Ve Win Vista nelze mazat soubory

Zee Prime · Příspěvekod **Zee Prime** » 14 zář 2009 21:55

Dobrý den,
potřeboval bych poradit, co se mi to děje s počítačem: Vypadá to jako virus, ale ani AVG, ani NOD32 (legální) je neodhalily. Tedy předtím, než je oba "něco" odrovnalo a já je musel odinstalovat v nouzovém režimu a zase NODa nahodit. Projevuje se to zejména tím, že nelze mazat soubory - ani z Total commanderu, ani z Tento počítač. Resp. je mazat lze, ale smazání každého souboru trvá asi 15 minut. V nouzovém režimu mazat lze, tam to trvá tak 1-2 vteřiny. Jinak počítač běží normálně, ale ta nemožnost mazání a odrovnání antivirů ve mně nevzbuzuje důvěru.
Mám Visty 64bit Home Premium, NOD32 64bit, vše upgradované a legální.
Díky za jakýkoli náznak!

Reklama

pitimir · Příspěvekod **pitimir** » 15 zář 2009 10:37

Nazdar, mozme sa na to pozriet :)

Stiahni OTL. Uloz na plochu a spust dvojklikom subor "OTL.exe". Otvori sa okno programu, v nom zaskrtni "Scan All Users", "Lop" aj "Purity Check" a "File Scan" zmen na 7 dni miesto 30. Potom klikni na "Run Scan". Zacne scan pocitaca, po jeho ukonceni sa otvoria dva reporty - obsah oboch potrebujem vidiet.

Zee Prime · Příspěvekod **Zee Prime** » 15 zář 2009 23:47

Zdravím,
tak tady je log OTL.txt, co z toho vypadl, v dalším příspěvku dávám Extras.txt, což je ten druhý vypadlý soubor....Díky za pomoc
--------------------------------------------------------------------------------------------------------------------------------------------------------
OTL logfile created on: 15.9.2009 23:03:33 - Run 1
OTL by OldTimer - Version 3.0.14.0 Folder = C:\Users\User\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

4,00 Gb Total Physical Memory | 2,51 Gb Available Physical Memory | 62,78% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 698,63 Gb Total Space | 209,71 Gb Free Space | 30,02% Space Free | Partition Type: NTFS
Drive D: | 7,03 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PEDROS
Current User Name: User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 7 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2008.05.14 18:42:56 | 05,958,656 | ---- | M] () -- C:\Program Files\ASUS\Six Engine\SixEngine.exe
PRC - [2008.07.07 18:59:54 | 03,272,704 | ---- | M] () -- C:\Program Files\Strong DC\StrongDC.exe
PRC - [2008.03.17 00:40:44 | 01,302,528 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
PRC - [2009.09.11 23:19:22 | 00,798,720 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\WordPad\{9AB6EC2F-6A8E-AD4A-44AA-E9ADC679C7B3}\cftmon.exe
PRC - [2009.09.11 23:19:22 | 00,798,720 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\WordPad\{9AB6EC2F-6A8E-AD4A-44AA-E9ADC679C7B3}\cftmon.exe
PRC - [2009.05.14 15:47:54 | 00,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2009.09.11 23:19:22 | 00,798,720 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\WordPad\{9AB6EC2F-6A8E-AD4A-44AA-E9ADC679C7B3}\cftmon.exe
PRC - [2009.09.11 23:19:22 | 00,798,720 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\WordPad\{9AB6EC2F-6A8E-AD4A-44AA-E9ADC679C7B3}\cftmon.exe
PRC - [2009.09.11 23:19:22 | 00,798,720 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\WordPad\{9AB6EC2F-6A8E-AD4A-44AA-E9ADC679C7B3}\cftmon.exe
PRC - [2008.07.03 04:15:57 | 00,307,712 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008.04.22 07:03:00 | 01,083,848 | ---- | M] (C. Ghisler & Co.) -- C:\Program Files\Total Commander\TOTALCMD.EXE
PRC - [2009.09.15 23:02:20 | 00,514,560 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2008.05.14 16:03:34 | 00,887,808 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility [Auto | Running])
SRV:64bit: - [2009.05.14 15:54:26 | 00,023,296 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv [On_Demand | Stopped])
SRV:64bit: - [2009.05.14 15:47:54 | 00,731,840 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn [Auto | Running])
SRV:64bit: - [2006.04.14 11:58:16 | 00,153,376 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter [On_Demand | Stopped])
SRV:64bit: - [2008.01.21 04:47:32 | 00,383,544 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Running])
SRV:64bit: - [2008.01.21 04:52:15 | 01,216,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2009.09.11 23:19:22 | 00,798,720 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\WordPad\{E8CA1D57-115E-1166-D6E9-286D3D482EAB}\cftmon.exe -- (AEADIFilters [Auto | Running])
SRV - [2009.03.30 06:42:14 | 00,066,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2009.03.30 06:39:54 | 00,089,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64 [On_Demand | Stopped])
SRV - [2008.01.21 04:51:36 | 00,344,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Running])
SRV - [2008.01.21 04:51:36 | 00,153,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Running])
SRV - [2006.11.02 17:03:48 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto | Stopped])
SRV - [2009.02.18 20:40:04 | 00,042,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2005.04.04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2009.02.18 20:39:11 | 00,857,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2006.11.02 11:46:05 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\keyiso.dll -- (KeyIso [On_Demand | Stopped])
SRV - [2006.11.02 15:34:14 | 00,000,000 | ---D | M] -- C:\Windows\SysWow64\Msdtc -- (MSDTC [Unknown | Stopped])
SRV - [2009.09.11 23:19:22 | 00,798,720 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\WordPad\{E8CA1D57-115E-1166-D6E9-286D3D482EAB}\cftmon.exe -- (Nero BackItUp Scheduler 4.0 [Auto | Running])
SRV - [2009.04.11 08:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\netlogon.dll -- (Netlogon [On_Demand | Stopped])
SRV - [2003.07.28 20:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2008.08.07 11:17:30 | 00,575,488 | ---- | M] (Nokia.) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer [On_Demand | Stopped])
SRV - [2009.09.11 23:19:22 | 00,798,720 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\WordPad\{E8CA1D57-115E-1166-D6E9-286D3D482EAB}\cftmon.exe -- (stisvc [Auto | Running])
SRV - [2006.11.02 08:35:15 | 00,060,994 | ---- | M] () -- C:\Windows\SysWow64\Wbem\vds.mof -- (vds [On_Demand | Stopped])
SRV - [2006.11.02 08:35:15 | 00,055,846 | ---- | M] () -- C:\Windows\SysWow64\Wbem\vss.mof -- (VSS [On_Demand | Stopped])
SRV - [2009.09.11 23:19:22 | 00,798,720 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\WordPad\{E8CA1D57-115E-1166-D6E9-286D3D482EAB}\cftmon.exe -- (WSearch [Auto | Running])

========== Driver Services (SafeList) ==========

DRV:64bit: - [2006.12.11 17:20:54 | 01,413,592 | ---- | M] (Philips Semiconductors GmbH) -- C:\Windows\SysNative\DRIVERS\3xHybr64.sys -- (3xHybr64 [On_Demand | Stopped])
DRV:64bit: - [2008.03.20 02:44:34 | 00,467,456 | ---- | M] (Analog Devices, Inc.) -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService [On_Demand | Running])
DRV:64bit: - [2008.05.14 16:49:44 | 04,436,480 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag [On_Demand | Running])
DRV:64bit: - [2009.05.14 15:41:14 | 00,142,776 | ---- | M] (ESET) -- C:\Windows\SysNative\DRIVERS\eamon.sys -- (eamon [Auto | Running])
DRV:64bit: - [2009.05.14 15:47:16 | 00,134,024 | ---- | M] (ESET) -- C:\Windows\SysNative\DRIVERS\ehdrv.sys -- (ehdrv [System | Running])
DRV:64bit: - [2009.05.14 15:49:56 | 00,121,152 | ---- | M] (ESET) -- C:\Windows\SysNative\DRIVERS\epfwwfpr.sys -- (epfwwfpr [Auto | Running])
DRV:64bit: - [2009.04.11 07:39:51 | 00,275,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService [On_Demand | Running])
DRV:64bit: - [2006.10.31 17:23:42 | 00,015,680 | ---- | M] () -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor [On_Demand | Running])
DRV:64bit: - [2008.05.19 09:47:48 | 00,173,096 | ---- | M] (Marvell Semiconductor, Inc.) -- C:\Windows\SysNative\DRIVERS\mv61xx.sys -- (mv61xx [Boot | Running])
DRV:64bit: - [2008.05.07 07:39:44 | 00,023,552 | ---- | M] (Nokia) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdcx64 [On_Demand | Stopped])
DRV:64bit: - [2008.05.07 07:39:44 | 00,018,432 | ---- | M] (Nokia) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcdx64 [On_Demand | Stopped])
DRV:64bit: - [2007.09.17 15:53:34 | 00,029,184 | ---- | M] (Nokia) -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys -- (pccsmcfd [On_Demand | Stopped])
DRV:64bit: - [2009.02.20 18:11:16 | 00,082,048 | ---- | M] (VSO Software) -- C:\Windows\SysNative\Drivers\pcouffin64a.sys -- (Pcouffin64 [On_Demand | Stopped])
DRV:64bit: - [2007.04.03 10:30:14 | 01,418,112 | ---- | M] (Philips Semiconductors GmbH) -- C:\Windows\SysNative\DRIVERS\Ph3xIB64.sys -- (Ph3xIB64 [On_Demand | Running])
DRV:64bit: - [2008.09.17 20:56:17 | 00,868,848 | ---- | M] () -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV:64bit: - [2007.05.02 11:11:14 | 00,108,296 | ---- | M] (MCCI Corporation) -- C:\Windows\SysNative\DRIVERS\ss_bus.sys -- (ss_bus [On_Demand | Stopped])
DRV:64bit: - [2007.05.02 11:11:14 | 00,019,208 | ---- | M] (MCCI Corporation) -- C:\Windows\SysNative\DRIVERS\ss_mdfl.sys -- (ss_mdfl [On_Demand | Stopped])
DRV:64bit: - [2007.05.02 11:11:14 | 00,145,160 | ---- | M] (MCCI Corporation) -- C:\Windows\SysNative\DRIVERS\ss_mdm.sys -- (ss_mdm [On_Demand | Stopped])
DRV:64bit: - [2009.08.09 18:30:30 | 00,000,206 | ---- | M] () -- C:\Program Files\Samsung D900i\StarOpen.reg -- (StarOpen [System | Stopped])
DRV:64bit: - [2008.06.06 09:25:44 | 00,008,704 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\DRIVERS\usbser_lowerfltx64.sys -- (upperdev [On_Demand | Stopped])
DRV:64bit: - [2009.04.11 07:39:37 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser [On_Demand | Stopped])
DRV:64bit: - [2008.05.07 07:40:02 | 00,008,704 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\DRIVERS\usbser_lowerfltx64j.sys -- (UsbserFilt [On_Demand | Stopped])
DRV:64bit: - [2008.01.24 15:07:54 | 00,022,024 | ---- | M] (Logitech Inc.) -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum [On_Demand | Running])
DRV:64bit: - [2008.01.24 15:08:04 | 00,032,776 | ---- | M] (Logitech Inc.) -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter [On_Demand | Running])
DRV:64bit: - [2008.01.24 15:08:14 | 00,034,312 | ---- | M] (Logitech Inc.) -- C:\Windows\SysNative\drivers\WmHidLo.sys -- (WmHidLo [On_Demand | Running])
DRV:64bit: - [2008.01.24 15:08:24 | 00,015,752 | ---- | M] (Logitech Inc.) -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid [On_Demand | Stopped])
DRV:64bit: - [2008.01.24 15:08:34 | 00,057,352 | ---- | M] (Logitech Inc.) -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore [On_Demand | Running])
DRV:64bit: - [2008.01.21 04:47:28 | 00,046,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb [On_Demand | Stopped])
DRV:64bit: - [2007.08.15 10:22:00 | 00,369,152 | ---- | M] (Marvell) -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64 [On_Demand | Running])
DRV - [2007.12.17 11:14:14 | 00,014,392 | R--- | M] () -- C:\Windows\SysWow64\drivers\AsIO.sys -- (AsIO [System | Running])
DRV - [2006.09.18 23:35:23 | 00,001,088 | ---- | M] () -- C:\Windows\SysWow64\Wbem\mpsdrv.mof -- (mpsdrv [On_Demand | Running])
DRV - [2009.09.08 13:26:18 | 00,028,276 | ---- | M] (MusicMatch, Inc.) -- C:\Windows\SysWow64\drivers\MxlW2k.sys -- (MxlW2k [On_Demand | Stopped])
DRV - [2009.08.09 18:30:30 | 00,005,632 | ---- | M] () -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen [System | Stopped])
DRV - [2006.09.18 23:36:40 | 00,003,066 | ---- | M] () -- C:\Windows\SysWow64\Wbem\tcpip.mof -- (Tcpip [Boot | Running])

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.europowersearch.com/Search.h ... rchLang=CZ

IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1600578981-3844651555-2168284247-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-1600578981-3844651555-2168284247-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-1600578981-3844651555-2168284247-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.europowersearch.com/Search.h ... rchLang=CZ
IE - HKU\S-1-5-21-1600578981-3844651555-2168284247-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1600578981-3844651555-2168284247-1000\S-1-5-21-1600578981-3844651555-2168284247-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google Search Community"
FF - prefs.js..browser.startup.homepage: "www.seznam.cz"
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.1

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009.06.26 09:54:16 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009.08.12 21:52:08 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009.01.28 11:38:39 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2009.01.28 11:38:46 | 00,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2009.01.28 11:38:46 | 00,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009.09.15 14:14:57 | 00,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\dmw5me05.default\extensions
[2009.06.26 10:57:57 | 00,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\dmw5me05.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2007.04.10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll
[2003.07.15 06:56:52 | 00,013,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL
[2008.06.11 22:45:28 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll

O1 HOSTS File: (736 bytes) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Plus) - {C8CD2017-F1E5-4F1A-B58A-EE0B1AF0D0D8} - C:\Program Files (x86)\GooglePlusVideos\16.GooglePlusVideos.dll ()
O3 - HKLM\..\Toolbar: (no name) - {0508F8F1-08E3-43EE-AAA8-09AD09803084} - No CLSID value found.
O3 - HKU\S-1-5-21-1600578981-3844651555-2168284247-1000\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [cftmon643e] C:\ProgramData\WordPad\{E8CA1D57-115E-1166-D6E9-286D3D482EAB}\cftmon.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NWEReboot] File not found
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundTray] C:\Program Files (x86)\Analog Devices\SoundMAX\SoundTray.exe (Sonic Focus, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.DLL (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.DLL (Microsoft Corporation)
O4 - HKU\S-1-5-21-1600578981-3844651555-2168284247-1000..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1600578981-3844651555-2168284247-1000..\Run: [PMCRemote] File not found
O4 - HKU\S-1-5-21-1600578981-3844651555-2168284247-1000..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Strong DC.lnk = C:\Program Files (x86)\Strong DC\StrongDC.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE File not found
O9 - Extra Button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysNative\NLAapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysNative\napinsp.dll (Společnost Microsoft)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWow64\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWow64\napinsp.dll (Společnost Microsoft)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWow64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWow64\pnrpnsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.101.1 192.168.102.1 212.24.128.8 212.24.132.132
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\msvidctl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\msvidctl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files (x86)\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files (x86)\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter: - application/octet-stream - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter: - application/x-complus - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter: - application/x-msdownload - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter: - deflate - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter: - gzip - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter: - text/xml - Reg Error: Key error. File not found
O18 - Protocol\Filter: - text/xml - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.11.15 11:52:50 | 00,161,088 | R--- | M] (Take-Two Interactive Software, Inc.) - D:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2008.10.11 19:03:48 | 00,000,054 | R--- | M] () - D:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{71b9bb65-5d92-11dd-9b11-0022151b4d53}\Shell\AutoRun\command - "" = F:\Autorun.exe -- File not found
O33 - MountPoints2\{7d3601aa-5a46-11dd-8689-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7d3601aa-5a46-11dd-8689-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe -- [2008.11.15 11:52:50 | 00,161,088 | R--- | M] (Take-Two Interactive Software, Inc.)
O33 - MountPoints2\{c04bb846-59d5-11dd-aea2-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c04bb846-59d5-11dd-aea2-806e6f6e6963}\Shell\AutoRun\command - "" = D:\.\Bin\Assetup.exe -- File not found
O33 - MountPoints2\{f46c5ee7-6b95-11dd-8165-00221549df36}\Shell - "" = AutoRun
O33 - MountPoints2\{f46c5ee7-6b95-11dd-8165-00221549df36}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\SysWow64\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 7 Days ==========

[1 C:\Windows\*.tmp files]
[2009.09.15 23:00:15 | 00,514,560 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2009.09.14 21:59:40 | 01,348,098 | -H-- | C] () -- C:\Users\User\AppData\Local\IconCache.db
[2009.09.14 20:38:07 | 00,000,000 | ---D | C] -- C:\ProgramData\ESET
[2009.09.14 20:16:50 | 42,939,67872 | -HS- | C] () -- C:\hiberfil.sys
[2009.09.13 16:17:56 | 00,001,550 | ---- | C] () -- C:\Users\User\Desktop\Farm Frenzy 2.lnk
[2009.09.13 16:17:54 | 00,000,000 | ---D | C] -- C:\Windows\Farm Frenzy 2
[2009.09.13 16:07:32 | 00,377,762 | -H-- | C] () -- C:\treeinfo.wc
[2009.09.13 14:23:58 | 00,756,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2009.09.13 14:23:58 | 00,512,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2009.09.13 14:23:41 | 02,900,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVCORE.DLL
[2009.09.13 14:23:40 | 03,547,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2009.09.13 14:23:40 | 02,868,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2009.09.13 14:23:40 | 02,386,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVCORE.DLL
[2009.09.13 14:23:21 | 01,425,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tcpip.sys
[2009.09.13 14:23:20 | 00,143,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netiohlp.dll
[2009.09.13 14:23:20 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netiohlp.dll
[2009.09.13 14:23:20 | 00,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tcpipreg.sys
[2009.09.13 14:23:20 | 00,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\NETSTAT.EXE
[2009.09.13 14:23:20 | 00,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\NETSTAT.EXE
[2009.09.13 14:23:20 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ARP.EXE
[2009.09.13 14:23:20 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ROUTE.EXE
[2009.09.13 14:23:20 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ARP.EXE
[2009.09.13 14:23:20 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ROUTE.EXE
[2009.09.13 14:23:20 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2009.09.13 14:23:20 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2009.09.13 14:23:20 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MRINFO.EXE
[2009.09.13 14:23:20 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MRINFO.EXE
[2009.09.13 14:23:20 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\finger.exe
[2009.09.13 14:23:20 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TCPSVCS.EXE
[2009.09.13 14:23:20 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\finger.exe
[2009.09.13 14:23:20 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\HOSTNAME.EXE
[2009.09.13 14:23:20 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TCPSVCS.EXE
[2009.09.13 14:23:20 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\HOSTNAME.EXE
[2009.09.13 14:23:00 | 02,608,861 | ---- | C] () -- C:\Windows\SysNative\wlan.tmf
[2009.09.13 14:23:00 | 00,615,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlansvc.dll
[2009.09.13 14:23:00 | 00,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlansec.dll
[2009.09.13 14:23:00 | 00,353,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlanmsm.dll
[2009.09.13 14:23:00 | 00,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlansec.dll
[2009.09.13 14:23:00 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlanmsm.dll
[2009.09.13 14:23:00 | 00,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\L2SecHC.dll
[2009.09.13 14:23:00 | 00,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\L2SecHC.dll
[2009.09.13 14:23:00 | 00,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlanhlp.dll
[2009.09.13 14:23:00 | 00,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlanapi.dll
[2009.09.13 14:23:00 | 00,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlanapi.dll
[2009.09.12 17:48:27 | 00,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\avg
[2009.09.12 13:11:44 | 00,000,000 | ---D | C] -- C:\ProgramData\FarmFrenzy2
[2009.09.12 13:11:31 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\AlawarWrapper
[2009.09.12 13:11:31 | 00,000,000 | ---D | C] -- C:\ProgramData\AlawarWrapper
[2009.09.12 13:11:21 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Alawar
[2009.09.11 23:19:28 | 00,000,000 | ---D | C] -- C:\ProgramData\WordPad
[2009.09.11 22:28:48 | 00,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Nero
[2009.09.11 22:26:24 | 00,002,547 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart Essentials.lnk
[2009.09.11 22:26:01 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Nero
[2009.09.11 22:25:47 | 00,000,000 | ---D | C] -- C:\ProgramData\Nero
[2009.09.11 22:25:46 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero
[2009.09.11 22:06:45 | 00,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Ahead
[2009.09.11 22:06:21 | 00,000,039 | ---- | C] () -- C:\Windows\Irremote.ini
[2009.09.11 22:05:41 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Ahead
[2009.07.14 17:15:00 | 00,178,432 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009.07.04 20:49:34 | 00,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009.07.04 20:48:39 | 00,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.01.25 12:14:17 | 00,168,448 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009.01.25 12:14:12 | 00,795,648 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009.01.25 12:14:12 | 00,130,048 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009.01.25 12:14:11 | 03,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2009.01.25 12:14:05 | 00,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009.01.25 12:14:05 | 00,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest
[2008.12.22 14:55:10 | 00,000,292 | ---- | C] () -- C:\Windows\game.ini
[2008.10.02 09:04:12 | 00,000,223 | ---- | C] () -- C:\Windows\ao97pr.ini
[2008.10.01 22:51:21 | 00,002,003 | ---- | C] () -- C:\Windows\aoxppr.ini
[2008.09.23 19:20:47 | 00,000,732 | ---- | C] () -- C:\Windows\ODBC.INI
[2008.09.12 18:00:47 | 00,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2008.07.25 21:21:08 | 01,420,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2008.07.25 15:05:18 | 00,201,488 | ---- | C] () -- C:\Windows\SysWow64\MACD32.DLL
[2008.07.25 15:05:18 | 00,144,144 | ---- | C] () -- C:\Windows\SysWow64\MASE32.DLL
[2008.07.25 15:05:18 | 00,141,584 | ---- | C] () -- C:\Windows\SysWow64\MAMC32.DLL
[2008.07.25 15:05:18 | 00,063,248 | ---- | C] () -- C:\Windows\SysWow64\MASD32.DLL
[2008.07.25 15:05:18 | 00,033,040 | ---- | C] () -- C:\Windows\SysWow64\MA32.DLL
[2008.07.25 14:36:45 | 00,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2008.07.25 14:36:42 | 00,014,392 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2008.07.25 14:36:40 | 00,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2008.07.25 14:36:40 | 00,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2008.07.25 14:18:29 | 00,035,450 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2008.07.25 14:18:06 | 00,035,058 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2008.01.21 04:50:05 | 00,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007.12.28 09:22:02 | 00,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2007.03.29 23:00:40 | 00,203,264 | R--- | C] () -- C:\Windows\SysWow64\CddbCdda.dll
[2006.11.02 14:34:27 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006.11.02 14:34:27 | 00,000,165 | ---- | C] () -- C:\Windows\win.ini

========== Files - Modified Within 7 Days ==========

[4 C:\Windows\SysWow64\*.tmp files]
[1 C:\Windows\*.tmp files]
[2009.09.15 23:04:59 | 00,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{3E778A8B-CB70-4124-BD08-F0835E6B12D7}.job
[2009.09.15 23:02:20 | 00,514,560 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2009.09.15 22:00:40 | 00,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009.09.15 22:00:40 | 00,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009.09.15 14:06:21 | 01,402,426 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2009.09.15 14:06:21 | 00,601,848 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2009.09.15 14:06:21 | 00,589,884 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2009.09.15 14:06:21 | 00,115,976 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2009.09.15 14:06:21 | 00,101,896 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2009.09.15 14:00:41 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009.09.15 14:00:39 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009.09.15 14:00:37 | 42,939,67872 | -HS- | M] () -- C:\hiberfil.sys
[2009.09.14 21:59:40 | 01,348,098 | -H-- | M] () -- C:\Users\User\AppData\Local\IconCache.db
[2009.09.13 16:17:56 | 00,001,550 | ---- | M] () -- C:\Users\User\Desktop\Farm Frenzy 2.lnk
[2009.09.13 16:07:32 | 00,377,762 | -H-- | M] () -- C:\treeinfo.wc
[2009.09.11 22:26:24 | 00,002,547 | ---- | M] () -- C:\Users\Public\Desktop\Nero StartSmart Essentials.lnk
[2009.09.11 22:08:26 | 00,000,039 | ---- | M] () -- C:\Windows\Irremote.ini
[2009.09.11 18:55:31 | 00,074,752 | ---- | M] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.09.11 12:20:24 | 00,000,000 | ---- | M] () -- C:\ProgramData\LauncherAccess.dt
[2009.09.10 19:29:53 | 00,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI

========== LOP Check ==========

[2006.11.02 17:07:25 | 00,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming
[2006.11.02 17:07:25 | 00,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Media Center Programs
[2006.11.02 17:07:25 | 00,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming
[2006.11.02 17:07:25 | 00,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Media Center Programs
[2009.09.11 22:28:48 | 00,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming
[2009.09.11 22:06:45 | 00,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Ahead
[2009.01.27 23:56:45 | 00,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Ashampoo
[2008.07.25 16:31:17 | 00,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ATI
[2008.09.17 20:55:57 | 00,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DAEMON Tools
[2009.06.07 16:11:20 | 00,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\flightgear.org
[2009.09.12 14:53:14 | 00,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\GHISLER
[2009.01.29 15:41:07 | 00,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\GRETECH
[2009.01.15 20:23:14 | 00,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ICQ
[2008.07.29 19:26:03 | 00,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\iWin
[2006.11.02 17:07:25 | 00,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Media Center Programs
[2008.11.24 15:20:59 | 00,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Nokia
[2008.10.01 22:38:13 | 00,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Password Solutions
[2008.10.02 15:53:04 | 00,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\PC Suite
[2008.09.12 18:06:04 | 00,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Samsung
[2008.08.23 20:58:02 | 00,000,000 | RH-D | M] -- C:\Users\User\AppData\Roaming\SecuROM
[2008.07.25 14:33:07 | 00,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TMP
[2009.02.20 18:14:01 | 00,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Vso
[2009.09.15 14:00:41 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009.09.14 21:59:48 | 00,032,574 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009.09.15 23:04:59 | 00,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{3E778A8B-CB70-4124-BD08-F0835E6B12D7}.job

========== Purity Check ==========

< End of report >

Zee Prime · Příspěvekod **Zee Prime** » 15 zář 2009 23:49

...A tady je ten druhý log - Extras.txt....Díky
-----------------------------------------------------
OTL Extras logfile created on: 15.9.2009 23:03:33 - Run 1
OTL by OldTimer - Version 3.0.14.0 Folder = C:\Users\User\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

4,00 Gb Total Physical Memory | 2,51 Gb Available Physical Memory | 62,78% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 698,63 Gb Total Space | 209,71 Gb Free Space | 30,02% Space Free | Partition Type: NTFS
Drive D: | 7,03 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PEDROS
Current User Name: User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 7 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %* File not found
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 4B 80 3D F9 E5 FC C9 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1274ACDF-C442-410A-9CBB-DDB7A3DC5E8C}" = lport=88 | protocol=17 | dir=in | name=port udp88 |
"{252A7B3B-08E8-4EDD-A758-8CF809435CF4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{4271989C-A10E-4A3D-9EC7-49246D484092}" = lport=3074 | protocol=17 | dir=in | name=port udp3074 |
"{51EBE490-E5AD-4F7A-905F-684FE54257D4}" = lport=3074 | protocol=6 | dir=in | name=port tcp3074 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B8F66C4-942B-42AC-A55B-BE038C037C68}" = dir=in | app=c:\program files (x86)\avg8\avgnsa.exe |
"{2BC5F3D5-474C-40D6-8CC3-E8E3C1BE7A15}" = protocol=17 | dir=in | app=c:\gamesky\far cry 2\bin\fc2editor.exe |
"{2DD4C7C9-0B30-449F-9D74-81FC21CA93D2}" = protocol=6 | dir=in | app=c:\gamesky\far cry 2\bin\fc2editor.exe |
"{342CC692-0963-43BC-96DC-B283F66C920E}" = protocol=17 | dir=in | app=c:\gamesky\rs socka klub\rockstar games social club\rgsclauncher.exe |
"{3CE6130B-5152-4515-A63A-CC916E64E1BF}" = dir=in | app=c:\program files (x86)\avg8\avgdiagex.exe |
"{3DBA7727-E268-4686-9F45-65479A6E6F90}" = protocol=6 | dir=in | app=c:\program files (x86)\pinnacle\shared files\programs\strmserver\strmserver.exe |
"{4F95B700-7531-4193-9DAF-811993F9B62C}" = dir=in | app=c:\program files (x86)\avg8\avgam.exe |
"{568F04C8-5911-48DE-AD30-78D33DFB43D9}" = protocol=6 | dir=in | app=c:\gamesky\negr\grand theft auto iv\launchgtaiv.exe |
"{6F530D05-4F92-4BBC-8B30-DF54B4560E09}" = protocol=17 | dir=in | app=c:\program files (x86)\pinnacle\shared files\programs\strmserver\strmserver.exe |
"{A00C3BA8-8AA6-4BE4-8FCA-267972AB5914}" = dir=in | app=c:\program files (x86)\avg8\avgupd.exe |
"{A1A793AB-EF11-48F4-BF1C-67B35E64CB5E}" = protocol=17 | dir=in | app=c:\gamesky\negr\grand theft auto iv\launchgtaiv.exe |
"{B24A9958-A8E3-4947-BC9A-BF8B8A0FEE74}" = protocol=6 | dir=in | app=c:\gamesky\rs socka klub\rockstar games social club\rgsclauncher.exe |
"{DF5F6FD7-1310-4AD5-8DEF-2143A27BB5A5}" = dir=in | app=c:\program files (x86)\avg8\avgdiag.exe |
"TCP Query User{02DE32AC-AEAA-4EB3-BCF1-47B791E0218D}C:\gamesky\heroes 5 - tribes of the east\heroes of might and magic v - tribes of the east\bin\h5_game.exe" = protocol=6 | dir=in | app=c:\gamesky\heroes 5 - tribes of the east\heroes of might and magic v - tribes of the east\bin\h5_game.exe |
"TCP Query User{0C22CB80-CC91-4F2D-A392-0877509ABD53}C:\gamesky\test drive unlimited\testdriveunlimited.exe" = protocol=6 | dir=in | app=c:\gamesky\test drive unlimited\testdriveunlimited.exe |
"TCP Query User{1CAE5A58-E57A-4630-8954-55B4A496B0B8}C:\gamesky\far cry 2\bin\farcry2.exe" = protocol=6 | dir=in | app=c:\gamesky\far cry 2\bin\farcry2.exe |
"TCP Query User{2B091B8F-CDDB-4029-82FC-37932F6FC02D}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{3D63E292-91B4-4147-BC5D-4BBDA5BA5B7C}C:\program files (x86)\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6\icq.exe |
"TCP Query User{51E6EAA1-CBA7-46AD-B86C-2579B5F473CD}C:\program files\strong dc\strongdc.exe" = protocol=6 | dir=in | app=c:\program files\strong dc\strongdc.exe |
"TCP Query User{60CFDD8C-8C07-4FEA-87BB-350A5C3F6ACC}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"TCP Query User{6729FFF6-1375-4AE9-918C-BEA0C6D54F32}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"TCP Query User{761EF2F8-784F-4DC5-954B-B69520542E63}C:\gamesky\the guild 2 - demo\guildii.exe" = protocol=6 | dir=in | app=c:\gamesky\the guild 2 - demo\guildii.exe |
"TCP Query User{931566F5-74B2-429A-9E13-177FBDB290E5}C:\program files\strong dc\strongdc.exe" = protocol=6 | dir=in | app=c:\program files\strong dc\strongdc.exe |
"TCP Query User{FCE4B155-29A0-4ED0-94C3-60D0A8A80423}C:\program files (x86)\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"UDP Query User{1371EE16-5644-4839-B3DB-5AEC53E17272}C:\program files (x86)\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6.5\icq.exe |
"UDP Query User{2AC0739A-9696-47BA-8862-D43F30FDEC2C}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"UDP Query User{31F1EBF1-BB48-45D0-A705-FE84F73A2109}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{3B12E344-1EF8-40D4-842A-E71586B6394B}C:\program files (x86)\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files (x86)\icq6\icq.exe |
"UDP Query User{7C039912-883C-40F8-8126-88EDADC4B160}C:\program files\strong dc\strongdc.exe" = protocol=17 | dir=in | app=c:\program files\strong dc\strongdc.exe |
"UDP Query User{992874AA-3779-4E0D-A450-343A3A8A3E51}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe |
"UDP Query User{A94565BE-3F99-4E1D-BE30-90A2F8FE9BD9}C:\gamesky\the guild 2 - demo\guildii.exe" = protocol=17 | dir=in | app=c:\gamesky\the guild 2 - demo\guildii.exe |
"UDP Query User{C2D70146-EABE-4C66-A9EF-AECBFC2C46D4}C:\gamesky\heroes 5 - tribes of the east\heroes of might and magic v - tribes of the east\bin\h5_game.exe" = protocol=17 | dir=in | app=c:\gamesky\heroes 5 - tribes of the east\heroes of might and magic v - tribes of the east\bin\h5_game.exe |
"UDP Query User{C465D32F-81DA-41F2-B6C9-768A3AB81799}C:\program files\strong dc\strongdc.exe" = protocol=17 | dir=in | app=c:\program files\strong dc\strongdc.exe |
"UDP Query User{EE7D75B5-5579-4BF4-9DD2-25E08E39ADBD}C:\gamesky\test drive unlimited\testdriveunlimited.exe" = protocol=17 | dir=in | app=c:\gamesky\test drive unlimited\testdriveunlimited.exe |
"UDP Query User{F1CA1459-D5DF-4814-B3BE-4E768B1C3A9D}C:\gamesky\far cry 2\bin\farcry2.exe" = protocol=17 | dir=in | app=c:\gamesky\far cry 2\bin\farcry2.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{3C1073C1-2711-425E-A50D-B4805E5FB352}" = ESET NOD32 Antivirus
"{577CDBF7-9D52-CF1D-5166-FD58FC57A735}" = ccc-utility64
"{5DD5129F-F0E6-FB1C-0DF4-7A59047BA923}" = ATI Catalyst Install Manager
"{6344718C-AE30-4C86-B5CD-459077A83623}" = Microsoft SQL Server Native Client
"{68660049-8D48-427C-9FF7-139D8340CDC0}" = MSVC80_x64
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{BE29EE5A-C6B7-454B-BE14-2F4AD8E91BB1}" = Microsoft SQL Server VSS Writer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1EF69B7-7A97-40FC-9AF1-6D6656FF874F}" = ATI AVIVO64 Codecs
"{DD73CA82-EA82-38AA-863D-9A24A018DC96}" = Microsoft .NET Framework 3.5 Language Pack SP1 - csy
"{ECDF0939-A653-44D0-8B8E-597B890F45EC}" = Logitech Gaming Software 5.02
"9CD348AE9C64C4B939B624E8E24F3903EFDFC82B" = Balíček ovladače systému Windows - Nokia Modem (05/22/2008 7.00.0.1)
"BC15EA930074932BB2C4B4493C9FD4EA95087D1A" = Balíček ovladače systému Windows - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"C5A76DC11BABDA0A881E7BE8DDEB641365A77FFD" = Balíček ovladače systému Windows - Nokia Modem (05/22/2008 3.

"Microsoft .NET Framework 3.5 Language Pack SP1 - csy" = Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0050078A-A588-AA09-16F6-0993D3CF2911}" = Catalyst Control Center Graphics Full Existing
"{01290A94-851B-8896-E581-031A2EED3E18}" = Catalyst Control Center Graphics Light
"{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{15E48A3A-D289-4F1B-DED6-A1292E49D0DE}" = Catalyst Control Center Localization Czech
"{1A524CFE-DF85-4555-8BC2-0C89DBD8BC2C}" = PC Connectivity Solution
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{3E4A1951-F123-6E0B-7C1D-A0CD7C50F285}" = Catalyst Control Center Core Implementation
"{4893A35F-0A23-48EC-8E74-24969244D6F2}" = Catalyst Control Center - Branding
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56B83336-FBC1-4C46-8613-90A9E3B440D6}" = Six Engine
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{66FF4C48-0083-4E60-8556-B883AB200092}" = Heroes of Might and Magic V - Tribes of the East
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72A42B41-EA14-4630-D647-FF0CFBFC89C0}" = ccc-core-static
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{7C7AC2D4-1077-45C8-826A-16445B5E0DB7}" = Pinnacle DistanTV Server
"{8309cf2d-ac40-4943-bf4c-379e810c4030}" = Nero 9 Essentials
"{90110405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{92C7D009-A464-4948-A980-7A3E28CB2F49}_is1" = Richard Burns Rally
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A8C3710A-0BCA-4F10-9EC3-A302A1F1FA82}" = Nokia PC Suite
"{AC76BA86-7AD7-1029-7B44-A90000000001}" = Adobe Reader 9 - Czech
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B404D5A0-DDED-B8B2-DE74-ED73B90DE130}" = CCC Help Czech
"{B45FABE7-D101-4D99-A671-E16DA40AF7F0}" = Microsoft Games for Windows - LIVE
"{B578C85A-A84C-4230-A177-C5B2AF565B8C}" = Microsoft Games for Windows - LIVE Redistributable
"{B7666229-351B-47D9-AA6F-DF777CF04BBF}" = Caesar IV
"{BA3718A5-6091-3390-EC06-BA55B8DE8A11}" = Catalyst Control Center Graphics Full New
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{C3F19A5F-35A8-4FDB-A6ED-0F4CE398DA48}" = Nokia Connectivity Cable Driver
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{C79A37F3-C076-48BE-B290-F4C8676ABD74}" = Samsung PC Studio 3
"{CC4D622F-B65D-65EB-4CE4-49250F61BD3F}" = Catalyst Control Center Graphics Previews Vista
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EAA984BA-7C90-3B21-FDBF-0B17A3259CA7}" = Skins
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}" = Pinnacle TVCenter Pro
"7-Zip" = 7-Zip 4.62
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Audacity_is1" = Audacity 1.2.6
"CCleaner" = CCleaner (remove only)
"EAX Unified" = EAX Unified
"Farm Frenzy 21.0" = Farm Frenzy 2
"GOM Player" = GOM Player
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.5.3
"Marvell Miniport Driver" = Marvell Miniport Driver
"Mozilla Firefox (3.0.1)" = Mozilla Firefox (3.0.1)
"MUSICMATCH Jukebox" = MUSICMATCH Jukebox
"Nokia PC Suite" = Nokia PC Suite
"OpenAL" = OpenAL
"Totalcmd" = Total Commander (Remove or Repair)

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

pitimir · Příspěvekod **pitimir** » 16 zář 2009 17:25

Dalsi krok, potom pomazeme zbytocnosti:

Stiahni MbAM. Uloz na plochu, otvor "mbam-setup.exe" a nainstaluj. Updatuj. Potom spravis kompletny scan - co program najde, zmaz. Nasledny log vloz sem.

Zee Prime · Příspěvekod **Zee Prime** » 16 zář 2009 22:03

Ahoj, tady je ten log z Malware Bytes, ale zatím žádná změna, mazat nelze:

Malwarebytes' Anti-Malware 1.41
Verze databáze: 2813
Windows 6.0.6002 Service Pack 2

16.9.2009 21:53:42
mbam-log-2009-09-16 (21-53-42).txt

Typ kontroly: Kompletní kontrola (C:\|D:\|E:\|)
Zkontrolované objekty: 245405
Uplynulý čas: 36 minute(s), 40 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 6
Infikované hodnoty registru: 0
Infikované datové položky registru: 1
Infikované adresáře: 2
Infikované soubory: 3

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
HKEY_CLASSES_ROOT\googleplusvideos.bhobridge (Hijack.SearchPage) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1e3cfdfe-79c8-4225-81b9-20fc99da6972} (Hijack.SearchPage) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c8cd2017-f1e5-4f1a-b58a-ee0b1af0d0d8} (Hijack.SearchPage) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c8cd2017-f1e5-4f1a-b58a-ee0b1af0d0d8} (Hijack.SearchPage) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c8cd2017-f1e5-4f1a-b58a-ee0b1af0d0d8} (Hijack.SearchPage) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\googleplusvideos.bhobridge.1 (Hijack.SearchPage) -> Quarantined and deleted successfully.

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infikované adresáře:
C:\Program Files (x86)\Live_TV (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Online_Radio_TB (Trojan.Agent) -> Quarantined and deleted successfully.

Infikované soubory:
C:\Program Files (x86)\GooglePlusVideos\16.GooglePlusVideos.dll (Hijack.SearchPage) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Live_TV\INSTALL.LOG (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files (x86)\Online_Radio_TB\INSTALL.LOG (Trojan.Agent) -> Quarantined and deleted successfully.

pitimir · Příspěvekod **pitimir** » 17 zář 2009 18:29

Co nelze mazat? Aby sme sa chapali :)
Myslel si mazat subory (teda tvoj problem s PC), alebo mazat v MbAMe (co podla logu ide)?

Zee Prime · Příspěvekod **Zee Prime** » 17 zář 2009 19:59

Pořád nelze smazat soubory. To, co se objevilo v logu, program smazal, ale soubory stále odolávají a to všechny typy...

pitimir · Příspěvekod **pitimir** » 17 zář 2009 20:19

1) Este som to neskusal na 64-bite, snad to pojde:
Stiahni SRENG. Spust program, klikni na "System Repair" -> "File Association". Tu zafajknes vsetky, ktore maju Error Status a klik na "Repair".

2) Skopiruj do policka pod nazvom "Custom Scans/Fixes":

Kód: Vybrat vše

:otl
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.europowersearch.com/Search.h ... rchLang=CZ
IE - HKU\S-1-5-21-1600578981-3844651555-2168284247-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-1600578981-3844651555-2168284247-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.europowersearch.com/Search.h ... rchLang=CZ
O3 - HKLM\..\Toolbar: (no name) - {0508F8F1-08E3-43EE-AAA8-09AD09803084} - No CLSID value found.
O3 - HKU\S-1-5-21-1600578981-3844651555-2168284247-1000\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4 - HKLM..\Run: [NWEReboot] File not found
O4 - HKU\S-1-5-21-1600578981-3844651555-2168284247-1000..\Run: [PMCRemote] File not found
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O18:64bit: - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Filter: - text/xml - Reg Error: Key error. File not found
O33 - MountPoints2\{71b9bb65-5d92-11dd-9b11-0022151b4d53}\Shell\AutoRun\command - "" = F:\Autorun.exe -- File not found
O33 - MountPoints2\{c04bb846-59d5-11dd-aea2-806e6f6e6963}\Shell\AutoRun\command - "" = D:\.\Bin\Assetup.exe -- File not found
O33 - MountPoints2\{f46c5ee7-6b95-11dd-8165-00221549df36}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found

:commands
[emptytemp]
[reboot]

Klikni na "Run Fix". Program zacne pracovat, mozny je restart PC. Po nom by sa ti mal objavit log, ten by som rad videl.

Zee Prime · Příspěvekod **Zee Prime** » 17 zář 2009 20:58

Tak tady jsem se trochu zasekl. Bod 1 OK, žádná položka neměla status Error, samé Normal.
Ale kam mám zkopírovat ten kód v bodu dvě? Program normálně běží, ale "Custom Scans/Fixes" jsem nikde nenašel. A nápověda je v tatarštině.

pitimir · Příspěvekod **pitimir** » 17 zář 2009 21:17

:)
Prepac, bod c.2 patri k OTL. Donho treba skopirovat ten text.

Zee Prime · Příspěvekod **Zee Prime** » 17 zář 2009 21:32

Tak tady je ten log:

All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Extensions Off Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Security Risk Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Extensions Off Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Security Risk Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Unable to set value : HKU\S-1-5-21-1600578981-3844651555-2168284247-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E!
Unable to set value : HKU\S-1-5-21-1600578981-3844651555-2168284247-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0508F8F1-08E3-43EE-AAA8-09AD09803084} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0508F8F1-08E3-43EE-AAA8-09AD09803084}\ not found.
Registry value HKEY_USERS\S-1-5-21-1600578981-3844651555-2168284247-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NWEReboot deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1600578981-3844651555-2168284247-1000\Software\Microsoft\Windows\CurrentVersion\Run\\PMCRemote deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\Windows\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ deleted successfully.
File Protocol\Handler\msdaipp - No CLSID value found not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{71b9bb65-5d92-11dd-9b11-0022151b4d53}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{71b9bb65-5d92-11dd-9b11-0022151b4d53}\ not found.
File F:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c04bb846-59d5-11dd-aea2-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c04bb846-59d5-11dd-aea2-806e6f6e6963}\ not found.
File D:\.\Bin\Assetup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f46c5ee7-6b95-11dd-8165-00221549df36}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f46c5ee7-6b95-11dd-8165-00221549df36}\ not found.
File E:\AutoRun.exe not found.
File ptytemp] not found.
File boot] not found.

OTL by OldTimer - Version 3.0.14.0 log created on 09172009_212058

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Ve Win Vista nelze mazat soubory Vyřešeno

Ve Win Vista nelze mazat soubory

Re: Ve Win Vista nelze mazat soubory

Re: Ve Win Vista nelze mazat soubory

Re: Ve Win Vista nelze mazat soubory

Re: Ve Win Vista nelze mazat soubory

Re: Ve Win Vista nelze mazat soubory

Re: Ve Win Vista nelze mazat soubory

Re: Ve Win Vista nelze mazat soubory

Re: Ve Win Vista nelze mazat soubory

Re: Ve Win Vista nelze mazat soubory

Re: Ve Win Vista nelze mazat soubory

Re: Ve Win Vista nelze mazat soubory

Kdo je online