboFix nevytvori log, na nic neklikat, nic nestlacat !!

Mr.Hol · #8 Příspěvek od **Mr.Hol** » 28 led 2010 18:34

tak tady by to melo byt

ComboFix 10-01-27.06 - Uživatel 28.01.2010 18:14:15.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2943.2465 [GMT 1:00]
Spuštěný z: c:\documents and settings\Uživatel\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100128-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\811034378.dat
c:\windows\system32\ieuinit.inf

c:\windows\system32\proquota.exe . . . chybí !!

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ati64si
-------\Legacy_fips32cup
-------\Legacy_ksi32sk
-------\Legacy_nicsk32
-------\Legacy_ws2_32sik
-------\Service_netsik

((((((((((((((((((((((((( Soubory vytvořené od 2009-12-28 do 2010-01-28 )))))))))))))))))))))))))))))))
.

2010-01-27 21:01 . 2010-01-27 21:01 -------- d-----w- C:\_OTL
2010-01-27 18:06 . 2010-01-27 18:08 -------- d-----w- c:\program files\trend micro
2010-01-27 18:06 . 2010-01-27 18:08 -------- d-----w- C:\rsit
2010-01-14 20:41 . 2010-01-15 07:45 -------- d-----w- c:\program files\MpcStar
2010-01-08 08:51 . 2010-01-08 08:51 -------- d-----w- c:\program files\Microsoft Silverlight
2009-12-29 17:23 . 2010-01-28 10:59 -------- d-----w- c:\program files\AoA Video Joiner

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-28 11:23 . 2008-09-27 16:16 -------- d-----w- c:\program files\BitComet
2010-01-28 11:18 . 2009-05-28 16:03 -------- d-----w- c:\program files\Spyware Terminator
2010-01-10 12:51 . 2008-12-25 18:13 -------- d-----w- c:\program files\Yahoo!
2009-12-21 13:25 . 2009-04-30 18:11 -------- d-----w- c:\program files\Java
2009-12-19 15:20 . 2009-12-19 15:19 -------- d-----w- c:\program files\TmNationsForever
2009-12-01 17:00 . 2009-12-01 17:00 -------- d-----w- c:\program files\Autodesk
2009-12-01 17:00 . 2009-12-01 17:00 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-12-01 17:00 . 2009-12-01 17:00 12464 ----a-w- c:\windows\system32\drivers\CDAC15BA.SYS
2009-12-01 17:00 . 2009-12-01 17:00 54784 ----a-w- c:\windows\system32\drivers\CDAC11BA.EXE
2009-12-01 17:00 . 2009-12-01 16:59 -------- d-----w- c:\program files\AutoCAD 2004
2009-12-01 17:00 . 2009-12-01 17:00 -------- d-----w- c:\program files\AnswerWorks 4.0
2009-12-01 17:00 . 2009-12-01 16:59 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2009-11-24 23:54 . 2009-05-27 15:00 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2009-05-27 15:00 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2009-05-27 15:00 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2009-05-27 15:00 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2009-05-27 15:00 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2009-05-27 15:00 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-05-27 15:00 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-05-27 15:00 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2009-05-27 15:00 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-06 11:15 . 2008-04-14 12:00 69114 ----a-w- c:\windows\system32\perfc005.dat
2009-11-06 11:15 . 2008-04-14 12:00 390176 ----a-w- c:\windows\system32\perfh005.dat
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-09-28 700416]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATKHOTKEY"="c:\program files\ATK Hotkey\Hcontrol.exe" [2007-07-12 225280]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2007-10-17 7737344]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 16269312]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784]
"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2007-07-05 1040384]
"ACU"="c:\program files\Atheros\ACU.exe" [2007-10-23 376921]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"ASUS Live Update"="c:\program files\ASUS\ASUS Live Update\ALU.exe" [2007-11-30 51768]
"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-07-26 90112]
"ACMON"="c:\program files\ASUS\Splendid\ACMON.exe" [2007-07-10 851968]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"ACROMOUSE"="c:\program files\Tech\Office Program Selector\2.0\ACROMAPP.exe" [2005-04-29 554496]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-23 198160]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\U§ivatel\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-5-22 2756608]

[HKLM\~\startupfolder\C:^Documents and Settings^Uživatel^Nabídka Start^Programy^Po spuštění^CCC.lnk]
path=c:\documents and settings\Uživatel\Nabídka Start\Programy\Po spuštění\CCC.lnk
backup=c:\windows\pss\CCC.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-07-24 15:02 490952 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-02-28 08:59 570664 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-01-26 13:31 2144088 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2009-07-26 12:50 1217784 ----a-w- c:\program files\Valve\Steam\Steam.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\forcce\\counter-strike\\hl.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Documents and Settings\\Uživatel\\Plocha\\GAMES\\Manhattan Project\\prism3d.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"23460:TCP"= 23460:TCP:BitComet 23460 TCP
"23460:UDP"= 23460:UDP:BitComet 23460 UDP

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12.10.2008 18:36 717296]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [27.5.2009 16:00 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [27.5.2009 16:00 20560]
S1 e7a37a8b;e7a37a8b;c:\windows\system32\drivers\e7a37a8b.sys --> c:\windows\system32\drivers\e7a37a8b.sys [?]
S2 ImapiServiceShellHWDetection;Služba modelu COM pro zápis na disk CD (IMAPI) ImapiServiceShellHWDetection;c:\windows\system32\adptifd.exe srv --> c:\windows\system32\adptifd.exe srv [?]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [28.8.2006 23:54 10664]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://google.atcomet.com/b/
uDefault_Search_URL = hxxp://search.qip.ru
mLocal Page =
uSearchAssistant = hxxp://search.qip.ru
uSearchURL,(Default) = hxxp://search.qip.ru/search?query=%s&from=IE
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {0FB23C71-9EDB-43F7-9BB7-766D8F4A2E7F} = 10.12.0.1,10.6.0.1
TCP: {3177557D-4A84-4BA9-A758-945B7BA9FEBD} = 10.12.0.1
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\documents and settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\vggw09mg.default\
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

MSConfigStartUp-BitComet - c:\program files\BitComet\BitComet.exe
MSConfigStartUp-SpywareTerminator - c:\progra~1\SPYWAR~1\SpywareTerminatorShield.exe
ActiveSetup-ccc-core-static - msiexec
AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe
AddRemove-Native Instruments Service Center - c:\progra~1\NATIVE~1\SERVIC~1\UNWISE.EXE

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-28 18:20
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll prosync1.sys atapi.sys spur.sys >>UNKNOWN [0x8A41C938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba8ecf28
\Driver\ACPI -> ACPI.sys @ 0xba667cb8
\Driver\atapi -> prosync1.sys @ 0xbadae6c1
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Atheros AR5007EG Wireless Network Adapter -> SendCompleteHandler -> NDIS.sys @ 0xba519bd4
PacketIndicateHandler -> NDIS.sys @ 0xba507a0d
SendHandler -> NDIS.sys @ 0xba51bb40
user & kernel MBR OK

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-606747145-527237240-1417001333-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:c1,04,5b,9e,44,ec,f4,7d,a6,06,67,e1,31,21,a7,e8,ef,0d,94,6a,e1,57,19,
54,3b,44,54,6a,2b,b6,2c,40,fe,35,03,2a,6f,d3,e3,8b,f0,b4,ef,58,81,83,ea,97,\
"??"=hex:29,2b,93,45,e0,a7,7f,a0,af,df,26,fa,f9,3c,a3,0e
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(900)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2816)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Tech\Office Program Selector\2.0\ACROMDLL.DLL
c:\program files\Common Files\Nero\Lib\NeroDigitalExt.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\acs.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\windows\system32\CTsvcCDA.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\ATK Hotkey\ATKOSD.exe
c:\program files\ATK Hotkey\KBFiltr.exe
c:\program files\ATK Hotkey\WDC.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\ACEngSvr.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
.
**************************************************************************
.
Celkový čas: 2010-01-28 18:30:28 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-28 17:30

Před spuštěním: Volných bajtů: 147 785 076 736
Po spuštění: Volných bajtů: 147 413 368 832

WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - E90DB244E42FF37CB1E93DDA9078D2CF

pitimir · #9 Příspěvek od **pitimir** » 28 led 2010 18:38

No pekne...zmazany Wigon alebo co a najdeny chybajuci subor

Presun ikonu CF na plochu, vypni vsetky otvorene aplikacie, ako aj rezidenty antiviru, antispywaru a firewall a otvor poznamkovy blok. Donho skopiruj:

Kód: Vybrat vše

KillAll::
MIA::
c:\windows\system32\proquota.exe

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"=dword:00000001

Driver::
e7a37a8b

Rootkit::
c:\windows\system32\drivers\e7a37a8b.sys

DDS::
uDefault_Search_URL = hxxp://search.qip.ru
mLocal Page =
uSearchAssistant = hxxp://search.qip.ru
uSearchURL,(Default) = hxxp://search.qip.ru/search?query=%s&from=IE

Uloz na plochu ako CFScript.txt a mysou pretiahni nad ikonou CF.

Obrázek

Program script spracuje a spravi novy log.

Pozor: Ak po aplikacii skriptu nenabehne Windows, restartuj PC, stlac F8 a zvol Poslednu znamu funkcnu konfiguraciu.

Mr.Hol · #10 Příspěvek od **Mr.Hol** » 28 led 2010 19:06

ComboFix 10-01-27.06 - Uživatel 28.01.2010 18:49:29.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2943.2459 [GMT 1:00]
Spuštěný z: c:\documents and settings\Uživatel\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Uživatel\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100128-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\proquota.exe . . . chybí !!

c:\windows\system32\proquota.exe . . . chybí !!

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_e7a37a8b

((((((((((((((((((((((((( Soubory vytvořené od 2009-12-28 do 2010-01-28 )))))))))))))))))))))))))))))))
.

2010-01-27 21:01 . 2010-01-27 21:01 -------- d-----w- C:\_OTL
2010-01-27 18:06 . 2010-01-27 18:08 -------- d-----w- c:\program files\trend micro
2010-01-27 18:06 . 2010-01-27 18:08 -------- d-----w- C:\rsit
2010-01-14 20:41 . 2010-01-15 07:45 -------- d-----w- c:\program files\MpcStar
2010-01-08 08:51 . 2010-01-08 08:51 -------- d-----w- c:\program files\Microsoft Silverlight

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-28 11:23 . 2008-09-27 16:16 -------- d-----w- c:\program files\BitComet
2010-01-28 11:18 . 2009-05-28 16:03 -------- d-----w- c:\program files\Spyware Terminator
2010-01-28 10:59 . 2009-12-29 17:23 -------- d-----w- c:\program files\AoA Video Joiner
2010-01-10 12:51 . 2008-12-25 18:13 -------- d-----w- c:\program files\Yahoo!
2009-12-21 13:25 . 2009-04-30 18:11 -------- d-----w- c:\program files\Java
2009-12-19 15:20 . 2009-12-19 15:19 -------- d-----w- c:\program files\TmNationsForever
2009-12-01 17:00 . 2009-12-01 17:00 -------- d-----w- c:\program files\Autodesk
2009-12-01 17:00 . 2009-12-01 17:00 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-12-01 17:00 . 2009-12-01 17:00 12464 ----a-w- c:\windows\system32\drivers\CDAC15BA.SYS
2009-12-01 17:00 . 2009-12-01 17:00 54784 ----a-w- c:\windows\system32\drivers\CDAC11BA.EXE
2009-12-01 17:00 . 2009-12-01 16:59 -------- d-----w- c:\program files\AutoCAD 2004
2009-12-01 17:00 . 2009-12-01 17:00 -------- d-----w- c:\program files\AnswerWorks 4.0
2009-12-01 17:00 . 2009-12-01 16:59 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2009-11-24 23:54 . 2009-05-27 15:00 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2009-05-27 15:00 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2009-05-27 15:00 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2009-05-27 15:00 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2009-05-27 15:00 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2009-05-27 15:00 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-05-27 15:00 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-05-27 15:00 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2009-05-27 15:00 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-06 11:15 . 2008-04-14 12:00 69114 ----a-w- c:\windows\system32\perfc005.dat
2009-11-06 11:15 . 2008-04-14 12:00 390176 ----a-w- c:\windows\system32\perfh005.dat
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-09-28 700416]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATKHOTKEY"="c:\program files\ATK Hotkey\Hcontrol.exe" [2007-07-12 225280]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2007-10-17 7737344]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 16269312]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784]
"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2007-07-05 1040384]
"ACU"="c:\program files\Atheros\ACU.exe" [2007-10-23 376921]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"ASUS Live Update"="c:\program files\ASUS\ASUS Live Update\ALU.exe" [2007-11-30 51768]
"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-07-26 90112]
"ACMON"="c:\program files\ASUS\Splendid\ACMON.exe" [2007-07-10 851968]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"ACROMOUSE"="c:\program files\Tech\Office Program Selector\2.0\ACROMAPP.exe" [2005-04-29 554496]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-23 198160]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\U§ivatel\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-5-22 2756608]

[HKLM\~\startupfolder\C:^Documents and Settings^Uživatel^Nabídka Start^Programy^Po spuštění^CCC.lnk]
path=c:\documents and settings\Uživatel\Nabídka Start\Programy\Po spuštění\CCC.lnk
backup=c:\windows\pss\CCC.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-07-24 15:02 490952 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-02-28 08:59 570664 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-01-26 13:31 2144088 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2009-07-26 12:50 1217784 ----a-w- c:\program files\Valve\Steam\Steam.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\forcce\\counter-strike\\hl.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\QIP\\qip.exe"=
"c:\\Documents and Settings\\Uživatel\\Plocha\\GAMES\\Manhattan Project\\prism3d.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"23460:TCP"= 23460:TCP:BitComet 23460 TCP
"23460:UDP"= 23460:UDP:BitComet 23460 UDP

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12.10.2008 18:36 717296]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [27.5.2009 16:00 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [27.5.2009 16:00 20560]
S2 ImapiServiceShellHWDetection;Služba modelu COM pro zápis na disk CD (IMAPI) ImapiServiceShellHWDetection;c:\windows\system32\adptifd.exe srv --> c:\windows\system32\adptifd.exe srv [?]
S3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\drivers\gan_adapter.sys [28.8.2006 23:54 10664]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://google.atcomet.com/b/
uSearchAssistant = hxxp://search.qip.ru
uSearchURL,(Default) = hxxp://search.qip.ru/search?query=%s&from=IE
IE: Crawler Search - tbr:iemenu
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {0FB23C71-9EDB-43F7-9BB7-766D8F4A2E7F} = 10.12.0.1,10.6.0.1
TCP: {3177557D-4A84-4BA9-A758-945B7BA9FEBD} = 10.12.0.1
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
FF - ProfilePath - c:\documents and settings\Uživatel\Data aplikací\Mozilla\Firefox\Profiles\vggw09mg.default\
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-28 18:58
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll prosync1.sys atapi.sys spyl.sys >>UNKNOWN [0x8A41C938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba8ecf28
\Driver\ACPI -> ACPI.sys @ 0xba667cb8
\Driver\atapi -> prosync1.sys @ 0xbadae6c1
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Atheros AR5007EG Wireless Network Adapter -> SendCompleteHandler -> NDIS.sys @ 0xba519bd4
PacketIndicateHandler -> NDIS.sys @ 0xba507a0d
SendHandler -> NDIS.sys @ 0xba51bb40
user & kernel MBR OK

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-606747145-527237240-1417001333-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:c1,04,5b,9e,44,ec,f4,7d,a6,06,67,e1,31,21,a7,e8,ef,0d,94,6a,e1,57,19,
54,3b,44,54,6a,2b,b6,2c,40,fe,35,03,2a,6f,d3,e3,8b,f0,b4,ef,58,81,83,ea,97,\
"??"=hex:29,2b,93,45,e0,a7,7f,a0,af,df,26,fa,f9,3c,a3,0e
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(900)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3492)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Tech\Office Program Selector\2.0\ACROMDLL.DLL
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\acs.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\windows\system32\CTsvcCDA.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\ATK Hotkey\ATKOSD.exe
c:\program files\ATK Hotkey\KBFiltr.exe
c:\program files\ATK Hotkey\WDC.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\ACEngSvr.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
.
**************************************************************************
.
Celkový čas: 2010-01-28 19:05:24 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-28 18:05
ComboFix2.txt 2010-01-28 17:30

Před spuštěním: Volných bajtů: 147 159 699 456
Po spuštění: Volných bajtů: 147 111 731 200

- - End Of File - - F4C53C429E356002D385D1610B3D8686

pitimir · #11 Příspěvek od **pitimir** » 28 led 2010 19:08

Mas instalacne CD?

Mr.Hol · #12 Příspěvek od **Mr.Hol** » 28 led 2010 19:13

K cemu, nebo od ceho?

pitimir · #13 Příspěvek od **pitimir** » 28 led 2010 19:15

Od svojho Windowsu

Mr.Hol · #14 Příspěvek od **Mr.Hol** » 28 led 2010 19:15

Ano, mam

pitimir · #15 Příspěvek od **pitimir** » 28 led 2010 19:34

Dobre, budeme ho potrebovat. Jeden systemovy subor ti chyba a neviem ho nahradit inak, len z instalacneho CD (v PC inu kopiu nemas). Chvilocku pockaj, napisem ti navodik

VIRY.CZ

Kontrola logu

Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu