Po kontrole pc programem Mwav nalezeny viry . Jak postupova při odstranění ? Log z Mwav:
27 VIII 2010 12:56:06 - eScan Anti Virus & Spyware Toolkit Utility.
27 VIII 2010 12:56:06 - Copyright © 2003-2006, MicroWorld Technologies Inc.
27 VIII 2010 12:56:06 - **********************************************************
27 VIII 2010 12:56:06 - Source: C:\DOCUME~1\Vojta\Plocha\mwav.exe
27 VIII 2010 12:56:06 - Verze 11.0.152 (C:\DOCUMENTS AND SETTINGS\VOJTA\LOCAL SETTINGS\TEMP\MEXE.COM)
27 VIII 2010 12:56:06 - Log soubor: C:\Documents and Settings\Vojta\Local Settings\Temp\MWAV.LOG
27 VIII 2010 12:56:06 - Datum a čas posledního testu: 27.08.2010 12:28:52
27 VIII 2010 12:56:06 - MWAV Registered: FALSE
27 VIII 2010 12:56:06 - User Account: Vojta (Administrator Mode)
27 VIII 2010 12:56:06 - OS Type: Windows Workstation
27 VIII 2010 12:56:06 - OS: Windows XP [OS Install Date: 21 Dec 2004 09:23:56]
27 VIII 2010 12:56:06 - Ver: Service Pack 2 (Build 2600)
27 VIII 2010 12:56:06 - System Up Time: 42 Minutes, 52 Seconds
27 VIII 2010 12:56:06 - Windows Root Folder: C:\WINDOWS
27 VIII 2010 12:56:06 - Windows Sys32 Folder: C:\WINDOWS\system32
27 VIII 2010 12:56:06 - Interface0 NameServer: 62.209.237.68,62.84.128.6
27 VIII 2010 12:56:06 - Local Fixed Drives: c:\
27 VIII 2010 12:56:06 - MWAV Mode: Only Scan files (Do Not Clean)
27 VIII 2010 12:56:06 - ********** Soubory vytvořené/upravené ve složce Windows a kořenovém adresáři od posledního testu **********
27 VIII 2010 12:56:07 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\bdc.exe (91904), 27-Aug-2010, MicroWorld Tech, eScan
27 VIII 2010 12:56:07 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\bdfltlib2k.dll (231944), 27-Aug-2010, MicroWorld Technologies Inc., eScan for Windows
27 VIII 2010 12:56:07 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\clean.bat (11), 27-Aug-2010
27 VIII 2010 12:56:07 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\DEVCON.EXE (61184), 27-Aug-2010, Microsoft Corporation, Microsoft® Windows® Operating System
27 VIII 2010 12:56:07 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\download.exe (934408), 27-Aug-2010, MicroWorld Technologies Inc., eScan
27 VIII 2010 12:56:07 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\encdec.dll (119816), 27-Aug-2010, MicroWorld Technologies Inc., eScan/MailScan/eConceal
27 VIII 2010 12:56:07 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\erootdrv.sys (13832), 27-Aug-2010, MicroWorld Technologies Inc., eScan/MWAV
27 VIII 2010 12:56:07 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\mexe.com (2292296), 27-Aug-2010, MicroWorld Technologies Inc., MicroWorld AntiVirus Toolkit Utility (MWAV)
27 VIII 2010 12:56:07 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\msvclnt.dll (236040), 27-Aug-2010, MicroWorld Technologies Inc., MailScan
27 VIII 2010 12:56:07 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\MWAVReg.EXE (721416), 27-Aug-2010, MicroWorld Technologies Inc., eScan / MailScan / eConceal
27 VIII 2010 12:56:07 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\MWAVSCAN.COM (2292296), 27-Aug-2010, MicroWorld Technologies Inc., MicroWorld AntiVirus Toolkit Utility (MWAV)
27 VIII 2010 12:56:07 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\plugins.htm (3498), 27-Aug-2010
27 VIII 2010 12:56:07 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\red32.dll (10248), 27-Aug-2010, Microsoft Corporation, Microsoft® Windows® Operating System
27 VIII 2010 12:56:07 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\reload.exe (154120), 27-Aug-2010, MicroWorld Technologies Inc., eScan for Windows
27 VIII 2010 12:56:07 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\set41.tmp (121064), 27-Aug-2010, Macrovision Corporation, InstallShield
27 VIII 2010 12:56:07 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\set43.tmp (121064), 27-Aug-2010, Macrovision Corporation, InstallShield
27 VIII 2010 12:56:07 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\set45.tmp (121064), 27-Aug-2010, Macrovision Corporation, InstallShield
27 VIII 2010 12:56:07 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\set47.tmp (121064), 27-Aug-2010, Macrovision Corporation, InstallShield
27 VIII 2010 12:56:07 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\set49.tmp (121064), 27-Aug-2010, Macrovision Corporation, InstallShield
27 VIII 2010 12:56:07 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\set4B.tmp (121064), 27-Aug-2010, Macrovision Corporation, InstallShield
27 VIII 2010 12:56:07 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\set4D.tmp (121064), 27-Aug-2010, Macrovision Corporation, InstallShield
27 VIII 2010 12:56:07 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\set53.tmp (121064), 27-Aug-2010, Macrovision Corporation, InstallShield
27 VIII 2010 12:56:07 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\set55.tmp (121064), 27-Aug-2010, Macrovision Corporation, InstallShield
27 VIII 2010 12:56:07 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\setpriv.exe (64008), 27-Aug-2010, MicroWorld Technologies Inc, eScan AntiVirus Toolkit Utility
27 VIII 2010 12:56:07 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\unregx.exe (61960), 27-Aug-2010, MicroWorld Technologies Inc, MicroWorld AntiVirus Toolkit Utility
27 VIII 2010 12:56:07 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\viewtcp.exe (573960), 27-Aug-2010, MicroWorld Technologies Inc., ViewTCP
27 VIII 2010 12:56:07 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\~DF8C2F.tmp (16384), 27-Aug-2010
27 VIII 2010 12:56:07 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\~DFE0E8.tmp (16384), 27-Aug-2010
27 VIII 2010 12:56:07 - C:\WINDOWS\$hf_mig$, 19-Mar-2010 [H] [Složky]
27 VIII 2010 12:56:07 - C:\WINDOWS\$MSI31Uninstall_KB893803v2$, 17-May-2006 [H] [Složky]
27 VIII 2010 12:56:07 - C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$, 19-Mar-2010 [H] [Složky]
27 VIII 2010 12:56:07 - C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$, 19-Mar-2010 [H] [Složky]
27 VIII 2010 12:56:07 - C:\WINDOWS\Fonts, 21-Dec-2004 [SR] [Složky]
27 VIII 2010 12:56:07 - C:\WINDOWS\ftpcache, 02-Jul-2007 [HS] [Složky]
27 VIII 2010 12:56:07 - C:\WINDOWS\ie7, 19-Mar-2010 [H] [Složky]
27 VIII 2010 12:56:07 - C:\WINDOWS\inf, 21-Dec-2004 [H] [Složky]
27 VIII 2010 12:56:07 - C:\WINDOWS\system32\dllcache, 21-Dec-2004 [HSR] [Složky]
27 VIII 2010 12:56:07 - C:\WINDOWS\system32\Microsoft, 21-Dec-2004 [S] [Složky]
27 VIII 2010 12:56:07 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\AVCBack, 27-Aug-2010 [Složky]
27 VIII 2010 12:56:07 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\bye10D.tmp, 27-Aug-2010 [Složky]
27 VIII 2010 12:56:07 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\FtpTemp, 27-Aug-2010 [Složky]
27 VIII 2010 12:56:07 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\FtpTempF, 27-Aug-2010 [Složky]
27 VIII 2010 12:56:07 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\Google Toolbar, 27-Aug-2010 [Složky]
27 VIII 2010 12:56:07 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\iss42.tmp, 27-Aug-2010 [Složky]
27 VIII 2010 12:56:07 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\iss44.tmp, 27-Aug-2010 [Složky]
27 VIII 2010 12:56:07 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\iss46.tmp, 27-Aug-2010 [Složky]
27 VIII 2010 12:56:07 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\iss48.tmp, 27-Aug-2010 [Složky]
27 VIII 2010 12:56:07 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\iss4A.tmp, 27-Aug-2010 [Složky]
27 VIII 2010 12:56:07 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\iss4C.tmp, 27-Aug-2010 [Složky]
27 VIII 2010 12:56:07 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\iss4E.tmp, 27-Aug-2010 [Složky]
27 VIII 2010 12:56:07 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\iss54.tmp, 27-Aug-2010 [Složky]
27 VIII 2010 12:56:07 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\iss56.tmp, 27-Aug-2010 [Složky]
27 VIII 2010 12:56:07 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\Log, 27-Aug-2010 [Složky]
27 VIII 2010 12:56:07 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\plugins, 27-Aug-2010 [Složky]
27 VIII 2010 12:56:07 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\svae8.tmp, 27-Aug-2010 [Složky]
27 VIII 2010 12:56:07 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\tmp00001796, 27-Aug-2010 [Složky]
27 VIII 2010 12:56:07 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\_avast4_, 27-Aug-2010 [Složky]
27 VIII 2010 12:56:07 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\{84E0C7B7-317E-4296-B3FC-3068DA4E75B5}, 27-Aug-2010 [Složky]
27 VIII 2010 12:56:07 - C:\Documents and Settings\Vojta\Data aplikací\Microsoft, 21-Dec-2004 [S] [Složky]
27 VIII 2010 12:56:07 - C:\Documents and Settings\Vojta\Data aplikací\..\Data aplikací, 21-Dec-2004 [HR] [Složky]
27 VIII 2010 12:56:07 - C:\Documents and Settings\Vojta\Data aplikací\..\Local Settings, 21-Dec-2004 [H] [Složky]
27 VIII 2010 12:56:07 - C:\Documents and Settings\Vojta\Data aplikací\..\Okolní síť, 21-Dec-2004 [H] [Složky]
27 VIII 2010 12:56:07 - C:\Documents and Settings\Vojta\Data aplikací\..\Okolní tiskárny, 21-Dec-2004 [H] [Složky]
27 VIII 2010 12:56:07 - C:\Documents and Settings\Vojta\Data aplikací\..\Recent, 27-Aug-2010 [HR] [Složky]
27 VIII 2010 12:56:07 - C:\Documents and Settings\Vojta\Data aplikací\..\SendTo, 21-Dec-2004 [HR] [Složky]
27 VIII 2010 12:56:07 - C:\Documents and Settings\Vojta\Data aplikací\..\UserData, 11-Sep-2009 [HS] [Složky]
27 VIII 2010 12:56:07 - C:\Documents and Settings\Vojta\Data aplikací\..\Šablony, 21-Dec-2004 [H] [Složky]
27 VIII 2010 12:56:07 - C:\Documents and Settings\All Users\Data aplikací\Microsoft, 21-Dec-2004 [S] [Složky]
27 VIII 2010 12:56:07 - C:\Documents and Settings\All Users\Data aplikací\..\Data aplikací, 21-Dec-2004 [HR] [Složky]
27 VIII 2010 12:56:07 - C:\Documents and Settings\All Users\Data aplikací\..\DRM, 21-Dec-2004 [HS] [Složky]
27 VIII 2010 12:56:07 - C:\Documents and Settings\All Users\Data aplikací\..\Šablony, 21-Dec-2004 [H] [Složky]
27 VIII 2010 12:56:07 - *********************************************************************************************
27 VIII 2010 12:56:12 - Uninitializing Scanner (3)...
27 VIII 2010 12:56:13 - Freeing Libraries (3)...
27 VIII 2010 12:56:13 - AV Library Unloaded (3)...
27 VIII 2010 12:56:13 - [Made copy of PINFECT.ZIP (469 Bytes) as C:\Documents and Settings\Vojta\Dokumenty\pinfect.zip]
27 VIII 2010 13:03:02 - **********************************************************
27 VIII 2010 13:03:02 - eScan Anti Virus & Spyware Toolkit Utility.
27 VIII 2010 13:03:02 - Copyright © 2003-2006, MicroWorld Technologies Inc.
27 VIII 2010 13:03:02 - **********************************************************
27 VIII 2010 13:03:02 - Source: C:\DOCUME~1\Vojta\Plocha\mwav.exe
27 VIII 2010 13:03:02 - Verze 11.0.152 (C:\DOCUMENTS AND SETTINGS\VOJTA\LOCAL SETTINGS\TEMP\MEXE.COM)
27 VIII 2010 13:03:02 - Log soubor: C:\Documents and Settings\Vojta\Local Settings\Temp\MWAV.LOG
27 VIII 2010 13:03:02 - Datum a čas posledního testu: 27.08.2010 12:28:52
27 VIII 2010 13:03:02 - MWAV Registered: FALSE
27 VIII 2010 13:03:02 - User Account: Vojta (Administrator Mode)
27 VIII 2010 13:03:02 - OS Type: Windows Workstation
27 VIII 2010 13:03:02 - OS: Windows XP [OS Install Date: 21 Dec 2004 09:23:56]
27 VIII 2010 13:03:02 - Ver: Service Pack 2 (Build 2600)
27 VIII 2010 13:03:02 - System Up Time: 49 Minutes, 48 Seconds
27 VIII 2010 13:03:02 - Parent Process Name : C:\Documents and Settings\Vojta\Plocha\mwav.exe
27 VIII 2010 13:03:02 - Windows Root Folder: C:\WINDOWS
27 VIII 2010 13:03:02 - Windows Sys32 Folder: C:\WINDOWS\system32
27 VIII 2010 13:03:04 - Interface0 NameServer: 62.209.237.68,62.84.128.6
27 VIII 2010 13:03:04 - Local Fixed Drives: c:\
27 VIII 2010 13:03:04 - MWAV Mode: Only Scan files (Do Not Clean)
27 VIII 2010 13:03:04 - [CREATED ZIP FILE: C:\Documents and Settings\Vojta\Local Settings\Temp\pinfect.zip]
27 VIII 2010 13:03:04 - ********** Soubory vytvořené/upravené ve složce Windows a kořenovém adresáři od posledního testu **********
27 VIII 2010 13:03:05 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\bdc.exe (91904), 27-Aug-2010, MicroWorld Tech, eScan
27 VIII 2010 13:03:05 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\bdfltlib2k.dll (231944), 27-Aug-2010, MicroWorld Technologies Inc., eScan for Windows
27 VIII 2010 13:03:05 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\clean.bat (11), 27-Aug-2010 [Added C:\DOCUME~1\Vojta\LOCALS~1\Temp\clean.bat to ZIP FILE]
27 VIII 2010 13:03:05 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\DEVCON.EXE (61184), 27-Aug-2010, Microsoft Corporation, Microsoft® Windows® Operating System
27 VIII 2010 13:03:05 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\download.exe (934408), 27-Aug-2010, MicroWorld Technologies Inc., eScan
27 VIII 2010 13:03:05 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\encdec.dll (119816), 27-Aug-2010, MicroWorld Technologies Inc., eScan/MailScan/eConceal
27 VIII 2010 13:03:05 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\erootdrv.sys (13832), 27-Aug-2010, MicroWorld Technologies Inc., eScan/MWAV
27 VIII 2010 13:03:05 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\mexe.com (2292296), 27-Aug-2010, MicroWorld Technologies Inc., MicroWorld AntiVirus Toolkit Utility (MWAV)
27 VIII 2010 13:03:05 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\msvclnt.dll (236040), 27-Aug-2010, MicroWorld Technologies Inc., MailScan
27 VIII 2010 13:03:05 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\MWAVReg.EXE (721416), 27-Aug-2010, MicroWorld Technologies Inc., eScan / MailScan / eConceal
27 VIII 2010 13:03:05 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\MWAVSCAN.COM (2292296), 27-Aug-2010, MicroWorld Technologies Inc., MicroWorld AntiVirus Toolkit Utility (MWAV)
27 VIII 2010 13:03:05 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\plugins.htm (3498), 27-Aug-2010 [Added C:\DOCUME~1\Vojta\LOCALS~1\Temp\plugins.htm to ZIP FILE]
27 VIII 2010 13:03:05 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\red32.dll (10248), 27-Aug-2010, Microsoft Corporation, Microsoft® Windows® Operating System
27 VIII 2010 13:03:05 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\reload.exe (154120), 27-Aug-2010, MicroWorld Technologies Inc., eScan for Windows
27 VIII 2010 13:03:05 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\set41.tmp (121064), 27-Aug-2010, Macrovision Corporation, InstallShield
27 VIII 2010 13:03:05 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\set43.tmp (121064), 27-Aug-2010, Macrovision Corporation, InstallShield
27 VIII 2010 13:03:05 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\set45.tmp (121064), 27-Aug-2010, Macrovision Corporation, InstallShield
27 VIII 2010 13:03:05 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\set47.tmp (121064), 27-Aug-2010, Macrovision Corporation, InstallShield
27 VIII 2010 13:03:05 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\set49.tmp (121064), 27-Aug-2010, Macrovision Corporation, InstallShield
27 VIII 2010 13:03:05 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\set4B.tmp (121064), 27-Aug-2010, Macrovision Corporation, InstallShield
27 VIII 2010 13:03:05 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\set4D.tmp (121064), 27-Aug-2010, Macrovision Corporation, InstallShield
27 VIII 2010 13:03:05 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\set53.tmp (121064), 27-Aug-2010, Macrovision Corporation, InstallShield
27 VIII 2010 13:03:05 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\set55.tmp (121064), 27-Aug-2010, Macrovision Corporation, InstallShield
27 VIII 2010 13:03:05 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\setpriv.exe (64008), 27-Aug-2010, MicroWorld Technologies Inc, eScan AntiVirus Toolkit Utility
27 VIII 2010 13:03:05 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\unregx.exe (61960), 27-Aug-2010, MicroWorld Technologies Inc, MicroWorld AntiVirus Toolkit Utility
27 VIII 2010 13:03:05 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\viewtcp.exe (573960), 27-Aug-2010, MicroWorld Technologies Inc., ViewTCP
27 VIII 2010 13:03:05 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\~DF8C2F.tmp (16384), 27-Aug-2010 [Added C:\DOCUME~1\Vojta\LOCALS~1\Temp\~DF8C2F.tmp to ZIP FILE]
27 VIII 2010 13:03:05 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\~DFE0E8.tmp (16384), 27-Aug-2010 [Unable to Add C:\DOCUME~1\Vojta\LOCALS~1\Temp\~DFE0E8.tmp to ZIP FILE! ResultCode: 512]
27 VIII 2010 13:03:05 - C:\WINDOWS\$hf_mig$, 19-Mar-2010 [H] [Složky]
27 VIII 2010 13:03:05 - C:\WINDOWS\$MSI31Uninstall_KB893803v2$, 17-May-2006 [H] [Složky]
27 VIII 2010 13:03:05 - C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$, 19-Mar-2010 [H] [Složky]
27 VIII 2010 13:03:05 - C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$, 19-Mar-2010 [H] [Složky]
27 VIII 2010 13:03:05 - C:\WINDOWS\Fonts, 21-Dec-2004 [SR] [Složky]
27 VIII 2010 13:03:05 - C:\WINDOWS\ftpcache, 02-Jul-2007 [HS] [Složky]
27 VIII 2010 13:03:05 - C:\WINDOWS\ie7, 19-Mar-2010 [H] [Složky]
27 VIII 2010 13:03:05 - C:\WINDOWS\inf, 21-Dec-2004 [H] [Složky]
27 VIII 2010 13:03:05 - C:\WINDOWS\system32\dllcache, 21-Dec-2004 [HSR] [Složky]
27 VIII 2010 13:03:05 - C:\WINDOWS\system32\Microsoft, 21-Dec-2004 [S] [Složky]
27 VIII 2010 13:03:05 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\AVCBack, 27-Aug-2010 [Složky]
27 VIII 2010 13:03:05 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\bye10D.tmp, 27-Aug-2010 [Složky]
27 VIII 2010 13:03:05 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\FtpTempF, 27-Aug-2010 [Složky]
27 VIII 2010 13:03:05 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\Google Toolbar, 27-Aug-2010 [Složky]
27 VIII 2010 13:03:05 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\iss42.tmp, 27-Aug-2010 [Složky]
27 VIII 2010 13:03:05 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\iss44.tmp, 27-Aug-2010 [Složky]
27 VIII 2010 13:03:05 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\iss46.tmp, 27-Aug-2010 [Složky]
27 VIII 2010 13:03:05 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\iss48.tmp, 27-Aug-2010 [Složky]
27 VIII 2010 13:03:05 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\iss4A.tmp, 27-Aug-2010 [Složky]
27 VIII 2010 13:03:05 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\iss4C.tmp, 27-Aug-2010 [Složky]
27 VIII 2010 13:03:05 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\iss4E.tmp, 27-Aug-2010 [Složky]
27 VIII 2010 13:03:05 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\iss54.tmp, 27-Aug-2010 [Složky]
27 VIII 2010 13:03:05 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\iss56.tmp, 27-Aug-2010 [Složky]
27 VIII 2010 13:03:05 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\Log, 27-Aug-2010 [Složky]
27 VIII 2010 13:03:05 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\plugins, 27-Aug-2010 [Složky]
27 VIII 2010 13:03:05 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\{84E0C7B7-317E-4296-B3FC-3068DA4E75B5}, 27-Aug-2010 [Složky]
27 VIII 2010 13:03:05 - C:\Documents and Settings\Vojta\Data aplikací\Microsoft, 21-Dec-2004 [S] [Složky]
27 VIII 2010 13:03:05 - C:\Documents and Settings\Vojta\Data aplikací\..\Data aplikací, 21-Dec-2004 [HR] [Složky]
27 VIII 2010 13:03:05 - C:\Documents and Settings\Vojta\Data aplikací\..\Local Settings, 21-Dec-2004 [H] [Složky]
27 VIII 2010 13:03:05 - C:\Documents and Settings\Vojta\Data aplikací\..\Okolní síť, 21-Dec-2004 [H] [Složky]
27 VIII 2010 13:03:05 - C:\Documents and Settings\Vojta\Data aplikací\..\Okolní tiskárny, 21-Dec-2004 [H] [Složky]
27 VIII 2010 13:03:05 - C:\Documents and Settings\Vojta\Data aplikací\..\Recent, 27-Aug-2010 [HR] [Složky]
27 VIII 2010 13:03:05 - C:\Documents and Settings\Vojta\Data aplikací\..\SendTo, 21-Dec-2004 [HR] [Složky]
27 VIII 2010 13:03:05 - C:\Documents and Settings\Vojta\Data aplikací\..\UserData, 11-Sep-2009 [HS] [Složky]
27 VIII 2010 13:03:05 - C:\Documents and Settings\Vojta\Data aplikací\..\Šablony, 21-Dec-2004 [H] [Složky]
27 VIII 2010 13:03:05 - C:\Documents and Settings\All Users\Data aplikací\Microsoft, 21-Dec-2004 [S] [Složky]
27 VIII 2010 13:03:05 - C:\Documents and Settings\All Users\Data aplikací\..\Data aplikací, 21-Dec-2004 [HR] [Složky]
27 VIII 2010 13:03:05 - C:\Documents and Settings\All Users\Data aplikací\..\DRM, 21-Dec-2004 [HS] [Složky]
27 VIII 2010 13:03:05 - C:\Documents and Settings\All Users\Data aplikací\..\Šablony, 21-Dec-2004 [H] [Složky]
27 VIII 2010 13:03:05 - *********************************************************************************************
27 VIII 2010 13:03:05 - Poslední datum souborů používaných MWAV: Fri Apr 9 12:43:53 2010.
27 VIII 2010 13:03:05 - Plugins FileCount: 784 Sign Version: 7.31143
27 VIII 2010 13:03:06 - Loading/Creating FileScan Database C:\Documents and Settings\All Users\Data aplikací\MicroWorld\MWAV\ESCANDBX.MDB [Log: C:\Documents and Settings\Vojta\Local Settings\Temp\ESCANDB.LOG]
27 VIII 2010 13:03:06 - Loaded/Created FileScan Database...
27 VIII 2010 13:03:06 - Loading AV Library [DB]...
27 VIII 2010 13:03:21 - AV Library Loaded [DB-DIRECT].
27 VIII 2010 13:03:21 - MWAV doing self scanning...
27 VIII 2010 13:03:23 - MWAV files are clean.
27 VIII 2010 13:03:24 - Datum vydání databáze: 09 Apr 2010
27 VIII 2010 13:03:24 - Verze virové databáze: 5598930
27 VIII 2010 13:03:56 - **********************************************************
27 VIII 2010 13:03:56 - eScan Anti Virus & Spyware Toolkit Utility.
27 VIII 2010 13:03:56 - Copyright © 2003-2006, MicroWorld Technologies Inc.
27 VIII 2010 13:03:56 -
27 VIII 2010 13:03:56 - Podpora [EN]: support@mwti.net
27 VIII 2010 13:03:56 - Web: http://www.mwti.net
27 VIII 2010 13:03:56 - **********************************************************
27 VIII 2010 13:03:56 - Verze 11.0.152[DB] (C:\DOCUMENTS AND SETTINGS\VOJTA\LOCAL SETTINGS\TEMP\MEXE.COM)
27 VIII 2010 13:03:56 - Log soubor: C:\Documents and Settings\Vojta\Local Settings\Temp\MWAV.LOG
27 VIII 2010 13:03:56 - User Account: Vojta (Administrator Mode)
27 VIII 2010 13:03:56 - Parent Process Name : C:\Documents and Settings\Vojta\Plocha\mwav.exe
27 VIII 2010 13:03:56 - Windows Root Folder: C:\WINDOWS
27 VIII 2010 13:03:56 - Windows Sys32 Folder: C:\WINDOWS\system32
27 VIII 2010 13:03:56 - OS: Windows XP [OS Install Date: 21 Dec 2004 09:23:56]
27 VIII 2010 13:03:56 - Ver: Service Pack 2 (Build 2600)
27 VIII 2010 13:03:56 - Poslední datum souborů používaných MWAV: Fri Apr 9 12:43:53 2010.
27 VIII 2010 13:03:56 - Plugins FileCount: 784 Sign Version: 7.31143
27 VIII 2010 13:03:56 - Nastavení vybraná uživatelem:
27 VIII 2010 13:03:56 - Kontrola paměti: Zapnuto
27 VIII 2010 13:03:56 - Kontorla registrů: Zapnuto
27 VIII 2010 13:03:56 - Kontrola souborů po spuštění: Zapnuto
27 VIII 2010 13:03:56 - Kontrola systémových složek: Zapnuto
27 VIII 2010 13:03:56 - Kontrola služeb: Zapnuto
27 VIII 2010 13:03:56 - Otestovat Spyware: Zapnuto
27 VIII 2010 13:03:56 - Kotrola disku: Vypnuto
27 VIII 2010 13:03:56 - Kontrola všech disků:Zapnuto
27 VIII 2010 13:03:56 - Kontrola složek: Vypnuto
27 VIII 2010 13:03:56 - SCAN: Program_Files
27 VIII 2010 13:03:56 - MWAV Mode: Only Scan files (Do Not Clean)
27 VIII 2010 13:03:57 - ***** Testování paměti *****
27 VIII 2010 13:04:01 - ***** Testování souborů registrů *****
27 VIII 2010 13:04:04 - ERROR!!! Invalid Entry vidc.LEAD = LCODCCMP.DLL (in key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32). No Action Taken.
27 VIII 2010 13:04:04 - ***** Testování aplikací po spuštění *****
27 VIII 2010 13:04:05 - ***** Testování služeb *****
27 VIII 2010 13:04:05 - ERROR!!! Invalid Entry %SystemRoot%\System32\hidserv.dll in HKLM\SYSTEM\CurrentControlSet\Services\HidServ\Parameters. Action Taken: No Action Taken.
27 VIII 2010 13:04:06 - ERROR!!! Invalid Entry system32\DRIVERS\pccsmcfd.sys in HKLM\SYSTEM\CurrentControlSet\Services\pccsmcfd. Action Taken: No Action Taken.
27 VIII 2010 13:04:07 - ***** Prohledávání registrů a souborů na přítomnost Adware/Spyware *****
27 VIII 2010 13:04:09 - Loading Spyware Signatures from new External Database [Name: C:\DOCUME~1\Vojta\LOCALS~1\Temp\spydb.avs, Size: 950519]...
27 VIII 2010 13:04:09 - Indexed Spyware Databases Successfully Created...
27 VIII 2010 13:04:20 - Offending file found: C:\WINDOWS\iun6002.exe
27 VIII 2010 13:04:20 - System found infected with Spyware.NetScreenWatch Spyware/Adware (iun6002.exe)! Action taken: Ponecháno, neodstraněno!.
27 VIII 2010 13:04:20 - Offending file found: C:\WINDOWS\system32\Guninst.exe
27 VIII 2010 13:04:20 - System found infected with SmitFraud Browser Hijacker (Guninst.exe)! Action taken: Ponecháno, neodstraněno!.
27 VIII 2010 13:04:20 - Offending Folder found: C:\Program Files\AskTBar
27 VIII 2010 13:04:20 - Objekt "AskTBar Toolbar" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 13:04:20 - Offending Folder found: C:\Program Files\VVSN
27 VIII 2010 13:04:20 - Objekt "Savenow Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 13:04:22 - Offending file found: C:\Documents and Settings\Vojta\Dokumenty\int\FP.CZ\App\Firefox\mozcrt19.dll
27 VIII 2010 13:04:22 - System found infected with Security Master AV Spyware/Adware (mozcrt19.dll)! Action taken: Ponecháno, neodstraněno!.
27 VIII 2010 13:04:22 - Offending file found: C:\Documents and Settings\Vojta\Dokumenty\int\FP.CZ\App\Firefox\uninstall\helper.exe
27 VIII 2010 13:04:22 - System found infected with Smitfraud Corrupted Adware/Spyware (helper.exe)! Action taken: Ponecháno, neodstraněno!.
27 VIII 2010 13:04:26 - Offending file found: C:\Documents and Settings\All Users\Nabídka Start\Programy\Absolute Uninstaller\Home Page.lnk
27 VIII 2010 13:04:26 - System found infected with User Account Control (Fake) Spyware/Adware (Home Page.lnk)! Action taken: Ponecháno, neodstraněno!.
27 VIII 2010 13:04:26 - Offending file found: C:\Documents and Settings\All Users\Nabídka Start\Programy\Absolute Uninstaller\Home Page.lnk
27 VIII 2010 13:04:26 - System found infected with User Account Control (Fake) Spyware/Adware (Home Page.lnk)! Action taken: Ponecháno, neodstraněno!.
27 VIII 2010 13:04:26 - Offending file found: C:\Documents and Settings\Vojta\Dokumenty\int\FP.CZ\App\Firefox\mozcrt19.dll
27 VIII 2010 13:04:26 - System found infected with Security Master AV Spyware/Adware (mozcrt19.dll)! Action taken: Ponecháno, neodstraněno!.
27 VIII 2010 13:04:26 - Offending file found: C:\Documents and Settings\Vojta\Dokumenty\int\FP.CZ\App\Firefox\uninstall\helper.exe
27 VIII 2010 13:04:26 - System found infected with Smitfraud Corrupted Adware/Spyware (helper.exe)! Action taken: Ponecháno, neodstraněno!.
27 VIII 2010 13:04:28 - Testování MountPoints2 RegKey...
27 VIII 2010 13:04:28 - Invalid Command Found in {abae7c24-d7f5-11dd-9cc4-8f54bc1872e5}\Shell\AutoRun\command: setupSNK.exe
27 VIII 2010 13:04:28 - Offending Key found: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{abae7c24-d7f5-11dd-9cc4-8f54bc1872e5} !!!
27 VIII 2010 13:04:28 - Testování CLSID RegKey...
27 VIII 2010 13:04:28 - Testování ModuleUsage RegKey...
27 VIII 2010 13:04:28 - Testování ExternalApp RegKey...
27 VIII 2010 13:04:28 - Záznam "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" odkazuje na neplatný objekt "C:\PROGRA~1\GAMESP~1\GSAPak.exe". Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 13:04:28 - Záznam "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" odkazuje na neplatný objekt "C:\PROGRA~1\GAMESP~1\GSAPak.exe -launch". Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 13:04:28 - Testování SharedDLL RegKey...
27 VIII 2010 13:04:28 - Testování Installer RegKey...
27 VIII 2010 13:04:29 - Testování FileExtension RegKey...
27 VIII 2010 13:04:29 - Testování ARPCache RegKey...
27 VIII 2010 13:04:29 - ***** Testování souborů ve složce System32 *****
27 VIII 2010 13:05:01 - ***** Testování místních disků *****
27 VIII 2010 13:05:01 - Testování disku C:\
27 VIII 2010 13:05:47 - Testování souboru C:\Program Files\Adobe\Reader 9.0\Reader\A3DUtility(2).exe
27 VIII 2010 13:05:47 - Soubor C:\Program Files\Adobe\Reader 9.0\Reader\A3DUtility(2).exe je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 13:05:47 - Testování souboru C:\Program Files\Adobe\Reader 9.0\Reader\ACE(2).dll
27 VIII 2010 13:05:47 - Soubor C:\Program Files\Adobe\Reader 9.0\Reader\ACE(2).dll je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 13:05:47 - Testování souboru C:\Program Files\Adobe\Reader 9.0\Reader\AcroBroker(2).exe
27 VIII 2010 13:05:47 - Soubor C:\Program Files\Adobe\Reader 9.0\Reader\AcroBroker(2).exe je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 13:05:47 - Testování souboru C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32(2).dll
27 VIII 2010 13:05:47 - Soubor C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32(2).dll je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 13:05:47 - Testování souboru C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32(2).exe
27 VIII 2010 13:05:47 - Soubor C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32(2).exe je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 13:05:47 - Testování souboru C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info(2).exe
27 VIII 2010 13:05:47 - Soubor C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info(2).exe je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 13:05:47 - Testování souboru C:\Program Files\Adobe\Reader 9.0\Reader\AcroRdIF(2).dll
27 VIII 2010 13:05:47 - Soubor C:\Program Files\Adobe\Reader 9.0\Reader\AcroRdIF(2).dll je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 13:05:47 - Testování souboru C:\Program Files\Adobe\Reader 9.0\Reader\AcroTextExtractor(2).exe
27 VIII 2010 13:05:47 - Soubor C:\Program Files\Adobe\Reader 9.0\Reader\AcroTextExtractor(2).exe je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 13:05:47 - Testování souboru C:\Program Files\Adobe\Reader 9.0\Reader\AdobeCollabSync(2).exe
27 VIII 2010 13:05:47 - Soubor C:\Program Files\Adobe\Reader 9.0\Reader\AdobeCollabSync(2).exe je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 13:05:48 - Testování souboru C:\Program Files\Adobe\Reader 9.0\Reader\AGM(2).dll
27 VIII 2010 13:05:48 - Soubor C:\Program Files\Adobe\Reader 9.0\Reader\AGM(2).dll je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 13:05:48 - Testování souboru C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32(2).dll
27 VIII 2010 13:05:48 - Soubor C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32(2).dll je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 13:05:48 - Testování souboru C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32(2).dll
27 VIII 2010 13:05:48 - Soubor C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32(2).dll je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 13:05:48 - Testování souboru C:\Program Files\Adobe\Reader 9.0\Reader\CoolType(2).dll
27 VIII 2010 13:05:48 - Soubor C:\Program Files\Adobe\Reader 9.0\Reader\CoolType(2).dll je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 13:05:48 - Testování souboru C:\Program Files\Adobe\Reader 9.0\Reader\Eula(2).exe
27 VIII 2010 13:05:48 - Soubor C:\Program Files\Adobe\Reader 9.0\Reader\Eula(2).exe je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 13:05:48 - Testování souboru C:\Program Files\Adobe\Reader 9.0\Reader\JP2KLib(2).dll
27 VIII 2010 13:05:48 - Soubor C:\Program Files\Adobe\Reader 9.0\Reader\JP2KLib(2).dll je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 13:05:48 - Testování souboru C:\Program Files\Adobe\Reader 9.0\Reader\PDFPrevHndlr(2).dll
27 VIII 2010 13:05:48 - Soubor C:\Program Files\Adobe\Reader 9.0\Reader\PDFPrevHndlr(2).dll je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 13:05:48 - Testování souboru C:\Program Files\Adobe\Reader 9.0\Reader\PDFPrevHndlrShim(2).exe
27 VIII 2010 13:05:48 - Soubor C:\Program Files\Adobe\Reader 9.0\Reader\PDFPrevHndlrShim(2).exe je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 13:05:49 - Testování souboru C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl(2).exe
27 VIII 2010 13:05:49 - Soubor C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl(2).exe je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 13:05:49 - Testování souboru C:\Program Files\Adobe\Reader 9.0\Reader\rt3d(2).dll
27 VIII 2010 13:05:49 - Soubor C:\Program Files\Adobe\Reader 9.0\Reader\rt3d(2).dll je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 13:05:50 - Testování souboru C:\Program Files\Adobe\Reader 9.0\Reader\ViewerPS(2).dll
27 VIII 2010 13:05:50 - Soubor C:\Program Files\Adobe\Reader 9.0\Reader\ViewerPS(2).dll je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 13:08:24 - Testování souboru C:\Program Files\Common Files\Adobe\Acrobat(2)\ActiveX(2)\AcroIEHelper(2).dll
27 VIII 2010 13:08:24 - Soubor C:\Program Files\Common Files\Adobe\Acrobat(2)\ActiveX(2)\AcroIEHelper(2).dll je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 13:08:24 - Testování souboru C:\Program Files\Common Files\Adobe\Acrobat(2)\ActiveX(2)\AcroIEHelperShim(2).dll
27 VIII 2010 13:08:24 - Soubor C:\Program Files\Common Files\Adobe\Acrobat(2)\ActiveX(2)\AcroIEHelperShim(2).dll je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 13:08:24 - Testování souboru C:\Program Files\Common Files\Adobe\Acrobat(2)\ActiveX(2)\AcroPDF(2).dll
27 VIII 2010 13:08:24 - Soubor C:\Program Files\Common Files\Adobe\Acrobat(2)\ActiveX(2)\AcroPDF(2).dll je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 13:08:24 - Testování souboru C:\Program Files\Common Files\Adobe\Acrobat(2)\ActiveX(2)\pdfshell(2).dll
27 VIII 2010 13:08:24 - Soubor C:\Program Files\Common Files\Adobe\Acrobat(2)\ActiveX(2)\pdfshell(2).dll je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 13:10:50 - Testování souboru C:\System Volume Information\_restore{0DFB9087-0FF9-45D9-848B-A1F9BD2D4A48}\RP126\A0105494.dll
27 VIII 2010 13:10:50 - Soubor C:\System Volume Information\_restore{0DFB9087-0FF9-45D9-848B-A1F9BD2D4A48}\RP126\A0105494.dll je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 13:10:50 - Testování souboru C:\System Volume Information\_restore{0DFB9087-0FF9-45D9-848B-A1F9BD2D4A48}\RP126\A0105495.dll
27 VIII 2010 13:10:50 - Soubor C:\System Volume Information\_restore{0DFB9087-0FF9-45D9-848B-A1F9BD2D4A48}\RP126\A0105495.dll je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 13:10:50 - Testování souboru C:\System Volume Information\_restore{0DFB9087-0FF9-45D9-848B-A1F9BD2D4A48}\RP126\A0105496.dll
27 VIII 2010 13:10:50 - Soubor C:\System Volume Information\_restore{0DFB9087-0FF9-45D9-848B-A1F9BD2D4A48}\RP126\A0105496.dll je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 13:10:50 - Testování souboru C:\System Volume Information\_restore{0DFB9087-0FF9-45D9-848B-A1F9BD2D4A48}\RP126\A0105497.dll
27 VIII 2010 13:10:50 - Soubor C:\System Volume Information\_restore{0DFB9087-0FF9-45D9-848B-A1F9BD2D4A48}\RP126\A0105497.dll je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 13:10:50 - Testování souboru C:\System Volume Information\_restore{0DFB9087-0FF9-45D9-848B-A1F9BD2D4A48}\RP126\A0105498.dll
27 VIII 2010 13:10:50 - Soubor C:\System Volume Information\_restore{0DFB9087-0FF9-45D9-848B-A1F9BD2D4A48}\RP126\A0105498.dll je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 13:10:50 - Testování souboru C:\System Volume Information\_restore{0DFB9087-0FF9-45D9-848B-A1F9BD2D4A48}\RP126\A0105499.exe
27 VIII 2010 13:10:50 - Soubor C:\System Volume Information\_restore{0DFB9087-0FF9-45D9-848B-A1F9BD2D4A48}\RP126\A0105499.exe je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 13:10:50 - Testování souboru C:\System Volume Information\_restore{0DFB9087-0FF9-45D9-848B-A1F9BD2D4A48}\RP126\A0105500.dll
27 VIII 2010 13:10:50 - Soubor C:\System Volume Information\_restore{0DFB9087-0FF9-45D9-848B-A1F9BD2D4A48}\RP126\A0105500.dll je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 13:10:50 - Testování souboru C:\System Volume Information\_restore{0DFB9087-0FF9-45D9-848B-A1F9BD2D4A48}\RP126\A0105501.dll
27 VIII 2010 13:10:50 - Soubor C:\System Volume Information\_restore{0DFB9087-0FF9-45D9-848B-A1F9BD2D4A48}\RP126\A0105501.dll je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 13:10:50 - Testování souboru C:\System Volume Information\_restore{0DFB9087-0FF9-45D9-848B-A1F9BD2D4A48}\RP126\A0105502.exe
27 VIII 2010 13:10:50 - Soubor C:\System Volume Information\_restore{0DFB9087-0FF9-45D9-848B-A1F9BD2D4A48}\RP126\A0105502.exe je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 13:10:50 - Testování souboru C:\System Volume Information\_restore{0DFB9087-0FF9-45D9-848B-A1F9BD2D4A48}\RP126\A0105503.exe
27 VIII 2010 13:10:50 - Soubor C:\System Volume Information\_restore{0DFB9087-0FF9-45D9-848B-A1F9BD2D4A48}\RP126\A0105503.exe je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 13:10:50 - Testování souboru C:\System Volume Information\_restore{0DFB9087-0FF9-45D9-848B-A1F9BD2D4A48}\RP126\A0105504.dll
27 VIII 2010 13:10:50 - Soubor C:\System Volume Information\_restore{0DFB9087-0FF9-45D9-848B-A1F9BD2D4A48}\RP126\A0105504.dll je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 13:10:50 - Testování souboru C:\System Volume Information\_restore{0DFB9087-0FF9-45D9-848B-A1F9BD2D4A48}\RP126\A0105505.exe
27 VIII 2010 13:10:50 - Soubor C:\System Volume Information\_restore{0DFB9087-0FF9-45D9-848B-A1F9BD2D4A48}\RP126\A0105505.exe je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 13:10:50 - Testování souboru C:\System Volume Information\_restore{0DFB9087-0FF9-45D9-848B-A1F9BD2D4A48}\RP126\A0105506.dll
27 VIII 2010 13:10:50 - Soubor C:\System Volume Information\_restore{0DFB9087-0FF9-45D9-848B-A1F9BD2D4A48}\RP126\A0105506.dll je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 13:10:50 - Testování souboru C:\System Volume Information\_restore{0DFB9087-0FF9-45D9-848B-A1F9BD2D4A48}\RP126\A0105507.dll
27 VIII 2010 13:10:50 - Soubor C:\System Volume Information\_restore{0DFB9087-0FF9-45D9-848B-A1F9BD2D4A48}\RP126\A0105507.dll je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 13:10:50 - Testování souboru C:\System Volume Information\_restore{0DFB9087-0FF9-45D9-848B-A1F9BD2D4A48}\RP126\A0105508.dll
27 VIII 2010 13:10:50 - Soubor C:\System Volume Information\_restore{0DFB9087-0FF9-45D9-848B-A1F9BD2D4A48}\RP126\A0105508.dll je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 13:10:50 - Testování souboru C:\System Volume Information\_restore{0DFB9087-0FF9-45D9-848B-A1F9BD2D4A48}\RP126\A0105509.dll
27 VIII 2010 13:10:50 - Soubor C:\System Volume Information\_restore{0DFB9087-0FF9-45D9-848B-A1F9BD2D4A48}\RP126\A0105509.dll je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 13:10:50 - Testování souboru C:\System Volume Information\_restore{0DFB9087-0FF9-45D9-848B-A1F9BD2D4A48}\RP126\A0105510.exe
27 VIII 2010 13:10:50 - Soubor C:\System Volume Information\_restore{0DFB9087-0FF9-45D9-848B-A1F9BD2D4A48}\RP126\A0105510.exe je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 13:10:50 - Testování souboru C:\System Volume Information\_restore{0DFB9087-0FF9-45D9-848B-A1F9BD2D4A48}\RP126\A0105511.exe
27 VIII 2010 13:10:50 - Soubor C:\System Volume Information\_restore{0DFB9087-0FF9-45D9-848B-A1F9BD2D4A48}\RP126\A0105511.exe je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 13:10:50 - Testování souboru C:\System Volume Information\_restore{0DFB9087-0FF9-45D9-848B-A1F9BD2D4A48}\RP126\A0105512.dll
27 VIII 2010 13:10:50 - Soubor C:\System Volume Information\_restore{0DFB9087-0FF9-45D9-848B-A1F9BD2D4A48}\RP126\A0105512.dll je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 13:10:50 - Testování souboru C:\System Volume Information\_restore{0DFB9087-0FF9-45D9-848B-A1F9BD2D4A48}\RP126\A0105514.dll
27 VIII 2010 13:10:50 - Soubor C:\System Volume Information\_restore{0DFB9087-0FF9-45D9-848B-A1F9BD2D4A48}\RP126\A0105514.dll je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 13:10:50 - Testování souboru C:\System Volume Information\_restore{0DFB9087-0FF9-45D9-848B-A1F9BD2D4A48}\RP126\A0105515.dll
27 VIII 2010 13:10:50 - Soubor C:\System Volume Information\_restore{0DFB9087-0FF9-45D9-848B-A1F9BD2D4A48}\RP126\A0105515.dll je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 13:10:50 - Testování souboru C:\System Volume Information\_restore{0DFB9087-0FF9-45D9-848B-A1F9BD2D4A48}\RP126\A0105516.exe
27 VIII 2010 13:10:50 - Soubor C:\System Volume Information\_restore{0DFB9087-0FF9-45D9-848B-A1F9BD2D4A48}\RP126\A0105516.exe je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 13:10:50 - Testování souboru C:\System Volume Information\_restore{0DFB9087-0FF9-45D9-848B-A1F9BD2D4A48}\RP126\A0105517.exe
27 VIII 2010 13:10:50 - Soubor C:\System Volume Information\_restore{0DFB9087-0FF9-45D9-848B-A1F9BD2D4A48}\RP126\A0105517.exe je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 13:10:50 - Testování souboru C:\System Volume Information\_restore{0DFB9087-0FF9-45D9-848B-A1F9BD2D4A48}\RP126\A0105518.exe
27 VIII 2010 13:10:50 - Soubor C:\System Volume Information\_restore{0DFB9087-0FF9-45D9-848B-A1F9BD2D4A48}\RP126\A0105518.exe je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 13:13:22 - Testování souboru C:\System Volume Information\_restore{0DFB9087-0FF9-45D9-848B-A1F9BD2D4A48}\RP130\A0119901.dll
27 VIII 2010 13:13:22 - Soubor C:\System Volume Information\_restore{0DFB9087-0FF9-45D9-848B-A1F9BD2D4A48}\RP130\A0119901.dll je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 13:13:22 - Testování souboru C:\System Volume Information\_restore{0DFB9087-0FF9-45D9-848B-A1F9BD2D4A48}\RP130\A0119902.dll
27 VIII 2010 13:13:22 - Soubor C:\System Volume Information\_restore{0DFB9087-0FF9-45D9-848B-A1F9BD2D4A48}\RP130\A0119902.dll je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 13:13:22 - Testování souboru C:\System Volume Information\_restore{0DFB9087-0FF9-45D9-848B-A1F9BD2D4A48}\RP130\A0119903.dll
27 VIII 2010 13:13:22 - Soubor C:\System Volume Information\_restore{0DFB9087-0FF9-45D9-848B-A1F9BD2D4A48}\RP130\A0119903.dll je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 13:13:22 - Testování souboru C:\System Volume Information\_restore{0DFB9087-0FF9-45D9-848B-A1F9BD2D4A48}\RP130\A0119904.dll
27 VIII 2010 13:13:22 - Soubor C:\System Volume Information\_restore{0DFB9087-0FF9-45D9-848B-A1F9BD2D4A48}\RP130\A0119904.dll je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 13:13:22 - Testování souboru C:\System Volume Information\_restore{0DFB9087-0FF9-45D9-848B-A1F9BD2D4A48}\RP130\A0119905.dll
27 VIII 2010 13:13:22 - Soubor C:\System Volume Information\_restore{0DFB9087-0FF9-45D9-848B-A1F9BD2D4A48}\RP130\A0119905.dll je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 13:13:22 - Testování souboru C:\System Volume Information\_restore{0DFB9087-0FF9-45D9-848B-A1F9BD2D4A48}\RP130\A0119906.dll
27 VIII 2010 13:13:22 - Soubor C:\System Volume Information\_restore{0DFB9087-0FF9-45D9-848B-A1F9BD2D4A48}\RP130\A0119906.dll je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 13:13:22 - Testování souboru C:\System Volume Information\_restore{0DFB9087-0FF9-45D9-848B-A1F9BD2D4A48}\RP130\A0119907.dll
27 VIII 2010 13:13:22 - Soubor C:\System Volume Information\_restore{0DFB9087-0FF9-45D9-848B-A1F9BD2D4A48}\RP130\A0119907.dll je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 13:13:22 - Testování souboru C:\System Volume Information\_restore{0DFB9087-0FF9-45D9-848B-A1F9BD2D4A48}\RP130\A0119908.exe
27 VIII 2010 13:13:22 - Soubor C:\System Volume Information\_restore{0DFB9087-0FF9-45D9-848B-A1F9BD2D4A48}\RP130\A0119908.exe je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 13:13:22 - Testování souboru C:\System Volume Information\_restore{0DFB9087-0FF9-45D9-848B-A1F9BD2D4A48}\RP130\A0119909.dll
27 VIII 2010 13:13:22 - Soubor C:\System Volume Information\_restore{0DFB9087-0FF9-45D9-848B-A1F9BD2D4A48}\RP130\A0119909.dll je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 13:13:22 - Testování souboru C:\System Volume Information\_restore{0DFB9087-0FF9-45D9-848B-A1F9BD2D4A48}\RP130\A0119910.exe
27 VIII 2010 13:13:22 - Soubor C:\System Volume Information\_restore{0DFB9087-0FF9-45D9-848B-A1F9BD2D4A48}\RP130\A0119910.exe je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 13:13:22 - Testování souboru C:\System Volume Information\_restore{0DFB9087-0FF9-45D9-848B-A1F9BD2D4A48}\RP130\A0119911.exe
27 VIII 2010 13:13:22 - Soubor C:\System Volume Information\_restore{0DFB9087-0FF9-45D9-848B-A1F9BD2D4A48}\RP130\A0119911.exe je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 13:13:22 - Testování souboru C:\System Volume Information\_restore{0DFB9087-0FF9-45D9-848B-A1F9BD2D4A48}\RP130\A0119912.dll
27 VIII 2010 13:13:22 - Soubor C:\System Volume Information\_restore{0DFB9087-0FF9-45D9-848B-A1F9BD2D4A48}\RP130\A0119912.dll je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 13:13:22 - Testování souboru C:\System Volume Information\_restore{0DFB9087-0FF9-45D9-848B-A1F9BD2D4A48}\RP130\A0119913.exe
27 VIII 2010 13:13:22 - Soubor C:\System Volume Information\_restore{0DFB9087-0FF9-45D9-848B-A1F9BD2D4A48}\RP130\A0119913.exe je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 13:13:22 - Testování souboru C:\System Volume Information\_restore{0DFB9087-0FF9-45D9-848B-A1F9BD2D4A48}\RP130\A0119914.dll
27 VIII 2010 13:13:22 - Soubor C:\System Volume Information\_restore{0DFB9087-0FF9-45D9-848B-A1F9BD2D4A48}\RP130\A0119914.dll je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 13:13:22 - Testování souboru C:\System Volume Information\_restore{0DFB9087-0FF9-45D9-848B-A1F9BD2D4A48}\RP130\A0119915.dll
27 VIII 2010 13:13:22 - Soubor C:\System Volume Information\_restore{0DFB9087-0FF9-45D9-848B-A1F9BD2D4A48}\RP130\A0119915.dll je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 13:13:22 - Testování souboru C:\System Volume Information\_restore{0DFB9087-0FF9-45D9-848B-A1F9BD2D4A48}\RP130\A0119916.dll
27 VIII 2010 13:13:22 - Soubor C:\System Volume Information\_restore{0DFB9087-0FF9-45D9-848B-A1F9BD2D4A48}\RP130\A0119916.dll je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 13:13:22 - Testování souboru C:\System Volume Information\_restore{0DFB9087-0FF9-45D9-848B-A1F9BD2D4A48}\RP130\A0119917.exe
27 VIII 2010 13:13:22 - Soubor C:\System Volume Information\_restore{0DFB9087-0FF9-45D9-848B-A1F9BD2D4A48}\RP130\A0119917.exe je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 13:13:22 - Testování souboru C:\System Volume Information\_restore{0DFB9087-0FF9-45D9-848B-A1F9BD2D4A48}\RP130\A0119918.exe
27 VIII 2010 13:13:22 - Soubor C:\System Volume Information\_restore{0DFB9087-0FF9-45D9-848B-A1F9BD2D4A48}\RP130\A0119918.exe je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 13:13:22 - Testování souboru C:\System Volume Information\_restore{0DFB9087-0FF9-45D9-848B-A1F9BD2D4A48}\RP130\A0119919.dll
27 VIII 2010 13:13:22 - Soubor C:\System Volume Information\_restore{0DFB9087-0FF9-45D9-848B-A1F9BD2D4A48}\RP130\A0119919.dll je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 13:13:22 - Testování souboru C:\System Volume Information\_restore{0DFB9087-0FF9-45D9-848B-A1F9BD2D4A48}\RP130\A0119921.dll
27 VIII 2010 13:13:22 - Soubor C:\System Volume Information\_restore{0DFB9087-0FF9-45D9-848B-A1F9BD2D4A48}\RP130\A0119921.dll je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 13:13:22 - Testování souboru C:\System Volume Information\_restore{0DFB9087-0FF9-45D9-848B-A1F9BD2D4A48}\RP130\A0119922.dll
27 VIII 2010 13:13:22 - Soubor C:\System Volume Information\_restore{0DFB9087-0FF9-45D9-848B-A1F9BD2D4A48}\RP130\A0119922.dll je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 13:13:22 - Testování souboru C:\System Volume Information\_restore{0DFB9087-0FF9-45D9-848B-A1F9BD2D4A48}\RP130\A0119923.exe
27 VIII 2010 13:13:22 - Soubor C:\System Volume Information\_restore{0DFB9087-0FF9-45D9-848B-A1F9BD2D4A48}\RP130\A0119923.exe je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 13:13:22 - Testování souboru C:\System Volume Information\_restore{0DFB9087-0FF9-45D9-848B-A1F9BD2D4A48}\RP130\A0119924.exe
27 VIII 2010 13:13:22 - Soubor C:\System Volume Information\_restore{0DFB9087-0FF9-45D9-848B-A1F9BD2D4A48}\RP130\A0119924.exe je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 13:13:22 - Testování souboru C:\System Volume Information\_restore{0DFB9087-0FF9-45D9-848B-A1F9BD2D4A48}\RP130\A0119925.exe
27 VIII 2010 13:13:22 - Soubor C:\System Volume Information\_restore{0DFB9087-0FF9-45D9-848B-A1F9BD2D4A48}\RP130\A0119925.exe je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 13:13:22 - Testování souboru C:\System Volume Information\_restore{0DFB9087-0FF9-45D9-848B-A1F9BD2D4A48}\RP130\A0119926.dll
27 VIII 2010 13:13:22 - Soubor C:\System Volume Information\_restore{0DFB9087-0FF9-45D9-848B-A1F9BD2D4A48}\RP130\A0119926.dll je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 13:17:18 - ***** Kontrola pro specifické ITW viry *****
27 VIII 2010 13:17:18 - ***** Test dokončen *****
27 VIII 2010 13:17:18 - Testovaných objektů: 169192
27 VIII 2010 13:17:18 - Kritických objektů: 10
27 VIII 2010 13:17:18 - Celkem vyléčených objektů: 0
27 VIII 2010 13:17:18 - Celkem přejmenováno: 0
27 VIII 2010 13:17:18 - Smazaných objektů: 0
27 VIII 2010 13:17:18 - Celkem chyb: 5
27 VIII 2010 13:17:18 - Uplynulý čas: 00:13:21
27 VIII 2010 13:17:18 - Datum vydání databáze: 09 Apr 2010
27 VIII 2010 13:17:18 - Verze virové databáze: 5598930
27 VIII 2010 13:17:18 - Test je dokončen
Viry v počítači Vyřešeno
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Viry v počítači
Pokud je PC jinak OK:
Vypni obnovu systému-restartuj PC--po restartu si obnovu systému zase zapni.
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
Máš nějaké problémy?
Vypni obnovu systému-restartuj PC--po restartu si obnovu systému zase zapni.
Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
Máš nějaké problémy?
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Viry v počítači
Po projetí ATF Cleanerem nový log.Já používám CCleaner.
27 VIII 2010 16:50:08 - eScan Anti Virus & Spyware Toolkit Utility.
27 VIII 2010 16:50:08 - Copyright © 2003-2006, MicroWorld Technologies Inc.
27 VIII 2010 16:50:08 - **********************************************************
27 VIII 2010 16:50:08 - Source: C:\DOCUME~1\Vojta\Plocha\mwav.exe
27 VIII 2010 16:50:08 - Verze 11.0.152 (C:\DOCUMENTS AND SETTINGS\VOJTA\LOCAL SETTINGS\TEMP\MEXE.COM)
27 VIII 2010 16:50:08 - Log soubor: C:\Documents and Settings\Vojta\Local Settings\Temp\MWAV.LOG
27 VIII 2010 16:50:08 - Datum a čas posledního testu: 27.08.2010 16:05:09
27 VIII 2010 16:50:08 - MWAV Registered: FALSE
27 VIII 2010 16:50:08 - User Account: Vojta (Administrator Mode)
27 VIII 2010 16:50:08 - OS Type: Windows Workstation
27 VIII 2010 16:50:08 - OS: Windows XP [OS Install Date: 21 Dec 2004 09:23:56]
27 VIII 2010 16:50:08 - Ver: Service Pack 2 (Build 2600)
27 VIII 2010 16:50:08 - System Up Time: 1 Hour, 0 Minute, 33 Seconds
27 VIII 2010 16:50:08 - Parent Process Name : C:\Documents and Settings\Vojta\Plocha\mwav.exe
27 VIII 2010 16:50:08 - Windows Root Folder: C:\WINDOWS
27 VIII 2010 16:50:08 - Windows Sys32 Folder: C:\WINDOWS\system32
27 VIII 2010 16:50:08 - Interface0 NameServer: 62.209.237.68,62.84.128.6
27 VIII 2010 16:50:08 - Local Fixed Drives: c:\
27 VIII 2010 16:50:08 - MWAV Mode: Only Scan files (Do Not Clean)
27 VIII 2010 16:50:08 - ********** Soubory vytvořené/upravené ve složce Windows a kořenovém adresáři od posledního testu **********
27 VIII 2010 16:50:09 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\bdc.exe (91904), 27-Aug-2010, MicroWorld Tech, eScan
27 VIII 2010 16:50:09 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\bdfltlib2k.dll (231944), 27-Aug-2010, MicroWorld Technologies Inc., eScan for Windows
27 VIII 2010 16:50:09 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\clean.bat (11), 27-Aug-2010
27 VIII 2010 16:50:09 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\DEVCON.EXE (61184), 27-Aug-2010, Microsoft Corporation, Microsoft® Windows® Operating System
27 VIII 2010 16:50:09 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\download.exe (934408), 27-Aug-2010, MicroWorld Technologies Inc., eScan
27 VIII 2010 16:50:09 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\encdec.dll (119816), 27-Aug-2010, MicroWorld Technologies Inc., eScan/MailScan/eConceal
27 VIII 2010 16:50:09 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\erootdrv.sys (13832), 27-Aug-2010, MicroWorld Technologies Inc., eScan/MWAV
27 VIII 2010 16:50:09 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\mexe.com (2292296), 27-Aug-2010, MicroWorld Technologies Inc., MicroWorld AntiVirus Toolkit Utility (MWAV)
27 VIII 2010 16:50:09 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\msvclnt.dll (236040), 27-Aug-2010, MicroWorld Technologies Inc., MailScan
27 VIII 2010 16:50:09 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\MWAVReg.EXE (721416), 27-Aug-2010, MicroWorld Technologies Inc., eScan / MailScan / eConceal
27 VIII 2010 16:50:09 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\MWAVSCAN.COM (2292296), 27-Aug-2010, MicroWorld Technologies Inc., MicroWorld AntiVirus Toolkit Utility (MWAV)
27 VIII 2010 16:50:09 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\plugins.htm (3620), 27-Aug-2010
27 VIII 2010 16:50:09 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\red32.dll (10248), 27-Aug-2010, Microsoft Corporation, Microsoft® Windows® Operating System
27 VIII 2010 16:50:09 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\reload.exe (154120), 27-Aug-2010, MicroWorld Technologies Inc., eScan for Windows
27 VIII 2010 16:50:09 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\set41.tmp (121064), 27-Aug-2010, Macrovision Corporation, InstallShield
27 VIII 2010 16:50:09 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\set43.tmp (121064), 27-Aug-2010, Macrovision Corporation, InstallShield
27 VIII 2010 16:50:09 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\set45.tmp (121064), 27-Aug-2010, Macrovision Corporation, InstallShield
27 VIII 2010 16:50:09 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\set47.tmp (121064), 27-Aug-2010, Macrovision Corporation, InstallShield
27 VIII 2010 16:50:09 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\set49.tmp (121064), 27-Aug-2010, Macrovision Corporation, InstallShield
27 VIII 2010 16:50:09 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\set4B.tmp (121064), 27-Aug-2010, Macrovision Corporation, InstallShield
27 VIII 2010 16:50:09 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\set4D.tmp (121064), 27-Aug-2010, Macrovision Corporation, InstallShield
27 VIII 2010 16:50:09 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\set53.tmp (121064), 27-Aug-2010, Macrovision Corporation, InstallShield
27 VIII 2010 16:50:09 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\set55.tmp (121064), 27-Aug-2010, Macrovision Corporation, InstallShield
27 VIII 2010 16:50:09 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\setpriv.exe (64008), 27-Aug-2010, MicroWorld Technologies Inc, eScan AntiVirus Toolkit Utility
27 VIII 2010 16:50:09 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\unregx.exe (61960), 27-Aug-2010, MicroWorld Technologies Inc, MicroWorld AntiVirus Toolkit Utility
27 VIII 2010 16:50:09 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\viewtcp.exe (573960), 27-Aug-2010, MicroWorld Technologies Inc., ViewTCP
27 VIII 2010 16:50:09 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\~DF27F1.tmp (16384), 27-Aug-2010
27 VIII 2010 16:50:09 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\~DF4E60.tmp (16384), 27-Aug-2010
27 VIII 2010 16:50:09 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\~DF566C.tmp (16384), 27-Aug-2010
27 VIII 2010 16:50:09 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\~DF567E.tmp (512), 27-Aug-2010
27 VIII 2010 16:50:09 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\~DF8C2F.tmp (16384), 27-Aug-2010
27 VIII 2010 16:50:09 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\~DFE0E8.tmp (16384), 27-Aug-2010
27 VIII 2010 16:50:09 - C:\WINDOWS\$hf_mig$, 19-Mar-2010 [H] [Složky]
27 VIII 2010 16:50:09 - C:\WINDOWS\$MSI31Uninstall_KB893803v2$, 17-May-2006 [H] [Složky]
27 VIII 2010 16:50:09 - C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$, 19-Mar-2010 [H] [Složky]
27 VIII 2010 16:50:09 - C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$, 19-Mar-2010 [H] [Složky]
27 VIII 2010 16:50:09 - C:\WINDOWS\Fonts, 21-Dec-2004 [SR] [Složky]
27 VIII 2010 16:50:09 - C:\WINDOWS\ftpcache, 02-Jul-2007 [HS] [Složky]
27 VIII 2010 16:50:09 - C:\WINDOWS\ie7, 19-Mar-2010 [H] [Složky]
27 VIII 2010 16:50:09 - C:\WINDOWS\inf, 21-Dec-2004 [H] [Složky]
27 VIII 2010 16:50:09 - C:\WINDOWS\system32\dllcache, 21-Dec-2004 [HSR] [Složky]
27 VIII 2010 16:50:09 - C:\WINDOWS\system32\Microsoft, 21-Dec-2004 [S] [Složky]
27 VIII 2010 16:50:09 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\AVCBack, 27-Aug-2010 [Složky]
27 VIII 2010 16:50:09 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\Google Toolbar, 27-Aug-2010 [Složky]
27 VIII 2010 16:50:09 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\iss42.tmp, 27-Aug-2010 [Složky]
27 VIII 2010 16:50:09 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\iss44.tmp, 27-Aug-2010 [Složky]
27 VIII 2010 16:50:09 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\iss46.tmp, 27-Aug-2010 [Složky]
27 VIII 2010 16:50:09 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\iss48.tmp, 27-Aug-2010 [Složky]
27 VIII 2010 16:50:09 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\iss4A.tmp, 27-Aug-2010 [Složky]
27 VIII 2010 16:50:09 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\iss4C.tmp, 27-Aug-2010 [Složky]
27 VIII 2010 16:50:09 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\iss4E.tmp, 27-Aug-2010 [Složky]
27 VIII 2010 16:50:09 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\iss54.tmp, 27-Aug-2010 [Složky]
27 VIII 2010 16:50:09 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\iss56.tmp, 27-Aug-2010 [Složky]
27 VIII 2010 16:50:09 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\Log, 27-Aug-2010 [Složky]
27 VIII 2010 16:50:09 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\plugins, 27-Aug-2010 [Složky]
27 VIII 2010 16:50:09 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\tmp00003d74, 27-Aug-2010 [Složky]
27 VIII 2010 16:50:09 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\tmp00005fe2, 27-Aug-2010 [Složky]
27 VIII 2010 16:50:09 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\{84E0C7B7-317E-4296-B3FC-3068DA4E75B5}, 27-Aug-2010 [Složky]
27 VIII 2010 16:50:09 - C:\Documents and Settings\Vojta\Data aplikací\Microsoft, 21-Dec-2004 [S] [Složky]
27 VIII 2010 16:50:09 - C:\Documents and Settings\Vojta\Data aplikací\..\Data aplikací, 21-Dec-2004 [HR] [Složky]
27 VIII 2010 16:50:09 - C:\Documents and Settings\Vojta\Data aplikací\..\Local Settings, 21-Dec-2004 [H] [Složky]
27 VIII 2010 16:50:09 - C:\Documents and Settings\Vojta\Data aplikací\..\Okolní síť, 21-Dec-2004 [H] [Složky]
27 VIII 2010 16:50:09 - C:\Documents and Settings\Vojta\Data aplikací\..\Okolní tiskárny, 21-Dec-2004 [H] [Složky]
27 VIII 2010 16:50:09 - C:\Documents and Settings\Vojta\Data aplikací\..\Recent, 27-Aug-2010 [HR] [Složky]
27 VIII 2010 16:50:09 - C:\Documents and Settings\Vojta\Data aplikací\..\SendTo, 21-Dec-2004 [HR] [Složky]
27 VIII 2010 16:50:09 - C:\Documents and Settings\Vojta\Data aplikací\..\UserData, 11-Sep-2009 [HS] [Složky]
27 VIII 2010 16:50:09 - C:\Documents and Settings\Vojta\Data aplikací\..\Šablony, 21-Dec-2004 [H] [Složky]
27 VIII 2010 16:50:09 - C:\Documents and Settings\All Users\Data aplikací\Microsoft, 21-Dec-2004 [S] [Složky]
27 VIII 2010 16:50:09 - C:\Documents and Settings\All Users\Data aplikací\..\Data aplikací, 21-Dec-2004 [HR] [Složky]
27 VIII 2010 16:50:09 - C:\Documents and Settings\All Users\Data aplikací\..\DRM, 21-Dec-2004 [HS] [Složky]
27 VIII 2010 16:50:09 - C:\Documents and Settings\All Users\Data aplikací\..\Šablony, 21-Dec-2004 [H] [Složky]
27 VIII 2010 16:50:09 - *********************************************************************************************
27 VIII 2010 16:50:28 - **********************************************************
27 VIII 2010 16:50:28 - eScan Anti Virus & Spyware Toolkit Utility.
27 VIII 2010 16:50:28 - Copyright © 2003-2006, MicroWorld Technologies Inc.
27 VIII 2010 16:50:28 -
27 VIII 2010 16:50:28 - Podpora [EN]: support@mwti.net
27 VIII 2010 16:50:28 - Web: http://www.mwti.net
27 VIII 2010 16:50:28 - **********************************************************
27 VIII 2010 16:50:28 - Verze 11.0.152[DB] (C:\DOCUMENTS AND SETTINGS\VOJTA\LOCAL SETTINGS\TEMP\MEXE.COM)
27 VIII 2010 16:50:28 - Log soubor: C:\Documents and Settings\Vojta\Local Settings\Temp\MWAV.LOG
27 VIII 2010 16:50:28 - User Account: Vojta (Administrator Mode)
27 VIII 2010 16:50:28 - Parent Process Name : C:\Documents and Settings\Vojta\Plocha\mwav.exe
27 VIII 2010 16:50:28 - Windows Root Folder: C:\WINDOWS
27 VIII 2010 16:50:28 - Windows Sys32 Folder: C:\WINDOWS\system32
27 VIII 2010 16:50:28 - OS: Windows XP [OS Install Date: 21 Dec 2004 09:23:56]
27 VIII 2010 16:50:28 - Ver: Service Pack 2 (Build 2600)
27 VIII 2010 16:50:28 - Poslední datum souborů používaných MWAV: Fri Apr 9 12:43:53 2010.
27 VIII 2010 16:50:28 - Plugins FileCount: 784 Sign Version: 7.31143
27 VIII 2010 16:50:28 - Nastavení vybraná uživatelem:
27 VIII 2010 16:50:28 - Kontrola paměti: Zapnuto
27 VIII 2010 16:50:28 - Kontorla registrů: Zapnuto
27 VIII 2010 16:50:28 - Kontrola souborů po spuštění: Zapnuto
27 VIII 2010 16:50:28 - Kontrola systémových složek: Zapnuto
27 VIII 2010 16:50:28 - Kontrola služeb: Zapnuto
27 VIII 2010 16:50:28 - Otestovat Spyware: Zapnuto
27 VIII 2010 16:50:28 - Kotrola disku: Vypnuto
27 VIII 2010 16:50:28 - Kontrola všech disků:Zapnuto
27 VIII 2010 16:50:28 - Kontrola složek: Vypnuto
27 VIII 2010 16:50:28 - SCAN: Program_Files
27 VIII 2010 16:50:28 - MWAV Mode: Only Scan files (Do Not Clean)
27 VIII 2010 16:50:28 - ***** Testování paměti *****
27 VIII 2010 16:50:34 - ***** Testování souborů registrů *****
27 VIII 2010 16:50:37 - ERROR!!! Invalid Entry vidc.LEAD = LCODCCMP.DLL (in key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32). No Action Taken.
27 VIII 2010 16:50:37 - ***** Testování aplikací po spuštění *****
27 VIII 2010 16:50:37 - ***** Testování služeb *****
27 VIII 2010 16:50:38 - ERROR!!! Invalid Entry %SystemRoot%\System32\hidserv.dll in HKLM\SYSTEM\CurrentControlSet\Services\HidServ\Parameters. Action Taken: No Action Taken.
27 VIII 2010 16:50:39 - ERROR!!! Invalid Entry system32\DRIVERS\pccsmcfd.sys in HKLM\SYSTEM\CurrentControlSet\Services\pccsmcfd. Action Taken: No Action Taken.
27 VIII 2010 16:50:40 - ***** Prohledávání registrů a souborů na přítomnost Adware/Spyware *****
27 VIII 2010 16:50:42 - Loading Spyware Signatures from new External Database [Name: C:\DOCUME~1\Vojta\LOCALS~1\Temp\spydb.avs, Size: 937838]...
27 VIII 2010 16:50:42 - Indexed Spyware Databases Successfully Created...
27 VIII 2010 16:50:45 - Offending file found: C:\WINDOWS\iun6002.exe
27 VIII 2010 16:50:45 - System found infected with Spyware.NetScreenWatch Spyware/Adware (iun6002.exe)! Action taken: Ponecháno, neodstraněno!.
27 VIII 2010 16:50:45 - Offending file found: C:\WINDOWS\system32\Guninst.exe
27 VIII 2010 16:50:45 - System found infected with SmitFraud Browser Hijacker (Guninst.exe)! Action taken: Ponecháno, neodstraněno!.
27 VIII 2010 16:50:45 - Offending Folder found: C:\Program Files\AskTBar
27 VIII 2010 16:50:45 - Objekt "AskTBar Toolbar" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 16:50:45 - Offending Folder found: C:\Program Files\VVSN
27 VIII 2010 16:50:45 - Objekt "Savenow Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 16:50:47 - Offending file found: C:\Documents and Settings\Vojta\Dokumenty\int\FP.CZ\App\Firefox\uninstall\helper.exe
27 VIII 2010 16:50:47 - System found infected with Smitfraud Corrupted Adware/Spyware (helper.exe)! Action taken: Ponecháno, neodstraněno!.
27 VIII 2010 16:50:51 - Offending file found: C:\Documents and Settings\Vojta\Dokumenty\int\FP.CZ\App\Firefox\uninstall\helper.exe
27 VIII 2010 16:50:51 - System found infected with Smitfraud Corrupted Adware/Spyware (helper.exe)! Action taken: Ponecháno, neodstraněno!.
27 VIII 2010 16:50:53 - Testování MountPoints2 RegKey...
27 VIII 2010 16:50:53 - Invalid Command Found in {abae7c24-d7f5-11dd-9cc4-8f54bc1872e5}\Shell\AutoRun\command: setupSNK.exe
27 VIII 2010 16:50:53 - Offending Key found: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{abae7c24-d7f5-11dd-9cc4-8f54bc1872e5} !!!
27 VIII 2010 16:50:53 - Testování CLSID RegKey...
27 VIII 2010 16:50:53 - Testování ModuleUsage RegKey...
27 VIII 2010 16:50:53 - Testování ExternalApp RegKey...
27 VIII 2010 16:50:53 - Záznam "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" odkazuje na neplatný objekt "C:\PROGRA~1\GAMESP~1\GSAPak.exe". Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 16:50:53 - Záznam "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" odkazuje na neplatný objekt "C:\PROGRA~1\GAMESP~1\GSAPak.exe -launch". Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 16:50:53 - Testování SharedDLL RegKey...
27 VIII 2010 16:50:54 - Testování Installer RegKey...
27 VIII 2010 16:50:55 - Testování FileExtension RegKey...
27 VIII 2010 16:50:55 - Testování ARPCache RegKey...
27 VIII 2010 16:50:55 - ***** Testování souborů ve složce System32 *****
27 VIII 2010 16:51:27 - ***** Testování místních disků *****
27 VIII 2010 16:51:28 - Testování disku C:\
27 VIII 2010 16:52:08 - Testování souboru C:\Program Files\Adobe\Reader 9.0\Reader\A3DUtility(2).exe
27 VIII 2010 16:52:08 - Soubor C:\Program Files\Adobe\Reader 9.0\Reader\A3DUtility(2).exe je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 16:52:08 - Testování souboru C:\Program Files\Adobe\Reader 9.0\Reader\ACE(2).dll
27 VIII 2010 16:52:08 - Soubor C:\Program Files\Adobe\Reader 9.0\Reader\ACE(2).dll je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 16:52:08 - Testování souboru C:\Program Files\Adobe\Reader 9.0\Reader\AcroBroker(2).exe
27 VIII 2010 16:52:08 - Soubor C:\Program Files\Adobe\Reader 9.0\Reader\AcroBroker(2).exe je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 16:52:08 - Testování souboru C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32(2).dll
27 VIII 2010 16:52:08 - Soubor C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32(2).dll je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 16:52:08 - Testování souboru C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32(2).exe
27 VIII 2010 16:52:08 - Soubor C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32(2).exe je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 16:52:08 - Testování souboru C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info(2).exe
27 VIII 2010 16:52:08 - Soubor C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info(2).exe je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 16:52:08 - Testování souboru C:\Program Files\Adobe\Reader 9.0\Reader\AcroRdIF(2).dll
27 VIII 2010 16:52:08 - Soubor C:\Program Files\Adobe\Reader 9.0\Reader\AcroRdIF(2).dll je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 16:52:08 - Testování souboru C:\Program Files\Adobe\Reader 9.0\Reader\AcroTextExtractor(2).exe
27 VIII 2010 16:52:08 - Soubor C:\Program Files\Adobe\Reader 9.0\Reader\AcroTextExtractor(2).exe je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 16:52:08 - Testování souboru C:\Program Files\Adobe\Reader 9.0\Reader\AdobeCollabSync(2).exe
27 VIII 2010 16:52:08 - Soubor C:\Program Files\Adobe\Reader 9.0\Reader\AdobeCollabSync(2).exe je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 16:52:08 - Testování souboru C:\Program Files\Adobe\Reader 9.0\Reader\AGM(2).dll
27 VIII 2010 16:52:08 - Soubor C:\Program Files\Adobe\Reader 9.0\Reader\AGM(2).dll je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 16:52:08 - Testování souboru C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32(2).dll
27 VIII 2010 16:52:08 - Soubor C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32(2).dll je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 16:52:08 - Testování souboru C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32(2).dll
27 VIII 2010 16:52:08 - Soubor C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32(2).dll je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 16:52:08 - Testování souboru C:\Program Files\Adobe\Reader 9.0\Reader\CoolType(2).dll
27 VIII 2010 16:52:08 - Soubor C:\Program Files\Adobe\Reader 9.0\Reader\CoolType(2).dll je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 16:52:08 - Testování souboru C:\Program Files\Adobe\Reader 9.0\Reader\Eula(2).exe
27 VIII 2010 16:52:08 - Soubor C:\Program Files\Adobe\Reader 9.0\Reader\Eula(2).exe je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 16:52:09 - Testování souboru C:\Program Files\Adobe\Reader 9.0\Reader\JP2KLib(2).dll
27 VIII 2010 16:52:09 - Soubor C:\Program Files\Adobe\Reader 9.0\Reader\JP2KLib(2).dll je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 16:52:09 - Testování souboru C:\Program Files\Adobe\Reader 9.0\Reader\PDFPrevHndlr(2).dll
27 VIII 2010 16:52:09 - Soubor C:\Program Files\Adobe\Reader 9.0\Reader\PDFPrevHndlr(2).dll je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 16:52:09 - Testování souboru C:\Program Files\Adobe\Reader 9.0\Reader\PDFPrevHndlrShim(2).exe
27 VIII 2010 16:52:09 - Soubor C:\Program Files\Adobe\Reader 9.0\Reader\PDFPrevHndlrShim(2).exe je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 16:52:10 - Testování souboru C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl(2).exe
27 VIII 2010 16:52:10 - Soubor C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl(2).exe je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 16:52:10 - Testování souboru C:\Program Files\Adobe\Reader 9.0\Reader\rt3d(2).dll
27 VIII 2010 16:52:10 - Soubor C:\Program Files\Adobe\Reader 9.0\Reader\rt3d(2).dll je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 16:52:10 - Testování souboru C:\Program Files\Adobe\Reader 9.0\Reader\ViewerPS(2).dll
27 VIII 2010 16:52:10 - Soubor C:\Program Files\Adobe\Reader 9.0\Reader\ViewerPS(2).dll je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 16:54:33 - Testování souboru C:\Program Files\Common Files\Adobe\Acrobat(2)\ActiveX(2)\AcroIEHelper(2).dll
27 VIII 2010 16:54:33 - Soubor C:\Program Files\Common Files\Adobe\Acrobat(2)\ActiveX(2)\AcroIEHelper(2).dll je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 16:54:33 - Testování souboru C:\Program Files\Common Files\Adobe\Acrobat(2)\ActiveX(2)\AcroIEHelperShim(2).dll
27 VIII 2010 16:54:33 - Soubor C:\Program Files\Common Files\Adobe\Acrobat(2)\ActiveX(2)\AcroIEHelperShim(2).dll je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 16:54:33 - Testování souboru C:\Program Files\Common Files\Adobe\Acrobat(2)\ActiveX(2)\AcroPDF(2).dll
27 VIII 2010 16:54:33 - Soubor C:\Program Files\Common Files\Adobe\Acrobat(2)\ActiveX(2)\AcroPDF(2).dll je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 16:54:33 - Testování souboru C:\Program Files\Common Files\Adobe\Acrobat(2)\ActiveX(2)\pdfshell(2).dll
27 VIII 2010 16:54:33 - Soubor C:\Program Files\Common Files\Adobe\Acrobat(2)\ActiveX(2)\pdfshell(2).dll je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 16:58:56 - ***** Kontrola pro specifické ITW viry *****
27 VIII 2010 16:58:56 - ***** Test dokončen *****
27 VIII 2010 16:58:56 - Testovaných objektů: 152497
27 VIII 2010 16:58:56 - Kritických objektů: 6
27 VIII 2010 16:58:56 - Celkem vyléčených objektů: 0
27 VIII 2010 16:58:56 - Celkem přejmenováno: 0
27 VIII 2010 16:58:56 - Smazaných objektů: 0
27 VIII 2010 16:58:57 - Celkem chyb: 5
27 VIII 2010 16:58:57 - Uplynulý čas: 00:08:28
27 VIII 2010 16:58:57 - Datum vydání databáze: 09 Apr 2010
27 VIII 2010 16:58:57 - Verze virové databáze: 5598930
27 VIII 2010 16:58:57 - Test je dokončen
27 VIII 2010 16:50:08 - eScan Anti Virus & Spyware Toolkit Utility.
27 VIII 2010 16:50:08 - Copyright © 2003-2006, MicroWorld Technologies Inc.
27 VIII 2010 16:50:08 - **********************************************************
27 VIII 2010 16:50:08 - Source: C:\DOCUME~1\Vojta\Plocha\mwav.exe
27 VIII 2010 16:50:08 - Verze 11.0.152 (C:\DOCUMENTS AND SETTINGS\VOJTA\LOCAL SETTINGS\TEMP\MEXE.COM)
27 VIII 2010 16:50:08 - Log soubor: C:\Documents and Settings\Vojta\Local Settings\Temp\MWAV.LOG
27 VIII 2010 16:50:08 - Datum a čas posledního testu: 27.08.2010 16:05:09
27 VIII 2010 16:50:08 - MWAV Registered: FALSE
27 VIII 2010 16:50:08 - User Account: Vojta (Administrator Mode)
27 VIII 2010 16:50:08 - OS Type: Windows Workstation
27 VIII 2010 16:50:08 - OS: Windows XP [OS Install Date: 21 Dec 2004 09:23:56]
27 VIII 2010 16:50:08 - Ver: Service Pack 2 (Build 2600)
27 VIII 2010 16:50:08 - System Up Time: 1 Hour, 0 Minute, 33 Seconds
27 VIII 2010 16:50:08 - Parent Process Name : C:\Documents and Settings\Vojta\Plocha\mwav.exe
27 VIII 2010 16:50:08 - Windows Root Folder: C:\WINDOWS
27 VIII 2010 16:50:08 - Windows Sys32 Folder: C:\WINDOWS\system32
27 VIII 2010 16:50:08 - Interface0 NameServer: 62.209.237.68,62.84.128.6
27 VIII 2010 16:50:08 - Local Fixed Drives: c:\
27 VIII 2010 16:50:08 - MWAV Mode: Only Scan files (Do Not Clean)
27 VIII 2010 16:50:08 - ********** Soubory vytvořené/upravené ve složce Windows a kořenovém adresáři od posledního testu **********
27 VIII 2010 16:50:09 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\bdc.exe (91904), 27-Aug-2010, MicroWorld Tech, eScan
27 VIII 2010 16:50:09 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\bdfltlib2k.dll (231944), 27-Aug-2010, MicroWorld Technologies Inc., eScan for Windows
27 VIII 2010 16:50:09 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\clean.bat (11), 27-Aug-2010
27 VIII 2010 16:50:09 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\DEVCON.EXE (61184), 27-Aug-2010, Microsoft Corporation, Microsoft® Windows® Operating System
27 VIII 2010 16:50:09 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\download.exe (934408), 27-Aug-2010, MicroWorld Technologies Inc., eScan
27 VIII 2010 16:50:09 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\encdec.dll (119816), 27-Aug-2010, MicroWorld Technologies Inc., eScan/MailScan/eConceal
27 VIII 2010 16:50:09 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\erootdrv.sys (13832), 27-Aug-2010, MicroWorld Technologies Inc., eScan/MWAV
27 VIII 2010 16:50:09 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\mexe.com (2292296), 27-Aug-2010, MicroWorld Technologies Inc., MicroWorld AntiVirus Toolkit Utility (MWAV)
27 VIII 2010 16:50:09 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\msvclnt.dll (236040), 27-Aug-2010, MicroWorld Technologies Inc., MailScan
27 VIII 2010 16:50:09 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\MWAVReg.EXE (721416), 27-Aug-2010, MicroWorld Technologies Inc., eScan / MailScan / eConceal
27 VIII 2010 16:50:09 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\MWAVSCAN.COM (2292296), 27-Aug-2010, MicroWorld Technologies Inc., MicroWorld AntiVirus Toolkit Utility (MWAV)
27 VIII 2010 16:50:09 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\plugins.htm (3620), 27-Aug-2010
27 VIII 2010 16:50:09 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\red32.dll (10248), 27-Aug-2010, Microsoft Corporation, Microsoft® Windows® Operating System
27 VIII 2010 16:50:09 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\reload.exe (154120), 27-Aug-2010, MicroWorld Technologies Inc., eScan for Windows
27 VIII 2010 16:50:09 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\set41.tmp (121064), 27-Aug-2010, Macrovision Corporation, InstallShield
27 VIII 2010 16:50:09 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\set43.tmp (121064), 27-Aug-2010, Macrovision Corporation, InstallShield
27 VIII 2010 16:50:09 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\set45.tmp (121064), 27-Aug-2010, Macrovision Corporation, InstallShield
27 VIII 2010 16:50:09 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\set47.tmp (121064), 27-Aug-2010, Macrovision Corporation, InstallShield
27 VIII 2010 16:50:09 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\set49.tmp (121064), 27-Aug-2010, Macrovision Corporation, InstallShield
27 VIII 2010 16:50:09 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\set4B.tmp (121064), 27-Aug-2010, Macrovision Corporation, InstallShield
27 VIII 2010 16:50:09 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\set4D.tmp (121064), 27-Aug-2010, Macrovision Corporation, InstallShield
27 VIII 2010 16:50:09 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\set53.tmp (121064), 27-Aug-2010, Macrovision Corporation, InstallShield
27 VIII 2010 16:50:09 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\set55.tmp (121064), 27-Aug-2010, Macrovision Corporation, InstallShield
27 VIII 2010 16:50:09 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\setpriv.exe (64008), 27-Aug-2010, MicroWorld Technologies Inc, eScan AntiVirus Toolkit Utility
27 VIII 2010 16:50:09 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\unregx.exe (61960), 27-Aug-2010, MicroWorld Technologies Inc, MicroWorld AntiVirus Toolkit Utility
27 VIII 2010 16:50:09 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\viewtcp.exe (573960), 27-Aug-2010, MicroWorld Technologies Inc., ViewTCP
27 VIII 2010 16:50:09 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\~DF27F1.tmp (16384), 27-Aug-2010
27 VIII 2010 16:50:09 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\~DF4E60.tmp (16384), 27-Aug-2010
27 VIII 2010 16:50:09 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\~DF566C.tmp (16384), 27-Aug-2010
27 VIII 2010 16:50:09 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\~DF567E.tmp (512), 27-Aug-2010
27 VIII 2010 16:50:09 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\~DF8C2F.tmp (16384), 27-Aug-2010
27 VIII 2010 16:50:09 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\~DFE0E8.tmp (16384), 27-Aug-2010
27 VIII 2010 16:50:09 - C:\WINDOWS\$hf_mig$, 19-Mar-2010 [H] [Složky]
27 VIII 2010 16:50:09 - C:\WINDOWS\$MSI31Uninstall_KB893803v2$, 17-May-2006 [H] [Složky]
27 VIII 2010 16:50:09 - C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$, 19-Mar-2010 [H] [Složky]
27 VIII 2010 16:50:09 - C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$, 19-Mar-2010 [H] [Složky]
27 VIII 2010 16:50:09 - C:\WINDOWS\Fonts, 21-Dec-2004 [SR] [Složky]
27 VIII 2010 16:50:09 - C:\WINDOWS\ftpcache, 02-Jul-2007 [HS] [Složky]
27 VIII 2010 16:50:09 - C:\WINDOWS\ie7, 19-Mar-2010 [H] [Složky]
27 VIII 2010 16:50:09 - C:\WINDOWS\inf, 21-Dec-2004 [H] [Složky]
27 VIII 2010 16:50:09 - C:\WINDOWS\system32\dllcache, 21-Dec-2004 [HSR] [Složky]
27 VIII 2010 16:50:09 - C:\WINDOWS\system32\Microsoft, 21-Dec-2004 [S] [Složky]
27 VIII 2010 16:50:09 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\AVCBack, 27-Aug-2010 [Složky]
27 VIII 2010 16:50:09 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\Google Toolbar, 27-Aug-2010 [Složky]
27 VIII 2010 16:50:09 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\iss42.tmp, 27-Aug-2010 [Složky]
27 VIII 2010 16:50:09 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\iss44.tmp, 27-Aug-2010 [Složky]
27 VIII 2010 16:50:09 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\iss46.tmp, 27-Aug-2010 [Složky]
27 VIII 2010 16:50:09 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\iss48.tmp, 27-Aug-2010 [Složky]
27 VIII 2010 16:50:09 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\iss4A.tmp, 27-Aug-2010 [Složky]
27 VIII 2010 16:50:09 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\iss4C.tmp, 27-Aug-2010 [Složky]
27 VIII 2010 16:50:09 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\iss4E.tmp, 27-Aug-2010 [Složky]
27 VIII 2010 16:50:09 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\iss54.tmp, 27-Aug-2010 [Složky]
27 VIII 2010 16:50:09 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\iss56.tmp, 27-Aug-2010 [Složky]
27 VIII 2010 16:50:09 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\Log, 27-Aug-2010 [Složky]
27 VIII 2010 16:50:09 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\plugins, 27-Aug-2010 [Složky]
27 VIII 2010 16:50:09 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\tmp00003d74, 27-Aug-2010 [Složky]
27 VIII 2010 16:50:09 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\tmp00005fe2, 27-Aug-2010 [Složky]
27 VIII 2010 16:50:09 - C:\DOCUME~1\Vojta\LOCALS~1\Temp\{84E0C7B7-317E-4296-B3FC-3068DA4E75B5}, 27-Aug-2010 [Složky]
27 VIII 2010 16:50:09 - C:\Documents and Settings\Vojta\Data aplikací\Microsoft, 21-Dec-2004 [S] [Složky]
27 VIII 2010 16:50:09 - C:\Documents and Settings\Vojta\Data aplikací\..\Data aplikací, 21-Dec-2004 [HR] [Složky]
27 VIII 2010 16:50:09 - C:\Documents and Settings\Vojta\Data aplikací\..\Local Settings, 21-Dec-2004 [H] [Složky]
27 VIII 2010 16:50:09 - C:\Documents and Settings\Vojta\Data aplikací\..\Okolní síť, 21-Dec-2004 [H] [Složky]
27 VIII 2010 16:50:09 - C:\Documents and Settings\Vojta\Data aplikací\..\Okolní tiskárny, 21-Dec-2004 [H] [Složky]
27 VIII 2010 16:50:09 - C:\Documents and Settings\Vojta\Data aplikací\..\Recent, 27-Aug-2010 [HR] [Složky]
27 VIII 2010 16:50:09 - C:\Documents and Settings\Vojta\Data aplikací\..\SendTo, 21-Dec-2004 [HR] [Složky]
27 VIII 2010 16:50:09 - C:\Documents and Settings\Vojta\Data aplikací\..\UserData, 11-Sep-2009 [HS] [Složky]
27 VIII 2010 16:50:09 - C:\Documents and Settings\Vojta\Data aplikací\..\Šablony, 21-Dec-2004 [H] [Složky]
27 VIII 2010 16:50:09 - C:\Documents and Settings\All Users\Data aplikací\Microsoft, 21-Dec-2004 [S] [Složky]
27 VIII 2010 16:50:09 - C:\Documents and Settings\All Users\Data aplikací\..\Data aplikací, 21-Dec-2004 [HR] [Složky]
27 VIII 2010 16:50:09 - C:\Documents and Settings\All Users\Data aplikací\..\DRM, 21-Dec-2004 [HS] [Složky]
27 VIII 2010 16:50:09 - C:\Documents and Settings\All Users\Data aplikací\..\Šablony, 21-Dec-2004 [H] [Složky]
27 VIII 2010 16:50:09 - *********************************************************************************************
27 VIII 2010 16:50:28 - **********************************************************
27 VIII 2010 16:50:28 - eScan Anti Virus & Spyware Toolkit Utility.
27 VIII 2010 16:50:28 - Copyright © 2003-2006, MicroWorld Technologies Inc.
27 VIII 2010 16:50:28 -
27 VIII 2010 16:50:28 - Podpora [EN]: support@mwti.net
27 VIII 2010 16:50:28 - Web: http://www.mwti.net
27 VIII 2010 16:50:28 - **********************************************************
27 VIII 2010 16:50:28 - Verze 11.0.152[DB] (C:\DOCUMENTS AND SETTINGS\VOJTA\LOCAL SETTINGS\TEMP\MEXE.COM)
27 VIII 2010 16:50:28 - Log soubor: C:\Documents and Settings\Vojta\Local Settings\Temp\MWAV.LOG
27 VIII 2010 16:50:28 - User Account: Vojta (Administrator Mode)
27 VIII 2010 16:50:28 - Parent Process Name : C:\Documents and Settings\Vojta\Plocha\mwav.exe
27 VIII 2010 16:50:28 - Windows Root Folder: C:\WINDOWS
27 VIII 2010 16:50:28 - Windows Sys32 Folder: C:\WINDOWS\system32
27 VIII 2010 16:50:28 - OS: Windows XP [OS Install Date: 21 Dec 2004 09:23:56]
27 VIII 2010 16:50:28 - Ver: Service Pack 2 (Build 2600)
27 VIII 2010 16:50:28 - Poslední datum souborů používaných MWAV: Fri Apr 9 12:43:53 2010.
27 VIII 2010 16:50:28 - Plugins FileCount: 784 Sign Version: 7.31143
27 VIII 2010 16:50:28 - Nastavení vybraná uživatelem:
27 VIII 2010 16:50:28 - Kontrola paměti: Zapnuto
27 VIII 2010 16:50:28 - Kontorla registrů: Zapnuto
27 VIII 2010 16:50:28 - Kontrola souborů po spuštění: Zapnuto
27 VIII 2010 16:50:28 - Kontrola systémových složek: Zapnuto
27 VIII 2010 16:50:28 - Kontrola služeb: Zapnuto
27 VIII 2010 16:50:28 - Otestovat Spyware: Zapnuto
27 VIII 2010 16:50:28 - Kotrola disku: Vypnuto
27 VIII 2010 16:50:28 - Kontrola všech disků:Zapnuto
27 VIII 2010 16:50:28 - Kontrola složek: Vypnuto
27 VIII 2010 16:50:28 - SCAN: Program_Files
27 VIII 2010 16:50:28 - MWAV Mode: Only Scan files (Do Not Clean)
27 VIII 2010 16:50:28 - ***** Testování paměti *****
27 VIII 2010 16:50:34 - ***** Testování souborů registrů *****
27 VIII 2010 16:50:37 - ERROR!!! Invalid Entry vidc.LEAD = LCODCCMP.DLL (in key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32). No Action Taken.
27 VIII 2010 16:50:37 - ***** Testování aplikací po spuštění *****
27 VIII 2010 16:50:37 - ***** Testování služeb *****
27 VIII 2010 16:50:38 - ERROR!!! Invalid Entry %SystemRoot%\System32\hidserv.dll in HKLM\SYSTEM\CurrentControlSet\Services\HidServ\Parameters. Action Taken: No Action Taken.
27 VIII 2010 16:50:39 - ERROR!!! Invalid Entry system32\DRIVERS\pccsmcfd.sys in HKLM\SYSTEM\CurrentControlSet\Services\pccsmcfd. Action Taken: No Action Taken.
27 VIII 2010 16:50:40 - ***** Prohledávání registrů a souborů na přítomnost Adware/Spyware *****
27 VIII 2010 16:50:42 - Loading Spyware Signatures from new External Database [Name: C:\DOCUME~1\Vojta\LOCALS~1\Temp\spydb.avs, Size: 937838]...
27 VIII 2010 16:50:42 - Indexed Spyware Databases Successfully Created...
27 VIII 2010 16:50:45 - Offending file found: C:\WINDOWS\iun6002.exe
27 VIII 2010 16:50:45 - System found infected with Spyware.NetScreenWatch Spyware/Adware (iun6002.exe)! Action taken: Ponecháno, neodstraněno!.
27 VIII 2010 16:50:45 - Offending file found: C:\WINDOWS\system32\Guninst.exe
27 VIII 2010 16:50:45 - System found infected with SmitFraud Browser Hijacker (Guninst.exe)! Action taken: Ponecháno, neodstraněno!.
27 VIII 2010 16:50:45 - Offending Folder found: C:\Program Files\AskTBar
27 VIII 2010 16:50:45 - Objekt "AskTBar Toolbar" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 16:50:45 - Offending Folder found: C:\Program Files\VVSN
27 VIII 2010 16:50:45 - Objekt "Savenow Adware" nalezen v souborovém systému! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 16:50:47 - Offending file found: C:\Documents and Settings\Vojta\Dokumenty\int\FP.CZ\App\Firefox\uninstall\helper.exe
27 VIII 2010 16:50:47 - System found infected with Smitfraud Corrupted Adware/Spyware (helper.exe)! Action taken: Ponecháno, neodstraněno!.
27 VIII 2010 16:50:51 - Offending file found: C:\Documents and Settings\Vojta\Dokumenty\int\FP.CZ\App\Firefox\uninstall\helper.exe
27 VIII 2010 16:50:51 - System found infected with Smitfraud Corrupted Adware/Spyware (helper.exe)! Action taken: Ponecháno, neodstraněno!.
27 VIII 2010 16:50:53 - Testování MountPoints2 RegKey...
27 VIII 2010 16:50:53 - Invalid Command Found in {abae7c24-d7f5-11dd-9cc4-8f54bc1872e5}\Shell\AutoRun\command: setupSNK.exe
27 VIII 2010 16:50:53 - Offending Key found: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{abae7c24-d7f5-11dd-9cc4-8f54bc1872e5} !!!
27 VIII 2010 16:50:53 - Testování CLSID RegKey...
27 VIII 2010 16:50:53 - Testování ModuleUsage RegKey...
27 VIII 2010 16:50:53 - Testování ExternalApp RegKey...
27 VIII 2010 16:50:53 - Záznam "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" odkazuje na neplatný objekt "C:\PROGRA~1\GAMESP~1\GSAPak.exe". Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 16:50:53 - Záznam "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" odkazuje na neplatný objekt "C:\PROGRA~1\GAMESP~1\GSAPak.exe -launch". Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 16:50:53 - Testování SharedDLL RegKey...
27 VIII 2010 16:50:54 - Testování Installer RegKey...
27 VIII 2010 16:50:55 - Testování FileExtension RegKey...
27 VIII 2010 16:50:55 - Testování ARPCache RegKey...
27 VIII 2010 16:50:55 - ***** Testování souborů ve složce System32 *****
27 VIII 2010 16:51:27 - ***** Testování místních disků *****
27 VIII 2010 16:51:28 - Testování disku C:\
27 VIII 2010 16:52:08 - Testování souboru C:\Program Files\Adobe\Reader 9.0\Reader\A3DUtility(2).exe
27 VIII 2010 16:52:08 - Soubor C:\Program Files\Adobe\Reader 9.0\Reader\A3DUtility(2).exe je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 16:52:08 - Testování souboru C:\Program Files\Adobe\Reader 9.0\Reader\ACE(2).dll
27 VIII 2010 16:52:08 - Soubor C:\Program Files\Adobe\Reader 9.0\Reader\ACE(2).dll je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 16:52:08 - Testování souboru C:\Program Files\Adobe\Reader 9.0\Reader\AcroBroker(2).exe
27 VIII 2010 16:52:08 - Soubor C:\Program Files\Adobe\Reader 9.0\Reader\AcroBroker(2).exe je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 16:52:08 - Testování souboru C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32(2).dll
27 VIII 2010 16:52:08 - Soubor C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32(2).dll je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 16:52:08 - Testování souboru C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32(2).exe
27 VIII 2010 16:52:08 - Soubor C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32(2).exe je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 16:52:08 - Testování souboru C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info(2).exe
27 VIII 2010 16:52:08 - Soubor C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info(2).exe je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 16:52:08 - Testování souboru C:\Program Files\Adobe\Reader 9.0\Reader\AcroRdIF(2).dll
27 VIII 2010 16:52:08 - Soubor C:\Program Files\Adobe\Reader 9.0\Reader\AcroRdIF(2).dll je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 16:52:08 - Testování souboru C:\Program Files\Adobe\Reader 9.0\Reader\AcroTextExtractor(2).exe
27 VIII 2010 16:52:08 - Soubor C:\Program Files\Adobe\Reader 9.0\Reader\AcroTextExtractor(2).exe je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 16:52:08 - Testování souboru C:\Program Files\Adobe\Reader 9.0\Reader\AdobeCollabSync(2).exe
27 VIII 2010 16:52:08 - Soubor C:\Program Files\Adobe\Reader 9.0\Reader\AdobeCollabSync(2).exe je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 16:52:08 - Testování souboru C:\Program Files\Adobe\Reader 9.0\Reader\AGM(2).dll
27 VIII 2010 16:52:08 - Soubor C:\Program Files\Adobe\Reader 9.0\Reader\AGM(2).dll je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 16:52:08 - Testování souboru C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32(2).dll
27 VIII 2010 16:52:08 - Soubor C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32(2).dll je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 16:52:08 - Testování souboru C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32(2).dll
27 VIII 2010 16:52:08 - Soubor C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32(2).dll je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 16:52:08 - Testování souboru C:\Program Files\Adobe\Reader 9.0\Reader\CoolType(2).dll
27 VIII 2010 16:52:08 - Soubor C:\Program Files\Adobe\Reader 9.0\Reader\CoolType(2).dll je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 16:52:08 - Testování souboru C:\Program Files\Adobe\Reader 9.0\Reader\Eula(2).exe
27 VIII 2010 16:52:08 - Soubor C:\Program Files\Adobe\Reader 9.0\Reader\Eula(2).exe je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 16:52:09 - Testování souboru C:\Program Files\Adobe\Reader 9.0\Reader\JP2KLib(2).dll
27 VIII 2010 16:52:09 - Soubor C:\Program Files\Adobe\Reader 9.0\Reader\JP2KLib(2).dll je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 16:52:09 - Testování souboru C:\Program Files\Adobe\Reader 9.0\Reader\PDFPrevHndlr(2).dll
27 VIII 2010 16:52:09 - Soubor C:\Program Files\Adobe\Reader 9.0\Reader\PDFPrevHndlr(2).dll je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 16:52:09 - Testování souboru C:\Program Files\Adobe\Reader 9.0\Reader\PDFPrevHndlrShim(2).exe
27 VIII 2010 16:52:09 - Soubor C:\Program Files\Adobe\Reader 9.0\Reader\PDFPrevHndlrShim(2).exe je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 16:52:10 - Testování souboru C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl(2).exe
27 VIII 2010 16:52:10 - Soubor C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl(2).exe je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 16:52:10 - Testování souboru C:\Program Files\Adobe\Reader 9.0\Reader\rt3d(2).dll
27 VIII 2010 16:52:10 - Soubor C:\Program Files\Adobe\Reader 9.0\Reader\rt3d(2).dll je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 16:52:10 - Testování souboru C:\Program Files\Adobe\Reader 9.0\Reader\ViewerPS(2).dll
27 VIII 2010 16:52:10 - Soubor C:\Program Files\Adobe\Reader 9.0\Reader\ViewerPS(2).dll je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 16:54:33 - Testování souboru C:\Program Files\Common Files\Adobe\Acrobat(2)\ActiveX(2)\AcroIEHelper(2).dll
27 VIII 2010 16:54:33 - Soubor C:\Program Files\Common Files\Adobe\Acrobat(2)\ActiveX(2)\AcroIEHelper(2).dll je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 16:54:33 - Testování souboru C:\Program Files\Common Files\Adobe\Acrobat(2)\ActiveX(2)\AcroIEHelperShim(2).dll
27 VIII 2010 16:54:33 - Soubor C:\Program Files\Common Files\Adobe\Acrobat(2)\ActiveX(2)\AcroIEHelperShim(2).dll je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 16:54:33 - Testování souboru C:\Program Files\Common Files\Adobe\Acrobat(2)\ActiveX(2)\AcroPDF(2).dll
27 VIII 2010 16:54:33 - Soubor C:\Program Files\Common Files\Adobe\Acrobat(2)\ActiveX(2)\AcroPDF(2).dll je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 16:54:33 - Testování souboru C:\Program Files\Common Files\Adobe\Acrobat(2)\ActiveX(2)\pdfshell(2).dll
27 VIII 2010 16:54:33 - Soubor C:\Program Files\Common Files\Adobe\Acrobat(2)\ActiveX(2)\pdfshell(2).dll je infikovaný virem NULL.Corrupted !! Provedené akce: Ponecháno, neodstraněno!.
27 VIII 2010 16:58:56 - ***** Kontrola pro specifické ITW viry *****
27 VIII 2010 16:58:56 - ***** Test dokončen *****
27 VIII 2010 16:58:56 - Testovaných objektů: 152497
27 VIII 2010 16:58:56 - Kritických objektů: 6
27 VIII 2010 16:58:56 - Celkem vyléčených objektů: 0
27 VIII 2010 16:58:56 - Celkem přejmenováno: 0
27 VIII 2010 16:58:56 - Smazaných objektů: 0
27 VIII 2010 16:58:57 - Celkem chyb: 5
27 VIII 2010 16:58:57 - Uplynulý čas: 00:08:28
27 VIII 2010 16:58:57 - Datum vydání databáze: 09 Apr 2010
27 VIII 2010 16:58:57 - Verze virové databáze: 5598930
27 VIII 2010 16:58:57 - Test je dokončen
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Viry v počítači
O problémech jsem se nedozvěděl nic..
MWAV--není všemocný , takže:
Vypni si rez.ochrany i firewall.
Stáhni si Dr. Web CureIt
dej update , po aktualizaci dej start.
Tlacitky dole můzeš soubor léčit(systémové soubory), smazat, přesunout nebo přejmenovat
+
Vlož log z HJT:
viewtopic.php?f=70&t=5119
+
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
Pokud budou problémy , spusť v nouz. režimu.
MWAV--není všemocný , takže:
Vypni si rez.ochrany i firewall.
Stáhni si Dr. Web CureIt
dej update , po aktualizaci dej start.
Tlacitky dole můzeš soubor léčit(systémové soubory), smazat, přesunout nebo přejmenovat
+
Vlož log z HJT:
viewtopic.php?f=70&t=5119
+
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
Pokud budou problémy , spusť v nouz. režimu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Viry v počítači
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 20:24:12, on 27.8.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
C:\WINDOWS\System32\G-VGA.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
O4 - HKLM\..\Run: [VGAUtil] C:\WINDOWS\System32\G-VGA.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; GTB6.5; .NET CLR 1.1.4322)" -"http://hry.1001hry.cz/699bbd6eba34f4b3728a65c02cb87c31/game.php?file=687474703a2f2f6872792e313030316872792e637a2f36393962626436656261333466346233373238613635633032636238376333312f3536322e646372&width=100%&height=100%&1001hry=1&cr=1&dpl=1&nobtn=1"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
O4 - Global Startup: Rychlé spuštění aplikace HP Image Zone.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{19083138-3D47-4D2B-B63C-7F2A83380C53}: NameServer = 62.209.237.68,62.84.128.6
O17 - HKLM\System\CS1\Services\Tcpip\..\{19083138-3D47-4D2B-B63C-7F2A83380C53}: NameServer = 62.209.237.68,62.84.128.6
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 8374 bytes
Další log:
Malwarebytes' Anti-Malware 1.46
http://www.malwarebytes.org
Verze databáze: 4490
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13
27.8.2010 20:06:08
mbam-log-2010-08-27 (20-06-08).txt
Typ skenu: Úplný sken (C:\|)
Skenované objekty: 213859
Uplynulý čas: 1 hodina(y), 2 minuta(y), 2 sekunda(y)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 1
Infikované složky: 1
Infikované soubory: 1
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované datové položky registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
Infikované složky:
C:\Program Files\VVSN (Adware.WhenU) -> No action taken.
Infikované soubory:
C:\Program Files\VVSN\vvsn.cfg (Adware.WhenU) -> No action taken.
Scan saved at 20:24:12, on 27.8.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
C:\WINDOWS\System32\G-VGA.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
O4 - HKLM\..\Run: [VGAUtil] C:\WINDOWS\System32\G-VGA.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; GTB6.5; .NET CLR 1.1.4322)" -"http://hry.1001hry.cz/699bbd6eba34f4b3728a65c02cb87c31/game.php?file=687474703a2f2f6872792e313030316872792e637a2f36393962626436656261333466346233373238613635633032636238376333312f3536322e646372&width=100%&height=100%&1001hry=1&cr=1&dpl=1&nobtn=1"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
O4 - Global Startup: Rychlé spuštění aplikace HP Image Zone.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{19083138-3D47-4D2B-B63C-7F2A83380C53}: NameServer = 62.209.237.68,62.84.128.6
O17 - HKLM\System\CS1\Services\Tcpip\..\{19083138-3D47-4D2B-B63C-7F2A83380C53}: NameServer = 62.209.237.68,62.84.128.6
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 8374 bytes
Další log:
Malwarebytes' Anti-Malware 1.46
http://www.malwarebytes.org
Verze databáze: 4490
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13
27.8.2010 20:06:08
mbam-log-2010-08-27 (20-06-08).txt
Typ skenu: Úplný sken (C:\|)
Skenované objekty: 213859
Uplynulý čas: 1 hodina(y), 2 minuta(y), 2 sekunda(y)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 1
Infikované složky: 1
Infikované soubory: 1
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované datové položky registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
Infikované složky:
C:\Program Files\VVSN (Adware.WhenU) -> No action taken.
Infikované soubory:
C:\Program Files\VVSN\vvsn.cfg (Adware.WhenU) -> No action taken.
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Viry v počítači
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod
. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujisti se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit
Můžeš sem pak vložit nový log z MbAM.
Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.
Návod
Kód: Vybrat vše
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujisti se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit
Můžeš sem pak vložit nový log z MbAM.
Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Viry v počítači
Log MbAM:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Verze databáze: 4490
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13
27.8.2010 21:23:56
mbam-log-2010-08-27 (21-23-56).txt
Typ skenu: Rychlý sken
Skenované objekty: 141423
Uplynulý čas: 8 minuta(y), 26 sekunda(y)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 1
Infikované složky: 1
Infikované soubory: 1
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované datové položky registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Infikované složky:
C:\Program Files\VVSN (Adware.WhenU) -> Quarantined and deleted successfully.
Infikované soubory:
C:\Program Files\VVSN\vvsn.cfg (Adware.WhenU) -> Quarantined and deleted successfully.
Log ComboFix
ComboFix 10-08-26.04 - Vojta 27.08.2010 21:45:22.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1023.710 [GMT 2:00]
Spuštěný z: c:\documents and settings\Vojta\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100827-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\regedit.com
c:\windows\system32\msconfig.exe
c:\windows\system32\taskmgr.com
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-07-27 do 2010-08-27 )))))))))))))))))))))))))))))))
.
2010-08-27 18:20 . 2010-08-27 18:20 -------- d-----w- c:\program files\TrendMicro
2010-08-27 17:01 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-27 17:01 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-27 17:01 . 2010-08-27 17:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-27 16:33 . 2010-08-27 16:33 -------- d-----w- c:\documents and settings\Vojta\DoctorWeb
2010-08-27 14:50 . 2010-08-27 14:50 -------- d---a-w- c:\windows\rundll16.exe
2010-08-27 14:50 . 2010-08-27 14:50 -------- d---a-w- c:\windows\logo1_.exe
2010-07-29 16:22 . 2010-07-29 16:22 -------- d-----w- c:\program files\DIFX
2010-07-29 16:22 . 2010-08-02 12:27 -------- dc----w- c:\windows\system32\DRVSTORE
2010-07-29 16:22 . 2010-02-26 12:32 92672 ----a-w- c:\windows\system32\nmwcdcls.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-27 10:10 . 2006-09-13 06:55 -------- d-----w- c:\program files\Google
2010-08-25 15:58 . 2001-10-25 14:00 64048 ----a-w- c:\windows\system32\perfc005.dat
2010-08-25 15:58 . 2001-10-25 14:00 383316 ----a-w- c:\windows\system32\perfh005.dat
2010-08-17 13:47 . 2010-03-19 07:47 -------- d-----w- c:\program files\Vstep
2010-06-29 08:37 . 2005-02-14 22:17 -------- d-----w- c:\program files\Common Files\Adobe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-08 68856]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe" [2009-07-31 468408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-02-09 65024]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-09-12 335872]
"HydraVisionDesktopManager"="c:\program files\ATI Technologies\ATI HydraVision\HydraDM.exe" [2003-04-01 270336]
"VGAUtil"="c:\windows\System32\G-VGA.exe" [2003-10-08 544768]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb11.exe" [2004-04-06 172032]
"HPHUPD06"="c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-07 659456]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
c:\documents and settings\Vojta\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-2-16 384512]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\digital imaging\bin\hpqtra08.exe [2004-5-28 241664]
Rychl‚ spuçtŘnˇ aplikace HP Image Zone.lnk - c:\program files\HP\digital imaging\bin\hpqthb08.exe [2004-5-29 53248]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MotoGP2\\motogp2.exe"=
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 14:46 63352]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [24.12.2008 14:04 114768]
R1 prodrv04;Star Force copy protection driver v4;c:\windows\system32\drivers\prodrv04.sys [14.1.2006 14:57 114496]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [24.12.2008 14:04 20560]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [5.2.2010 13:29 210216]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8.2.2010 18:37 135664]
S3 GAGPDrv;GAGPDrv; [x]
.
Obsah adresáře 'Naplánované úlohy'
2010-08-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-08 16:37]
2010-08-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-08 16:37]
2010-08-27 c:\windows\Tasks\HP Usg Daily.job
- c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\pexpress\hphped05.exe [2004-06-07 05:35]
2010-08-27 c:\windows\Tasks\WebReg 20100317190641.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2004-05-28 21:47]
2010-08-27 c:\windows\Tasks\WebReg 20100627154007.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2004-05-28 21:47]
2010-08-27 c:\windows\Tasks\WebReg 20100627154714.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2004-05-28 21:47]
2010-08-27 c:\windows\Tasks\WebReg 20100730154706.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2004-05-28 21:47]
2010-08-27 c:\windows\Tasks\WebReg 20100801101246.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2004-05-28 21:47]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
TCP: {19083138-3D47-4D2B-B63C-7F2A83380C53} = 62.209.237.68,62.84.128.6
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKLM-Run-NWEReboot - (no file)
AddRemove-DVD Player - c:\program files\A Lucas Hakos Technology\DVD Player\uninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-27 21:49
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\ACPI\PNP0F13\4&26dd0f47&0\LogConf]
@DACL=(02 0000)
"BasicConfigVector"=hex(a):48,00,00,00,0f,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,01,00,01,00,01,00,00,00,00,02,\
"BootConfig"=hex(8):01,00,00,00,0f,00,00,00,00,00,00,00,01,00,01,00,01,00,00,
00,02,01,01,00,0c,00,00,00,0c,00,00,00,ff,ff,ff,ff
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(696)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-08-27 21:51:48
ComboFix-quarantined-files.txt 2010-08-27 19:51
Před spuštěním: Volných bajtů: 59 350 728 704
Po spuštění: Volných bajtů: 59 768 369 152
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
- - End Of File - - 530CFECB8E7D7B04C081C61C21500D98
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Verze databáze: 4490
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13
27.8.2010 21:23:56
mbam-log-2010-08-27 (21-23-56).txt
Typ skenu: Rychlý sken
Skenované objekty: 141423
Uplynulý čas: 8 minuta(y), 26 sekunda(y)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 1
Infikované složky: 1
Infikované soubory: 1
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované datové položky registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Infikované složky:
C:\Program Files\VVSN (Adware.WhenU) -> Quarantined and deleted successfully.
Infikované soubory:
C:\Program Files\VVSN\vvsn.cfg (Adware.WhenU) -> Quarantined and deleted successfully.
Log ComboFix
ComboFix 10-08-26.04 - Vojta 27.08.2010 21:45:22.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1023.710 [GMT 2:00]
Spuštěný z: c:\documents and settings\Vojta\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100827-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\regedit.com
c:\windows\system32\msconfig.exe
c:\windows\system32\taskmgr.com
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-07-27 do 2010-08-27 )))))))))))))))))))))))))))))))
.
2010-08-27 18:20 . 2010-08-27 18:20 -------- d-----w- c:\program files\TrendMicro
2010-08-27 17:01 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-27 17:01 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-27 17:01 . 2010-08-27 17:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-27 16:33 . 2010-08-27 16:33 -------- d-----w- c:\documents and settings\Vojta\DoctorWeb
2010-08-27 14:50 . 2010-08-27 14:50 -------- d---a-w- c:\windows\rundll16.exe
2010-08-27 14:50 . 2010-08-27 14:50 -------- d---a-w- c:\windows\logo1_.exe
2010-07-29 16:22 . 2010-07-29 16:22 -------- d-----w- c:\program files\DIFX
2010-07-29 16:22 . 2010-08-02 12:27 -------- dc----w- c:\windows\system32\DRVSTORE
2010-07-29 16:22 . 2010-02-26 12:32 92672 ----a-w- c:\windows\system32\nmwcdcls.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-27 10:10 . 2006-09-13 06:55 -------- d-----w- c:\program files\Google
2010-08-25 15:58 . 2001-10-25 14:00 64048 ----a-w- c:\windows\system32\perfc005.dat
2010-08-25 15:58 . 2001-10-25 14:00 383316 ----a-w- c:\windows\system32\perfh005.dat
2010-08-17 13:47 . 2010-03-19 07:47 -------- d-----w- c:\program files\Vstep
2010-06-29 08:37 . 2005-02-14 22:17 -------- d-----w- c:\program files\Common Files\Adobe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-08 68856]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe" [2009-07-31 468408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-02-09 65024]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-09-12 335872]
"HydraVisionDesktopManager"="c:\program files\ATI Technologies\ATI HydraVision\HydraDM.exe" [2003-04-01 270336]
"VGAUtil"="c:\windows\System32\G-VGA.exe" [2003-10-08 544768]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb11.exe" [2004-04-06 172032]
"HPHUPD06"="c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-07 659456]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
c:\documents and settings\Vojta\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-2-16 384512]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\digital imaging\bin\hpqtra08.exe [2004-5-28 241664]
Rychl‚ spuçtŘnˇ aplikace HP Image Zone.lnk - c:\program files\HP\digital imaging\bin\hpqthb08.exe [2004-5-29 53248]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MotoGP2\\motogp2.exe"=
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 14:46 63352]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [24.12.2008 14:04 114768]
R1 prodrv04;Star Force copy protection driver v4;c:\windows\system32\drivers\prodrv04.sys [14.1.2006 14:57 114496]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [24.12.2008 14:04 20560]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [5.2.2010 13:29 210216]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8.2.2010 18:37 135664]
S3 GAGPDrv;GAGPDrv; [x]
.
Obsah adresáře 'Naplánované úlohy'
2010-08-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-08 16:37]
2010-08-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-08 16:37]
2010-08-27 c:\windows\Tasks\HP Usg Daily.job
- c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\pexpress\hphped05.exe [2004-06-07 05:35]
2010-08-27 c:\windows\Tasks\WebReg 20100317190641.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2004-05-28 21:47]
2010-08-27 c:\windows\Tasks\WebReg 20100627154007.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2004-05-28 21:47]
2010-08-27 c:\windows\Tasks\WebReg 20100627154714.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2004-05-28 21:47]
2010-08-27 c:\windows\Tasks\WebReg 20100730154706.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2004-05-28 21:47]
2010-08-27 c:\windows\Tasks\WebReg 20100801101246.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2004-05-28 21:47]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
TCP: {19083138-3D47-4D2B-B63C-7F2A83380C53} = 62.209.237.68,62.84.128.6
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
HKLM-Run-NWEReboot - (no file)
AddRemove-DVD Player - c:\program files\A Lucas Hakos Technology\DVD Player\uninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-27 21:49
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\ACPI\PNP0F13\4&26dd0f47&0\LogConf]
@DACL=(02 0000)
"BasicConfigVector"=hex(a):48,00,00,00,0f,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,01,00,01,00,01,00,00,00,00,02,\
"BootConfig"=hex(8):01,00,00,00,0f,00,00,00,00,00,00,00,01,00,01,00,01,00,00,
00,02,01,01,00,0c,00,00,00,0c,00,00,00,ff,ff,ff,ff
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(696)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-08-27 21:51:48
ComboFix-quarantined-files.txt 2010-08-27 19:51
Před spuštěním: Volných bajtů: 59 350 728 704
Po spuštění: Volných bajtů: 59 768 369 152
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
- - End Of File - - 530CFECB8E7D7B04C081C61C21500D98
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Viry v počítači
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Kód: Vybrat vše
File::
c:\windows\system32\perfc005.dat
c:\windows\system32\perfh005.dat
Driver::
GAGPDrv
RegLock::
[HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\ACPI\PNP0F13\4&26dd0f47&0\LogConf]
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Viry v počítači
Nový log:
ComboFix 10-08-27.01 - Vojta 27.08.2010 22:18:55.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1023.659 [GMT 2:00]
Spuštěný z: c:\documents and settings\Vojta\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Vojta\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100827-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FILE ::
"c:\windows\system32\perfc005.dat"
"c:\windows\system32\perfh005.dat"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\perfc005.dat
c:\windows\system32\perfh005.dat
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_GAGPDrv
((((((((((((((((((((((((( Soubory vytvořené od 2010-07-27 do 2010-08-27 )))))))))))))))))))))))))))))))
.
2010-08-27 18:20 . 2010-08-27 18:20 -------- d-----w- c:\program files\TrendMicro
2010-08-27 17:01 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-27 17:01 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-27 17:01 . 2010-08-27 17:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-27 16:33 . 2010-08-27 16:33 -------- d-----w- c:\documents and settings\Vojta\DoctorWeb
2010-08-27 14:50 . 2010-08-27 14:50 -------- d---a-w- c:\windows\rundll16.exe
2010-08-27 14:50 . 2010-08-27 14:50 -------- d---a-w- c:\windows\logo1_.exe
2010-07-29 16:22 . 2010-07-29 16:22 -------- d-----w- c:\program files\DIFX
2010-07-29 16:22 . 2010-08-02 12:27 -------- dc----w- c:\windows\system32\DRVSTORE
2010-07-29 16:22 . 2010-02-26 12:32 92672 ----a-w- c:\windows\system32\nmwcdcls.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-27 20:08 . 2010-02-05 11:28 -------- d-----w- c:\program files\McAfee
2010-08-27 10:10 . 2006-09-13 06:55 -------- d-----w- c:\program files\Google
2010-08-17 13:47 . 2010-03-19 07:47 -------- d-----w- c:\program files\Vstep
2010-06-29 08:37 . 2005-02-14 22:17 -------- d-----w- c:\program files\Common Files\Adobe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-08 68856]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe" [2009-07-31 468408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-02-09 65024]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-09-12 335872]
"HydraVisionDesktopManager"="c:\program files\ATI Technologies\ATI HydraVision\HydraDM.exe" [2003-04-01 270336]
"VGAUtil"="c:\windows\System32\G-VGA.exe" [2003-10-08 544768]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb11.exe" [2004-04-06 172032]
"HPHUPD06"="c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-07 659456]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
c:\documents and settings\Vojta\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-2-16 384512]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\digital imaging\bin\hpqtra08.exe [2004-5-28 241664]
Rychl‚ spuçtŘnˇ aplikace HP Image Zone.lnk - c:\program files\HP\digital imaging\bin\hpqthb08.exe [2004-5-29 53248]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MotoGP2\\motogp2.exe"=
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 14:46 63352]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [24.12.2008 14:04 114768]
R1 prodrv04;Star Force copy protection driver v4;c:\windows\system32\drivers\prodrv04.sys [14.1.2006 14:57 114496]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [24.12.2008 14:04 20560]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [5.2.2010 13:29 210216]
S2 0215261282939740mcinstcleanup;McAfee Application Installer Cleanup (0215261282939740);c:\docume~1\Vojta\LOCALS~1\Temp\021526~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\Vojta\LOCALS~1\Temp\021526~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8.2.2010 18:37 135664]
--- Ostatní služby/ovladače v paměti ---
*NewlyCreated* - 0215261282939740MCINSTCLEANUP
.
Obsah adresáře 'Naplánované úlohy'
2010-08-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-08 16:37]
2010-08-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-08 16:37]
2010-08-27 c:\windows\Tasks\HP Usg Daily.job
- c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\pexpress\hphped05.exe [2004-06-07 05:35]
2010-08-27 c:\windows\Tasks\WebReg 20100317190641.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2004-05-28 21:47]
2010-08-27 c:\windows\Tasks\WebReg 20100627154007.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2004-05-28 21:47]
2010-08-27 c:\windows\Tasks\WebReg 20100627154714.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2004-05-28 21:47]
2010-08-27 c:\windows\Tasks\WebReg 20100730154706.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2004-05-28 21:47]
2010-08-27 c:\windows\Tasks\WebReg 20100801101246.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2004-05-28 21:47]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
TCP: {19083138-3D47-4D2B-B63C-7F2A83380C53} = 62.209.237.68,62.84.128.6
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-27 22:25
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(696)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(3940)
c:\program files\ATI Technologies\ATI HydraVision\HydraDMH.dll
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\msi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\wdfmgr.exe
c:\windows\SOUNDMAN.EXE
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\HP\Digital Imaging\bin\hpqgalry.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\windows\system32\wscntfy.exe
c:\windows\system32\HPZipm12.exe
.
**************************************************************************
.
Celkový čas: 2010-08-27 22:30:46 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-08-27 20:30
ComboFix2.txt 2010-08-27 19:51
Před spuštěním: Volných bajtů: 59 755 831 296
Po spuštění: Volných bajtů: 59 686 559 744
- - End Of File - - 80B444C376E315A4279097C7A7D284DC
Nový log HJT:
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 22:32:07, on 27.8.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
C:\WINDOWS\System32\G-VGA.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\explorer.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
O4 - HKLM\..\Run: [VGAUtil] C:\WINDOWS\System32\G-VGA.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; GTB6.5; .NET CLR 1.1.4322)" -"http://hry.1001hry.cz/699bbd6eba34f4b3728a65c02cb87c31/game.php?file=687474703a2f2f6872792e313030316872792e637a2f36393962626436656261333466346233373238613635633032636238376333312f3536322e646372&width=100%&height=100%&1001hry=1&cr=1&dpl=1&nobtn=1"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
O4 - Global Startup: Rychlé spuštění aplikace HP Image Zone.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{19083138-3D47-4D2B-B63C-7F2A83380C53}: NameServer = 62.209.237.68,62.84.128.6
O17 - HKLM\System\CS1\Services\Tcpip\..\{19083138-3D47-4D2B-B63C-7F2A83380C53}: NameServer = 62.209.237.68,62.84.128.6
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: McAfee Application Installer Cleanup (0215261282939740) (0215261282939740mcinstcleanup) - Unknown owner - C:\DOCUME~1\Vojta\LOCALS~1\Temp\021526~1.EXE (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 7435 bytes
ComboFix 10-08-27.01 - Vojta 27.08.2010 22:18:55.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1023.659 [GMT 2:00]
Spuštěný z: c:\documents and settings\Vojta\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Vojta\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100827-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FILE ::
"c:\windows\system32\perfc005.dat"
"c:\windows\system32\perfh005.dat"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\perfc005.dat
c:\windows\system32\perfh005.dat
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_GAGPDrv
((((((((((((((((((((((((( Soubory vytvořené od 2010-07-27 do 2010-08-27 )))))))))))))))))))))))))))))))
.
2010-08-27 18:20 . 2010-08-27 18:20 -------- d-----w- c:\program files\TrendMicro
2010-08-27 17:01 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-27 17:01 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-27 17:01 . 2010-08-27 17:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-27 16:33 . 2010-08-27 16:33 -------- d-----w- c:\documents and settings\Vojta\DoctorWeb
2010-08-27 14:50 . 2010-08-27 14:50 -------- d---a-w- c:\windows\rundll16.exe
2010-08-27 14:50 . 2010-08-27 14:50 -------- d---a-w- c:\windows\logo1_.exe
2010-07-29 16:22 . 2010-07-29 16:22 -------- d-----w- c:\program files\DIFX
2010-07-29 16:22 . 2010-08-02 12:27 -------- dc----w- c:\windows\system32\DRVSTORE
2010-07-29 16:22 . 2010-02-26 12:32 92672 ----a-w- c:\windows\system32\nmwcdcls.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-27 20:08 . 2010-02-05 11:28 -------- d-----w- c:\program files\McAfee
2010-08-27 10:10 . 2006-09-13 06:55 -------- d-----w- c:\program files\Google
2010-08-17 13:47 . 2010-03-19 07:47 -------- d-----w- c:\program files\Vstep
2010-06-29 08:37 . 2005-02-14 22:17 -------- d-----w- c:\program files\Common Files\Adobe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-08 68856]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe" [2009-07-31 468408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-02-09 65024]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-09-12 335872]
"HydraVisionDesktopManager"="c:\program files\ATI Technologies\ATI HydraVision\HydraDM.exe" [2003-04-01 270336]
"VGAUtil"="c:\windows\System32\G-VGA.exe" [2003-10-08 544768]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb11.exe" [2004-04-06 172032]
"HPHUPD06"="c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"HPHmon06"="c:\windows\system32\hphmon06.exe" [2004-06-07 659456]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
c:\documents and settings\Vojta\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-2-16 384512]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\digital imaging\bin\hpqtra08.exe [2004-5-28 241664]
Rychl‚ spuçtŘnˇ aplikace HP Image Zone.lnk - c:\program files\HP\digital imaging\bin\hpqthb08.exe [2004-5-29 53248]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MotoGP2\\motogp2.exe"=
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5.7.2006 14:46 63352]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [24.12.2008 14:04 114768]
R1 prodrv04;Star Force copy protection driver v4;c:\windows\system32\drivers\prodrv04.sys [14.1.2006 14:57 114496]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [24.12.2008 14:04 20560]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [5.2.2010 13:29 210216]
S2 0215261282939740mcinstcleanup;McAfee Application Installer Cleanup (0215261282939740);c:\docume~1\Vojta\LOCALS~1\Temp\021526~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\Vojta\LOCALS~1\Temp\021526~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8.2.2010 18:37 135664]
--- Ostatní služby/ovladače v paměti ---
*NewlyCreated* - 0215261282939740MCINSTCLEANUP
.
Obsah adresáře 'Naplánované úlohy'
2010-08-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-08 16:37]
2010-08-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-08 16:37]
2010-08-27 c:\windows\Tasks\HP Usg Daily.job
- c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\pexpress\hphped05.exe [2004-06-07 05:35]
2010-08-27 c:\windows\Tasks\WebReg 20100317190641.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2004-05-28 21:47]
2010-08-27 c:\windows\Tasks\WebReg 20100627154007.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2004-05-28 21:47]
2010-08-27 c:\windows\Tasks\WebReg 20100627154714.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2004-05-28 21:47]
2010-08-27 c:\windows\Tasks\WebReg 20100730154706.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2004-05-28 21:47]
2010-08-27 c:\windows\Tasks\WebReg 20100801101246.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2004-05-28 21:47]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
TCP: {19083138-3D47-4D2B-B63C-7F2A83380C53} = 62.209.237.68,62.84.128.6
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-27 22:25
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'winlogon.exe'(696)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(3940)
c:\program files\ATI Technologies\ATI HydraVision\HydraDMH.dll
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\msi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\wdfmgr.exe
c:\windows\SOUNDMAN.EXE
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\HP\Digital Imaging\bin\hpqgalry.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\windows\system32\wscntfy.exe
c:\windows\system32\HPZipm12.exe
.
**************************************************************************
.
Celkový čas: 2010-08-27 22:30:46 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-08-27 20:30
ComboFix2.txt 2010-08-27 19:51
Před spuštěním: Volných bajtů: 59 755 831 296
Po spuštění: Volných bajtů: 59 686 559 744
- - End Of File - - 80B444C376E315A4279097C7A7D284DC
Nový log HJT:
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 22:32:07, on 27.8.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
C:\WINDOWS\System32\G-VGA.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\explorer.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe
O4 - HKLM\..\Run: [VGAUtil] C:\WINDOWS\System32\G-VGA.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe
O4 - HKLM\..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; GTB6.5; .NET CLR 1.1.4322)" -"http://hry.1001hry.cz/699bbd6eba34f4b3728a65c02cb87c31/game.php?file=687474703a2f2f6872792e313030316872792e637a2f36393962626436656261333466346233373238613635633032636238376333312f3536322e646372&width=100%&height=100%&1001hry=1&cr=1&dpl=1&nobtn=1"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe
O4 - Global Startup: Rychlé spuštění aplikace HP Image Zone.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{19083138-3D47-4D2B-B63C-7F2A83380C53}: NameServer = 62.209.237.68,62.84.128.6
O17 - HKLM\System\CS1\Services\Tcpip\..\{19083138-3D47-4D2B-B63C-7F2A83380C53}: NameServer = 62.209.237.68,62.84.128.6
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: McAfee Application Installer Cleanup (0215261282939740) (0215261282939740mcinstcleanup) - Unknown owner - C:\DOCUME~1\Vojta\LOCALS~1\Temp\021526~1.EXE (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 7435 bytes
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Viry v počítači
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall
vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš
pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG , Avast, či Microsoft Security Essentials následně T-Cleaner smaž a zapni si AVG , Avast či Microsoft Security Essentials
Stáhni si OTL
na plochu. Ujisti se , že máš zavřena všechna ostatní okna a poklepej na ikonu OTL.Nahoře v okně pod Výstup klikni na minimální výstup.Pod Běžné registry změň na Vše. Zatrhni Kontrola na havěť “LOP“ a Kontrola na havěť “ Purity“ . Klikni na Prohledat. Všechny ostatní nastavení ponech jak jsou. Sken může trvat dlouho, až skončí otevřou se dva logy:
OTL.Txt
Extras.Txt
Jsou uloženy ve stejném místě jako OTL. Oba logy sem prosím zkopíruj.
Start-Spustit a zadej ComboFix /Uninstall
vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš
pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG , Avast, či Microsoft Security Essentials následně T-Cleaner smaž a zapni si AVG , Avast či Microsoft Security Essentials
Stáhni si OTL
na plochu. Ujisti se , že máš zavřena všechna ostatní okna a poklepej na ikonu OTL.Nahoře v okně pod Výstup klikni na minimální výstup.Pod Běžné registry změň na Vše. Zatrhni Kontrola na havěť “LOP“ a Kontrola na havěť “ Purity“ . Klikni na Prohledat. Všechny ostatní nastavení ponech jak jsou. Sken může trvat dlouho, až skončí otevřou se dva logy:
OTL.Txt
Extras.Txt
Jsou uloženy ve stejném místě jako OTL. Oba logy sem prosím zkopíruj.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Viry v počítači
Log z OTL:
OTL logfile created on: 28.8.2010 10:27:17 - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Vojta\Plocha
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
1 023,00 Mb Total Physical Memory | 700,00 Mb Available Physical Memory | 68,00% Memory free
3,00 Gb Paging File | 2,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): C:\pagefile.sys 1792 1792
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,53 Gb Total Space | 55,80 Gb Free Space | 74,87% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: DOMA-C6AS6ELGKD
Current User Name: Vojta
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Vojta\Plocha\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe (HP)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\WINDOWS\system32\G-vga.exe ()
PRC - C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe (ATI Technologies Inc.)
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\Vojta\Plocha\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\McAfee\SiteAdvisor\sahook.dll ()
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\Program Files\ATI Technologies\ATI HydraVision\HydraDMH.dll (ATI Technologies Inc.)
========== Win32 Services (SafeList) ==========
SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (0215261282939740mcinstcleanup) McAfee Application Installer Cleanup (0215261282939740) -- C:\DOCUME~1\Vojta\LOCALS~1\Temp\021526~1.EXE File not found
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
========== Driver Services (SafeList) ==========
DRV - (pccsmcfd) -- C:\WINDOWS\System32\DRIVERS\pccsmcfd.sys File not found
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software)
DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfvfs02.sys (Protection Technology (StarForce))
DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfsync02.sys (Protection Technology)
DRV - (sfdrv01a) StarForce Protection Environment Driver (version 1.x.a) -- C:\WINDOWS\System32\drivers\sfdrv01a.sys (Protection Technology (StarForce))
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology (StarForce))
DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys ()
DRV - (prodrv04) -- C:\WINDOWS\System32\drivers\prodrv04.sys (Protection Technology Co.)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (ALCXSENS) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS (Sensaura Ltd)
DRV - (GVCplDrv) -- C:\WINDOWS\System32\drivers\Gvcpldrv.sys ()
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)
========== Standard Registry (All) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.9
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.8
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010.08.28 10:07:51 | 000,000,000 | ---D | M]
[2010.03.19 10:14:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vojta\Data aplikací\Mozilla\Extensions
[2010.03.19 10:14:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Vojta\Data aplikací\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010.03.19 10:14:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vojta\Data aplikací\Mozilla\Firefox\Profiles\d32w2n4s.default\extensions
O1 HOSTS File: ([2010.08.27 22:24:28 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (&Adresa) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Odkazy) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Adresa) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O3 - HKCU\..\Toolbar\WebBrowser: (&Odkazy) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [HP Component Manager] C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe (HP)
O4 - HKLM..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [VGAUtil] C:\WINDOWS\system32\G-vga.exe ()
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -Mozilla\4.0 ( File not found
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Rychlé spuštění aplikace HP Image Zone.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\Vojta\Nabídka Start\Programy\Po spuštění\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInstrumentation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: WikiKomentáře Google... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll ()
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Proces mezipaměti kategorií součástí - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Vojta\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Vojta\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
File not found -- C:\Documents and Settings\Vojta\Plocha\CAW5IJO9.
File not found -- C:\Documents and Settings\Vojta\Plocha\CAT4K3P5.
File not found -- C:\Documents and Settings\Vojta\Plocha\CAQ3WLY5.
File not found -- C:\Documents and Settings\Vojta\Plocha\CAH0KBH9.
File not found -- C:\Documents and Settings\Vojta\Plocha\CAANC5MF.
File not found -- C:\Documents and Settings\Vojta\Plocha\CA8RMLMH.
File not found -- C:\Documents and Settings\Vojta\Plocha\CA3YUHFJ.
[2010.08.28 10:25:47 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Vojta\Plocha\OTL.exe
[2010.08.28 10:16:28 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Vojta\Recent
[2010.08.27 22:39:52 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010.08.27 21:44:24 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010.08.27 20:20:21 | 000,000,000 | ---D | C] -- C:\Program Files\TrendMicro
[2010.08.27 19:01:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vojta\Data aplikací\Malwarebytes
[2010.08.27 19:01:10 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.08.27 19:01:08 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.08.27 19:01:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
[2010.08.27 19:01:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.08.17 17:00:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vojta\Dokumenty\My Games
[2010.07.29 18:23:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vojta\Data aplikací\Nokia
[2010.07.29 18:23:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vojta\Data aplikací\PC Suite
[2010.07.29 18:23:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\PC Suite
[2010.07.29 18:22:56 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2010.07.29 18:22:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2010.07.29 18:22:25 | 000,092,672 | ---- | C] (Nokia) -- C:\WINDOWS\System32\nmwcdcls.dll
[2010.07.29 18:21:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Installations
[2004.11.24 20:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
File not found -- C:\Documents and Settings\Vojta\Plocha\CAW5IJO9.
File not found -- C:\Documents and Settings\Vojta\Plocha\CAT4K3P5.
File not found -- C:\Documents and Settings\Vojta\Plocha\CAQ3WLY5.
File not found -- C:\Documents and Settings\Vojta\Plocha\CAH0KBH9.
File not found -- C:\Documents and Settings\Vojta\Plocha\CAANC5MF.
File not found -- C:\Documents and Settings\Vojta\Plocha\CA8RMLMH.
File not found -- C:\Documents and Settings\Vojta\Plocha\CA3YUHFJ.
[2010.08.28 10:25:49 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vojta\Plocha\OTL.exe
[2010.08.28 10:12:00 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\WebReg 20100801101246.job
[2010.08.28 10:02:42 | 000,000,936 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.08.28 10:02:19 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.08.28 10:02:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.08.27 22:43:16 | 006,029,312 | ---- | M] () -- C:\Documents and Settings\Vojta\ntuser.dat
[2010.08.27 22:43:03 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Vojta\ntuser.ini
[2010.08.27 22:31:57 | 000,002,435 | ---- | M] () -- C:\Documents and Settings\Vojta\Plocha\HiJackThis.lnk
[2010.08.27 22:24:45 | 000,000,336 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.08.27 22:24:28 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.08.27 21:57:00 | 000,000,940 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.08.27 21:44:31 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010.08.27 21:28:41 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\HP Usg Daily.job
[2010.08.27 19:06:00 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\WebReg 20100317190641.job
[2010.08.27 19:01:13 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2010.08.27 17:20:05 | 000,002,313 | ---- | M] () -- C:\Documents and Settings\Vojta\Dokumenty\pinfect.zip
[2010.08.27 15:48:30 | 005,762,976 | -H-- | M] () -- C:\Documents and Settings\Vojta\Local Settings\Data aplikací\IconCache.db
[2010.08.27 15:47:00 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\WebReg 20100730154706.job
[2010.08.27 15:47:00 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\WebReg 20100627154714.job
[2010.08.27 15:40:00 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\WebReg 20100627154007.job
[2010.08.27 12:13:36 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.08.27 12:11:15 | 000,000,569 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Google SketchUp.lnk
[2010.08.25 18:00:46 | 000,592,582 | ---- | M] () -- C:\Documents and Settings\Vojta\Plocha\P8250002.JPG
[2010.08.25 17:58:06 | 000,896,554 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.08.25 17:58:06 | 000,384,092 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.08.25 17:58:06 | 000,054,498 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.08.22 14:27:56 | 000,722,886 | ---- | M] () -- C:\Documents and Settings\Vojta\Plocha\niva.pdf
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010.08.27 21:44:31 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010.08.27 21:44:27 | 000,261,312 | ---- | C] () -- C:\cmldr
[2010.08.27 20:20:22 | 000,002,435 | ---- | C] () -- C:\Documents and Settings\Vojta\Plocha\HiJackThis.lnk
[2010.08.27 19:01:13 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2010.08.27 12:56:13 | 000,002,313 | ---- | C] () -- C:\Documents and Settings\Vojta\Dokumenty\pinfect.zip
[2010.08.27 12:11:15 | 000,000,569 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Google SketchUp.lnk
[2010.08.24 17:49:47 | 000,000,316 | ---- | C] () -- C:\WINDOWS\tasks\HP Usg Daily.job
[2010.08.22 14:27:54 | 000,722,886 | ---- | C] () -- C:\Documents and Settings\Vojta\Plocha\niva.pdf
[2010.08.01 10:12:46 | 000,000,452 | ---- | C] () -- C:\WINDOWS\tasks\WebReg 20100801101246.job
[2010.07.30 15:47:06 | 000,000,452 | ---- | C] () -- C:\WINDOWS\tasks\WebReg 20100730154706.job
[2010.06.15 07:51:46 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\Vojta\Data aplikací\HPCOM_48BitScanUpdate.log
[2009.07.07 11:01:57 | 000,002,218 | ---- | C] () -- C:\WINDOWS\SmartMapsEvropa.INI
[2007.09.09 16:30:21 | 000,000,248 | ---- | C] () -- C:\WINDOWS\bienemaja.ini
[2007.08.23 17:10:52 | 000,000,488 | ---- | C] () -- C:\WINDOWS\Poolemup.ini
[2007.07.02 09:38:48 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2006.11.14 18:03:07 | 000,001,970 | ---- | C] () -- C:\WINDOWS\MapaCR.INI
[2006.10.18 09:42:19 | 000,000,084 | ---- | C] () -- C:\WINDOWS\WSST_Screen_Saver.ini
[2006.10.03 17:05:43 | 000,000,029 | ---- | C] () -- C:\WINDOWS\pslabeler3.ini
[2006.09.11 09:14:11 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006.06.12 15:47:43 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2006.06.12 15:47:42 | 000,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2005.12.29 12:09:06 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2005.11.26 17:25:46 | 000,000,125 | ---- | C] () -- C:\Documents and Settings\Vojta\Local Settings\Data aplikací\fusioncache.dat
[2005.11.26 16:22:09 | 000,003,941 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\hpzinstall.log
[2005.10.14 12:56:51 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005.10.14 11:56:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005.10.14 11:56:50 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005.10.14 11:56:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005.10.14 11:56:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005.10.14 11:56:50 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005.10.14 11:56:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2005.10.11 11:14:39 | 000,056,320 | R--- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2005.03.07 18:18:44 | 000,001,894 | ---- | C] () -- C:\WINDOWS\MDVDP.Ini
[2005.01.07 11:39:50 | 000,112,640 | ---- | C] () -- C:\Documents and Settings\Vojta\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004.12.29 14:28:59 | 000,000,173 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2004.12.26 00:16:51 | 000,000,137 | ---- | C] () -- C:\WINDOWS\Citron.ini
[2004.12.26 00:14:00 | 000,000,161 | ---- | C] () -- C:\WINDOWS\Vanilka.ini
[2004.12.26 00:11:09 | 000,000,109 | ---- | C] () -- C:\WINDOWS\Jablko.ini
[2004.12.26 00:09:05 | 000,000,169 | ---- | C] () -- C:\WINDOWS\Jahoda.ini
[2004.12.25 23:57:57 | 000,000,162 | ---- | C] () -- C:\WINDOWS\Pomeranc.ini
[2004.12.25 23:47:56 | 000,000,169 | ---- | C] () -- C:\WINDOWS\Visen.ini
[2004.12.21 10:46:28 | 000,000,132 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004.12.21 09:57:30 | 000,035,328 | ---- | C] () -- C:\WINDOWS\System32\INETWH32.DLL
[2004.12.21 09:57:30 | 000,009,136 | ---- | C] () -- C:\WINDOWS\System32\INETWH16.DLL
[2004.12.21 09:46:17 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\GVTunner.dll
[2004.12.21 09:46:17 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\Nvflashl.dll
[2004.12.21 09:46:16 | 000,000,155 | ---- | C] () -- C:\WINDOWS\System32\Gfreq.ini
[2004.12.21 09:41:34 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004.12.21 09:37:52 | 000,022,880 | ---- | C] () -- C:\WINDOWS\System32\drivers\Gvcpldrv.sys
[2004.12.21 09:34:07 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2004.12.21 09:34:05 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2004.10.12 07:40:58 | 002,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2004.10.12 07:39:48 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2004.10.12 07:39:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2004.10.09 07:40:16 | 000,454,144 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2004.10.05 09:16:08 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2004.10.03 18:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[2003.09.30 12:47:47 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2003.09.12 22:35:06 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2003.09.12 22:35:06 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx(3).dll
[2002.03.25 22:02:14 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
========== LOP Check ==========
[2006.10.19 09:41:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\EarMaster
[2010.07.29 18:21:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Installations
[2005.08.30 01:20:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\OLYMPUS
[2010.07.29 18:23:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\PC Suite
[2007.04.27 11:12:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\QubeSoft
[2010.03.10 14:46:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vojta\Data aplikací\Blender Foundation
[2010.02.08 19:10:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vojta\Data aplikací\DisplayTune
[2010.01.27 17:59:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vojta\Data aplikací\flightgear.org
[2007.09.10 11:12:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vojta\Data aplikací\GlarySoft
[2006.12.21 18:25:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vojta\Data aplikací\Inkscape
[2009.09.10 10:26:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vojta\Data aplikací\Mikrotik
[2010.07.29 18:23:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vojta\Data aplikací\Nokia
[2005.08.16 16:21:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vojta\Data aplikací\OLYMPUS
[2010.05.31 10:49:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vojta\Data aplikací\OpenOffice.org
[2010.07.29 18:23:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vojta\Data aplikací\PC Suite
[2010.04.27 08:32:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vojta\Data aplikací\Photo2Sketch
[2004.12.26 00:45:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vojta\Data aplikací\Software602
[2005.07.15 18:01:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vojta\Data aplikací\Zoner
========== Purity Check ==========
< End of report >
OTL Extras logfile created on: 28.8.2010 10:27:17 - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Vojta\Plocha
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
1 023,00 Mb Total Physical Memory | 700,00 Mb Available Physical Memory | 68,00% Memory free
3,00 Gb Paging File | 2,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): C:\pagefile.sys 1792 1792
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,53 Gb Total Space | 55,80 Gb Free Space | 74,87% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: DOMA-C6AS6ELGKD
Current User Name: Vojta
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\MotoGP2\motogp2.exe" = C:\Program Files\MotoGP2\motogp2.exe:*:Disabled:motogp2 -- ()
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{21E75254-410E-49C4-8981-2E1A2A2221F2}" = HP Diagnostic Assistant
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2405665A-16C9-4D3A-B70E-F006220E1472}" = Overland
"{2BBC9458-07CA-4843-848B-5C8146E5EFA8}" = CreativeProjects
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{3AEF2F6C-F1D3-47CD-BF3B-A327F1FABE58}" = PSPrinters06
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HydraVision
"{41254D7B-EADF-4078-AE4A-BD73B300EE86}" = Unload
"{49FC50FC-F965-40D9-89B4-CBFF80941033}" = Windows Movie Maker 2.0
"{4C9D4AE8-FCB0-4E09-A8E4-1E60D9D7C30B}" = WinTalker Voice pro 602
"{5DE71D48-01EB-4BF2-A643-50FE6C9B6AC9}" = OpenOffice.org 3.2
"{5E65E94D-69F2-4850-9E93-6459C53A0F50}" = Microsoft .NET Framework 1.1 Czech Language Pack
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6DFC4B13-4489-4A59-AF95-12628A86FA76}" = 602PC SUITE
"{86D6A20D-3910-4441-A3E5-EB6977251C86}" = Samsung USB Driver
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{95120000-00AF-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (Czech)
"{981FB376-8418-4EA8-BBED-9DE5AA63E7D5}" = SkinsHP1
"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6
"{9CB2512B-3EC4-43DF-8002-46BDAB5EDD1B}" = QuickProjects
"{9E6894B0-51DE-424E-BCDE-2ABADC5651A1}" = PS7400
"{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}" = PrintScreen
"{A1DCC235-DACC-4E1F-8D11-D630634B4AEF}" = PhotoGallery
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}" = Photosmart 320,370,7400,8100,8400 Series (csy)
"{AC76BA86-7AD7-1029-7B44-A93000000001}" = Adobe Reader 9.3.3 - Czech
"{AC76BA86-7AD7-5760-0000-800000000003}" = Japanese Fonts Support For Adobe Reader 8
"{B3D5D4E0-E965-41C4-ABFD-A7B1AD0663C2}" = Director
"{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6
"{B45D9FEE-1AF4-46F3-9A83-2545F81547F5}" = CreativeProjectsTemplates
"{BCC992E5-5C81-4066-9B55-03DC10B24D21}" = InstantShare
"{BDE1289F-4025-41A5-AD17-101DB4D82CA7}" = TRS2004
"{BF018D2F-C788-4AB1-AB95-1280EAB8F13E}" = TrayApp
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{EC8673DA-F96B-497E-B2DB-BC7B029FD680}" = BufferChm
"{F03D7004-F232-4B7A-A4A0-4B8FC118C4BD}" = Trainz
"{F4F47155-5B4D-42AA-97F8-490BC52EA7F3}" = Destinations
"{F65787F3-B356-45EC-8DD0-0E6758EDBCEE}" = WebReg
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FF26F7EA-BCEE-478C-9A1B-6B4F88717D73}" = CueTour
"7-Zip" = 7-Zip 4.65
"Absolute Uninstaller_is1" = Absolute Uninstaller 2.4
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced WindowsCarev1.0" = Advanced WindowsCare
"All ATI Software" = Softarová utilita ATI - Odinstalovat
"ATI Display Driver" = ATI Display Driver
"avast!" = avast! Antivirus
"CCleaner" = CCleaner (remove only)
"CDex" = CDex extraction audio
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0
"Čeština do Windows Movie Maker2" = Čeština do Windows Movie Maker2
"EasyLanguage - Angličtina (PPK edice)_is1" = EasyLanguage - Angličtina (PPK edice)
"GIGABYTE V-Tuner" = GIGABYTE V-Tuner
"HP Photo & Imaging" = HP Image Zone 4.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MotoGP2_is1" = MotoGP2
"MV2Player" = MV2Player (remove only)
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Ottova encyklopedie Česká republika_is1" = Ottova encyklopedie Česká republika 1.0
"Plane Arcade" = Plane Arcade
"Rally Championship" = Rally Championship
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 2
"XP Codec Pack" = XP Codec Pack
"Yahoo! Toolbar" = Yahoo! Toolbar
========== Last 10 Event Log Errors ==========
[ Antivirus Events ]
Error - 29.7.2006 17:49:29 | Computer Name = DOMA-C6AS6ELGKD | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckBootDirectEx: avscanScanReal
of *BOOTA failed, 00000005.
Error - 29.7.2006 17:49:31 | Computer Name = DOMA-C6AS6ELGKD | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckBootDirectEx: avscanScanReal
of *BOOTA failed, 00000005.
Error - 29.7.2006 17:52:35 | Computer Name = DOMA-C6AS6ELGKD | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckBootDirectEx: avscanScanReal
of *BOOTA failed, 00000005.
Error - 3.8.2006 17:34:20 | Computer Name = DOMA-C6AS6ELGKD | Source = avast! | ID = 33554522
Description = Test oblasti "D:\" skoncil s chybou 00000015 (funkce avfilesScanReal
selhala).
Error - 3.8.2006 17:34:30 | Computer Name = DOMA-C6AS6ELGKD | Source = avast! | ID = 33554522
Description = Test oblasti "D:\" skoncil s chybou 00000015 (funkce avfilesScanReal
selhala).
Error - 7.1.2007 6:04:56 | Computer Name = DOMA-C6AS6ELGKD | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of A:\tabulky školy.xls failed, 0000001E.
Error - 22.4.2010 7:57:38 | Computer Name = DOMA-C6AS6ELGKD | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of http://dl.s6.uloz.to/Ps;Hs;fid=1086766; ... 6478585&De
failed, 00000084.
Error - 22.4.2010 8:41:23 | Computer Name = DOMA-C6AS6ELGKD | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of http://dl.s11.uloz.to/Ps;Hs;fid=1086765 ... 5283294&De
failed, 0000001E.
Error - 22.4.2010 9:27:20 | Computer Name = DOMA-C6AS6ELGKD | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of http://dl.s5.uloz.to/Ps;Hs;fid=1086762; ... 5283294&De
failed, 0000001E.
Error - 22.4.2010 9:51:12 | Computer Name = DOMA-C6AS6ELGKD | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of http://dl.s6.uloz.to/Ps;Hs;fid=1086763; ... 5283294&De
failed, 0000001E.
[ Application Events ]
Error - 31.12.2003 18:11:58 | Computer Name = DOMA-C6AS6ELGKD | Source = LoadPerf | ID = 3001
Description = Hodnota řetězce názvu čítače výkonu v registru je nesprávně naformátovaná.
Neplatný řetězec 2986, hodnota neplatného indexu je v prvním bajtu DWORD v datové
části. Poslední platná hodnota indexu je v druhém a třetím bajtu DWORD v datové
oblasti.
Error - 27.8.2010 5:00:04 | Computer Name = DOMA-C6AS6ELGKD | Source = Application Error | ID = 1000
Description = Chybující aplikace set41.tmp, verze 11.50.0.42618, chybující modul
, verze 0.0.0.0, adresa chyby 0x00000000.
Error - 27.8.2010 5:00:17 | Computer Name = DOMA-C6AS6ELGKD | Source = Application Error | ID = 1000
Description = Chybující aplikace set43.tmp, verze 11.50.0.42618, chybující modul
, verze 0.0.0.0, adresa chyby 0x00000000.
Error - 27.8.2010 5:00:39 | Computer Name = DOMA-C6AS6ELGKD | Source = Application Error | ID = 1000
Description = Chybující aplikace set45.tmp, verze 11.50.0.42618, chybující modul
, verze 0.0.0.0, adresa chyby 0x00000000.
Error - 27.8.2010 5:03:37 | Computer Name = DOMA-C6AS6ELGKD | Source = Application Error | ID = 1000
Description = Chybující aplikace set47.tmp, verze 11.50.0.42618, chybující modul
, verze 0.0.0.0, adresa chyby 0x00000000.
Error - 27.8.2010 5:04:42 | Computer Name = DOMA-C6AS6ELGKD | Source = Application Error | ID = 1000
Description = Chybující aplikace set49.tmp, verze 11.50.0.42618, chybující modul
, verze 0.0.0.0, adresa chyby 0x00000000.
Error - 27.8.2010 5:04:50 | Computer Name = DOMA-C6AS6ELGKD | Source = Application Error | ID = 1000
Description = Chybující aplikace set4b.tmp, verze 11.50.0.42618, chybující modul
, verze 0.0.0.0, adresa chyby 0x00000000.
Error - 27.8.2010 5:05:17 | Computer Name = DOMA-C6AS6ELGKD | Source = Application Error | ID = 1000
Description = Chybující aplikace set4d.tmp, verze 11.50.0.42618, chybující modul
, verze 0.0.0.0, adresa chyby 0x00000000.
Error - 27.8.2010 5:09:28 | Computer Name = DOMA-C6AS6ELGKD | Source = Application Error | ID = 1000
Description = Chybující aplikace set53.tmp, verze 11.50.0.42618, chybující modul
, verze 0.0.0.0, adresa chyby 0x00000000.
Error - 27.8.2010 5:11:28 | Computer Name = DOMA-C6AS6ELGKD | Source = Application Error | ID = 1000
Description = Chybující aplikace set55.tmp, verze 11.50.0.42618, chybující modul
, verze 0.0.0.0, adresa chyby 0x00000000.
[ System Events ]
Error - 29.6.2010 3:14:04 | Computer Name = DOMA-C6AS6ELGKD | Source = Service Control Manager | ID = 7022
Description = Služba Brána Firewall / Sdílení připojení k Internetu (ICS) přestala
během spouštění reagovat.
Error - 24.8.2010 8:52:47 | Computer Name = DOMA-C6AS6ELGKD | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1058 při pokusu o spuštění služby dmadmin
s argumenty /com za účelem spuštění serveru: {4FB6BB00-3347-11D0-B40A-00AA005FF586}
< End of report >
OTL logfile created on: 28.8.2010 10:27:17 - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Vojta\Plocha
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
1 023,00 Mb Total Physical Memory | 700,00 Mb Available Physical Memory | 68,00% Memory free
3,00 Gb Paging File | 2,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): C:\pagefile.sys 1792 1792
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,53 Gb Total Space | 55,80 Gb Free Space | 74,87% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: DOMA-C6AS6ELGKD
Current User Name: Vojta
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - C:\Documents and Settings\Vojta\Plocha\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe (HP)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\WINDOWS\system32\G-vga.exe ()
PRC - C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe (ATI Technologies Inc.)
========== Modules (SafeList) ==========
MOD - C:\Documents and Settings\Vojta\Plocha\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\McAfee\SiteAdvisor\sahook.dll ()
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\Program Files\ATI Technologies\ATI HydraVision\HydraDMH.dll (ATI Technologies Inc.)
========== Win32 Services (SafeList) ==========
SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (0215261282939740mcinstcleanup) McAfee Application Installer Cleanup (0215261282939740) -- C:\DOCUME~1\Vojta\LOCALS~1\Temp\021526~1.EXE File not found
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
========== Driver Services (SafeList) ==========
DRV - (pccsmcfd) -- C:\WINDOWS\System32\DRIVERS\pccsmcfd.sys File not found
DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software)
DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfvfs02.sys (Protection Technology (StarForce))
DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfsync02.sys (Protection Technology)
DRV - (sfdrv01a) StarForce Protection Environment Driver (version 1.x.a) -- C:\WINDOWS\System32\drivers\sfdrv01a.sys (Protection Technology (StarForce))
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology (StarForce))
DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys ()
DRV - (prodrv04) -- C:\WINDOWS\System32\drivers\prodrv04.sys (Protection Technology Co.)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (ALCXSENS) -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS (Sensaura Ltd)
DRV - (GVCplDrv) -- C:\WINDOWS\System32\drivers\Gvcpldrv.sys ()
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)
========== Standard Registry (All) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.9
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.8
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010.08.28 10:07:51 | 000,000,000 | ---D | M]
[2010.03.19 10:14:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vojta\Data aplikací\Mozilla\Extensions
[2010.03.19 10:14:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Vojta\Data aplikací\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010.03.19 10:14:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vojta\Data aplikací\Mozilla\Firefox\Profiles\d32w2n4s.default\extensions
O1 HOSTS File: ([2010.08.27 22:24:28 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (&Adresa) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Odkazy) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Adresa) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O3 - HKCU\..\Toolbar\WebBrowser: (&Odkazy) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [HP Component Manager] C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe (HP)
O4 - HKLM..\Run: [HPHmon06] C:\WINDOWS\system32\hphmon06.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPHUPD06] C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HydraVision\HydraDM.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [VGAUtil] C:\WINDOWS\system32\G-vga.exe ()
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -Mozilla\4.0 ( File not found
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\digital imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Rychlé spuštění aplikace HP Image Zone.lnk = C:\Program Files\HP\digital imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\Vojta\Nabídka Start\Programy\Po spuštění\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInstrumentation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: WikiKomentáře Google... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll ()
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Proces mezipaměti kategorií součástí - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Vojta\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Vojta\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
File not found -- C:\Documents and Settings\Vojta\Plocha\CAW5IJO9.
File not found -- C:\Documents and Settings\Vojta\Plocha\CAT4K3P5.
File not found -- C:\Documents and Settings\Vojta\Plocha\CAQ3WLY5.
File not found -- C:\Documents and Settings\Vojta\Plocha\CAH0KBH9.
File not found -- C:\Documents and Settings\Vojta\Plocha\CAANC5MF.
File not found -- C:\Documents and Settings\Vojta\Plocha\CA8RMLMH.
File not found -- C:\Documents and Settings\Vojta\Plocha\CA3YUHFJ.
[2010.08.28 10:25:47 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Vojta\Plocha\OTL.exe
[2010.08.28 10:16:28 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Vojta\Recent
[2010.08.27 22:39:52 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010.08.27 21:44:24 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010.08.27 20:20:21 | 000,000,000 | ---D | C] -- C:\Program Files\TrendMicro
[2010.08.27 19:01:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vojta\Data aplikací\Malwarebytes
[2010.08.27 19:01:10 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.08.27 19:01:08 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.08.27 19:01:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
[2010.08.27 19:01:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.08.17 17:00:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vojta\Dokumenty\My Games
[2010.07.29 18:23:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vojta\Data aplikací\Nokia
[2010.07.29 18:23:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vojta\Data aplikací\PC Suite
[2010.07.29 18:23:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\PC Suite
[2010.07.29 18:22:56 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2010.07.29 18:22:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DRVSTORE
[2010.07.29 18:22:25 | 000,092,672 | ---- | C] (Nokia) -- C:\WINDOWS\System32\nmwcdcls.dll
[2010.07.29 18:21:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Installations
[2004.11.24 20:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
File not found -- C:\Documents and Settings\Vojta\Plocha\CAW5IJO9.
File not found -- C:\Documents and Settings\Vojta\Plocha\CAT4K3P5.
File not found -- C:\Documents and Settings\Vojta\Plocha\CAQ3WLY5.
File not found -- C:\Documents and Settings\Vojta\Plocha\CAH0KBH9.
File not found -- C:\Documents and Settings\Vojta\Plocha\CAANC5MF.
File not found -- C:\Documents and Settings\Vojta\Plocha\CA8RMLMH.
File not found -- C:\Documents and Settings\Vojta\Plocha\CA3YUHFJ.
[2010.08.28 10:25:49 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vojta\Plocha\OTL.exe
[2010.08.28 10:12:00 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\WebReg 20100801101246.job
[2010.08.28 10:02:42 | 000,000,936 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.08.28 10:02:19 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.08.28 10:02:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.08.27 22:43:16 | 006,029,312 | ---- | M] () -- C:\Documents and Settings\Vojta\ntuser.dat
[2010.08.27 22:43:03 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Vojta\ntuser.ini
[2010.08.27 22:31:57 | 000,002,435 | ---- | M] () -- C:\Documents and Settings\Vojta\Plocha\HiJackThis.lnk
[2010.08.27 22:24:45 | 000,000,336 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.08.27 22:24:28 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.08.27 21:57:00 | 000,000,940 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.08.27 21:44:31 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010.08.27 21:28:41 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\HP Usg Daily.job
[2010.08.27 19:06:00 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\WebReg 20100317190641.job
[2010.08.27 19:01:13 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2010.08.27 17:20:05 | 000,002,313 | ---- | M] () -- C:\Documents and Settings\Vojta\Dokumenty\pinfect.zip
[2010.08.27 15:48:30 | 005,762,976 | -H-- | M] () -- C:\Documents and Settings\Vojta\Local Settings\Data aplikací\IconCache.db
[2010.08.27 15:47:00 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\WebReg 20100730154706.job
[2010.08.27 15:47:00 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\WebReg 20100627154714.job
[2010.08.27 15:40:00 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\WebReg 20100627154007.job
[2010.08.27 12:13:36 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.08.27 12:11:15 | 000,000,569 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Google SketchUp.lnk
[2010.08.25 18:00:46 | 000,592,582 | ---- | M] () -- C:\Documents and Settings\Vojta\Plocha\P8250002.JPG
[2010.08.25 17:58:06 | 000,896,554 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.08.25 17:58:06 | 000,384,092 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.08.25 17:58:06 | 000,054,498 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.08.22 14:27:56 | 000,722,886 | ---- | M] () -- C:\Documents and Settings\Vojta\Plocha\niva.pdf
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010.08.27 21:44:31 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010.08.27 21:44:27 | 000,261,312 | ---- | C] () -- C:\cmldr
[2010.08.27 20:20:22 | 000,002,435 | ---- | C] () -- C:\Documents and Settings\Vojta\Plocha\HiJackThis.lnk
[2010.08.27 19:01:13 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2010.08.27 12:56:13 | 000,002,313 | ---- | C] () -- C:\Documents and Settings\Vojta\Dokumenty\pinfect.zip
[2010.08.27 12:11:15 | 000,000,569 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Google SketchUp.lnk
[2010.08.24 17:49:47 | 000,000,316 | ---- | C] () -- C:\WINDOWS\tasks\HP Usg Daily.job
[2010.08.22 14:27:54 | 000,722,886 | ---- | C] () -- C:\Documents and Settings\Vojta\Plocha\niva.pdf
[2010.08.01 10:12:46 | 000,000,452 | ---- | C] () -- C:\WINDOWS\tasks\WebReg 20100801101246.job
[2010.07.30 15:47:06 | 000,000,452 | ---- | C] () -- C:\WINDOWS\tasks\WebReg 20100730154706.job
[2010.06.15 07:51:46 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\Vojta\Data aplikací\HPCOM_48BitScanUpdate.log
[2009.07.07 11:01:57 | 000,002,218 | ---- | C] () -- C:\WINDOWS\SmartMapsEvropa.INI
[2007.09.09 16:30:21 | 000,000,248 | ---- | C] () -- C:\WINDOWS\bienemaja.ini
[2007.08.23 17:10:52 | 000,000,488 | ---- | C] () -- C:\WINDOWS\Poolemup.ini
[2007.07.02 09:38:48 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2006.11.14 18:03:07 | 000,001,970 | ---- | C] () -- C:\WINDOWS\MapaCR.INI
[2006.10.18 09:42:19 | 000,000,084 | ---- | C] () -- C:\WINDOWS\WSST_Screen_Saver.ini
[2006.10.03 17:05:43 | 000,000,029 | ---- | C] () -- C:\WINDOWS\pslabeler3.ini
[2006.09.11 09:14:11 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006.06.12 15:47:43 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2006.06.12 15:47:42 | 000,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2005.12.29 12:09:06 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2005.11.26 17:25:46 | 000,000,125 | ---- | C] () -- C:\Documents and Settings\Vojta\Local Settings\Data aplikací\fusioncache.dat
[2005.11.26 16:22:09 | 000,003,941 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\hpzinstall.log
[2005.10.14 12:56:51 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005.10.14 11:56:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005.10.14 11:56:50 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005.10.14 11:56:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005.10.14 11:56:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005.10.14 11:56:50 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005.10.14 11:56:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2005.10.11 11:14:39 | 000,056,320 | R--- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2005.03.07 18:18:44 | 000,001,894 | ---- | C] () -- C:\WINDOWS\MDVDP.Ini
[2005.01.07 11:39:50 | 000,112,640 | ---- | C] () -- C:\Documents and Settings\Vojta\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004.12.29 14:28:59 | 000,000,173 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2004.12.26 00:16:51 | 000,000,137 | ---- | C] () -- C:\WINDOWS\Citron.ini
[2004.12.26 00:14:00 | 000,000,161 | ---- | C] () -- C:\WINDOWS\Vanilka.ini
[2004.12.26 00:11:09 | 000,000,109 | ---- | C] () -- C:\WINDOWS\Jablko.ini
[2004.12.26 00:09:05 | 000,000,169 | ---- | C] () -- C:\WINDOWS\Jahoda.ini
[2004.12.25 23:57:57 | 000,000,162 | ---- | C] () -- C:\WINDOWS\Pomeranc.ini
[2004.12.25 23:47:56 | 000,000,169 | ---- | C] () -- C:\WINDOWS\Visen.ini
[2004.12.21 10:46:28 | 000,000,132 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004.12.21 09:57:30 | 000,035,328 | ---- | C] () -- C:\WINDOWS\System32\INETWH32.DLL
[2004.12.21 09:57:30 | 000,009,136 | ---- | C] () -- C:\WINDOWS\System32\INETWH16.DLL
[2004.12.21 09:46:17 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\GVTunner.dll
[2004.12.21 09:46:17 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\Nvflashl.dll
[2004.12.21 09:46:16 | 000,000,155 | ---- | C] () -- C:\WINDOWS\System32\Gfreq.ini
[2004.12.21 09:41:34 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004.12.21 09:37:52 | 000,022,880 | ---- | C] () -- C:\WINDOWS\System32\drivers\Gvcpldrv.sys
[2004.12.21 09:34:07 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2004.12.21 09:34:05 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2004.10.12 07:40:58 | 002,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2004.10.12 07:39:48 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2004.10.12 07:39:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2004.10.09 07:40:16 | 000,454,144 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2004.10.05 09:16:08 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2004.10.03 18:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[2003.09.30 12:47:47 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2003.09.12 22:35:06 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2003.09.12 22:35:06 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx(3).dll
[2002.03.25 22:02:14 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
========== LOP Check ==========
[2006.10.19 09:41:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\EarMaster
[2010.07.29 18:21:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Installations
[2005.08.30 01:20:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\OLYMPUS
[2010.07.29 18:23:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\PC Suite
[2007.04.27 11:12:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\QubeSoft
[2010.03.10 14:46:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vojta\Data aplikací\Blender Foundation
[2010.02.08 19:10:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vojta\Data aplikací\DisplayTune
[2010.01.27 17:59:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vojta\Data aplikací\flightgear.org
[2007.09.10 11:12:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vojta\Data aplikací\GlarySoft
[2006.12.21 18:25:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vojta\Data aplikací\Inkscape
[2009.09.10 10:26:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vojta\Data aplikací\Mikrotik
[2010.07.29 18:23:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vojta\Data aplikací\Nokia
[2005.08.16 16:21:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vojta\Data aplikací\OLYMPUS
[2010.05.31 10:49:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vojta\Data aplikací\OpenOffice.org
[2010.07.29 18:23:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vojta\Data aplikací\PC Suite
[2010.04.27 08:32:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vojta\Data aplikací\Photo2Sketch
[2004.12.26 00:45:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vojta\Data aplikací\Software602
[2005.07.15 18:01:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vojta\Data aplikací\Zoner
========== Purity Check ==========
< End of report >
OTL Extras logfile created on: 28.8.2010 10:27:17 - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Vojta\Plocha
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
1 023,00 Mb Total Physical Memory | 700,00 Mb Available Physical Memory | 68,00% Memory free
3,00 Gb Paging File | 2,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): C:\pagefile.sys 1792 1792
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,53 Gb Total Space | 55,80 Gb Free Space | 74,87% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: DOMA-C6AS6ELGKD
Current User Name: Vojta
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\MotoGP2\motogp2.exe" = C:\Program Files\MotoGP2\motogp2.exe:*:Disabled:motogp2 -- ()
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{21E75254-410E-49C4-8981-2E1A2A2221F2}" = HP Diagnostic Assistant
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2405665A-16C9-4D3A-B70E-F006220E1472}" = Overland
"{2BBC9458-07CA-4843-848B-5C8146E5EFA8}" = CreativeProjects
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor
"{3AEF2F6C-F1D3-47CD-BF3B-A327F1FABE58}" = PSPrinters06
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HydraVision
"{41254D7B-EADF-4078-AE4A-BD73B300EE86}" = Unload
"{49FC50FC-F965-40D9-89B4-CBFF80941033}" = Windows Movie Maker 2.0
"{4C9D4AE8-FCB0-4E09-A8E4-1E60D9D7C30B}" = WinTalker Voice pro 602
"{5DE71D48-01EB-4BF2-A643-50FE6C9B6AC9}" = OpenOffice.org 3.2
"{5E65E94D-69F2-4850-9E93-6459C53A0F50}" = Microsoft .NET Framework 1.1 Czech Language Pack
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6DFC4B13-4489-4A59-AF95-12628A86FA76}" = 602PC SUITE
"{86D6A20D-3910-4441-A3E5-EB6977251C86}" = Samsung USB Driver
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{95120000-00AF-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (Czech)
"{981FB376-8418-4EA8-BBED-9DE5AA63E7D5}" = SkinsHP1
"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6
"{9CB2512B-3EC4-43DF-8002-46BDAB5EDD1B}" = QuickProjects
"{9E6894B0-51DE-424E-BCDE-2ABADC5651A1}" = PS7400
"{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}" = PrintScreen
"{A1DCC235-DACC-4E1F-8D11-D630634B4AEF}" = PhotoGallery
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}" = Photosmart 320,370,7400,8100,8400 Series (csy)
"{AC76BA86-7AD7-1029-7B44-A93000000001}" = Adobe Reader 9.3.3 - Czech
"{AC76BA86-7AD7-5760-0000-800000000003}" = Japanese Fonts Support For Adobe Reader 8
"{B3D5D4E0-E965-41C4-ABFD-A7B1AD0663C2}" = Director
"{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6
"{B45D9FEE-1AF4-46F3-9A83-2545F81547F5}" = CreativeProjectsTemplates
"{BCC992E5-5C81-4066-9B55-03DC10B24D21}" = InstantShare
"{BDE1289F-4025-41A5-AD17-101DB4D82CA7}" = TRS2004
"{BF018D2F-C788-4AB1-AB95-1280EAB8F13E}" = TrayApp
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{EC8673DA-F96B-497E-B2DB-BC7B029FD680}" = BufferChm
"{F03D7004-F232-4B7A-A4A0-4B8FC118C4BD}" = Trainz
"{F4F47155-5B4D-42AA-97F8-490BC52EA7F3}" = Destinations
"{F65787F3-B356-45EC-8DD0-0E6758EDBCEE}" = WebReg
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FF26F7EA-BCEE-478C-9A1B-6B4F88717D73}" = CueTour
"7-Zip" = 7-Zip 4.65
"Absolute Uninstaller_is1" = Absolute Uninstaller 2.4
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced WindowsCarev1.0" = Advanced WindowsCare
"All ATI Software" = Softarová utilita ATI - Odinstalovat
"ATI Display Driver" = ATI Display Driver
"avast!" = avast! Antivirus
"CCleaner" = CCleaner (remove only)
"CDex" = CDex extraction audio
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0
"Čeština do Windows Movie Maker2" = Čeština do Windows Movie Maker2
"EasyLanguage - Angličtina (PPK edice)_is1" = EasyLanguage - Angličtina (PPK edice)
"GIGABYTE V-Tuner" = GIGABYTE V-Tuner
"HP Photo & Imaging" = HP Image Zone 4.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MotoGP2_is1" = MotoGP2
"MV2Player" = MV2Player (remove only)
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Ottova encyklopedie Česká republika_is1" = Ottova encyklopedie Česká republika 1.0
"Plane Arcade" = Plane Arcade
"Rally Championship" = Rally Championship
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 2
"XP Codec Pack" = XP Codec Pack
"Yahoo! Toolbar" = Yahoo! Toolbar
========== Last 10 Event Log Errors ==========
[ Antivirus Events ]
Error - 29.7.2006 17:49:29 | Computer Name = DOMA-C6AS6ELGKD | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckBootDirectEx: avscanScanReal
of *BOOTA failed, 00000005.
Error - 29.7.2006 17:49:31 | Computer Name = DOMA-C6AS6ELGKD | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckBootDirectEx: avscanScanReal
of *BOOTA failed, 00000005.
Error - 29.7.2006 17:52:35 | Computer Name = DOMA-C6AS6ELGKD | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckBootDirectEx: avscanScanReal
of *BOOTA failed, 00000005.
Error - 3.8.2006 17:34:20 | Computer Name = DOMA-C6AS6ELGKD | Source = avast! | ID = 33554522
Description = Test oblasti "D:\" skoncil s chybou 00000015 (funkce avfilesScanReal
selhala).
Error - 3.8.2006 17:34:30 | Computer Name = DOMA-C6AS6ELGKD | Source = avast! | ID = 33554522
Description = Test oblasti "D:\" skoncil s chybou 00000015 (funkce avfilesScanReal
selhala).
Error - 7.1.2007 6:04:56 | Computer Name = DOMA-C6AS6ELGKD | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of A:\tabulky školy.xls failed, 0000001E.
Error - 22.4.2010 7:57:38 | Computer Name = DOMA-C6AS6ELGKD | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of http://dl.s6.uloz.to/Ps;Hs;fid=1086766; ... 6478585&De
failed, 00000084.
Error - 22.4.2010 8:41:23 | Computer Name = DOMA-C6AS6ELGKD | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of http://dl.s11.uloz.to/Ps;Hs;fid=1086765 ... 5283294&De
failed, 0000001E.
Error - 22.4.2010 9:27:20 | Computer Name = DOMA-C6AS6ELGKD | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of http://dl.s5.uloz.to/Ps;Hs;fid=1086762; ... 5283294&De
failed, 0000001E.
Error - 22.4.2010 9:51:12 | Computer Name = DOMA-C6AS6ELGKD | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of http://dl.s6.uloz.to/Ps;Hs;fid=1086763; ... 5283294&De
failed, 0000001E.
[ Application Events ]
Error - 31.12.2003 18:11:58 | Computer Name = DOMA-C6AS6ELGKD | Source = LoadPerf | ID = 3001
Description = Hodnota řetězce názvu čítače výkonu v registru je nesprávně naformátovaná.
Neplatný řetězec 2986, hodnota neplatného indexu je v prvním bajtu DWORD v datové
části. Poslední platná hodnota indexu je v druhém a třetím bajtu DWORD v datové
oblasti.
Error - 27.8.2010 5:00:04 | Computer Name = DOMA-C6AS6ELGKD | Source = Application Error | ID = 1000
Description = Chybující aplikace set41.tmp, verze 11.50.0.42618, chybující modul
, verze 0.0.0.0, adresa chyby 0x00000000.
Error - 27.8.2010 5:00:17 | Computer Name = DOMA-C6AS6ELGKD | Source = Application Error | ID = 1000
Description = Chybující aplikace set43.tmp, verze 11.50.0.42618, chybující modul
, verze 0.0.0.0, adresa chyby 0x00000000.
Error - 27.8.2010 5:00:39 | Computer Name = DOMA-C6AS6ELGKD | Source = Application Error | ID = 1000
Description = Chybující aplikace set45.tmp, verze 11.50.0.42618, chybující modul
, verze 0.0.0.0, adresa chyby 0x00000000.
Error - 27.8.2010 5:03:37 | Computer Name = DOMA-C6AS6ELGKD | Source = Application Error | ID = 1000
Description = Chybující aplikace set47.tmp, verze 11.50.0.42618, chybující modul
, verze 0.0.0.0, adresa chyby 0x00000000.
Error - 27.8.2010 5:04:42 | Computer Name = DOMA-C6AS6ELGKD | Source = Application Error | ID = 1000
Description = Chybující aplikace set49.tmp, verze 11.50.0.42618, chybující modul
, verze 0.0.0.0, adresa chyby 0x00000000.
Error - 27.8.2010 5:04:50 | Computer Name = DOMA-C6AS6ELGKD | Source = Application Error | ID = 1000
Description = Chybující aplikace set4b.tmp, verze 11.50.0.42618, chybující modul
, verze 0.0.0.0, adresa chyby 0x00000000.
Error - 27.8.2010 5:05:17 | Computer Name = DOMA-C6AS6ELGKD | Source = Application Error | ID = 1000
Description = Chybující aplikace set4d.tmp, verze 11.50.0.42618, chybující modul
, verze 0.0.0.0, adresa chyby 0x00000000.
Error - 27.8.2010 5:09:28 | Computer Name = DOMA-C6AS6ELGKD | Source = Application Error | ID = 1000
Description = Chybující aplikace set53.tmp, verze 11.50.0.42618, chybující modul
, verze 0.0.0.0, adresa chyby 0x00000000.
Error - 27.8.2010 5:11:28 | Computer Name = DOMA-C6AS6ELGKD | Source = Application Error | ID = 1000
Description = Chybující aplikace set55.tmp, verze 11.50.0.42618, chybující modul
, verze 0.0.0.0, adresa chyby 0x00000000.
[ System Events ]
Error - 29.6.2010 3:14:04 | Computer Name = DOMA-C6AS6ELGKD | Source = Service Control Manager | ID = 7022
Description = Služba Brána Firewall / Sdílení připojení k Internetu (ICS) přestala
během spouštění reagovat.
Error - 24.8.2010 8:52:47 | Computer Name = DOMA-C6AS6ELGKD | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1058 při pokusu o spuštění služby dmadmin
s argumenty /com za účelem spuštění serveru: {4FB6BB00-3347-11D0-B40A-00AA005FF586}
< End of report >
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43294
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Viry v počítači
Poklepej na ikonu OTL na ploše.Ujisti se , že máš všechny ostatní aplikace a prohlížeče zavřeny.
Pod Vlastní skenování/opravy do okénka vlož následující text, zobrazený zeleně:
Poté klikni nahoře na Opravit. Nech program nerušeně běžet, na konci se provede restart PC.
Po restartu se objeví log , prosím zkopíruj sem celý jeho obsah.
V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému
Toto otestuj na Virustotal
C:\WINDOWS\System32\Nvflashl.dll
Pokud už byl soubor testován-klikni na otestovat znovu.
Až skončí test všech antivirů, vlož sem pak odkaz na stránku s výsledky.
Pod Vlastní skenování/opravy do okénka vlož následující text, zobrazený zeleně:
Kód: Vybrat vše
:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (0215261282939740mcinstcleanup) McAfee Application Installer Cleanup (0215261282939740) -- C:\DOCUME~1\Vojta\LOCALS~1\Temp\021526~1.EXE File not found
DRV - (pccsmcfd) -- C:\WINDOWS\System32\DRIVERS\pccsmcfd.sys File not found
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -Mozilla\4.0 ( File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
File not found -- C:\Documents and Settings\Vojta\Plocha\CAW5IJO9.
File not found -- C:\Documents and Settings\Vojta\Plocha\CAT4K3P5.
File not found -- C:\Documents and Settings\Vojta\Plocha\CAQ3WLY5.
File not found -- C:\Documents and Settings\Vojta\Plocha\CAH0KBH9.
File not found -- C:\Documents and Settings\Vojta\Plocha\CAANC5MF.
File not found -- C:\Documents and Settings\Vojta\Plocha\CA8RMLMH.
File not found -- C:\Documents and Settings\Vojta\Plocha\CA3YUHFJ.
:Files
C:\WINDOWS\System32\*.tmp
C:\WINDOWS\*.tmp
C:\WINDOWS\system32\*.tmp.dll
C:\WINDOWS\system32\SET*.tmp
c:\windows\Tasks\*.job
C:\*.tmp
C:\WINDOWS\tasks\SA.DAT
C:\Documents and Settings\Vojta\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
:Reg
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[start explorer]
[Reboot]Poté klikni nahoře na Opravit. Nech program nerušeně běžet, na konci se provede restart PC.
Po restartu se objeví log , prosím zkopíruj sem celý jeho obsah.
V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému
Toto otestuj na Virustotal
C:\WINDOWS\System32\Nvflashl.dll
Pokud už byl soubor testován-klikni na otestovat znovu.
Až skončí test všech antivirů, vlož sem pak odkaz na stránku s výsledky.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Zpět na “Viry, antiviry, firewally…”
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 4 hosti