PC-HELP.CZ

České diskuzní fórum o počítačích
https://pc-help.cnews.cz/

Condorito: Prosím o kontrolu logu

https://pc-help.cnews.cz/viewtopic.php?f=70&t=38179

Stránka 1 z 2

Condorito: Prosím o kontrolu logu

Napsal: 11 bře 2009 19:53
od Condorito
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:41:06, on 11.3.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\V-Gear BEE\VBService.exe
C:\Program Files (x86)\WinFast\WFDTV\DTVSchdl.exe
C:\Program Files (x86)\WinFast\WFDTV\WFWIZ.exe
C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\agent.exe
C:\Program Files (x86)\Xfire\xfire.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896" onclick="window.open(this.href);return false;
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/" onclick="window.open(this.href);return false;
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157" onclick="window.open(this.href);return false;
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896" onclick="window.open(this.href);return false;
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896" onclick="window.open(this.href);return false;
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157" onclick="window.open(this.href);return false;
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~2\ICQTOO~1\toolbaru.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~2\ICQTOO~1\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~2\ICQTOO~1\toolbaru.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [WinFastDTV] "C:\Program Files (x86)\WinFast\WFDTV\DTVSchdl.exe"
O4 - HKLM\..\Run: [WinFast Schedule] "C:\Program Files (x86)\WinFast\WFDTV\WFWIZ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime




Cau...mam problem co se tyka jehoVist 64...xD obcas vypnu komp a nevipne se nekolik hodin.. ma 4 jadro a co se tyka hardware by nemel byt problem...dale to pada seka se...skouknete prosim muj log a snad tam neco najdete....Thx

// Název tématu upraven.
// mike007

Re: Condorito: Prosím o kontrolu logu

Napsal: 11 bře 2009 19:59
od jaro3
Odinstaluj: ICQ Toolbar

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Re: Condorito: Prosím o kontrolu logu

Napsal: 12 bře 2009 02:53
od Condorito
ok mam to a tady posilam novy log jak si chtel...


Malwarebytes' Anti-Malware 1.34
Verze databáze: 1838
Windows 6.0.6001 Service Pack 1

12.3.2009 2:46:00
mbam-log-2009-03-12 (02-45-51).txt

Typ skenu: Rychlý sken
Objektu skenováno: 57239
Uplynulý cas: 1 minute(s), 48 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 7
Infikované hodnoty registru: 0
Infikované položky dat registru: 1
Infikované složky: 6
Infikované soubory: 1

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\xttb00001.xttb00001toolbar (Adware.Trace) -> No action taken.

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.

Infikované složky:
C:\Program Files (x86)\FunWebProducts (Adware.MyWebSearch) -> No action taken.
C:\Program Files (x86)\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> No action taken.
C:\Program Files (x86)\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> No action taken.
C:\Users\User\AppData\Roaming\ErrorKiller (Rogue.ErrorKiller) -> No action taken.
C:\Users\User\AppData\Roaming\ErrorKiller\Log (Rogue.ErrorKiller) -> No action taken.
C:\Users\User\AppData\Roaming\ErrorKiller\Registry Backups (Rogue.ErrorKiller) -> No action taken.

Infikované soubory:
C:\Users\User\AppData\Roaming\ErrorKiller\Registry Backups\2008-07-04_13-33-24.reg (Rogue.ErrorKiller) -> No action taken.

Re: Condorito: Prosím o kontrolu logu

Napsal: 12 bře 2009 07:42
od jaro3
. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Můžeš sem pak vložit log z MbAM.

Stáhni si OTViewIt
na plochu.Zavři všechna okna a a poklepej na něj.Dej znaménko na Scan all Users box.Klikni na Run Scan a nech program nerušeně běžet.Na konci vytvoří dva logy na ploše , tyto logy (OTViewIt.txt a Extras.txt ) sem pak vlož.

Re: Condorito: Prosím o kontrolu logu

Napsal: 12 bře 2009 17:13
od Condorito
Tady to mas a hned poslu ty zbyle dva...jinak diky moc ale co HijackThis..mam ho odstranit..nebo co mi muzes doporucit pro udrzbu pocitace co se tyka software??? Diky (Jo mam napriklad TuneUp utilities2009)...

Malwarebytes' Anti-Malware 1.34
Verze databáze: 1838
Windows 6.0.6001 Service Pack 1

12.3.2009 17:04:15
mbam-log-2009-03-12 (17-04-15).txt

Typ skenu: Rychlý sken
Objektu skenováno: 57034
Uplynulý cas: 1 minute(s), 44 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 7
Infikované hodnoty registru: 0
Infikované položky dat registru: 1
Infikované složky: 6
Infikované soubory: 1

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\xttb00001.xttb00001toolbar (Adware.Trace) -> Quarantined and deleted successfully.

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infikované složky:
C:\Program Files (x86)\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files (x86)\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Users\User\AppData\Roaming\ErrorKiller (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Users\User\AppData\Roaming\ErrorKiller\Log (Rogue.ErrorKiller) -> Quarantined and deleted successfully.
C:\Users\User\AppData\Roaming\ErrorKiller\Registry Backups (Rogue.ErrorKiller) -> Quarantined and deleted successfully.

Infikované soubory:
C:\Users\User\AppData\Roaming\ErrorKiller\Registry Backups\2008-07-04_13-33-24.reg (Rogue.ErrorKiller) -> Quarantined and deleted successfully.

Re: Condorito: Prosím o kontrolu logu

Napsal: 12 bře 2009 17:37
od Condorito
Prvni .....................................

OTViewIt logfile created on: 12.3.2009 17:12:30 - Run 3
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Users\User\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

4,00 Gb Total Physical Memory | 2,56 Gb Available Physical Memory | 64,04% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,66 Gb Total Space | 34,35 Gb Free Space | 35,17% Space Free | Partition Type: NTFS
Drive D: | 368,10 Gb Total Space | 155,17 Gb Free Space | 42,15% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RAMMON
Current User Name: User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== Processes ==========

[2009.02.05 22:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
[2009.02.05 22:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
[2006.10.26 12:40:34 | 00,335,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
[2006.11.12 21:02:08 | 00,076,544 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i 3\uMgiSvr.exe
[2008.09.24 14:32:48 | 00,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
[2009.02.28 01:40:59 | 00,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
[2009.03.12 02:13:27 | 00,189,072 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
[2004.12.13 03:34:32 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
[2009.02.05 22:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
[2009.02.05 22:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
[2008.02.14 00:09:40 | 00,486,856 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe
[2004.06.16 05:03:26 | 00,221,184 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
[2009.01.26 15:31:16 | 02,144,088 | ---- | M] (Safer Networking Limited) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
[2009.01.15 22:58:35 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe
[2003.06.10 16:50:22 | 01,393,664 | ---- | M] (Asiamajor Inc.) -- C:\Program Files (x86)\V-Gear BEE\VBService.exe
[2007.12.21 12:34:24 | 00,090,112 | ---- | M] (Leadtek Research Inc.) -- C:\Program Files (x86)\WinFast\WFDTV\DTVSchdl.exe
[2007.12.19 15:09:20 | 02,846,720 | ---- | M] (Leadtek Research Inc.) -- C:\Program Files (x86)\WinFast\WFDTV\WFWIZ.exe
[2008.10.15 01:04:34 | 00,039,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Reader 8.0\Reader\reader_sl.exe
[2008.12.02 10:02:08 | 00,111,928 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
[2009.02.05 22:08:45 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
[2009.03.07 13:23:48 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jusched.exe
[2006.09.10 21:56:24 | 00,992,176 | ---- | M] (Macrovision Corporation) -- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\agent.exe
[2009.03.12 17:01:00 | 00,422,912 | ---- | M] (OldTimer Tools) -- C:\Users\User\Downloads\OTViewIt.exe

========== (O23) Win32 Services ==========

[2009.02.05 22:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
[2009.02.05 22:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
[2009.02.05 22:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
[2009.02.05 22:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
File not found -- -- (CertPropSvc [Unknown | Stopped])
[2008.01.05 12:26:41 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
[2008.01.05 12:25:45 | 00,093,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64 [On_Demand | Stopped])
File not found -- -- (DcomLaunch [Unknown | Running])
File not found -- -- (DPS [Unknown | Running])
[2008.01.19 09:00:14 | 00,344,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehrecvr.exe -- (ehRecvr [On_Demand | Running])
[2008.01.19 09:00:14 | 00,153,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Running])
[2008.01.05 12:23:12 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
[2007.12.14 10:46:28 | 00,047,624 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\GEST\GSvr.exe -- (GEST Service [On_Demand | Stopped])
File not found -- -- (GoogleUpdateBeta [Auto | Stopped])
File not found -- -- (gpsvc [Unknown | Running])
[2005.04.03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
[2006.11.02 10:46:05 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\keyiso.dll -- (KeyIso [On_Demand | Stopped])
[2006.10.26 12:40:34 | 00,335,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe -- (MDM [Auto | Running])
[2006.11.12 21:02:08 | 00,076,544 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i 3\uMgiSvr.exe -- (MgiSvr [Auto | Running])
[2006.10.27 00:47:54 | 00,065,824 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
[2006.11.02 14:34:14 | 00,000,000 | ---D | M] -- C:\Windows\System32\Msdtc -- (MSDTC [Unknown | Stopped])
[2008.09.24 14:32:48 | 00,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0 [Auto | Running])
[2008.01.19 08:35:36 | 00,592,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netlogon.dll -- (Netlogon [On_Demand | Stopped])
[2008.01.05 12:23:05 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
[2006.10.26 18:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
[2006.10.26 12:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
[2008.01.19 08:33:19 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\perfhost.exe -- (PerfHost [On_Demand | Stopped])
[2009.02.28 01:40:59 | 00,075,064 | ---- | M] () -- C:\Windows\System32\PnkBstrA.exe -- (PnkBstrA [Auto | Running])
[2009.03.12 02:13:27 | 00,189,072 | ---- | M] () -- C:\Windows\System32\PnkBstrB.exe -- (PnkBstrB [Auto | Running])
File not found -- -- (RpcSs [Unknown | Running])
[2008.01.19 08:36:19 | 00,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SCardSvr.dll -- (SCardSvr [Unknown | Stopped])
File not found -- -- (Schedule [Unknown | Running])
File not found -- -- (SCPolicySvc [Unknown | Stopped])
[2008.11.19 09:09:44 | 00,104,944 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service [On_Demand | Stopped])
File not found -- -- (TuneUp.Defrag [On_Demand | Stopped])
File not found -- -- (TuneUp.ProgramStatisticsSvc [Auto | Running])
[2004.12.13 03:34:32 | 00,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper [Auto | Running])
[2006.11.02 07:35:15 | 00,060,994 | ---- | M] () -- C:\Windows\System32\wbem\vds.mof -- (vds [On_Demand | Stopped])
[2006.11.02 07:35:15 | 00,055,846 | ---- | M] () -- C:\Windows\System32\wbem\vss.mof -- (VSS [On_Demand | Stopped])
File not found -- -- (WdiServiceHost [Unknown | Stopped])
File not found -- -- (WdiSystemHost [Unknown | Running])
[2008.01.19 09:00:47 | 01,216,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [Auto | Running])
[2008.05.27 06:18:43 | 00,439,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchIndexer.exe -- (WSearch [Auto | Running])

========== Driver Services ==========

[2008.01.19 09:12:01 | 00,486,456 | ---- | M] (Adaptec, Inc.) -- C:\Windows\WinSxS\amd64_adp94xx.inf_31bf3856ad364e35_6.0.6001.18000_none_5e0fcb9b69814f7b\adp94xx.sys -- (adp94xx [Disabled | Stopped])
[2008.01.19 09:11:40 | 00,342,584 | ---- | M] (Adaptec, Inc.) -- C:\Windows\WinSxS\amd64_adpahci.inf_31bf3856ad364e35_6.0.6001.18000_none_c05c13aa3dfbc961\adpahci.sys -- (adpahci [Disabled | Stopped])
[2008.01.19 09:10:01 | 00,126,520 | ---- | M] (Adaptec, Inc.) -- C:\Windows\WinSxS\amd64_adpu160m.inf_31bf3856ad364e35_6.0.6001.18000_none_f2feed0b63bf261d\adpu160m.sys -- (adpu160m [Disabled | Stopped])
[2008.01.19 09:11:12 | 00,185,912 | ---- | M] (Adaptec, Inc.) -- C:\Windows\WinSxS\amd64_adpu320.inf_31bf3856ad364e35_6.0.6001.18000_none_f4cbbad1148c6b4a\adpu320.sys -- (adpu320 [Disabled | Stopped])
[2008.03.31 23:52:26 | 00,018,488 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\WinSxS\amd64_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_375215c7dcd73562\aliide.sys -- (aliide [Disabled | Stopped])
[2008.01.19 09:09:34 | 00,090,680 | ---- | M] (Adaptec, Inc.) -- C:\Windows\WinSxS\amd64_arc.inf_31bf3856ad364e35_6.0.6001.18000_none_7bfed8c7803713cf\arc.sys -- (arc [Disabled | Stopped])
[2008.01.19 09:09:37 | 00,091,192 | ---- | M] (Adaptec, Inc.) -- C:\Windows\WinSxS\amd64_arcsas.inf_31bf3856ad364e35_6.0.6001.18000_none_771684264153c2d4\arcsas.sys -- (arcsas [Disabled | Stopped])
File not found -- -- (ARCSOFTVIRTUALCAPTURE [On_Demand | Running])
File not found -- -- (aswFsBlk [Auto | Running])
File not found -- -- (aswMonFlt [Auto | Running])
File not found -- -- (aswRdr [System | Running])
File not found -- -- (aswSP [System | Running])
File not found -- -- (aswTdi [System | Running])
File not found -- -- (atksgt [Auto | Running])
[2006.09.18 22:30:15 | 00,018,432 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\WinSxS\amd64_brmfcsto.inf_31bf3856ad364e35_6.0.6001.18000_none_800ff95700142785\BrFiltLo.sys -- (BrFiltLo [On_Demand | Stopped])
[2006.09.18 22:30:15 | 00,008,704 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\WinSxS\amd64_brmfcsto.inf_31bf3856ad364e35_6.0.6001.18000_none_800ff95700142785\BrFiltUp.sys -- (BrFiltUp [On_Demand | Stopped])
[2008.03.31 23:52:26 | 00,020,536 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\WinSxS\amd64_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_375215c7dcd73562\cmdide.sys -- (cmdide [Disabled | Stopped])
File not found -- -- (CX88VID [On_Demand | Running])
[2008.01.05 12:22:47 | 00,146,176 | ---- | M] (Intel Corporation) -- C:\Windows\WinSxS\amd64_nete1g3e.inf_31bf3856ad364e35_6.0.6001.18000_none_04b0c96be9c034d3\E1G6032E.sys -- (E1G60 [On_Demand | Stopped])
[2008.01.19 09:11:53 | 00,397,368 | ---- | M] (Emulex) -- C:\Windows\WinSxS\amd64_elxstor.inf_31bf3856ad364e35_6.0.6001.18000_none_08ac13ff69b034ee\elxstor.sys -- (elxstor [Disabled | Stopped])
[2007.10.16 15:15:26 | 00,036,416 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\ET5Drv.sys -- (ET5Drv [On_Demand | Stopped])
[2008.03.31 23:22:24 | 00,020,544 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\Windows\gdrv.sys -- (gdrv [On_Demand | Stopped])
[2008.01.19 09:08:42 | 00,047,672 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\WinSxS\amd64_hpcisss.inf_31bf3856ad364e35_6.0.6001.18000_none_d59c6600292b9522\HpCISSs.sys -- (HpCISSs [Disabled | Stopped])
[2008.01.19 09:11:31 | 00,290,872 | ---- | M] (Intel Corporation) -- C:\Windows\WinSxS\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys -- (iaStorV [Disabled | Stopped])
File not found -- -- (IntcAzAudAddService [On_Demand | Running])
File not found -- -- (JRAID [Boot | Running])
File not found -- -- (lirsgt [Auto | Running])
[2008.01.19 09:09:57 | 00,113,720 | ---- | M] (LSI Logic) -- C:\Windows\WinSxS\amd64_lsi_fc.inf_31bf3856ad364e35_6.0.6001.18000_none_c59b4ac1fa719137\lsi_fc.sys -- (LSI_FC [Disabled | Stopped])
[2008.01.19 09:09:48 | 00,105,016 | ---- | M] (LSI Logic) -- C:\Windows\WinSxS\amd64_lsi_sas.inf_31bf3856ad364e35_6.0.6001.18000_none_5b86b7f9e8ff0dc5\lsi_sas.sys -- (LSI_SAS [Disabled | Stopped])
[2008.01.19 09:09:56 | 00,113,720 | ---- | M] (LSI Logic) -- C:\Windows\WinSxS\amd64_lsi_scsi.inf_31bf3856ad364e35_6.0.6001.18000_none_f883c787da42af0c\lsi_scsi.sys -- (LSI_SCSI [Disabled | Stopped])
[2008.01.19 09:08:18 | 00,035,896 | ---- | M] (LSI Corporation) -- C:\Windows\WinSxS\amd64_megasas.inf_31bf3856ad364e35_6.0.6001.18000_none_8c5ef0c0070fb814\megasas.sys -- (megasas [Disabled | Stopped])
[2008.04.01 00:04:29 | 00,001,088 | ---- | M] () -- C:\Windows\System32\wbem\mpsdrv.mof -- (mpsdrv [On_Demand | Running])
[2006.10.14 04:04:34 | 05,942,912 | ---- | M] (NVIDIA Corporation) -- C:\Windows\WinSxS\amd64_nv_lh.inf_31bf3856ad364e35_6.0.6001.18000_none_4a8627558332bbba\nvlddmkm.sys -- (nvlddmkm [On_Demand | Running])
[2008.01.19 09:10:12 | 00,128,056 | ---- | M] (NVIDIA Corporation) -- C:\Windows\WinSxS\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvraid.sys -- (nvraid [Disabled | Stopped])
[2008.01.19 09:08:50 | 00,054,328 | ---- | M] (NVIDIA Corporation) -- C:\Windows\WinSxS\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys -- (nvstor [Disabled | Stopped])
[2008.01.19 09:12:10 | 01,221,176 | ---- | M] (QLogic Corporation) -- C:\Windows\WinSxS\amd64_ql2300.inf_31bf3856ad364e35_6.0.6001.18000_none_90b29e0f5eb4b0a1\ql2300.sys -- (ql2300 [Disabled | Stopped])
File not found -- -- (regi [Auto | Running])
File not found -- -- (RTL8169 [On_Demand | Running])
[2006.09.30 00:51:44 | 00,023,040 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\WinSxS\amd64_macrovision-protection-safedisc_31bf3856ad364e35_6.0.6000.16386_none_b794b0d578b7ec2e\secdrv.sys -- (secdrv [Auto | Running])
[2008.01.19 09:09:28 | 00,078,392 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\WinSxS\amd64_sisraid4.inf_31bf3856ad364e35_6.0.6001.18000_none_8460e59f708bb476\sisraid4.sys -- (SiSRaid4 [Disabled | Stopped])
File not found -- -- (sptd [Boot | Running])
[2006.09.18 22:36:40 | 00,003,066 | ---- | M] () -- C:\Windows\System32\wbem\tcpip.mof -- (Tcpip [Boot | Running])
[2008.01.19 09:11:28 | 00,284,728 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\WinSxS\amd64_uliahci.inf_31bf3856ad364e35_6.0.6001.18000_none_a21b1cbb80e47096\uliahci.sys -- (uliahci [Disabled | Stopped])
[2006.11.02 12:51:19 | 00,174,696 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\WinSxS\amd64_ulsata2.inf_31bf3856ad364e35_6.0.6001.18000_none_9ce1027f4768b389\ulsata2.sys -- (ulsata2 [Disabled | Stopped])
[2008.03.31 23:52:26 | 00,020,536 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\WinSxS\amd64_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_375215c7dcd73562\viaide.sys -- (viaide [Disabled | Stopped])
[2008.01.19 09:10:22 | 00,149,048 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\WinSxS\amd64_vsmraid.inf_31bf3856ad364e35_6.0.6001.18000_none_508698a452d25e17\vsmraid.sys -- (vsmraid [Disabled | Stopped])

========== (R ) Internet Explorer ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157
"Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896
"Default_Secondary_Page_URL"=
"Extensions Off Page"=about:NoAdd-ons
"Local Page"=%SystemRoot%\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Security Risk Page"=about:SecurityRisk
"Start Page"=http://go.microsoft.com/fwlink/?LinkId=69157

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\Windows\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://www.google.cz/
"StartPageCache"=

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{855F3B16-6D32-4fe6-8A56-BBB695989046}" (HKLM) -- C:\Program Files (x86)\ICQToolbar\toolbaru.dll (IE Toolbar)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}" (HKLM) -- C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]

[HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3165705971-866493375-3708113550-1000\SOFTWARE\Microsoft\Internet Explorer\Main]
"Local Page"=C:\Windows\system32\blank.htm
"Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896
"Start Page"=http://www.google.cz/
"StartPageCache"=

[HKEY_USERS\S-1-5-21-3165705971-866493375-3708113550-1000\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{855F3B16-6D32-4fe6-8A56-BBB695989046}" (HKLM) -- C:\Program Files (x86)\ICQToolbar\toolbaru.dll (IE Toolbar)

[HKEY_USERS\S-1-5-21-3165705971-866493375-3708113550-1000\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}" (HKLM) -- C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)

[HKEY_USERS\S-1-5-21-3165705971-866493375-3708113550-1000\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_USERS\S-1-5-21-3165705971-866493375-3708113550-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = 0

========== (O1) Hosts File ==========

HOSTS File = (297277 bytes) - C:\Windows\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1 localhost
::1 localhost
127.0.0.1 http://www.007guard.com" onclick="window.open(this.href);return false;
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 http://www.008k.com" onclick="window.open(this.href);return false;
127.0.0.1 008k.com
127.0.0.1 http://www.00hq.com" onclick="window.open(this.href);return false;
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 http://www.032439.com" onclick="window.open(this.href);return false;
127.0.0.1 032439.com
127.0.0.1 http://www.0scan.com" onclick="window.open(this.href);return false;
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 http://www.1000gratisproben.com" onclick="window.open(this.href);return false;
127.0.0.1 1001namen.com
127.0.0.1 http://www.1001namen.com" onclick="window.open(this.href);return false;
127.0.0.1 100888290cs.com
127.0.0.1 http://www.100888290cs.com" onclick="window.open(this.href);return false;
127.0.0.1 http://www.100sexlinks.com" onclick="window.open(this.href);return false;
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 http://www.10sek.com" onclick="window.open(this.href);return false;
127.0.0.1 http://www.1-2005-search.com" onclick="window.open(this.href);return false;
10269 more lines...

========== (O2) BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} (HKLM) -- C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
{055FD26D-3A88-4e15-963D-DC8493744B1D} (HKLM) -- C:\Program Files (x86)\ICQToolbar\toolbaru.dll (IE Toolbar)
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
{53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} (HKLM) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
{DBC80044-A445-435b-BC74-9C25C1C588A9} (HKLM) -- C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
{EEE6C35C-6118-11DC-9C72-001320C79847} (HKLM) -- C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)

========== (O3) Toolbars ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{855F3B16-6D32-4fe6-8A56-BBB695989046}" (HKLM) -- C:\Program Files (x86)\ICQToolbar\toolbaru.dll (IE Toolbar)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}" (HKLM) -- C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" (HKLM) -- C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{855F3B16-6D32-4FE6-8A56-BBB695989046}" (HKLM) -- C:\Program Files (x86)\ICQToolbar\toolbaru.dll (IE Toolbar)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}" (HKLM) -- C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)

[HKEY_USERS\S-1-5-21-3165705971-866493375-3708113550-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{855F3B16-6D32-4FE6-8A56-BBB695989046}" (HKLM) -- C:\Program Files (x86)\ICQToolbar\toolbaru.dll (IE Toolbar)

[HKEY_USERS\S-1-5-21-3165705971-866493375-3708113550-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}" (HKLM) -- C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)

========== (O4) Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
"GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation)
"JMB36X IDE Setup"=C:\Windows\RaidTool\xInsIDE.exe ()
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
"SunJavaUpdateSched"="C:\Program Files (x86)\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
"SweetIM"=C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
"WinFast Schedule"="C:\Program Files (x86)\WinFast\WFDTV\WFWIZ.exe" (Leadtek Research Inc.)
"WinFastDTV"="C:\Program Files (x86)\WinFast\WFDTV\DTVSchdl.exe" (Leadtek Research Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun (DT Soft Ltd)
"ehTray.exe"=C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
"Google Update"="C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe" /c File not found
"ISUSPM"="C:\Program Files (x86)\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler (InstallShield Software Corporation)
"ISUSPM Startup"=C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup (InstallShield Software Corporation)
"ISUSScheduler"="C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start (Macrovision Corporation)
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (Microsoft Corporation)
"SpybotSD TeaTimer"=C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
"WMPNSCFG"=C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (Microsoft Corporation)
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=%ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (Microsoft Corporation)
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3165705971-866493375-3708113550-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun (DT Soft Ltd)
"ehTray.exe"=C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
"Google Update"="C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe" /c File not found
"ISUSPM"="C:\Program Files (x86)\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler (InstallShield Software Corporation)
"ISUSPM Startup"=C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup (InstallShield Software Corporation)
"ISUSScheduler"="C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start (Macrovision Corporation)
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (Microsoft Corporation)
"SpybotSD TeaTimer"=C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
"WMPNSCFG"=C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found

========== (O6 & O7) Current Version Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoActiveDesktop"=1
"ForceActiveDesktopOn"=0
"NoActiveDesktopChanges"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"ConsentPromptBehaviorAdmin"=2
"ConsentPromptBehaviorUser"=1
"EnableInstallerDetection"=1
"EnableLUA"=1
"EnableSecureUIAPaths"=1
"EnableVirtualization"=1
"PromptOnSecureDesktop"=1
"ValidateAdminCodeSignatures"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"scforceoption"=0
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"FilterAdministratorToken"=0
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats]
"CF_TEXT"=1
"CF_BITMAP"=2
"CF_OEMTEXT"=7
"CF_DIB"=8
"CF_PALETTE"=9
"CF_UNICODETEXT"=13
"CF_DIBV5"=17

========== (O8) IE Context Menu Extensions ==========

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\]
E&xportovat do aplikace Microsoft Excel: C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE [2006.10.27 14:07:36 | 17,891,112 | ---- | M] (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3165705971-866493375-3708113550-1000\Software\Microsoft\Internet Explorer\MenuExt\]
E&xportovat do aplikace Microsoft Excel: C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE [2006.10.27 14:07:36 | 17,891,112 | ---- | M] (Microsoft Corporation)

========== (O9) IE Extensions ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\]
{2670000A-7350-4f3c-8081-5663EE0C6C49}: Button: Odeslat do aplikace OneNote -- %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [2006.10.26 20:32:42 | 00,604,000 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}: Menu: Od&eslat do aplikace OneNote -- %ProgramFiles%\Microsoft Office\Office12\ONBttnIE.dll [2006.10.26 20:32:42 | 00,604,000 | ---- | M] (Microsoft Corporation)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: Research -- %ProgramFiles%\Microsoft Office\Office12\REFIEBAR.DLL [2006.10.26 19:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search && Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008.09.15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited)
{E59EB121-F339-4851-A3BA-FE49C35617C2}: Button: ICQ6 -- %ProgramFiles%\ICQ6\ICQ.exe [2008.09.01 16:08:21 | 00,173,304 | ---- | M] (ICQ, Inc.)
{E59EB121-F339-4851-A3BA-FE49C35617C2}: Menu: ICQ6 -- %ProgramFiles%\ICQ6\ICQ.exe [2008.09.01 16:08:21 | 00,173,304 | ---- | M] (ICQ, Inc.)

========== (O12) Internet Explorer Plugins ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\]
PluginsPage: "" = http://activex.microsoft.com/controls/find.asp?ext=" onclick="window.open(this.href);return false;%s&mime=%s
PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery

========== (O13) Default Prefixes ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix]
""=http://

========== (O15) Trusted Sites ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
48 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
48 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
48 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
48 domain(s) and sub-domain(s) not assigned to a zone.

[HKEY_USERS\S-1-5-21-3165705971-866493375-3708113550-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\]
48 domain(s) and sub-domain(s) not assigned to a zone.

========== (O16) DPF ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\]
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab}: C:\Program Files (x86)\Yahoo!\Common\yinsthelper.dll -- YInstStarter Class
{8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab" onclick="window.open(this.href);return false; -- Java Plug-in 1.6.0_12
{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab" onclick="window.open(this.href);return false; -- Java Plug-in 1.6.0_12
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab" onclick="window.open(this.href);return false; -- Java Plug-in 1.6.0_12

========== (O17) DNS Name Servers ==========

{3E1F1BDF-1904-4A88-A2C3-EA636F3CE37A} (Servers: | Description: Realtek RTL8168B/8111B Family PCI-E Gigabit Ethernet NIC (NDIS 6.0))
{AD795081-0EA1-4FD8-9A23-AE3159469506} (Servers: | Description: Realtek RTL8168B/8111B Family PCI-E Gigabit Ethernet NIC (NDIS 6.0))

========== (O20) HKLM Winlogon Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell"=explorer.exe
>[2008.10.29 07:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\explorer.exe


========== (O21) SSODL Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WebCheck"={E6FB5E20-DE35-11CF-9C87-00AA005127ED} (HKLM) -- C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" (HKLM) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

========== HKLM *SecurityProviders* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"=credssp.dll
>[2008.01.19 08:33:59 | 00,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\credssp.dll

========== LSA *Security Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Security Packages"=kerberos,msv1_0,schannel,wdigest,tspkg,
>[2008.01.19 08:36:42 | 00,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TSpkg.dll

========== Safeboot Options ==========

"AlternateShell"=cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{af662630-735b-11dd-b3cb-001d7d050cf1}\Shell]
""=AutoRun


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{af662630-735b-11dd-b3cb-001d7d050cf1}\Shell\AutoRun\command]
""=M:\Enterprise_Launcher.exe -- File not found

========== Files/Folders - Created Within 30 Days ==========

[2009.03.12 02:43:02 | 00,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Malwarebytes
[2009.03.12 02:43:01 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009.03.12 02:43:01 | 00,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009.03.12 02:42:59 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009.03.12 02:42:58 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009.03.12 02:42:58 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2009.03.11 15:14:28 | 00,268,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schannel.dll
[2009.03.07 13:23:44 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2009.03.04 01:09:51 | 00,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Nero
[2009.03.02 15:31:00 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009.03.02 15:27:30 | 00,001,805 | ---- | C] () -- C:\Users\Public\Desktop\avast! Antivirus.lnk
[2009.03.02 15:27:13 | 01,256,296 | ---- | C] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2009.03.02 15:27:13 | 00,380,928 | ---- | C] () -- C:\Windows\System32\actskin4.ocx
[2009.03.02 14:56:32 | 46,082,5871 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2009.02.28 22:00:37 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2009.02.28 17:08:36 | 00,000,146 | ---- | C] () -- C:\Users\User\AppData\Roaming\default.rss
[2009.02.28 02:25:25 | 00,189,072 | ---- | C] () -- C:\Windows\System32\PnkBstrB.xtr
[2009.02.27 20:15:54 | 00,000,000 | ---D | C] -- C:\ProgramData\LightScribe
[2009.02.27 20:15:43 | 00,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Nero
[2009.02.27 18:33:27 | 00,002,589 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart.lnk
[2009.02.27 18:25:52 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Nero
[2009.02.27 18:25:19 | 00,000,000 | ---D | C] -- C:\ProgramData\Nero
[2009.02.27 18:25:17 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero
[2009.02.26 19:46:50 | 00,042,320 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2009.02.26 16:39:15 | 00,013,287 | ---- | C] () -- C:\Users\User\Desktop\Zápis o kontrole elektroinstalace.docx
[2009.02.24 15:33:59 | 00,000,000 | ---D | C] -- C:\ProgramData\2DBoy
[2009.02.24 15:32:16 | 00,000,672 | ---- | C] () -- C:\Users\Public\Desktop\World of Goo.lnk
[2009.02.21 17:57:28 | 00,054,156 | -H-- | C] () -- C:\Windows\QTFont.qfn
[2009.02.21 17:57:28 | 00,001,409 | ---- | C] () -- C:\Windows\QTFont.for
[2009.02.20 20:53:34 | 00,000,000 | ---D | C] -- C:\Users\User\Documents\EA Games
[2009.02.20 20:53:28 | 00,000,838 | ---- | C] () -- C:\Users\User\Desktop\MirrorsEdge.lnk
[2009.02.16 00:00:47 | 00,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2009.02.16 00:00:47 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2009.02.16 00:00:46 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2009.02.16 00:00:46 | 00,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2009.02.16 00:00:46 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2009.02.11 23:26:57 | 00,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\ACD Systems
[2009.02.11 23:26:57 | 00,000,000 | ---D | C] -- C:\Users\User\AppData\Local\ACD Systems
[2009.02.11 22:54:13 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2009.02.11 22:47:53 | 00,002,082 | ---- | C] () -- C:\Users\Public\Desktop\ACDSee Photo Manager 2009.lnk
[2009.02.11 22:47:45 | 00,000,000 | ---D | C] -- C:\ProgramData\ACD Systems
[2009.02.11 22:47:41 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ACD Systems
[2009.02.11 22:47:41 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\ACD Systems
[2009.02.11 22:45:57 | 00,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Downloaded Installations
[2009.02.11 22:28:14 | 00,027,904 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll
[2009.02.11 22:28:14 | 00,017,152 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2009.02.11 22:28:00 | 00,000,496 | ---- | C] () -- C:\Windows\tasks\1-Click Maintenance.job
[2009.02.11 22:28:00 | 00,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\TuneUp Software
[2009.02.11 22:27:56 | 00,001,741 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Click Maintenance.lnk
[2009.02.11 22:27:56 | 00,001,669 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2009.lnk
[2009.02.11 22:27:40 | 00,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2009.02.11 22:27:40 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2009
[2009.02.11 22:27:10 | 00,000,000 | -HSD | C] -- C:\ProgramData\{55A29068-F2CE-456C-9148-C869879E2357}
[2009.02.11 17:56:17 | 06,069,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009.02.11 17:56:17 | 03,580,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009.02.11 17:56:16 | 01,166,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009.02.11 17:56:16 | 00,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009.02.11 17:56:15 | 00,827,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009.02.11 17:56:15 | 00,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009.02.11 17:56:14 | 01,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009.02.11 17:56:14 | 00,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009.02.11 17:56:14 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

========== Files - Modified Within 30 Days ==========

[1 C:\Windows\System32\*.tmp files]
[2009.03.12 17:15:29 | 00,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{7A705C21-3085-4974-B8A0-989943ECD5D4}.job
[2009.03.12 17:08:51 | 00,000,496 | ---- | M] () -- C:\Windows\tasks\1-Click Maintenance.job
[2009.03.12 17:08:40 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009.03.12 17:08:37 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009.03.12 17:08:18 | 42,933,86240 | -HS- | M] () -- C:\hiberfil.sys
[2009.03.12 17:07:26 | 03,442,722 | -H-- | M] () -- C:\Users\User\AppData\Local\IconCache.db
[2009.03.12 04:29:25 | 00,000,146 | ---- | M] () -- C:\Users\User\AppData\Roaming\default.rss
[2009.03.12 02:50:12 | 00,128,512 | ---- | M] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.03.12 02:43:01 | 00,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009.03.12 02:13:27 | 00,189,072 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2009.03.12 02:13:27 | 00,189,072 | ---- | M] () -- C:\Windows\System32\PnkBstrB.exe
[2009.03.02 15:27:30 | 00,001,805 | ---- | M] () -- C:\Users\Public\Desktop\avast! Antivirus.lnk
[2009.03.02 15:27:28 | 00,000,000 | ---- | M] () -- C:\Windows\System32\config.nt
[2009.03.02 14:57:27 | 46,082,5871 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009.02.28 01:40:59 | 00,075,064 | ---- | M] () -- C:\Windows\System32\PnkBstrA.exe
[2009.02.27 18:33:27 | 00,002,589 | ---- | M] () -- C:\Users\Public\Desktop\Nero StartSmart.lnk
[2009.02.26 19:46:50 | 00,042,320 | ---- | M] () -- C:\Windows\System32\xfcodec.dll
[2009.02.26 17:20:19 | 00,013,287 | ---- | M] () -- C:\Users\User\Desktop\Zápis o kontrole elektroinstalace.docx
[2009.02.24 15:32:16 | 00,000,672 | ---- | M] () -- C:\Users\Public\Desktop\World of Goo.lnk
[2009.02.21 17:57:28 | 00,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn
[2009.02.21 17:57:28 | 00,001,409 | ---- | M] () -- C:\Windows\QTFont.for
[2009.02.21 11:20:13 | 00,001,097 | ---- | M] () -- C:\Users\User\Desktop\Spybot - Search & Destroy.lnk
[2009.02.21 11:09:54 | 00,001,724 | ---- | M] () -- C:\Users\User\Desktop\CCleaner.lnk
[2009.02.20 20:53:28 | 00,000,838 | ---- | M] () -- C:\Users\User\Desktop\MirrorsEdge.lnk
[2009.02.11 23:12:26 | 00,099,880 | ---- | M] () -- C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
[2009.02.11 22:47:53 | 00,002,082 | ---- | M] () -- C:\Users\Public\Desktop\ACDSee Photo Manager 2009.lnk
[2009.02.11 22:27:56 | 00,001,741 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Click Maintenance.lnk
[2009.02.11 22:27:56 | 00,001,669 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2009.lnk
[2009.02.11 10:19:42 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009.02.11 10:19:34 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009.02.10 17:58:41 | 00,000,790 | ---- | M] () -- C:\Users\User\Desktop\HLSW.lnk
< End of report >

Re: Condorito: Prosím o kontrolu logu

Napsal: 12 bře 2009 17:40
od Condorito
A ten druhy....kazdopadne jak jsem cetl vic uz bych Ti o svem kompu asi nerekl....XD

OTViewIt Extras logfile created on: 12.3.2009 17:12:30 - Run 3
OTViewIt by OldTimer - Version 1.0.21.0 Folder = C:\Users\User\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

4,00 Gb Total Physical Memory | 2,56 Gb Available Physical Memory | 64,04% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free
Paging file location(s): ?:\pagefile.sys;

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,66 Gb Total Space | 34,35 Gb Free Space | 35,17% Space Free | Partition Type: NTFS
Drive D: | 368,10 Gb Total Space | 155,17 Gb Free Space | 42,15% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RAMMON
Current User Name: User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On
File Age = 30 Days

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av"=1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"DisableNotifications"=0
"EnableFirewall"=1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== (O10) Winsock2 Catalogs ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\]
NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] -- C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000002 [@%SystemRoot%\system32\napinsp.dll,-1000] -- C:\Windows\System32\NapiNSP.dll (Společnost Microsoft)
NameSpace_Catalog5\Catalog_Entries\000000000003 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] -- C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] -- C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Protocol Defaults ==========


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults - Default Protocols
ldap -- 4 = Restricted sites (Not a Default Protocol)
news -- 4 = Restricted sites (Not a Default Protocol)
nntp -- 4 = Restricted sites (Not a Default Protocol)
oecmd -- 4 = Restricted sites (Not a Default Protocol)
snews -- 4 = Restricted sites (Not a Default Protocol)

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
@ivt -- @ivt protocol not assigned
file -- file protocol not assigned
ftp -- ftp protocol not assigned
http -- http protocol not assigned
https -- https protocol not assigned
shell -- shell protocol not assigned

========== HKEY_USERS Protocol Defaults ==========


[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProtocolDefaults] - Default Protocols
@ivt -- @ivt protocol not assigned
file -- file protocol not assigned
ftp -- ftp protocol not assigned
http -- http protocol not assigned
https -- https protocol not assigned
shell -- shell protocol not assigned

========== (O18) Protocol Handlers ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2009.01.15 07:08:35 | 03,580,416 | ---- | M] (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll (about:{3050F406-98B5-11CF-BB82-00AA00BDCE0B} (HKLM) [Microsoft HTML About Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2009.01.15 07:11:05 | 01,166,336 | ---- | M] (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll (cdl:{3dd53d40-7b8b-11D0-b013-00aa0059ce02} (HKLM) [CDL: Asychronous Pluggable Protocol Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008.01.19 08:35:15 | 01,544,704 | ---- | M] (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll (dvd:{12D51199-0DB5-46FE-A120-47A3D7D937CC} (HKLM) [DVD: Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2009.01.15 07:11:05 | 01,166,336 | ---- | M] (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll (file:{79eac9e7-baf9-11ce-8c82-00aa004ba90b} (HKLM) [file:, local: Asychronous Pluggable Protocol Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2009.01.15 07:11:05 | 01,166,336 | ---- | M] (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll (ftp:{79eac9e3-baf9-11ce-8c82-00aa004ba90b} (HKLM) [ftp: Asychronous Pluggable Protocol Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006.10.27 00:48:02 | 00,222,512 | ---- | M] (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (grooveLocalGWS:{88FED34C-F0CA-4636-A375-3CB6248B04CD} (HKLM) [Local Groove Web Services Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2009.01.15 07:11:05 | 01,166,336 | ---- | M] (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll (http:{79eac9e2-baf9-11ce-8c82-00aa004ba90b} (HKLM) [http: Asychronous Pluggable Protocol Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2009.01.15 07:11:05 | 01,166,336 | ---- | M] (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll (https:{79eac9e5-baf9-11ce-8c82-00aa004ba90b} (HKLM) [https: Asychronous Pluggable Protocol Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2009.01.15 07:08:35 | 03,580,416 | ---- | M] (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll (javascript:{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} (HKLM) [Microsoft HTML Javascript Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2009.01.15 07:11:05 | 01,166,336 | ---- | M] (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll (local:{79eac9e7-baf9-11ce-8c82-00aa004ba90b} (HKLM) [file:, local: Asychronous Pluggable Protocol Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2009.01.15 07:08:35 | 03,580,416 | ---- | M] (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll (mailto:{3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} (HKLM) [Microsoft HTML Mailto Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2009.01.15 07:11:05 | 01,166,336 | ---- | M] (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll (mk:{79eac9e6-baf9-11ce-8c82-00aa004ba90b} (HKLM) [mk: Asychronous Pluggable Protocol Handler])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2006.10.26 12:45:02 | 00,873,216 | ---- | M] (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} (HKLM) [HxProtocol Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2009.01.15 07:08:35 | 03,580,416 | ---- | M] (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll (res:{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} (HKLM) [Microsoft HTML Resource Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008.05.30 14:54:14 | 01,942,864 | R--- | M] (Skype Technologies) C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (skype4com:{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} (HKLM) [IEProtocolHandler Class])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2008.01.19 08:35:15 | 01,544,704 | ---- | M] (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll (tv:{CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} (HKLM) [TV: Pluggable Protocol])

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\]
[2009.01.15 07:08:35 | 03,580,416 | ---- | M] (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll (vbscript:{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} (HKLM) [Microsoft HTML Javascript Pluggable Protocol])

========== (O18) Protocol Filters ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2009.01.15 07:11:05 | 01,166,336 | ---- | M] (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll deflate:{8f6b0360-b80d-11d0-a9b3-006097942311} (HKLM) [AP encoding/decoding Filters]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2009.01.15 07:11:05 | 01,166,336 | ---- | M] (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll gzip:{8f6b0360-b80d-11d0-a9b3-006097942311} (HKLM) [AP encoding/decoding Filters]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters
[2006.10.26 20:41:48 | 00,044,344 | ---- | M] (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL text/xml:{807563E5-5146-11D5-A672-00B0D022E945} (HKLM) [Microsoft Office InfoPath XML Mime Filter]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00FBFCFF-B94C-4DCA-BFFE-F1C4D8D3E6EF}"=WinFast DTV2000 H Driver
"{0711500B-9912-4D60-9A49-C577B4503D42}"=Nero Recode Help
"{07FF7593-9DEA-40B5-9F87-F557E65BBF60}"=Nero Recode
"{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}"=Nero InfoTool
"{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}"=Nero BurningROM
"{12345674-DE9A-677A-CCEE-666356D89777}"=Nero BurnRights
"{1B040683-C390-4711-ABC7-DA8D85E470E7}"=NeroBurningROM
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}"=Mass Effect
"{266C7330-C0F4-49E5-8F20-A56F9F822875}"=SweetIM Toolbar for Internet Explorer 3.3
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}"=Java(TM) 6 Update 12
"{2D3455A8-3B15-41A8-99F8-0D4215746463}"=Nero StartSmart
"{2DD388FF-6422-43C9-86A1-C7A99C83E946}"=ASUS nVidia Driver
"{300578F9-9EFF-4B93-9AB1-C0E5707EF463}"=ACDSee Photo Manager 2009
"{3097B151-1F61-4211-A4CC-D70127B226AE}"=SoundTrax
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}"=Gigabyte Raid Configurer
"{3BD633E0-4BF8-4499-9149-88F0767D449C}"=Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"{3F30CC51-0788-487B-AA83-7214A239C0C0}"=Nero Disc Copy Gadget Help
"{435C07DB-4914-4277-A006-B33177057019}"=ArcSoft Magic-i 3
"{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}"=Sid Meier's Civilization 4
"{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}"=Microsoft Games for Windows - LIVE
"{4D42353B-533F-4306-AD0B-7FEF292ADE04}"=Nero CoverDesigner Help
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}"=Nero ControlCenter
"{548F99E0-14CC-4D53-A7D6-4A62A5F2C748}"=Nero PhotoSnap
"{55A29068-F2CE-456C-9148-C869879E2357}"=TuneUp Utilities 2009
"{56BE5CC9-95E6-4128-ABEA-968414CA9C80}"=DolbyFiles
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}"=neroxml
"{5869CE1E-BC0B-4648-B1AE-6EF4A985590C}"=Dynamic Energy Saver 1.0 B8.0128.1
"{5A62A775-A29A-4CE1-BBC2-4A9CD0B211EF}"=Nero Live Help
"{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}"=Nero Vision
"{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}"=Nero RescueAgent Help
"{5C42EAB8-54F9-423A-948C-1CBEF25F8DB4}"=Nero PhotoSnap Help
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}"=Skype™ 3.8
"{5C9BB0B3-E830-4814-BBA4-D93535E1C7B9}"=Nero Live
"{60DE4033-9503-48D1-A483-7846BD217CA9}"=ICQ6
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}"=Windows Media Player Firefox Plugin
"{6C28B15F-B09D-407E-BE92-AC928E1CE4E2}_is1"=Kodek 0.16 CZ
"{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable
"{74EC78BC-B379-4E29-9006-8F161DCAABA6}"=Apple Software Update
"{75321954-2589-11DC-DDCC-E98356D81493}"=Nero DriveSpeed
"{753973C4-B961-43BF-B2D4-3C8C92F7216E}"=Nero DriveSpeed
"{78523651-D8B1-11DC-CCEE-741589645873}"=Nero DiscSpeed
"{78A62183-20AB-4333-ACA7-08BDAD9368A3}"=Fallout Tactics
"{8503C901-85D7-4262-88D2-8D8B2A7B08B8}"=Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Patch
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}"=Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}"=Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}"=Nero ShowTime
"{8E1CCF20-9E12-4824-BD59-7AD9E0486DD8}"=SWAT 4
"{90120000-0015-0405-0000-0000000FF1CE}"=Microsoft Office Access MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}"=Microsoft Office Excel MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}"=Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}"=Microsoft Office Publisher MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}"=Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}"=Microsoft Office Word MUI (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}"=Microsoft Office Proof (Czech) 2007
"{90120000-001F-0407-0000-0000000FF1CE}"=Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}"=Microsoft Office Proof (English) 2007
"{90120000-001F-041B-0000-0000000FF1CE}"=Microsoft Office Proof (Slovak) 2007
"{90120000-002C-0405-0000-0000000FF1CE}"=Microsoft Office Proofing (Czech) 2007
"{90120000-0030-0000-0000-0000000FF1CE}"=Microsoft Office Enterprise 2007
"{90120000-0044-0405-0000-0000000FF1CE}"=Microsoft Office InfoPath MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}"=Microsoft Office Shared MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}"=Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00BA-0405-0000-0000000FF1CE}"=Microsoft Office Groove MUI (Czech) 2007
"{91120000-0031-0000-0000-0000000FF1CE}"=Microsoft Office Professional Hybrid 2007
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}"=Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{943CC0C0-2253-4FE0-9493-DD386F7857FD}"=Nero Express
"{948FFAAE-C57F-447B-9B07-3721E950BFDC}"=Nero ShowTime
"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}"=QuickTime
"{961D53EA-40DC-4156-AD74-25684CE05F81}"=Nero Installer
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}"=Fallout 3
"{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}"=Google Earth
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}"=Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}"=Nero ControlCenter
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}"=Advertising Center
"{A1E4213E-06AD-4C58-8315-92F11531D960}"=SweetIM for Messenger 2.6
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}"=Microsoft Visual C++ 2005 Redistributable
"{A73BEC3C-40A0-480E-87EF-EFCD33629088}"=NeroExpress
"{A8399F58-234A-48C6-BA55-30C15738BF3C}"=Nero CoverDesigner
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}"=ImagXpress
"{AAA12554-2589-11DC-92EF-E98356D81493}"=Nero InfoTool
"{AABBCC54-D8B1-11DC-92EF-E98356D81493}"=Nero DiscSpeed
"{ab0c6bf2-5a53-4d0d-a367-341bd2fca279}"=Nero 9
"{AC76BA86-7AD7-1033-7B44-A81300000003}"=Adobe Reader 8.1.3
"{ADE91A13-434D-4229-00BC-182BAD607303}"=Need for Speed™ Most Wanted
"{AEDBD563-24BB-4EE3-8366-A654DAC2D988}"=Mirror's Edge™
"{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}"=Nero WaveEditor
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy
"{B96C2601-52F5-4D5D-816A-63469EA311EF}"="Nero SoundTrax Help
"{BCD82AB5-670D-4242-90FA-1F97103C16CD}"=Movie Templates - Starter Kit
"{C69405BB-27AF-4940-B3DA-04910B4DFD23}_is1"=aTube Catcher 1.0
"{C92C584E-C781-475E-A8E2-C67D993A6B95}"=WinFast PVR2
"{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}"=Menu Templates - Starter Kit
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1
"{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}"=Nero Rescue Agent
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}"=GTA San Andreas
"{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}"=Nero StartSmart Help
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}"=Call of Duty(R) - World at War(TM)
"{D80CC53D-2196-490B-9A4A-106751F75154}"=AMCap
"{E48469CC-635E-4FD5-A122-1497C286D217}"=Call of Duty(R) 4 - Modern Warfare(TM)
"{E4A8DD87-A746-4443-BF25-CAF99CED6767}"=Nero Disc Copy Gadget
"{E4D15328-8C89-484B-B9AA-F5BE9EA6D01C}"=NVIDIA PhysX v8.10.17
"{E86156E5-9859-440D-8876-26CED1349802}"=Nero WaveEditor Help
"{E9E3EE81-6E7F-47A3-8D38-3470256704DB}_is1"=Tortun 0.8
"{EA9FFE54-D8B1-11DC-92EF-E98356D81493}"=Nero BurnRights
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}"=Realtek High Definition Audio Driver
"{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}"=Nero Vision
"{FD052FB9-FE90-4438-B355-15EDC89D8FB1}"=Microsoft Games for Windows - LIVE Redistributable
"Adobe Flash Player Plugin"=Adobe Flash Player 10 Plugin
"avast!"=avast! Antivirus
"CCleaner"=CCleaner (remove only)
"ENTERPRISE"=Microsoft Office Enterprise 2007
"Fallout2"=Fallout2
"GameSpy Arcade"=GameSpy Arcade
"HijackThis"=HijackThis 2.0.2
"HLSW_is1"=HLSW v1.3.1
"InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}"=Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
"InstallShield_{78A62183-20AB-4333-ACA7-08BDAD9368A3}"=Fallout Tactics
"InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}"=Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}"=Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{8E1CCF20-9E12-4824-BD59-7AD9E0486DD8}"=SWAT 4
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}"=Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}"=Call of Duty(R) - World at War(TM)
"InstallShield_{D80CC53D-2196-490B-9A4A-106751F75154}"=AMCap
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}"=Call of Duty(R) 4 - Modern Warfare(TM)
"Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1
"Mozilla Firefox (3.0.7)"=Mozilla Firefox (3.0.7)
"OpenAL"=OpenAL
"PROHYBRIDR"=2007 Microsoft Office system
"Scorpions WinCheater 2.07 (s databází 91)_is1"=Scorpions WinCheater
"ShockwaveFlash"=Adobe Flash Player 9 ActiveX
"Totalcmd"=Total Commander (Remove or Repair)
"VentriloMIX"=VentriloMIX
"V-Gear BEE"=V-Gear BEE
"VLC media player"=VideoLAN VLC media player 0.8.6i
"VorbisCodec"=Ogg Vorbis ACM Codec
"WinRAR archiver"=WinRAR
"Xfire"=Xfire (remove only)
"XVid;-)"=XVid;-)
"Yahoo! Companion"=Yahoo! Toolbar
"YInstHelper"=Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}"=Sid Meier's Civilization 4
"Google Chrome"=Google Chrome
"uTorrent"=µTorrent

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3165705971-866493375-3708113550-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}"=Sid Meier's Civilization 4
"Google Chrome"=Google Chrome
"uTorrent"=µTorrent

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 11.3.2009 14:32:28 | Computer Name = Rammon | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of C:\Users\User\AppData\Roaming\ICQ\Application.mdb failed, 00000005.

[ Application Events ]
Error - 8.3.2009 7:46:56 | Computer Name = Rammon | Source = SideBySide | ID = 16842830
Description = Selhalo generování kontextu aktivace pro: C:\Program Files (x86)\Nero\Nero
9\Nero Recode\Recode.exe.Manifest. Chyba v souboru manifestu nebo zásad na řádku
. Verze součásti požadovaná aplikací je v konfliktu s jinou verzí součásti, která
je již aktivní. Konfliktní součásti jsou: Součást 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc.manifest.
Součást
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_152e7382f3bd50c6.manifest.

Error - 10.3.2009 10:28:40 | Computer Name = Rammon | Source = SideBySide | ID = 16842830
Description = Selhalo generování kontextu aktivace pro: C:\Program Files (x86)\Nero\Nero
9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest. Chyba v souboru manifestu nebo zásad
na řádku . Verze součásti požadovaná aplikací je v konfliktu s jinou verzí součásti,
která je již aktivní. Konfliktní součásti jsou: Součást 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_152e7382f3bd50c6.manifest.
Součást
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc.manifest.

Error - 10.3.2009 10:28:40 | Computer Name = Rammon | Source = SideBySide | ID = 16842830
Description = Selhalo generování kontextu aktivace pro: C:\Program Files (x86)\Nero\Nero
9\Nero Recode\Recode.exe.Manifest. Chyba v souboru manifestu nebo zásad na řádku
. Verze součásti požadovaná aplikací je v konfliktu s jinou verzí součásti, která
je již aktivní. Konfliktní součásti jsou: Součást 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc.manifest.
Součást
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_152e7382f3bd50c6.manifest.

Error - 10.3.2009 11:28:01 | Computer Name = Rammon | Source = Application Error | ID = 1000
Description = Chybující aplikace iw3mp.exe, verze 0.0.0.0, časové razítko 0x4859a219,
chybující modul unknown, verze 0.0.0.0, časové razítko 0x00000000, kód výjimky
0xc0000005, posun chyby 0x00000000, ID procesu 0x308, čas spuštění aplikace 0x01c9a194b09c5590.

Error - 10.3.2009 11:28:04 | Computer Name = Rammon | Source = Application Error | ID = 1000
Description = Chybující aplikace iw3mp.exe, verze 0.0.0.0, časové razítko 0x4859a219,
chybující modul nvd3dum.dll, verze 7.15.11.6925, časové razítko 0x475f4c0c, kód
výjimky 0xc0000005, posun chyby 0x001d177a, ID procesu 0x308, čas spuštění aplikace
0x01c9a194b09c5590.

Error - 11.3.2009 16:02:51 | Computer Name = Rammon | Source = Application Error | ID = 1000
Description = Chybující aplikace iw3mp.exe, verze 0.0.0.0, časové razítko 0x4859a219,
chybující modul unknown, verze 0.0.0.0, časové razítko 0x00000000, kód výjimky
0xc0000005, posun chyby 0x3021ff58, ID procesu 0x1388, čas spuštění aplikace 0x01c9a2841c907656.

Error - 11.3.2009 16:02:54 | Computer Name = Rammon | Source = Application Error | ID = 1000
Description = Chybující aplikace iw3mp.exe, verze 0.0.0.0, časové razítko 0x4859a219,
chybující modul nvd3dum.dll, verze 7.15.11.6925, časové razítko 0x475f4c0c, kód
výjimky 0xc0000005, posun chyby 0x001d177a, ID procesu 0x1388, čas spuštění aplikace
0x01c9a2841c907656.

Error - 12.3.2009 10:30:58 | Computer Name = Rammon | Source = SideBySide | ID = 16842830
Description = Selhalo generování kontextu aktivace pro: C:\Program Files (x86)\Nero\Nero
9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest. Chyba v souboru manifestu nebo zásad
na řádku . Verze součásti požadovaná aplikací je v konfliktu s jinou verzí součásti,
která je již aktivní. Konfliktní součásti jsou: Součást 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_152e7382f3bd50c6.manifest.
Součást
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc.manifest.

Error - 12.3.2009 10:30:58 | Computer Name = Rammon | Source = SideBySide | ID = 16842830
Description = Selhalo generování kontextu aktivace pro: C:\Program Files (x86)\Nero\Nero
9\Nero Recode\Recode.exe.Manifest. Chyba v souboru manifestu nebo zásad na řádku
. Verze součásti požadovaná aplikací je v konfliktu s jinou verzí součásti, která
je již aktivní. Konfliktní součásti jsou: Součást 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc.manifest.
Součást
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_152e7382f3bd50c6.manifest.

Error - 12.3.2009 12:11:23 | Computer Name = Rammon | Source = Application Hang | ID = 1002
Description = Program OTViewIt.exe verze 1.0.21.0 přestal spolupracovat se systémem
Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto
problému, vyhledejte historii problému v ovládacím panelu Oznámení a řešení problémů.
ID
procesu: fbc Čas zahájení: 01c9a32d04fa8b49 Čas ukončení: 3

[ Media Center Events ]
Error - 5.3.2009 10:01:13 | Computer Name = Rammon | Source = ehRecvr | ID = 4
Description =

Error - 6.3.2009 10:19:50 | Computer Name = Rammon | Source = ehRecvr | ID = 4
Description =

Error - 6.3.2009 22:21:36 | Computer Name = Rammon | Source = ehRecvr | ID = 4
Description =

Error - 7.3.2009 5:13:11 | Computer Name = Rammon | Source = ehRecvr | ID = 4
Description =

Error - 8.3.2009 7:47:36 | Computer Name = Rammon | Source = ehRecvr | ID = 4
Description =

Error - 9.3.2009 8:25:24 | Computer Name = Rammon | Source = ehRecvr | ID = 4
Description =

Error - 10.3.2009 10:29:21 | Computer Name = Rammon | Source = ehRecvr | ID = 4
Description =

Error - 11.3.2009 10:09:59 | Computer Name = Rammon | Source = ehRecvr | ID = 4
Description =

Error - 11.3.2009 14:34:14 | Computer Name = Rammon | Source = ehRecvr | ID = 4
Description =

Error - 12.3.2009 10:31:24 | Computer Name = Rammon | Source = ehRecvr | ID = 4
Description =

[ System Events ]
Error - 13.10.2008 18:30:15 | Computer Name = Rammon | Source = cdrom | ID = 262151
Description = Zařízení \Device\CdRom0 má chybný blok.

Error - 13.10.2008 18:30:23 | Computer Name = Rammon | Source = cdrom | ID = 262151
Description = Zařízení \Device\CdRom0 má chybný blok.

Error - 13.10.2008 18:30:52 | Computer Name = Rammon | Source = cdrom | ID = 262151
Description = Zařízení \Device\CdRom0 má chybný blok.

Error - 13.10.2008 21:33:38 | Computer Name = Rammon | Source = EventLog | ID = 6008
Description = Předchozí vypnutí systému (3:31:33, 14.10.2008) bylo neočekávané.

Error - 13.10.2008 21:33:39 | Computer Name = Rammon | Source = HTTP | ID = 15016
Description =

Error - 14.10.2008 7:48:05 | Computer Name = Rammon | Source = HTTP | ID = 15016
Description =

Error - 14.10.2008 7:48:17 | Computer Name = Rammon | Source = Service Control Manager | ID = 7026
Description =

Error - 14.10.2008 8:05:25 | Computer Name = Rammon | Source = EventLog | ID = 6008
Description = Předchozí vypnutí systému (14:01:55, 14.10.2008) bylo neočekávané.

Error - 14.10.2008 8:05:26 | Computer Name = Rammon | Source = HTTP | ID = 15016
Description =

Error - 14.10.2008 8:05:41 | Computer Name = Rammon | Source = Service Control Manager | ID = 7026
Description =

[ TuneUp Events ]
Error - 21.2.2009 7:52:37 | Computer Name = Rammon | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-02-21 12:52:37', '\device\harddiskvolume2\games\ea
games\mirror's edge\binaries\mirrorsedge.exe','4408',0)

Error - 21.2.2009 7:57:27 | Computer Name = Rammon | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-02-21 12:57:27', '\device\harddiskvolume2\games\ea
games\mirror's edge\binaries\mirrorsedge.exe','1388',0)

Error - 21.2.2009 7:57:32 | Computer Name = Rammon | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-02-21 12:57:32', '\device\harddiskvolume2\games\ea
games\mirror's edge\binaries\mirrorsedge.exe','2628',0)

Error - 23.2.2009 8:56:50 | Computer Name = Rammon | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-02-23 13:56:50', '\device\harddiskvolume2\games\ea
games\mirror's edge\binaries\mirrorsedge.exe','552',0)

Error - 27.2.2009 12:27:55 | Computer Name = Rammon | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-02-27 17:27:55', '\device\harddiskvolume2\games\ea
games\mirror's edge\binaries\mirrorsedge.exe','784',0)

Error - 1.3.2009 12:43:08 | Computer Name = Rammon | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-03-01 17:43:08', '\device\harddiskvolume2\games\ea
games\mirror's edge\binaries\mirrorsedge.exe','5060',0)

Error - 9.3.2009 18:57:08 | Computer Name = Rammon | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-03-09 23:57:08', '\device\harddiskvolume2\games\ea
games\mirror's edge\binaries\mirrorsedge.exe','5316',0)

Error - 10.3.2009 15:01:52 | Computer Name = Rammon | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-03-10 20:01:52', '\device\harddiskvolume2\games\ea
games\mirror's edge\binaries\mirrorsedge.exe','4368',0)

Error - 10.3.2009 18:56:45 | Computer Name = Rammon | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "s": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-03-10 23:56:45', '\device\harddiskvolume2\games\ea
games\mirror's edge\binaries\mirrorsedge.exe','4024',0)

Error - 11.3.2009 21:43:14 | Computer Name = Rammon | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-03-12 02:43:14', '\device\harddiskvolume1\program
files (x86)\malwarebytes' anti-malware\mbam.exe','7576',0)


< End of report >

Re: Condorito: Prosím o kontrolu logu

Napsal: 12 bře 2009 18:41
od jaro3
Máš vistu x64 tak jsem použil toto..
Stáhni si program OTMoveIt3 (by OldTimer) a ulož si ho na disk C a spusť ho.
- Do levého sloupce (Paste Instructions for Items to be Moved) zkopíruj tyto cesty:
Poznámka: Nepoužij k označení funkci VYBRAT VŠE

Kód: Vybrat vše

:Processes
explorer.exe

:Services

:Reg

:Files
C:\Windows\tasks\SA.DAT

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
- Po zkopírování klikni na tlačítko MoveIt! a vlož sem následně celý obsah z pravého sloupce, jinak uložený ve složce C:\_OTMoveIt\MovedFiles\, který bude informovat o výsledcích
- Je možné, že pokud nebudou moci být soubory odstraněny, budeš dotázán na restart počítače, v tom případě restart potvrď

pak ještě také nový log z HJT.

Re: Condorito: Prosím o kontrolu logu

Napsal: 12 bře 2009 21:56
od Condorito
Hele nevim nez jsem to ztihl zkopirovat tak se restartoval komp a nasledne po spusteni systemu a toho programu mi to napsalo tohle...


========== PROCESSES ==========
Unable to kill process: explorer.exe
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File move failed. C:\Windows\tasks\SA.DAT scheduled to be moved on reboot.
========== COMMANDS ==========
File delete failed. C:\Users\User\AppData\Local\Temp\etilqs_nIGuvnitQCg1J6KysWhx scheduled to be deleted on reboot.
File delete failed. C:\Users\User\AppData\Local\Temp\~DFC5CF.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\Windows\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\ehprivjob.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\ehprivjob1.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\ehprivjob2.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\ehprivjob3.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\ehprivjob4.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\ehprivjob5.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\ehprivjob6.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\ehprivjob7.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\ehprivjob8.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\ehprivjob9.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\MpCmdRun.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\MpSigStub.log scheduled to be deleted on reboot.
Windows Temp folder emptied.
File delete failed. C:\Users\User\AppData\Local\Mozilla\Firefox\Profiles\odqoncl8.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Users\User\AppData\Local\Mozilla\Firefox\Profiles\odqoncl8.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Users\User\AppData\Local\Mozilla\Firefox\Profiles\odqoncl8.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Users\User\AppData\Local\Mozilla\Firefox\Profiles\odqoncl8.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Users\User\AppData\Local\Mozilla\Firefox\Profiles\odqoncl8.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 03122009_213932

Files moved on Reboot...
File move failed. C:\Windows\tasks\SA.DAT scheduled to be moved on reboot.
File C:\Users\User\AppData\Local\Temp\etilqs_nIGuvnitQCg1J6KysWhx not found!
C:\Users\User\AppData\Local\Temp\~DFC5CF.tmp moved successfully.
File move failed. C:\Windows\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\ehprivjob.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\ehprivjob1.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\ehprivjob2.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\ehprivjob3.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\ehprivjob4.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\ehprivjob5.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\ehprivjob6.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\ehprivjob7.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\ehprivjob8.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\ehprivjob9.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\MpCmdRun.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\MpSigStub.log scheduled to be moved on reboot.
File move failed. C:\Users\User\AppData\Local\Mozilla\Firefox\Profiles\odqoncl8.default\Cache\_CACHE_001_ scheduled to be moved on reboot.
File move failed. C:\Users\User\AppData\Local\Mozilla\Firefox\Profiles\odqoncl8.default\Cache\_CACHE_002_ scheduled to be moved on reboot.
File move failed. C:\Users\User\AppData\Local\Mozilla\Firefox\Profiles\odqoncl8.default\Cache\_CACHE_003_ scheduled to be moved on reboot.
File move failed. C:\Users\User\AppData\Local\Mozilla\Firefox\Profiles\odqoncl8.default\Cache\_CACHE_MAP_ scheduled to be moved on reboot.
File move failed. C:\Users\User\AppData\Local\Mozilla\Firefox\Profiles\odqoncl8.default\urlclassifier3.sqlite scheduled to be moved on reboot.

Re: Condorito: Prosím o kontrolu logu

Napsal: 12 bře 2009 21:59
od Condorito
jo tady to..jezis snad to neni stejny :D ale je to z toho praveho sloupce...next posilam lod z hjck...

========== PROCESSES ==========
Unable to kill process: explorer.exe
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File move failed. C:\Windows\tasks\SA.DAT scheduled to be moved on reboot.
========== COMMANDS ==========
File delete failed. C:\Users\User\AppData\Local\Temp\etilqs_5cJ0aH9QSEKSBIB7enf3 scheduled to be deleted on reboot.
File delete failed. C:\Users\User\AppData\Local\Temp\~DFD56D.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\Windows\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\ehprivjob.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\ehprivjob1.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\ehprivjob2.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\ehprivjob3.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\ehprivjob4.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\ehprivjob5.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\ehprivjob6.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\ehprivjob7.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\ehprivjob8.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\ehprivjob9.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\MpCmdRun.log scheduled to be deleted on reboot.
File delete failed. C:\Windows\temp\MpSigStub.log scheduled to be deleted on reboot.
Windows Temp folder emptied.
File delete failed. C:\Users\User\AppData\Local\Mozilla\Firefox\Profiles\odqoncl8.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Users\User\AppData\Local\Mozilla\Firefox\Profiles\odqoncl8.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Users\User\AppData\Local\Mozilla\Firefox\Profiles\odqoncl8.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Users\User\AppData\Local\Mozilla\Firefox\Profiles\odqoncl8.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Users\User\AppData\Local\Mozilla\Firefox\Profiles\odqoncl8.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 03122009_215041

Re: Condorito: Prosím o kontrolu logu

Napsal: 12 bře 2009 22:00
od Condorito
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:53:16, on 12.3.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\V-Gear BEE\VBService.exe
C:\Program Files (x86)\WinFast\WFDTV\DTVSchdl.exe
C:\Program Files (x86)\WinFast\WFDTV\WFWIZ.exe
C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\agent.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896" onclick="window.open(this.href);return false;
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/" onclick="window.open(this.href);return false;
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157" onclick="window.open(this.href);return false;
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896" onclick="window.open(this.href);return false;
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896" onclick="window.open(this.href);return false;
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157" onclick="window.open(this.href);return false;
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~2\ICQTOO~1\toolbaru.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~2\ICQTOO~1\toolbaru.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~2\ICQTOO~1\toolbaru.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [WinFastDTV] "C:\Program Files (x86)\WinFast\WFDTV\DTVSchdl.exe"
O4 - HKLM\..\Run: [WinFast Schedule] "C:\Program Files (x86)\WinFast\WFDTV\WFWIZ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [Google Update] "C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: BEE Service.lnk = C:\Program Files (x86)\V-Gear BEE\VBService.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C" onclick="window.open(this.href);return false;:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files (x86)\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files (x86)\GIGABYTE\GEST\GSvr.exe
O23 - Service: Google Update Service (GoogleUpdateBeta) - Unknown owner - C:\Users\User\AppData\Local\Google\Update\GoogleUpdateBeta.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MgiSvr - ArcSoft, Inc. - C:\Program Files (x86)\ArcSoft\Magic-i 3\uMgiSvr.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - Unknown owner - C:\Windows\System32\TuneUpDefragService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - Unknown owner - C:\Windows\System32\TUProgSt.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11036 bytes

Re: Condorito: Prosím o kontrolu logu

Napsal: 13 bře 2009 08:05
od jaro3
Je to ono..
Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O13 - Gopher Prefix:
takže jestli nejsou problémy,tak vyčisti systém CCleanerem

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni select all found, pak klik empty selected.
Pokud chceš zachovat svoje uložená hesla, klikni na No.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.
Vše.
Všechny časy jsou v UTC+01:00
Stránka 1 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz