po zapnutí Pc není nainstalovaná síť, takže nejede internet

Sekce věnovaná virům a jiným škodlivým kódům, rovněž ale nástrojům, kterým se lze proti nim bránit…

Moderátoři: Mods_senior, Security team

Odpovědět
Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43294
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: po zapnutí Pc není nainstalovaná síť, takže nejede internet

Příspěvekod jaro3 » 11 led 2010 20:09

Vypni si natrvalo rez. ochranu u Spybot-S&D

Poklepej na ikonu OTL na ploše.Ujisti se , že máš všechny ostatní aplikace a prohlížeče zavřeny.
Pod Custom Scans/Fixes do okénka vlož následující text, zobrazený zeleně:

Kód: Vybrat vše

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SYSTEM32\blank.htm
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:blank"
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 11489 more lines...
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [Nektra OEAPI] File not found
O4 - HKCU..\Run: [OEXPRESS] File not found
O4 - HKCU..\Run: [WEBTRAN] File not found
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbar present
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} http://www.celartem.com/en/download/dat ... _en_US.cab (DjVuCtl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/f ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found

:Files
C:\Windows\logo_1.exe
C:\Windows\SysWow64\eEmpty.exe
C:\32788R22FWJFW
C:\ProgramData\McAfee
C:\ProgramData\McAfee Security Scan
C:\ProgramData\NOS
C:\ProgramData\nvModes.dat
C:\ProgramData\nvModes.001
C:\Windows\tasks\SA.DAT
C:\Windows\bthservsdp.dat
C:\Windows\Lic.xxx
C:\Windows\SysWow64\eEmpty.exe
C:\ProgramData\ezsidmv.dat

:Reg
:Commands
[resethosts]
[purity]
[emptytemp]
[start explorer]
[Reboot]


Poté klikni nahoře na Run Fix. Nech program nerušeně běžet, na konci se provede restart PC.
Po restartu se objeví log , prosím zkopíruj sem celý jeho obsah.

Toto otestuj na Virustotal
C:\Windows\GSetup.ini
C:\Windows\GVTDrv64.sys
Vlož sem pak odkazy na stránky s výsledky.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Nahoru
Reklama
Top
Uživatelský avatar
Drobek
nováček
Příspěvky: 14
Registrován: leden 10
Pohlaví: Muž
Stav:
Offline

Re: po zapnutí Pc není nainstalovaná síť, takže nejede internet

Příspěvekod Drobek » 14 led 2010 16:49

Ahoj. Trochu rekapitulace z poslednich dnu. Udelal jsem vse co tu bylo uvedene. Vysledek ale byl, ze pokud jsem chtel net, musel jsem odinstalovat a nebo naopak nainstalovat ovladace. Po jakemkoli restartu jsem o sit prichazel. Prubezne jsem scanoval a mazal smejdy, ktere programy nasly jako potencialni hrozbu vcetne haveti z emailu. V utery jsem musel odjet a tak jsem pocitac vypnul a odjel. Dnes jsem prijel, pocitac zapnul a sit drzi. Udelal jsem opet vse podle navodu. Jenze log z OTL po restartu pc nevyskocil.Ale i kdyz jsem absolvoval restart, sit stale jede. Zatim. To je super vysledek ale nevim na jak dlouho- minule to bylo do prvniho restartu. V prubehu techto kroku jsem prisel o bezdratovou klavesnici i mys. Tak jsem reinstaloval a nyni jede alespon mys. Klavesnice si ani nevrzne. Vzhledem k tomu, ze je to sada, tak je to divne, ale potrebuji pc a tak to zatim neresim.Jeste koupim nove baterky do klavesnice- pro jistotu a uvidim. Tady je odkaz na ty vysledky. http://www.virustotal.com/cs/analisis/5 ... 1263481915
http://www.virustotal.com/cs/analisis/a ... 1263482226

Zatim diky a zajima me, co s tim dal. A take v cem byl problem a nebo mohl byt. Abych si to umel priste pohlidat.Pekny den. Drobek
Drobek.Petr
Nahoru
Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43294
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: po zapnutí Pc není nainstalovaná síť, takže nejede internet

Příspěvekod jaro3 » 15 led 2010 19:55

Nákazy si asi nepohlídáš, mohou se objevit nové , na které bude platit zase něco jiného.

Ten log z OTL bys měl mít ve stejném místě jako program OTL.

stáhni SuperAntiSpyware
aktualizuj databázi , proveď sken a následně nákazy smaž

Spusť F-Secure Online Scanner z odkazu.
http://support.f-secure.com/enu/home/ols.shtml

Tento skener je možno použít jen v prohlížeči Internet Explorer! Postupuj podle instrukcí na stránce F-Secure pro správnou instalaci. Akceptuj licenci. Po instalaci ActiveX, klikni na Full System Scan. Když stahování skončeno, automaticky začne sken . Vyčkej konce skenu, po jeho dobu neprováděj jiné operace ani neklikej myší. Když skončí sken klikni na tlačítko Automatic clearing (recommended). Poté klikni na tlačítko Show Report a zkopíruj a vlož sem .
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Nahoru
Uživatelský avatar
Drobek
nováček
Příspěvky: 14
Registrován: leden 10
Pohlaví: Muž
Stav:
Offline

Re: po zapnutí Pc není nainstalovaná síť, takže nejede internet

Příspěvekod Drobek » 20 led 2010 22:46

Ahoj. Tak zase rekapitulace. Po nekolika dnech s internetem jsem o neho zase dneska rano prisel. Rano jsem pustil pc a zase oblibena hlaska nemate sit. Tak jsem pustil AVPTool a 6,5 hodiny scanoval. Nasel 9 infekci a smazal je, ale nedal mi report. Potreboval jsem rano neco tisknout, ale neslo to. Tiskarna se prepinala na vedlejsi zasobnik papiru a netisknuly se mi barvy. Tak jsem to vytiskl cernobile a nechal jet scan. odpoledne jsem odinstaloval sit, scan mezitim dojel. Pustil jsem ty testy, co jsi psal, udelaly se a chtelo to restart. Po restartu jsem doinstaloval sit a znovu restartoval. A ejhle, ukazalo se mi, ze Software ovladace Realtec PCIE GBE Family Controler byl uspesne nainstalovany. A tak jsem opet na netu. Projel jsem i ten test s Real scanerem, ale nic se nenaslo. log prilozim na konec meho textu. Hledal jsem i drive pozadovane vysledky toho OTL ale nasel jsem jen stary log a nevim, jestli je to k necemu. Takze tady prikladam log z toho online scaneru a nevim co dal.Nekde mi ten smejd sedi a stale znova se aktivuje a ja nevim cim. Vcera jsem byl na Skypu a predevcirem na facebooku. Jestli si od tam taham havet, to nevim, ale treba ti to pomuze. Pocitac mam udelany na dva profily. Vetsinou pracuji z pomocneho profilu, ale vsechny opravy a testy na nem nejedou a tak neco delam i z profilu s pravy administratora. Na pomocnem profilu mi nejede prekladac internetovych stranek, jede jen na administratorskem profilu. A pri nacitani nekterych stranek v exploreru si to chce instalovat adobe flash cosi, ale s kazdou navstevou i stejne stranky se to znova a znova instaluje a obcas se explorer po instalaci adobe flas cosi ani nespusti. Po instalaci to chce znovu nacist doplnek a znovu se to chce instalovat, takze ve finale jdu jinam. Proste me to na nekterzch strankach nepusti instalovat doplnky a bez doplnku se na to neda koukat takze musim pryc. Nemam rad, kdyz nevim, co s tim, ale proste nevim.

Hlášení kontroly
Středa, Leden 20, 2010 20:21:44 - 20:57:09
Název počítače: PCI7
Typ kontroly: Kontrolovat systém na přítomnost malwaru, spywaru a programů rootkit
Cíl: C:\ D:\ E:\ F:\ G:\


--------------------------------------------------------------------------------

Nebyl nalezen žádný malware.

--------------------------------------------------------------------------------

Statistika
Kontrolováno:
Soubory: 123448
Systém: 8156
Nekontrolováno: 26
Akce:
Vyléčeno: 0
Přejmenováno: 0
Odstraněno: 0
Nevyčištěno: 0
Odesláno: 0
Nekontrolované soubory:
C:\WINDOWS\SYSTEM32\CONFIG\COMPONENTS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\COMPONENTS
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SAM
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SYSTEM
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\REGBACK\SOFTWARE
C:\WINDOWS\SYSTEM32\CATROOT2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\CATDB
C:\WINDOWS\SYSTEM32\CATROOT2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATDB
C:\USERS\ALL USERS\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\787E3920F296641B03CF47753510D46B_91346D08-BADE-4452-B25E-AD31B13E2412
C:\USERS\ADMINISTRATOR-0\APPDATA\LOCAL\GOOGLE\GOOGLE DESKTOP\B85DB24A1092\DBDAO
C:\USERS\ADMINISTRATOR-0\APPDATA\LOCAL\GOOGLE\GOOGLE DESKTOP\B85DB24A1092\DBEAO
C:\USERS\ADMINISTRATOR-0\APPDATA\LOCAL\GOOGLE\GOOGLE DESKTOP\B85DB24A1092\DBDAM
C:\USERS\ADMINISTRATOR-0\APPDATA\LOCAL\GOOGLE\GOOGLE DESKTOP\B85DB24A1092\DBEAM
C:\USERS\ADMINISTRATOR-0\APPDATA\LOCAL\GOOGLE\GOOGLE DESKTOP\B85DB24A1092\HP
C:\USERS\ADMINISTRATOR-0\APPDATA\LOCAL\GOOGLE\GOOGLE DESKTOP\B85DB24A1092\DBM
C:\PROGRAMDATA\MICROSOFT\CRYPTO\RSA\MACHINEKEYS\787E3920F296641B03CF47753510D46B_91346D08-BADE-4452-B25E-AD31B13E2412
C:\PROGRAM FILES (X86)\AVG\AVG9\TOOLBAR\FIREFOX\SP.XML
C:\BOOT\BCD
C:\$AVG\$CHJW\51E713B6-8659-44C7-A646-DD2360EC2FA5
C:\$AVG\$CHJW\78224F38-5DC2-4517-BEE6-4223D23A55FC

--------------------------------------------------------------------------------

Možnosti
Moduly kontroly:
Možnosti kontroly:
Kontrolovat určené soubory: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
Používat pokročilou heuristiku
Naposledy upravil(a) Drobek dne 22 led 2010 10:22, celkem upraveno 1 x.
Drobek.Petr
Nahoru
Uživatelský avatar
Damned
Tvůrce článků
Master Level 9
Master Level 9
Příspěvky: 8353
Registrován: prosinec 06
Bydliště: Rokycany
Pohlaví: Muž
Stav:
Offline
Kontakt:
Kontaktovat uživatele Damned

Re: po zapnutí Pc není nainstalovaná síť, takže nejede internet

Příspěvekod Damned » 20 led 2010 23:03

Vypni Body obnovení.

Stáhni si :Dr. Web CureIt nebo z http://www.majorgeeks.com/Dr.Web_CureIT_d4783.html dej update , po aktualizaci dej start.

Tlačítky dole můzeš soubor léčit, smazat, přesunout nebo přejmenovat.Pak napiš výsledek. Sken může trvat dlouho. Nalezenou infekci nejdříve léčit, potom teprve smazat. Pokud něco najde ve složce System Volume Information, tak smazat.
Nic není nemožné, proto tam, kde jsme s rozumem v koncích, neváháme použít kladivo.
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Nahoru
Uživatelský avatar
Drobek
nováček
Příspěvky: 14
Registrován: leden 10
Pohlaví: Muž
Stav:
Offline

Re: po zapnutí Pc není nainstalovaná síť, takže nejede internet

Příspěvekod Drobek » 21 led 2010 19:18

Ahoj. Tak jsem od vcerejsiho vecera delal test v programu drweb. Ted mi pocitac oznamil, ze program prestal pracovat a byl ukoncen. Protoze test bezel skoro 24hod, tak me to trosku stve. Log nemam. Log s oznacenim Curelt ma velikost 702 m a nejde otevrit, protoze je prilis veliky - mi to pise. Udelal jsem jeste sken mbam a nasly se 3 smejdy. Delam sken MWav a ten zatim nasel 18 smejdu ale jeste jede tak az to skonci, dam sem tyto logy, pokud ti to bude k necemu. Obnovu systemu mam vypnutou uz od vanoc.

Tohle mi MWAv zatim nasel:

Objekt "Windows Police PRO Corrupted Adware/Spyware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "Windows Police PRO Corrupted Adware/Spyware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "Windows Police PRO Corrupted Adware/Spyware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "Windows Police PRO Corrupted Adware/Spyware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "Windows Police PRO Corrupted Adware/Spyware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "Windows Police PRO Corrupted Adware/Spyware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "Windows Police PRO Corrupted Adware/Spyware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "Windows Police PRO Corrupted Adware/Spyware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "Windows Police PRO Corrupted Adware/Spyware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "Windows Police PRO Corrupted Adware/Spyware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "Windows Police PRO Corrupted Adware/Spyware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "Windows Police PRO Corrupted Adware/Spyware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "Windows Police PRO Corrupted Adware/Spyware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "Windows Police PRO Corrupted Adware/Spyware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "CoolWebSearch parasite variant Spyware/Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Objekt "RegSort Corrupted Adware/Spyware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" odkazuje na neplatný objekt "C:\Windows\Downloaded Program Files\gp.ocx". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" odkazuje na neplatný objekt "C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\8.1.1.50-8876480SL\Program\PrvCnt.exe". Provedené akce: Ponecháno, neodstraněno!.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".org". Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\Users\Administrator-0\DoctorWeb\Quarantine\actualsp0.exe je infikovaný virem Trojan.Actualspy.AD (DB) !! Provedené akce: Ponecháno, neodstraněno!.
Soubor C:\Users\Petr\DoctorWeb\Quarantine\actualsp0.exe je infikovaný virem Trojan.Actualspy.AD (DB) !! Provedené akce: Ponecháno, neodstraněno!.
Soubor E:\2008-06-19-Thunderbird-data\data1\mozila adresar\Inbox je infikovaný virem Trojan.Pandex.AC (DB) !! Provedené akce: Ponecháno, neodstraněno!.
Soubor E:\2008-06-19-Thunderbird-data\data1\mozila adresar\Inbox.sbd\dorucenky je infikovaný virem Trojan.Downloader.Bredolab.AZ (DB) !! Provedené akce: Ponecháno, neodstraněno!.
Soubor E:\2008-06-19-Thunderbird-data\data1\mozila adresar\Inbox.sbd\ZZZ-nevyzadana posta je infikovaný virem Trojan.Dropper.Kobcka.Gen.1 (DB) !! Provedené akce: Ponecháno, neodstraněno!.
Soubor E:\2008-06-19-Thunderbird-data\data1\mozila adresar\Inbox.sbd\ZZZ-nevyzadana posta.sbd\co-uk je infikovaný virem Trojan.Downloader.Bredolab.Q (DB) !! Provedené akce: Ponecháno, neodstraněno!.
Soubor E:\2008-06-19-Thunderbird-data\data1\mozila adresar\Inbox.sbd\ZZZ-nevyzadana posta.sbd\de je infikovaný virem Trojan.Generic.2227045 (DB) !! Provedené akce: Ponecháno, neodstraněno!.
Soubor E:\2008-06-19-Thunderbird-data\data1\mozila adresar\Inbox.sbd\ZZZ-nevyzadana posta.sbd\ua je infikovaný virem Trojan.Agent.ANCG (DB) !! Provedené akce: Ponecháno, neodstraněno!.
Soubor E:\2008-06-19-Thunderbird-data\data1\mozila adresar\Trash je infikovaný virem Trojan.Generic.2225600 (DB) !! Provedené akce: Ponecháno, neodstraněno!.
Soubor E:\2008-06-19-Thunderbird-data\data4\Trash je infikovaný virem Win32.Warezov.XM.m (DB) !! Provedené akce: Ponecháno, neodstraněno!.

Tak jaky je dalsi krok?

Diky.

Drobek.Petr
Drobek.Petr
Nahoru
Uživatelský avatar
Drobek
nováček
Příspěvky: 14
Registrován: leden 10
Pohlaví: Muž
Stav:
Offline

Re: po zapnutí Pc není nainstalovaná síť, takže nejede internet

Příspěvekod Drobek » 22 led 2010 10:14

Damned píše:Vypni Body obnovení.

Stáhni si :Dr. Web CureIt nebo z http://www.majorgeeks.com/Dr.Web_CureIT_d4783.html dej update , po aktualizaci dej start.

Tlačítky dole můzeš soubor léčit, smazat, přesunout nebo přejmenovat.Pak napiš výsledek. Sken může trvat dlouho. Nalezenou infekci nejdříve léčit, potom teprve smazat. Pokud něco najde ve složce System Volume Information, tak smazat.



Udelal jsem vse dle navodu a pridal k tomu jeste dalsi testy. mbam a mwav, vecer jsem mel celkem 40 smejdu oznacenych jako hrozba. Kdyz se delal test dr.Web, tak byl sam od sebe predcasne ukonceny. Tak jsem si stahl novejsi verzi. Az se dodelaly vsechny testy, pustil jsem dr.web a spadl mi cely pc. Napsalo mi to, ze systemovy soubor dwprot.sys nebyl nalezen. Tak jsem dr.veb smazal a pustil jsem na noc test AVP tool a sel spat. A rano jsem zjistil, ze mi pc nejde spustit. PISE MI TO, ZE chybi dulezity systemovy ovladac Windows\system32\drivers\spiderg3.sys a mam tam dat instalacni cd a restartovat a zvolit opravit.

jsem tu ted y jineho pc. Asi na me ceka formatovani c a nova cista instalace. A nebo existuje nejaky rychlejsi zpusob jak to rozchodit? Diky. Drobek
Drobek.Petr
Nahoru
Uživatelský avatar
Drobek
nováček
Příspěvky: 14
Registrován: leden 10
Pohlaví: Muž
Stav:
Offline

Re: po zapnutí Pc není nainstalovaná síť, takže nejede internet

Příspěvekod Drobek » 25 led 2010 11:27

jaro3 píše:Návod na fix:
viewtopic.php?f=70&t=5119

Takže pokračuj takto:

Stáhni si OTL
na plochu. Ujisti se , že máš zavřena všechna ostatní okna a poklepej na ikonu OTL.Nahoře v okně pod Output klikni na minimal Output.Pod Standard Registry změň na All.. Zatrhni LOP Check a Purity Check. Klikni na Run Scan. Všechny ostatní nastavení ponech jak jsou. Sken může trvat dlouho, až skončí otevřou se dva logy:
OTListIt.Txt
Extras.Txt
Jsou uloženy ve stejném místě jako OTL. Oba logy sem prosím zkopíruj.


Ahoj. Vyvoj poslednich dnu. System spadl. a nesel nastartovat. Tak jsem na jiny disk nainstaloval visty, presunul jsem si soubory a cely disk c jsem sformatoval a udelal cistou instalaci. Ovsem pripojit se na internet opet nemohu. Slo to nachvilku ale po restartu opet nic. Ale nic moc nemam naistalovane, takze testy jsou rychle. Tady jsou logy z OTL. Dr web nic nenasel, rekl, ze je co ciste. Vcera v noci jel AVP Tool aby smazal viry v poste. Ale neumim z neho vytahnout log. Jen mi to nakonci udela report a ukaze, co vse odstranil.Pouzivam i Noadware5 na zjisteni cest s hrozbou a ten mi nasel to co OTL. A tak jsem zase tady. Nic jsem nesmazal, aby bylo jasne, kde co sedi. Obnova systemu je vypnuta. Moje soubory jsou na jinych discich, takze skody snad nebudou zadne. Prosim o radu, jak tu mrchu najit a jak ji zablokovat a posleze smazat. Take by me zajimalo, cim smazat viry v Thundrbirdu, hned jak mi prijdou. To se obcas presune do avg trezoru ale AVP Tool je stejne najde a oznaci jako hrozby. Diky predem. Drobek


Tady jsou ty logy: OTL logfile created on: 25.1.2010 10:58:15 - Run 1
OTL by OldTimer - Version 3.1.21.0 Folder = C:\Users\Petr-Wista-64\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

6,00 Gb Total Physical Memory | 4,00 Gb Available Physical Memory | 71,00% Memory free
12,00 Gb Paging File | 11,00 Gb Available in Paging File | 88,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 216,80 Gb Total Space | 200,28 Gb Free Space | 92,38% Space Free | Partition Type: NTFS
Drive D: | 249,02 Gb Total Space | 248,92 Gb Free Space | 99,96% Space Free | Partition Type: NTFS
Drive E: | 465,69 Gb Total Space | 465,58 Gb Free Space | 99,98% Space Free | Partition Type: NTFS
Drive F: | 149,05 Gb Total Space | 28,34 Gb Free Space | 19,01% Space Free | Partition Type: NTFS
Drive G: | 465,76 Gb Total Space | 258,61 Gb Free Space | 55,52% Space Free | Partition Type: NTFS
Drive H: | 465,76 Gb Total Space | 385,35 Gb Free Space | 82,74% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: PCI7-02
Current User Name: Petr-Wista-64
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSMonitor.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG9\avgfws9.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG9\avgam.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Users\Petr-Wista-64\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\LG Soft India\forteManager\bin\Monitor.exe ()
PRC - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)


========== Modules (SafeList) ==========

MOD - C:\Users\Petr-Wista-64\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (avg9wd) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgfws9) -- C:\Program Files (x86)\AVG\AVG9\avgfws9.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg9emc) -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2006.11.02 14:34:14 | 00,000,000 | ---D | M]
SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
SRV - (VSS) -- C:\Windows\SysWOW64\wbem\vss.mof ()


========== Driver Services (SafeList) ==========

DRV:64bit: - (AvgTdiA) -- C:\Windows\SysNative\Drivers\avgtdia.sys ()
DRV:64bit: - (AvgMfx64) -- C:\Windows\SysNative\Drivers\avgmfx64.sys ()
DRV:64bit: - (AVGIDSErHrvta) -- C:\Windows\SysNative\Drivers\AVGIDSva.sys ()
DRV:64bit: - (Avgfwfd) -- C:\Windows\SysNative\DRIVERS\avgfwd6a.sys ()
DRV:64bit: - (AvgLdx64) -- C:\Windows\SysNative\Drivers\avgldx64.sys ()
DRV:64bit: - (AvgRkx64) -- C:\Windows\SysNative\Drivers\avgrkx64.sys ()
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys ()
DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys ()
DRV - (AVGIDSDrivervta) -- C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista64\AVGIDSDriver.sys (AVG Technologies )
DRV - (AVGIDSFiltervta) -- C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista64\AVGIDSFilter.sys (AVG Technologies )
DRV - (LGII2CDevice) -- C:\Program Files (x86)\LG Soft India\forteManager\bin\PII2CDriver.sys ()
DRV - (LGDDCDevice) -- C:\Program Files (x86)\LG Soft India\forteManager\bin\I2CDriver.sys ()
DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()
DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: (761 bytes) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKCU..\Run: [ISUSPM Startup] C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysNative\NLAapi.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysNative\napinsp.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysNative\winrnr.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\mswsock.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Společnost Microsoft)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\msvidctl.dll ()
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll ()
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll ()
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll ()
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\msvidctl.dll ()
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll ()
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll ()
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll ()
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll ()
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe ()
O20:64bit: - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysNative\shell32.dll ()
O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysNative\sysdm.cpl ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysWow64\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysWow64\sysdm.cpl (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysNative\webcheck.dll ()
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysNative\browseui.dll ()
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysWOW64\browseui.dll (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll ()
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll ()
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll ()
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll ()
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll ()
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll ()
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.08.23 20:19:54 | 00,000,000 | ---D | M] - G:\auto diagnostika -- [ NTFS ]
O32 - AutoRun File - [2009.08.23 18:11:54 | 00,000,000 | ---D | M] - G:\autodiagnostika -- [ NTFS ]
O33 - MountPoints2\{44e8c12f-0931-11df-9876-8dc001c1ba67}\Shell\AutoRun\command - "" = J:\setupSNK.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.01.25 10:56:12 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Users\Petr-Wista-64\Desktop\OTL.exe
[2010.01.25 10:05:03 | 00,000,000 | ---D | C] -- C:\Users\Petr-Wista-64\DoctorWeb
[2010.01.25 09:34:20 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2010.01.25 09:31:34 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\NoAdware
[2010.01.25 09:07:08 | 00,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\avg
[2010.01.25 09:04:41 | 00,575,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2010.01.25 09:04:41 | 00,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2010.01.25 09:04:41 | 00,035,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll
[2010.01.25 09:04:36 | 00,171,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2010.01.25 09:04:36 | 00,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2010.01.25 09:03:43 | 00,000,000 | ---D | C] -- C:\Users\Petr-Wista-64\{d315d246-53f1-42d9-8fe0-0c075c1d61f6}
[2010.01.25 08:39:17 | 00,000,000 | -H-D | C] -- C:\$AVG
[2010.01.25 08:39:10 | 00,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\Avg
[2010.01.25 08:38:46 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2010.01.25 08:38:45 | 00,000,000 | ---D | C] -- C:\ProgramData\avg9
[2010.01.25 00:30:47 | 00,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2010.01.25 00:25:40 | 00,000,000 | ---D | C] -- C:\Windows\VDLL.DLL
[2010.01.25 00:25:40 | 00,000,000 | ---D | C] -- C:\Windows\SysWow64\runouce.exe
[2010.01.25 00:25:40 | 00,000,000 | ---D | C] -- C:\Windows\rundll16.exe
[2010.01.25 00:25:40 | 00,000,000 | ---D | C] -- C:\Windows\RUNDL132.EXE
[2010.01.25 00:25:40 | 00,000,000 | ---D | C] -- C:\Windows\logo1_.exe
[2010.01.25 00:25:40 | 00,000,000 | ---D | C] -- C:\Windows\logo_1.exe
[2010.01.25 00:23:18 | 00,632,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr80.dll
[2010.01.25 00:23:17 | 00,554,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp80.dll
[2010.01.25 00:23:16 | 00,034,048 | ---- | C] (MicroWorld Technologies Inc.) -- C:\Windows\SysWow64\eEmpty.exe
[2010.01.25 00:23:13 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MicroWorld
[2010.01.25 00:23:12 | 00,000,000 | ---D | C] -- C:\ProgramData\MicroWorld
[2010.01.25 00:16:58 | 00,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2010.01.25 00:16:58 | 00,000,000 | ---D | C] -- C:\Program Files\Realtek
[2010.01.25 00:16:41 | 00,525,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\DIFxAPI.dll
[2010.01.25 00:16:39 | 00,531,032 | ---- | C] (Creative Technology Ltd.) -- C:\Windows\SysWow64\MBAPO32.dll
[2010.01.25 00:16:37 | 00,838,176 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll
[2010.01.25 00:16:37 | 00,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2010.01.25 00:06:30 | 00,000,000 | ---D | C] -- C:\Windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP
[2010.01.25 00:05:29 | 03,310,184 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2010.01.25 00:05:27 | 11,197,032 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2010.01.25 00:05:27 | 07,614,056 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2010.01.25 00:05:27 | 02,169,448 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2010.01.25 00:05:26 | 01,997,416 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2010.01.25 00:05:26 | 01,714,792 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2010.01.25 00:05:26 | 01,074,280 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2010.01.24 23:23:51 | 00,025,344 | R--- | C] (LG Soft India) -- C:\Windows\SysWow64\LGDispDrv.dll
[2010.01.24 23:23:51 | 00,002,944 | R--- | C] (LG Soft India) -- C:\Windows\SysWow64\LgExport.dll
[2010.01.24 23:23:51 | 00,000,000 | ---D | C] -- C:\ProgramData\InstallShield
[2010.01.24 23:23:47 | 00,061,440 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\SysWow64\ISUSPM.cpl
[2010.01.24 23:23:47 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\LG Soft India
[2010.01.24 23:23:22 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2010.01.24 23:19:26 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Lavalys
[2010.01.24 23:05:42 | 00,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2010.01.24 23:04:48 | 00,068,200 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2010.01.24 23:04:42 | 11,639,400 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2010.01.24 22:32:57 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2010.01.24 22:32:07 | 00,000,000 | -HSD | C] -- C:\Windows\Installer
[2010.01.24 22:32:07 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2010.01.24 07:35:24 | 00,000,000 | ---D | C] -- C:\Users\Petr-Wista-64\AppData\Roaming\InstallShield
[2010.01.24 07:30:23 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\GIGABYTE
[2010.01.24 07:03:54 | 00,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2010.01.24 07:03:08 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2010.01.24 07:02:27 | 00,000,000 | ---D | C] -- C:\NVIDIA
[2010.01.24 07:01:26 | 00,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2010.01.24 07:01:26 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2010.01.24 06:49:10 | 00,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2010.01.24 06:49:10 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2010.01.24 06:48:57 | 00,000,000 | ---D | C] -- C:\Intel
[2010.01.23 22:34:23 | 00,000,000 | R--D | C] -- C:\Users\Petr-Wista-64\Searches
[2010.01.23 22:34:16 | 00,000,000 | ---D | C] -- C:\Users\Petr-Wista-64\AppData\Roaming\Identities
[2010.01.23 22:34:15 | 00,000,000 | R--D | C] -- C:\Users\Petr-Wista-64\Contacts
[2010.01.23 22:34:14 | 00,000,000 | ---D | C] -- C:\Users\Petr-Wista-64\AppData\Local\VirtualStore
[2010.01.23 22:34:11 | 00,000,000 | --SD | C] -- C:\Users\Petr-Wista-64\AppData\Roaming\Microsoft
[2010.01.23 22:34:11 | 00,000,000 | R--D | C] -- C:\Users\Petr-Wista-64\Videos
[2010.01.23 22:34:11 | 00,000,000 | R--D | C] -- C:\Users\Petr-Wista-64\Saved Games
[2010.01.23 22:34:11 | 00,000,000 | R--D | C] -- C:\Users\Petr-Wista-64\Pictures
[2010.01.23 22:34:11 | 00,000,000 | R--D | C] -- C:\Users\Petr-Wista-64\Music
[2010.01.23 22:34:11 | 00,000,000 | R--D | C] -- C:\Users\Petr-Wista-64\Links
[2010.01.23 22:34:11 | 00,000,000 | R--D | C] -- C:\Users\Petr-Wista-64\Favorites
[2010.01.23 22:34:11 | 00,000,000 | R--D | C] -- C:\Users\Petr-Wista-64\Downloads
[2010.01.23 22:34:11 | 00,000,000 | R--D | C] -- C:\Users\Petr-Wista-64\Documents
[2010.01.23 22:34:11 | 00,000,000 | R--D | C] -- C:\Users\Petr-Wista-64\Desktop
[2010.01.23 22:34:11 | 00,000,000 | -HSD | C] -- C:\Users\Petr-Wista-64\AppData\Local\Temporary Internet Files
[2010.01.23 22:34:11 | 00,000,000 | -HSD | C] -- C:\Users\Petr-Wista-64\Šablony
[2010.01.23 22:34:11 | 00,000,000 | -HSD | C] -- C:\Users\Petr-Wista-64\Soubory cookie
[2010.01.23 22:34:11 | 00,000,000 | -HSD | C] -- C:\Users\Petr-Wista-64\SendTo
[2010.01.23 22:34:11 | 00,000,000 | -HSD | C] -- C:\Users\Petr-Wista-64\Recent
[2010.01.23 22:34:11 | 00,000,000 | -HSD | C] -- C:\Users\Petr-Wista-64\Okolní tiskárny
[2010.01.23 22:34:11 | 00,000,000 | -HSD | C] -- C:\Users\Petr-Wista-64\Okolní síť
[2010.01.23 22:34:11 | 00,000,000 | -HSD | C] -- C:\Users\Petr-Wista-64\Documents\Obrázky
[2010.01.23 22:34:11 | 00,000,000 | -HSD | C] -- C:\Users\Petr-Wista-64\Nabídka Start
[2010.01.23 22:34:11 | 00,000,000 | -HSD | C] -- C:\Users\Petr-Wista-64\Local Settings
[2010.01.23 22:34:11 | 00,000,000 | -HSD | C] -- C:\Users\Petr-Wista-64\Documents\Hudba
[2010.01.23 22:34:11 | 00,000,000 | -HSD | C] -- C:\Users\Petr-Wista-64\AppData\Local\Historie
[2010.01.23 22:34:11 | 00,000,000 | -HSD | C] -- C:\Users\Petr-Wista-64\Documents\Filmy
[2010.01.23 22:34:11 | 00,000,000 | -HSD | C] -- C:\Users\Petr-Wista-64\Dokumenty
[2010.01.23 22:34:11 | 00,000,000 | -HSD | C] -- C:\Users\Petr-Wista-64\Data aplikací
[2010.01.23 22:34:11 | 00,000,000 | -HSD | C] -- C:\Users\Petr-Wista-64\AppData\Local\Data aplikací
[2010.01.23 22:34:11 | 00,000,000 | -H-D | C] -- C:\Users\Petr-Wista-64\AppData
[2010.01.23 22:34:11 | 00,000,000 | ---D | C] -- C:\Users\Petr-Wista-64\AppData\Local\Temp
[2010.01.23 22:34:11 | 00,000,000 | ---D | C] -- C:\Users\Petr-Wista-64\AppData\Local\Microsoft
[2010.01.23 22:34:11 | 00,000,000 | ---D | C] -- C:\Users\Petr-Wista-64\AppData\Roaming\Media Center Programs
[2010.01.23 22:32:39 | 00,000,000 | -HSD | C] -- C:\ProgramData\Šablony
[2010.01.23 22:32:39 | 00,000,000 | -HSD | C] -- C:\ProgramData\Plocha
[2010.01.23 22:32:39 | 00,000,000 | -HSD | C] -- C:\Users\Public\Documents\Obrázky
[2010.01.23 22:32:39 | 00,000,000 | -HSD | C] -- C:\ProgramData\Oblíbené položky
[2010.01.23 22:32:39 | 00,000,000 | -HSD | C] -- C:\ProgramData\Nabídka Start
[2010.01.23 22:32:39 | 00,000,000 | -HSD | C] -- C:\Users\Public\Documents\Hudba
[2010.01.23 22:32:39 | 00,000,000 | -HSD | C] -- C:\Users\Public\Documents\Filmy
[2010.01.23 22:32:39 | 00,000,000 | -HSD | C] -- C:\ProgramData\Dokumenty
[2010.01.23 22:32:39 | 00,000,000 | -HSD | C] -- C:\ProgramData\Data aplikací
[2010.01.23 22:32:14 | 00,000,000 | ---D | C] -- C:\Windows\Debug
[2010.01.23 22:27:41 | 00,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010.01.23 22:24:45 | 00,000,000 | ---D | C] -- C:\Windows\Prefetch
[2010.01.23 22:24:44 | 00,000,000 | -HSD | C] -- C:\System Volume Information
[2010.01.23 22:23:48 | 00,000,000 | ---D | C] -- C:\Windows\Panther
[2010.01.23 22:23:35 | 00,000,000 | -HSD | C] -- C:\Boot
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.01.25 10:56:57 | 00,786,432 | -HS- | M] () -- C:\Users\Petr-Wista-64\ntuser.dat
[2010.01.25 10:14:13 | 00,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.01.25 10:14:13 | 00,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.01.25 09:35:20 | 01,393,954 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.01.25 09:35:20 | 00,598,646 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2010.01.25 09:35:20 | 00,586,980 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.01.25 09:35:20 | 00,114,786 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2010.01.25 09:35:20 | 00,101,052 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.01.25 09:34:21 | 00,001,736 | ---- | M] () -- C:\Users\Petr-Wista-64\Desktop\CCleaner.lnk
[2010.01.25 09:31:35 | 00,000,863 | ---- | M] () -- C:\Users\Petr-Wista-64\Desktop\NoAdware5.lnk
[2010.01.25 09:29:29 | 00,164,460 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.01.25 09:29:29 | 00,164,460 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.01.25 09:29:09 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.01.25 09:29:08 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.01.25 09:27:59 | 00,524,288 | -HS- | M] () -- C:\Users\Petr-Wista-64\ntuser.dat{f7bae395-092b-11df-b495-c62989196061}.TMContainer00000000000000000001.regtrans-ms
[2010.01.25 09:27:59 | 00,065,536 | -HS- | M] () -- C:\Users\Petr-Wista-64\ntuser.dat{f7bae395-092b-11df-b495-c62989196061}.TM.blf
[2010.01.25 09:23:11 | 01,552,497 | -H-- | M] () -- C:\Users\Petr-Wista-64\AppData\Local\IconCache.db
[2010.01.25 09:07:36 | 00,470,024 | ---- | M] () -- C:\Windows\SysNative\drivers\avgtdia.sys
[2010.01.25 09:07:35 | 00,034,248 | ---- | M] () -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2010.01.25 09:07:35 | 00,012,464 | ---- | M] () -- C:\Windows\SysNative\avgrssta.dll
[2010.01.25 09:07:33 | 00,560,703 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\iavifw.avm
[2010.01.25 09:07:33 | 00,027,144 | ---- | M] () -- C:\Windows\SysNative\drivers\AVGIDSva.sys
[2010.01.25 09:07:30 | 54,629,020 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010.01.25 09:07:10 | 00,029,976 | ---- | M] () -- C:\Windows\SysNative\drivers\avgfwd6a.sys
[2010.01.25 09:07:08 | 00,492,629 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\miniavi.avg
[2010.01.25 09:07:08 | 00,422,920 | ---- | M] () -- C:\Windows\SysNative\drivers\avgldx64.sys
[2010.01.25 09:07:08 | 00,142,495 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\microavi.avg
[2010.01.25 09:07:07 | 00,201,928 | ---- | M] () -- C:\Windows\SysNative\drivers\avgrkx64.sys
[2010.01.25 08:39:17 | 00,001,701 | ---- | M] () -- C:\Users\Public\Desktop\AVG 9.0.lnk
[2010.01.25 08:39:10 | 06,061,540 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\avi7.avg
[2010.01.25 08:39:10 | 00,113,461 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\iavichjw.avm
[2010.01.25 08:18:16 | 00,048,600 | ---- | M] () -- C:\Users\Petr-Wista-64\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.01.25 08:17:33 | 00,227,920 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.01.25 00:23:35 | 00,000,028 | ---- | M] () -- C:\Windows\Lic.xxx
[2010.01.25 00:23:17 | 00,632,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr80.dll
[2010.01.25 00:23:16 | 00,554,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp80.dll
[2010.01.25 00:23:15 | 00,034,048 | ---- | M] (MicroWorld Technologies Inc.) -- C:\Windows\SysWow64\eEmpty.exe
[2010.01.25 00:17:15 | 00,000,159 | RH-- | M] () -- C:\Windows\ctfile.rfc
[2010.01.25 00:16:41 | 00,525,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\DIFxAPI.dll
[2010.01.25 00:08:50 | 00,000,000 | ---- | M] () -- C:\Windows\temp.rom
[2010.01.24 23:23:48 | 00,001,843 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\forteManager.lnk
[2010.01.24 23:23:48 | 00,001,807 | ---- | M] () -- C:\Users\Public\Desktop\forteManager.lnk
[2010.01.24 23:19:28 | 00,000,969 | ---- | M] () -- C:\Users\Petr-Wista-64\Desktop\EVEREST Ultimate Edition.lnk
[2010.01.24 23:02:37 | 00,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2010.01.24 22:37:03 | 00,524,288 | -HS- | M] () -- C:\Users\Petr-Wista-64\ntuser.dat{f7bae395-092b-11df-b495-c62989196061}.TMContainer00000000000000000002.regtrans-ms
[2010.01.24 22:26:31 | 00,000,732 | ---- | M] () -- C:\Users\Petr-Wista-64\AppData\Local\d3d9caps64.dat
[2010.01.24 22:11:03 | 00,524,288 | -HS- | M] () -- C:\Users\Petr-Wista-64\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2010.01.24 22:11:03 | 00,065,536 | -HS- | M] () -- C:\Users\Petr-Wista-64\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2010.01.24 06:53:24 | 00,524,288 | -HS- | M] () -- C:\Users\Petr-Wista-64\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000002.regtrans-ms
[2010.01.23 22:34:11 | 00,000,020 | -HS- | M] () -- C:\Users\Petr-Wista-64\ntuser.ini
[2010.01.23 22:29:16 | 00,063,514 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2010.01.23 22:23:36 | 00,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2010.01.12 05:03:33 | 16,051,304 | ---- | M] () -- C:\Windows\SysNative\nvcompiler.dll
[2010.01.12 05:03:33 | 11,639,400 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2010.01.12 05:03:33 | 00,645,736 | ---- | M] () -- C:\Windows\SysNative\nvudisp.exe
[2010.01.12 05:03:33 | 00,202,344 | ---- | M] () -- C:\Windows\SysNative\nvcod189.dll
[2010.01.12 05:03:33 | 00,068,200 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2010.01.12 05:03:33 | 00,065,640 | ---- | M] () -- C:\Windows\SysNative\OpenCL.dll
[2010.01.12 05:03:33 | 00,009,163 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2010.01.04 00:03:46 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Petr-Wista-64\Desktop\OTL.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.01.25 09:34:21 | 00,001,736 | ---- | C] () -- C:\Users\Petr-Wista-64\Desktop\CCleaner.lnk
[2010.01.25 09:31:35 | 00,000,863 | ---- | C] () -- C:\Users\Petr-Wista-64\Desktop\NoAdware5.lnk
[2010.01.25 09:07:33 | 00,560,703 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\iavifw.avm
[2010.01.25 09:04:49 | 02,621,440 | ---- | C] () -- C:\Windows\SysNative\wucltux.dll
[2010.01.25 09:04:49 | 02,424,024 | ---- | C] () -- C:\Windows\SysNative\wuaueng.dll
[2010.01.25 09:04:49 | 00,057,560 | ---- | C] () -- C:\Windows\SysNative\wuauclt.exe
[2010.01.25 09:04:49 | 00,043,744 | ---- | C] () -- C:\Windows\SysNative\wups2.dll
[2010.01.25 09:04:41 | 00,700,640 | ---- | C] () -- C:\Windows\SysNative\wuapi.dll
[2010.01.25 09:04:41 | 00,098,816 | ---- | C] () -- C:\Windows\SysNative\wudriver.dll
[2010.01.25 09:04:41 | 00,038,112 | ---- | C] () -- C:\Windows\SysNative\wups.dll
[2010.01.25 09:04:36 | 00,185,416 | ---- | C] () -- C:\Windows\SysNative\wuwebv.dll
[2010.01.25 09:04:36 | 00,036,864 | ---- | C] () -- C:\Windows\SysNative\wuapp.exe
[2010.01.25 09:03:35 | 00,210,944 | ---- | C] () -- C:\Windows\SysNative\drivers\Rtlh64.sys
[2010.01.25 09:03:35 | 00,076,288 | ---- | C] () -- C:\Windows\SysNative\RTNUninst64.dll
[2010.01.25 08:39:17 | 00,012,464 | ---- | C] () -- C:\Windows\SysNative\avgrssta.dll
[2010.01.25 08:39:17 | 00,001,701 | ---- | C] () -- C:\Users\Public\Desktop\AVG 9.0.lnk
[2010.01.25 08:39:16 | 00,027,144 | ---- | C] () -- C:\Windows\SysNative\drivers\AVGIDSva.sys
[2010.01.25 08:39:15 | 00,470,024 | ---- | C] () -- C:\Windows\SysNative\drivers\avgtdia.sys
[2010.01.25 08:39:15 | 00,201,928 | ---- | C] () -- C:\Windows\SysNative\drivers\avgrkx64.sys
[2010.01.25 08:39:12 | 00,422,920 | ---- | C] () -- C:\Windows\SysNative\drivers\avgldx64.sys
[2010.01.25 08:39:10 | 54,629,020 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010.01.25 08:39:10 | 06,061,540 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\avi7.avg
[2010.01.25 08:39:10 | 00,492,629 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\miniavi.avg
[2010.01.25 08:39:10 | 00,142,495 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\microavi.avg
[2010.01.25 08:39:10 | 00,113,461 | ---- | C] () -- C:\Windows\SysNative\drivers\Avg\iavichjw.avm
[2010.01.25 08:39:10 | 00,034,248 | ---- | C] () -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2010.01.25 08:38:46 | 00,029,976 | ---- | C] () -- C:\Windows\SysNative\drivers\avgfwd6a.sys
[2010.01.25 00:23:35 | 00,000,028 | ---- | C] () -- C:\Windows\Lic.xxx
[2010.01.25 00:23:16 | 00,000,522 | ---- | C] () -- C:\Windows\SysWow64\Microsoft.VC80.CRT.manifest
[2010.01.25 00:17:15 | 00,188,416 | ---- | C] () -- C:\Windows\SysNative\APOMgr64.DLL
[2010.01.25 00:17:15 | 00,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010.01.25 00:17:15 | 00,088,064 | ---- | C] () -- C:\Windows\SysNative\CmdRtr64.DLL
[2010.01.25 00:17:15 | 00,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2010.01.25 00:17:15 | 00,000,159 | RH-- | C] () -- C:\Windows\ctfile.rfc
[2010.01.25 00:16:40 | 02,719,504 | ---- | C] () -- C:\Windows\SysNative\WavesGUILib.dll
[2010.01.25 00:16:40 | 02,223,392 | ---- | C] () -- C:\Windows\SysNative\drivers\RTKVHD64.sys
[2010.01.25 00:16:40 | 01,692,192 | ---- | C] () -- C:\Windows\SysNative\RtPgEx64.dll
[2010.01.25 00:16:40 | 01,639,456 | ---- | C] () -- C:\Windows\SysNative\RtkAPO64.dll
[2010.01.25 00:16:40 | 00,612,384 | ---- | C] () -- C:\Windows\SysNative\RTSnMg64.cpl
[2010.01.25 00:16:40 | 00,518,896 | ---- | C] () -- C:\Windows\SysNative\SRSTSX64.dll
[2010.01.25 00:16:40 | 00,332,320 | ---- | C] () -- C:\Windows\SysNative\RtlCPAPI64.dll
[2010.01.25 00:16:40 | 00,211,184 | ---- | C] () -- C:\Windows\SysNative\SRSTSH64.dll
[2010.01.25 00:16:40 | 00,198,896 | ---- | C] () -- C:\Windows\SysNative\SRSHP64.dll
[2010.01.25 00:16:40 | 00,155,888 | ---- | C] () -- C:\Windows\SysNative\SRSWOW64.dll
[2010.01.25 00:16:40 | 00,149,536 | ---- | C] () -- C:\Windows\SysNative\RtkCfg64.dll
[2010.01.25 00:16:39 | 02,197,264 | ---- | C] () -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2010.01.25 00:16:39 | 01,201,184 | ---- | C] () -- C:\Windows\SysNative\RTCOM64.dll
[2010.01.25 00:16:39 | 00,607,832 | ---- | C] () -- C:\Windows\SysNative\MBAPO64.dll
[2010.01.25 00:16:39 | 00,475,680 | ---- | C] () -- C:\Windows\SysNative\RtkApi64.dll
[2010.01.25 00:16:39 | 00,363,008 | ---- | C] () -- C:\Windows\SysNative\RTEEP64A.dll
[2010.01.25 00:16:39 | 00,328,096 | ---- | C] () -- C:\Windows\SysNative\FMAPO64.dll
[2010.01.25 00:16:39 | 00,325,904 | ---- | C] () -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2010.01.25 00:16:39 | 00,304,640 | ---- | C] () -- C:\Windows\SysNative\RP3DHT64.dll
[2010.01.25 00:16:39 | 00,304,640 | ---- | C] () -- C:\Windows\SysNative\RP3DAA64.dll
[2010.01.25 00:16:39 | 00,198,656 | ---- | C] () -- C:\Windows\SysNative\RTEED64A.dll
[2010.01.25 00:16:39 | 00,168,864 | ---- | C] () -- C:\Windows\SysNative\AERTAC64.dll
[2010.01.25 00:16:39 | 00,108,960 | ---- | C] () -- C:\Windows\SysNative\AERTAR64.dll
[2010.01.25 00:16:39 | 00,095,744 | ---- | C] () -- C:\Windows\SysNative\RTEEL64A.dll
[2010.01.25 00:16:39 | 00,078,936 | ---- | C] () -- C:\Windows\SysNative\MBWrp64.dll
[2010.01.25 00:16:39 | 00,073,216 | ---- | C] () -- C:\Windows\SysNative\RTEEG64A.dll
[2010.01.25 00:16:39 | 00,066,592 | ---- | C] () -- C:\Windows\SysNative\RCoInst64.dll
[2010.01.25 00:16:39 | 00,064,600 | ---- | C] () -- C:\Windows\SysNative\MBppld64.dll
[2010.01.25 00:16:39 | 00,060,504 | ---- | C] () -- C:\Windows\SysNative\MBPPCn64.dll
[2010.01.25 00:05:37 | 00,645,736 | ---- | C] () -- C:\Windows\SysNative\nvudisp.exe
[2010.01.25 00:05:29 | 15,387,752 | ---- | C] () -- C:\Windows\SysNative\nvoglv64.dll
[2010.01.25 00:05:29 | 11,293,928 | ---- | C] () -- C:\Windows\SysNative\drivers\nvlddmkm.sys
[2010.01.25 00:05:29 | 04,599,912 | ---- | C] () -- C:\Windows\SysNative\nvwgf2umx.dll
[2010.01.25 00:05:29 | 00,014,646 | ---- | C] () -- C:\Windows\SysNative\nvdisp.nvu
[2010.01.25 00:05:29 | 00,011,240 | ---- | C] () -- C:\Windows\SysNative\drivers\nvBridge.kmd
[2010.01.25 00:05:27 | 02,260,072 | ---- | C] () -- C:\Windows\SysNative\nvcuvid.dll
[2010.01.25 00:05:27 | 01,734,248 | ---- | C] () -- C:\Windows\SysNative\nvcuvenc.dll
[2010.01.25 00:05:26 | 02,633,320 | ---- | C] () -- C:\Windows\SysNative\nvcuda.dll
[2010.01.25 00:05:26 | 00,183,912 | ---- | C] () -- C:\Windows\SysNative\nvcod167.dll
[2010.01.25 00:05:26 | 00,183,912 | ---- | C] () -- C:\Windows\SysNative\nvcod.dll
[2010.01.24 23:23:48 | 00,001,843 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\forteManager.lnk
[2010.01.24 23:23:48 | 00,001,807 | ---- | C] () -- C:\Users\Public\Desktop\forteManager.lnk
[2010.01.24 23:19:28 | 00,000,969 | ---- | C] () -- C:\Users\Petr-Wista-64\Desktop\EVEREST Ultimate Edition.lnk
[2010.01.24 23:04:48 | 00,065,640 | ---- | C] () -- C:\Windows\SysNative\OpenCL.dll
[2010.01.24 23:04:48 | 00,009,163 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2010.01.24 23:04:41 | 16,051,304 | ---- | C] () -- C:\Windows\SysNative\nvcompiler.dll
[2010.01.24 23:04:41 | 00,202,344 | ---- | C] () -- C:\Windows\SysNative\nvcod189.dll
[2010.01.24 23:02:37 | 00,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2010.01.24 22:31:29 | 00,645,736 | ---- | C] () -- C:\Windows\SysNative\NVUNINST.EXE
[2010.01.24 22:31:11 | 00,930,272 | ---- | C] () -- C:\Windows\SysNative\dpinst.exe
[2010.01.24 22:31:09 | 09,441,384 | ---- | C] () -- C:\Windows\SysNative\nvd3dumx.dll
[2010.01.24 22:31:08 | 01,322,088 | ---- | C] () -- C:\Windows\SysNative\nvapi64.dll
[2010.01.24 22:31:08 | 00,167,936 | ---- | C] () -- C:\Windows\SysNative\nvcod157.dll
[2010.01.24 22:30:31 | 00,000,000 | ---- | C] () -- C:\Windows\temp.rom
[2010.01.24 22:26:26 | 00,524,288 | -HS- | C] () -- C:\Users\Petr-Wista-64\ntuser.dat{f7bae395-092b-11df-b495-c62989196061}.TMContainer00000000000000000002.regtrans-ms
[2010.01.24 22:26:26 | 00,524,288 | -HS- | C] () -- C:\Users\Petr-Wista-64\ntuser.dat{f7bae395-092b-11df-b495-c62989196061}.TMContainer00000000000000000001.regtrans-ms
[2010.01.24 22:26:26 | 00,065,536 | -HS- | C] () -- C:\Users\Petr-Wista-64\ntuser.dat{f7bae395-092b-11df-b495-c62989196061}.TM.blf
[2010.01.24 22:04:15 | 00,164,460 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010.01.24 07:15:54 | 00,164,460 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010.01.23 22:34:12 | 00,000,732 | ---- | C] () -- C:\Users\Petr-Wista-64\AppData\Local\d3d9caps64.dat
[2010.01.23 22:34:11 | 00,786,432 | -HS- | C] () -- C:\Users\Petr-Wista-64\ntuser.dat
[2010.01.23 22:34:11 | 00,524,288 | -HS- | C] () -- C:\Users\Petr-Wista-64\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000002.regtrans-ms
[2010.01.23 22:34:11 | 00,524,288 | -HS- | C] () -- C:\Users\Petr-Wista-64\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms
[2010.01.23 22:34:11 | 00,065,536 | -HS- | C] () -- C:\Users\Petr-Wista-64\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf
[2010.01.23 22:34:11 | 00,000,020 | -HS- | C] () -- C:\Users\Petr-Wista-64\ntuser.ini
[2010.01.23 22:23:36 | 00,008,192 | R-S- | C] () -- C:\BOOTSECT.BAK
[2010.01.23 22:23:35 | 00,333,203 | RHS- | C] () -- C:\bootmgr
[2008.01.21 03:50:05 | 00,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008.01.21 03:49:49 | 00,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010.01.25 09:28:01 | 00,009,674 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========


< End of report >
Drobek.Petr
Nahoru
Uživatelský avatar
Drobek
nováček
Příspěvky: 14
Registrován: leden 10
Pohlaví: Muž
Stav:
Offline

Re: po zapnutí Pc není nainstalovaná síť, takže nejede internet

Příspěvekod Drobek » 25 led 2010 11:35

jaro3 píše:Návod na fix:
viewtopic.php?f=70&t=5119

Takže pokračuj takto:

Stáhni si OTL
na plochu. Ujisti se , že máš zavřena všechna ostatní okna a poklepej na ikonu OTL.Nahoře v okně pod Output klikni na minimal Output.Pod Standard Registry změň na All.. Zatrhni LOP Check a Purity Check. Klikni na Run Scan. Všechny ostatní nastavení ponech jak jsou. Sken může trvat dlouho, až skončí otevřou se dva logy:
OTListIt.Txt
Extras.Txt
Jsou uloženy ve stejném místě jako OTL. Oba logy sem prosím zkopíruj.



Tady je ten druhy log z OTL.

OTL Extras logfile created on: 25.1.2010 10:58:15 - Run 1
OTL by OldTimer - Version 3.1.21.0 Folder = C:\Users\Petr-Wista-64\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

6,00 Gb Total Physical Memory | 4,00 Gb Available Physical Memory | 71,00% Memory free
12,00 Gb Paging File | 11,00 Gb Available in Paging File | 88,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 216,80 Gb Total Space | 200,28 Gb Free Space | 92,38% Space Free | Partition Type: NTFS
Drive D: | 249,02 Gb Total Space | 248,92 Gb Free Space | 99,96% Space Free | Partition Type: NTFS
Drive E: | 465,69 Gb Total Space | 465,58 Gb Free Space | 99,98% Space Free | Partition Type: NTFS
Drive F: | 149,05 Gb Total Space | 28,34 Gb Free Space | 19,01% Space Free | Partition Type: NTFS
Drive G: | 465,76 Gb Total Space | 258,61 Gb Free Space | 55,52% Space Free | Partition Type: NTFS
Drive H: | 465,76 Gb Total Space | 385,35 Gb Free Space | 82,74% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: PCI7-02
Current User Name: Petr-Wista-64
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l ()
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{77BDAF1B-0C43-46F0-BF84-5491F11331B2}" = dir=in | app=c:\program files (x86)\avg\avg9\avgemc.exe |
"{79521F27-7D4C-46F2-85C9-FE43E230DBFE}" = dir=in | app=c:\program files (x86)\avg\avg9\avgdiagex.exe |
"{8CA0DFF2-2A80-4869-968D-DF93EE1EAEF9}" = dir=in | app=c:\program files (x86)\avg\avg9\avgam.exe |
"{90F9F2FF-A43A-43B1-95B0-073EB38001BF}" = dir=in | app=c:\program files (x86)\avg\avg9\avgnsa.exe |
"{CDC8B2CF-6922-4BCF-A07A-D5CDA9A1BAFC}" = dir=in | app=c:\program files (x86)\avg\avg9\avgupd.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}" = NVIDIA PhysX
"{E2903F16-9A5A-4292-9D97-8328088086B6}" = forteManager
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"AVG9Uninstall" = AVG 9.0
"CCleaner" = CCleaner (remove only)
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.02
"NoAdware 5.0_is1" = NoAdware v5.0
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 25.1.2010 3:19:08 | Computer Name = PCI7-02 | Source = WinMgmt | ID = 10
Description =

Error - 25.1.2010 3:46:21 | Computer Name = PCI7-02 | Source = WinMgmt | ID = 10
Description =

Error - 25.1.2010 3:49:41 | Computer Name = PCI7-02 | Source = WinMgmt | ID = 10
Description =

Error - 25.1.2010 3:53:03 | Computer Name = PCI7-02 | Source = WinMgmt | ID = 10
Description =

Error - 25.1.2010 3:58:04 | Computer Name = PCI7-02 | Source = WinMgmt | ID = 10
Description =

Error - 25.1.2010 4:01:00 | Computer Name = PCI7-02 | Source = Application Error | ID = 1000
Description = Chybující aplikace rundll32.exe, verze 6.0.6000.16386, časové razítko
0x4549bb52, chybující modul unknown, verze 0.0.0.0, časové razítko 0x00000000,
kód výjimky 0xc0000005, posun chyby 0x0000000002c19f90, ID procesu 0x1390, čas spuštění
aplikace 0x01ca9d94868a23c6.

Error - 25.1.2010 4:02:18 | Computer Name = PCI7-02 | Source = WinMgmt | ID = 10
Description =

Error - 25.1.2010 4:16:39 | Computer Name = PCI7-02 | Source = WinMgmt | ID = 10
Description =

Error - 25.1.2010 4:26:03 | Computer Name = PCI7-02 | Source = WinMgmt | ID = 10
Description =

Error - 25.1.2010 4:30:47 | Computer Name = PCI7-02 | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 25.1.2010 4:05:18 | Computer Name = PCI7-02 | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 25.1.2010 4:05:18 | Computer Name = PCI7-02 | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 25.1.2010 4:05:18 | Computer Name = PCI7-02 | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 25.1.2010 4:05:18 | Computer Name = PCI7-02 | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 25.1.2010 4:05:18 | Computer Name = PCI7-02 | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 25.1.2010 4:05:18 | Computer Name = PCI7-02 | Source = Microsoft-Windows-Servicing | ID = 4385
Description =

Error - 25.1.2010 4:15:13 | Computer Name = PCI7-02 | Source = HTTP | ID = 15016
Description =

Error - 25.1.2010 4:24:31 | Computer Name = PCI7-02 | Source = HTTP | ID = 15016
Description =

Error - 25.1.2010 4:29:09 | Computer Name = PCI7-02 | Source = HTTP | ID = 15016
Description =

Error - 25.1.2010 4:31:44 | Computer Name = PCI7-02 | Source = Application Popup | ID = 1060
Description = Načtení \??\C:\Users\PETR-W~1\AppData\Local\Temp\mc2B03B.tmp bylo
zablokováno kvůli nekompatibilitě s tímto systémem. Požádejte dodavatele softwaru
o
kompatibilní verzi ovladače.


< End of report >
Drobek.Petr
Nahoru
Odpovědět

Zpět na “Viry, antiviry, firewally…”

Kdo je online

Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 5 hostů