PC se dokola restartuje

[Pawkin]

tady je ten log

========== PROCESSES ==========
Process explorer.exe killed successfully.
Unable to kill process: reader_s.exe
Unable to kill process: 94.tmp
Unable to kill process: sys64_nov.exe
Unable to kill process: wpv761253645631.exe
========== SERVICES/DRIVERS ==========

Service\Driver key zaqnxfqv7 deleted successfully.

Service\Driver zohxuamhqmln7 deleted successfully.

Service\Driver zmhvqnqqcrf5 deleted successfully.
========== REGISTRY ==========
========== FILES ==========
C:\WINDOWS\System32\12.tmp moved successfully.
C:\WINDOWS\System32\15.tmp moved successfully.
C:\WINDOWS\System32\17.tmp moved successfully.
C:\WINDOWS\System32\1A.tmp moved successfully.
C:\WINDOWS\System32\1D.tmp moved successfully.
C:\WINDOWS\System32\1E.tmp moved successfully.
File move failed. C:\WINDOWS\System32\2.tmp scheduled to be moved on reboot.
C:\WINDOWS\System32\21.tmp moved successfully.
C:\WINDOWS\System32\23.tmp moved successfully.
C:\WINDOWS\System32\25.tmp moved successfully.
C:\WINDOWS\System32\4.tmp moved successfully.
C:\WINDOWS\System32\5.tmp moved successfully.
C:\WINDOWS\System32\6.tmp moved successfully.
C:\WINDOWS\System32\8.tmp moved successfully.
C:\WINDOWS\System32\90.tmp moved successfully.
C:\WINDOWS\System32\93.tmp moved successfully.
C:\WINDOWS\System32\94.tmp moved successfully.
C:\WINDOWS\System32\C5.tmp moved successfully.
C:\WINDOWS\System32\C8.tmp moved successfully.
C:\WINDOWS\System32\C9.tmp moved successfully.
C:\WINDOWS\System32\D2.tmp moved successfully.
C:\WINDOWS\System32\D5.tmp moved successfully.
C:\WINDOWS\System32\D6.tmp moved successfully.
C:\WINDOWS\System32\D7.tmp moved successfully.
C:\WINDOWS\System32\dllcache\SETC8.tmp moved successfully.
C:\WINDOWS\002725_.tmp moved successfully.
C:\WINDOWS\LastGood.Tmp\system32\drivers moved successfully.
C:\WINDOWS\LastGood.Tmp\system32 moved successfully.
C:\WINDOWS\LastGood.Tmp\INF moved successfully.
C:\WINDOWS\LastGood.Tmp moved successfully.
C:\WINDOWS\SET21.tmp moved successfully.
C:\WINDOWS\SET3.tmp moved successfully.
C:\WINDOWS\SET4.tmp moved successfully.
C:\WINDOWS\SET8.tmp moved successfully.
C:\WINDOWS\_profsect_0001.tmp moved successfully.
C:\WINDOWS\$NtServicePackUninstall$\setc6.tmp moved successfully.
C:\WINDOWS\$NtServicePackUninstall$\setc7.tmp moved successfully.
C:\WINDOWS\AppPatch\SETC6.tmp moved successfully.
C:\WINDOWS\AppPatch\SETC7.tmp moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1C8.tmp moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPF6.tmp moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPF7.tmp moved successfully.
C:\WINDOWS\Installer\MSI1A07.tmp moved successfully.
C:\WINDOWS\Installer\MSIE9E.tmp moved successfully.
C:\WINDOWS\Installer\MSIEA6.tmp moved successfully.
C:\WINDOWS\SoftwareDistribution\Download\0cab2b9164d7d402a9c9b35a9bc1520c\BIT14F.tmp moved successfully.
File move failed. C:\WINDOWS\system32\2.tmp scheduled to be moved on reboot.
C:\WINDOWS\temp\BN20.tmp moved successfully.
File move failed. C:\WINDOWS\temp\pqvtkqdc.tmp scheduled to be moved on reboot.
C:\WINDOWS\temp\~TM1D.tmp moved successfully.
C:\WINDOWS\temp\~TM2B.tmp moved successfully.
C:\WINDOWS\temp\~TM54EA3A.TMP moved successfully.
C:\WINDOWS\temp\~TM99.tmp moved successfully.
C:\WINDOWS\temp\~TMCE.tmp moved successfully.
C:\WINDOWS\temp\~TMD.tmp moved successfully.
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
File/Folder C:\WINDOWS\System32\49.tmp.exe not found.
C:\WINDOWS\System32\DRIVERS\zaqnxfqv7.sys moved successfully.
C:\WINDOWS\System32\drivers\zohxuamhqmln7.sys moved successfully.
C:\WINDOWS\System32\drivers\zmhvqnqqcrf5.sys moved successfully.
C:\WINDOWS\System32\reader_s.exe moved successfully.
File/Folder C:\WINDOWS\System32\94.tmp not found.
C:\WINDOWS\System32\sys64_nov.exe moved successfully.
C:\WINDOWS\Temp\wpv761253645631.exe moved successfully.
C:\WINDOWS\System32\servises.exe moved successfully.
File/Folder C:\WINDOWS\System32\regedit.exe not found.
File/Folder C:\RECYCLER\S-1-5-21-0243337231-886787329-783463108-1055\dsregs.exe not found.
File/Folder C:\RECYCLER\S-1-5-21-0243992721-823278279-782329928-3321\bxswin.exe not found.
C:\WINDOWS\System32\_id.dat moved successfully.
C:\WINDOWS\_delis43.ini moved successfully.
C:\WINDOWS\System32\d3d9caps.dat moved successfully.
C:\WINDOWS\Tasks\SA.DAT moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\ADMINI~1.HOM\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ADMINI~1.HOM\LOCALS~1\Temp\Rar$EX00.953\OTMoveIt\OTM.exe scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ADMINI~1.HOM\LOCALS~1\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ADMINI~1.HOM\LOCALS~1\Temp\Cookies\index.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ADMINI~1.HOM\LOCALS~1\Temp\etilqs_3Gnm5VrvJqIfFXgd5rBk scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ADMINI~1.HOM\LOCALS~1\Temp\etilqs_XlBpNaH9DgeMDwTB74ts scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ADMINI~1.HOM\LOCALS~1\Temp\etilqs_y9A005P4NUn8deD3psTS scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Administrator.HOME\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\pqvtkqdc.tmp scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Administrator.HOME\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\u9tc6as6.default\OfflineCache\index.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator.HOME\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\u9tc6as6.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator.HOME\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\u9tc6as6.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator.HOME\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\u9tc6as6.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator.HOME\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\u9tc6as6.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator.HOME\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\u9tc6as6.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Administrator.HOME\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\u9tc6as6.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTM by OldTimer - Version 2.1.0.1 log created on 09222009_211518

Files moved on Reboot...
C:\WINDOWS\System32\2.tmp moved successfully.
File C:\WINDOWS\temp\pqvtkqdc.tmp not found!
C:\DOCUME~1\ADMINI~1.HOM\LOCALS~1\Temp\Rar$EX00.953\OTMoveIt\OTM.exe moved successfully.
File C:\DOCUME~1\ADMINI~1.HOM\LOCALS~1\Temp\etilqs_3Gnm5VrvJqIfFXgd5rBk not found!
File C:\DOCUME~1\ADMINI~1.HOM\LOCALS~1\Temp\etilqs_XlBpNaH9DgeMDwTB74ts not found!
File C:\DOCUME~1\ADMINI~1.HOM\LOCALS~1\Temp\etilqs_y9A005P4NUn8deD3psTS not found!
C:\Documents and Settings\Administrator.HOME\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\u9tc6as6.default\OfflineCache\index.sqlite moved successfully.
File move failed. C:\Documents and Settings\Administrator.HOME\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\u9tc6as6.default\Cache\_CACHE_001_ scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Administrator.HOME\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\u9tc6as6.default\Cache\_CACHE_002_ scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Administrator.HOME\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\u9tc6as6.default\Cache\_CACHE_003_ scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Administrator.HOME\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\u9tc6as6.default\Cache\_CACHE_MAP_ scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Administrator.HOME\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\u9tc6as6.default\urlclassifier3.sqlite scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\Administrator.HOME\Local Settings\Data aplikací\Mozilla\Firefox\Profiles\u9tc6as6.default\XUL.mfl scheduled to be moved on reboot.

Registry entries deleted on Reboot...


jo a po zapnuti systemu mi najiždeji divne procesy npř. 7.tmp, atd.

[Reklama]

[Damned]

Smaž složku C:\_OTM do koše a vysyp ho.

Stáhni si RSIT, klikni na "Continue" a nech ho provést sken.
Za chvíli se vygeneruje log se jménem log.txt (pokud nebude log vygenerován, najdeš jej v C:\rsit\log.txt); jeho obsah mi sem zkopíruj.
Zkopíruj sem (nebo přilož) i druhý log s názvem info.txt

Vypnul si ty Body obnovení?

[Pawkin]

když dam obnoveni systemu tak mi to napise Nastroj obnoveni systemu nemuže zajistit ochranu pc retartujte ho. tak po restartu to napiše znova

[Pawkin]

log z rist

Logfile of random's system information tool 1.05 (written by random/random)
Run by Administrator at 2009-09-22 21:46:58
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 31 GB (41%) free of 76 GB
Total RAM: 511 MB (47% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:47:26, on 22.9.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\ADMINI~1.HOM\LOCALS~1\Temp\Rar$EX01.360\tools\itr.exe
C:\Program Files\Trend Micro\HijackThis\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=explorer.exe
O1 - Hosts: ˙ţ# End of entries inserted by Spybot - Search & Destroy
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [13895] C:\WINDOWS\system32\9.tmp.exe
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe
O4 - HKLM\..\RunOnce: [GrpConv] grpconv -o
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [servises] C:\WINDOWS\system32\servises.exe
O4 - HKLM\..\Policies\Explorer\Run: [servises] C:\WINDOWS\system32\servises.exe
O4 - HKCU\..\Policies\Explorer\Run: [servises] C:\WINDOWS\system32\servises.exe
O4 - HKUS\S-1-5-18\..\Run: [reader_s] C:\Documents and Settings\Administrator.HOME\reader_s.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [servises] C:\WINDOWS\system32\servises.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [reader_s] C:\Documents and Settings\Administrator.HOME\reader_s.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [servises] C:\WINDOWS\system32\servises.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = ?
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FCI - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe
O23 - Service: ICF - Unknown owner - C:\WINDOWS\system32\svchost.exe:exe.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 4718 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{DB97E567-291E-4B34-8D35-AE6DDBCE7786}.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{FD2844F6-6DA7-4CFC-A47D-F40495874E68}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"13895"=C:\WINDOWS\system32\9.tmp [2009-09-22 19456]
"Regedit32"=C:\WINDOWS\system32\regedit.exe []
"reader_s"=C:\WINDOWS\System32\reader_s.exe [2009-09-22 59904]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
""= []
"GrpConv"=grpconv -o []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"servises"=C:\WINDOWS\system32\servises.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]
"servises"=C:\WINDOWS\system32\servises.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"servises"=C:\WINDOWS\system32\servises.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Program Files\ICQ6.5\ICQ.exe silent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
C:\Program Files\ICQLite\ICQLite.exe -minimize []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monopod]
C:\DOCUME~1\TOMPAW~1\LOCALS~1\Temp\c.exe []

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Reader Speed Launch.lnk -

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-05-03 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-02-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\NeverwinterNights\NWN\nwmain.exe"="C:\NeverwinterNights\NWN\nwmain.exe:*:Enabled:Neverwinter Nights"
"C:\NeverwinterNights\NWN\nwserver.exe"="C:\NeverwinterNights\NWN\nwserver.exe:*:Enabled:Neverwinter Nights Server"
"C:\Program Files\TrackMania Sunrise\TmSunrise.exe"="C:\Program Files\TrackMania Sunrise\TmSunrise.exe:*:Enabled:TmSunrise"
"C:\Documents and Settings\Tomáš Pawera\Plocha\Files\1nsane\Game.exe"="C:\Documents and Settings\Tomáš Pawera\Plocha\Files\1nsane\Game.exe:*:Enabled:INSANE"
"C:\Program Files\BitLord2\BitLord.exe"="C:\Program Files\BitLord2\BitLord.exe:*:Enabled:Bitlord2"
"\??\C:\WINDOWS\system32\winlogon.exe"="\??\C:\WINDOWS\system32\winlogon.exe:*:enabled:@shell32.dll,-1"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2009-09-22 21:39:56 ----A---- C:\WINDOWS\system32\A.tmp
2009-09-22 21:39:56 ----A---- C:\WINDOWS\system32\9.tmp
2009-09-22 21:39:54 ----A---- C:\WINDOWS\system32\8.tmp
2009-09-22 21:39:46 ----A---- C:\WINDOWS\system32\2.tmp
2009-09-22 21:19:54 ----A---- C:\WINDOWS\system32\7.tmp
2009-09-22 21:19:49 ----A---- C:\WINDOWS\system32\6.tmp
2009-09-22 21:19:41 ----A---- C:\WINDOWS\system32\3.tmp
2009-09-22 21:16:48 ----A---- C:\WINDOWS\system32\sys64_nov.exe
2009-09-22 21:16:47 ----A---- C:\WINDOWS\system32\DD.tmp
2009-09-22 21:16:46 ----A---- C:\WINDOWS\system32\DC.tmp
2009-09-22 21:16:45 ----A---- C:\WINDOWS\system32\reader_s.exe
2009-09-22 21:16:38 ----A---- C:\WINDOWS\system32\D9.tmp
2009-09-22 20:59:38 ----D---- C:\Documents and Settings\Administrator.HOME\Data aplikací\Dev-Cpp
2009-09-22 20:57:31 ----D---- C:\Dev-Cpp
2009-09-22 18:47:43 ----D---- C:\Documents and Settings\Administrator.HOME\Data aplikací\Identities
2009-09-22 18:17:04 ----D---- C:\Documents and Settings\Administrator.HOME\Data aplikací\TuneUp Software
2009-09-22 15:41:46 ----D---- C:\_OTL
2009-09-14 19:09:37 ----D---- C:\rsit
2009-09-14 19:05:23 ----HD---- C:\WINDOWS\PIF
2009-09-14 14:46:31 ----D---- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2009-09-14 14:46:30 ----D---- C:\Program Files\SDHelper (Spybot - Search & Destroy)
2009-09-14 14:46:30 ----D---- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
2009-09-14 14:46:28 ----D---- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
2009-09-06 14:20:11 ----D---- C:\Qoobox
2009-09-06 14:02:22 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-09-06 13:59:29 ----A---- C:\WINDOWS\ntbtlog.txt
2009-09-05 22:13:16 ----D---- C:\Documents and Settings\Administrator.HOME\Data aplikací\Macromedia
2009-09-05 22:13:16 ----D---- C:\Documents and Settings\Administrator.HOME\Data aplikací\Adobe
2009-09-05 22:08:37 ----D---- C:\Documents and Settings\Administrator.HOME\Data aplikací\Sun
2009-09-05 20:51:06 ----D---- C:\Documents and Settings\Administrator.HOME\Data aplikací\Malwarebytes

======List of files/folders modified in the last 1 months======

2009-09-22 21:40:29 ----D---- C:\Program Files\Mozilla Firefox
2009-09-22 21:39:59 ----D---- C:\WINDOWS\temp
2009-09-22 21:39:56 ----D---- C:\WINDOWS\system32
2009-09-22 21:38:59 ----D---- C:\WINDOWS
2009-09-22 21:15:50 ----SD---- C:\WINDOWS\Tasks
2009-09-22 21:15:47 ----D---- C:\WINDOWS\system32\drivers
2009-09-22 21:15:38 ----SHD---- C:\WINDOWS\Installer
2009-09-22 21:15:34 ----D---- C:\WINDOWS\AppPatch
2009-09-22 21:15:33 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2009-09-22 21:15:26 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-09-22 19:46:06 ----A---- C:\WINDOWS\system32\svchost.exe
2009-09-22 19:06:38 ----SD---- C:\Documents and Settings\Administrator.HOME\Data aplikací\Microsoft
2009-09-22 15:39:08 ----D---- C:\WINDOWS\Minidump
2009-09-21 19:06:52 ----D---- C:\WINDOWS\system32\CatRoot2
2009-09-14 19:06:03 ----A---- C:\WINDOWS\system.ini
2009-09-14 18:55:40 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2009-09-14 14:53:58 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-09-14 14:46:31 ----RD---- C:\Program Files
2009-09-06 19:33:29 ----D---- C:\WINDOWS\Prefetch
2009-09-06 15:56:06 ----D---- C:\WINDOWS\system32\Restore
2009-09-06 15:56:05 ----SHD---- C:\System Volume Information
2009-09-06 14:07:31 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-09-06 11:43:35 ----RSD---- C:\WINDOWS\Fonts
2009-09-05 22:07:18 ----SHD---- C:\RECYCLER

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2009-02-06 93336]
R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2005-07-08 29696]
R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\incdrm.sys [2006-07-12 28672]
R1 ziiiwidycp5;ziiiwidycp5; C:\WINDOWS\system32\drivers\ziiiwidycp5.sys [2009-09-22 40192]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2009-03-25 130432]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-02-06 106208]
S1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
S1 zaqnxfqv7;zaqnxfqv7.sys; C:\WINDOWS\system32\DRIVERS\zaqnxfqv7.sys []
S1 znvlphdfawohk3;znvlphdfawohk3; C:\WINDOWS\system32\drivers\znvlphdfawohk3.sys [2009-09-22 40192]
S2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2009-07-28 278984]
S2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-02-06 113448]
S2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2009-07-28 25416]
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2008-09-24 4122368]
S3 aqwc2rqm;aqwc2rqm; C:\WINDOWS\system32\drivers\aqwc2rqm.sys []
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
S3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-05-03 1540608]
S3 dot4;Ovladač MS IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-13 206976]
S3 Dot4Print;Ovladač třídy tiskárny standardu IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 Dot4Scan;Ovladač třídy skeneru standardu IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys [2001-08-17 8704]
S3 dot4usb;Filtr Dot4USB Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-10-24 23808]
S3 Edspport;EDSP Port Driver; C:\WINDOWS\system32\DRIVERS\es56hpi.sys [2000-02-25 546863]
S3 GMSIPCI;GMSIPCI; \??\D:\INSTALL\GMSIPCI.SYS []
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2005-07-08 99584]
S4 sr;Ovladač filtru Obnovy systému; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-14 73344]
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-03-02 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-05-03 434176]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-05-03 540672]
S2 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2009-05-29 93184]
S2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-02-06 727720]
S2 FCI;FCI; C:\WINDOWS\system32\svchost.exe [2009-09-22 34816]
S2 ICF;ICF; C:\WINDOWS\system32\svchost.exe [2009-09-22 34816]
S2 InCDsrv;InCD Helper; C:\Program Files\Ahead\InCD\InCDsrv.exe [2005-07-08 891904]
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-05-31 152984]
S2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
S2 mi-raysat_3dsmax8;RaySat_3dsmax8 Server; C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe [2005-09-21 86016]
S2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service; C:\WINDOWS\System32\TUProgSt.exe [2009-07-30 603904]
S2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2009-09-22 34816]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-04-13 33632]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-04-13 68952]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-02-06 20680]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\WINDOWS\System32\TuneUpDefragService.exe [2009-07-30 360192]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 958976]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2009-09-22 34816]

-----------------EOF-----------------


a info.txt


info.txt logfile of random's system information tool 1.06 2009-09-14 19:10:43

======Uninstall list======

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal-->C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Photoshop CS3-->C:\Program Files\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exe
Adobe Reader 7.0.5 - Czech-->MsiExec.exe /I{AC76BA86-7AD7-1029-7B44-A70500000002}
Adobe Setup-->MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}
AGEIA PhysX v7.11.13-->MsiExec.exe /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}
Aktualizace systému Windows Internet Explorer 8 (KB969497)-->"C:\WINDOWS\ie8updates\KB969497-IE8\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI HYDRAVISION-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}\setup.exe"
Autodesk 3ds Max 8-->MsiExec.exe /I{DBB313D6-4B13-4961-BD5F-673CDA1793CC}
Autodesk DWF Viewer-->C:\PROGRA~1\Autodesk\AUTODE~1\Setup.exe /remove
Backburner-->MsiExec.exe /I{3D347E6D-5A03-4342-B5BA-6A771885F379}
Balíček zprostředkovatele služby Microsoft Base Smart Card Cryptographic Service-->"C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
BitLord v2.0-->"C:\Program Files\BitLord2\unins000.exe"
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Codec Pack - All In 1 6.0.3.0-->C:\WINDOWS\iun6002.exe "C:\Program Files\Codec Pack - All In 1\irunin.ini"
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Driver Magician 3.45-->"C:\Program Files\Driver Magician\unins000.exe"
DVD Solution-->"C:\Program Files\Uninstall_CDS.exe"
EVEREST Ultimate Edition v5.02-->"C:\Program Files\Lavalys\EVEREST Ultimate Edition\unins000.exe"
FileZilla Client 3.2.4.1-->C:\Program Files\FileZilla FTP Client\uninstall.exe
Free Mp3 Wma Converter V 1.81-->"C:\Program Files\Free Audio Pack\unins000.exe"
GameSpy Arcade-->C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
Google Earth-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\setup.exe" -l0x9 -removeonly
GTA San Andreas-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}\setup.exe" -l0x9 -removeonly
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
InCD-->C:\WINDOWS\NuNInst.exe /UNINSTALL
IP Changer Premium-->C:\Program Files\IP Changer Premium\uninstall.exe
Java(TM) 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Landwirtschafts Simulator 2008-->"C:\Program Files\Landwirtschafts-Simulator 2008\unins000.exe"
LG ODD Auto Firmware Update-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6179550A-3E7C-499E-BCC9-9E8113E0A285}\setup.exe"
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Czech Language Pack-->MsiExec.exe /X{5E65E94D-69F2-4850-9E93-6459C53A0F50}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Language Pack - CSY-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0 Language Pack - CSY\install.exe
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120405-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.12)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Multimedia Launcher-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
Nero OEM-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
Neverwinter Nights Platinum Edition-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C1583439-B034-4881-819C-D52A0587662B}\Setup.exe" -l0x9
Neverwinter Nights(TM) - Čeština-->C:\NeverwinterNights\NWN\\cestina\data\Setup.exe "C:\NeverwinterNights\NWN\\cestina\data\"
NOD32 FiX v1.9-->"C:\Program Files\Obsolete\unins000.exe"
PDFCreator-->C:\Program Files\PDFCreator\unins000.exe
PowerProducer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe" -l0x5 -removeonly
REALTEK GbE & FE Ethernet PCI NIC Driver-->C:\Program Files\InstallShield Installation Information\{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}\setup.exe -runfromtemp -removeonly
Rome - Total War(TM)-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{A642BB6B-CA1D-4142-8DD4-318C3F3DC834} /l1033
Rome Total War - patch 1.3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A5D65411-8E73-4C85-AD80-9FE8B7391CF9}\Setup.exe" -l0x9
Scorpions WinCheater-->"C:\Program Files\Scorpions WinCheater\unins000.exe"
Security Update pro Microsoft .NET Framework 2.0 (KB928365)-->C:\WINDOWS\system32\msiexec.exe /promptrestart /uninstall {8056AC9E-49C5-4375-9ADE-B2F862C9DF51} /package {7131646D-CD3C-40F4-97B9-CD9E4E6262EF}
Servant Salamander 2.0-->C:\Program Files\Servant Salamander 2.0\remove\remove.exe
Skype 2.5-->"C:\Program Files\Skype\Phone\unins000.exe"
Spybot - Search & Destroy 1.4-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
The KMPlayer (remove only)-->"C:\Program Files\The KMPlayer\uninstall.exe"
TrackMania Sunrise Extreme 1.5.1-->"C:\Program Files\TrackMania Sunrise\unins000.exe"
TuneUp Utilities 2009-->MsiExec.exe /I{55A29068-F2CE-456C-9148-C869879E2357}
TurboCAD Deluxe 15-->MsiExec.exe /I{06792A12-AF16-42F4-BECD-BD913DE0FEC0}
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
Virtual DJ - Atomix Productions-->C:\PROGRA~1\VIRTUA~1\UNWISE.EXE C:\PROGRA~1\VIRTUA~1\INSTALL.LOG
Winamp (remove only)-->"C:\Program Files\Winamp\UninstWA.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR-->C:\Program Files\WinRAR\uninstall.exe

=====HijackThis Backups=====

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2009-05-28]
R3 - URLSearchHook: Mario Forever Toolbar - {707db484-2428-402d-afb5-d85b387544c7} - C:\Program Files\Mario_Forever\tbMar1.dll [2009-05-28]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/ [2009-05-28]
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [2009-05-28]
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll (file missing) [2009-05-28]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 [2009-05-28]
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun [2009-05-28]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com [2009-05-28]
R3 - URLSearchHook: (no name) - - (no file) [2009-05-28]
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2009-05-28]
O4 - HKLM\..\Run: [WhenUSearchWHSE] "C:\Program Files\DAEMON Tools SearchBar\whse.exe" [2009-05-28]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 [2009-05-28]
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe [2009-05-28]
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2009-05-28]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php [2009-05-28]
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE [2009-05-28]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 [2009-05-28]
O4 - HKLM\..\Run: [WhenUSearch] "C:\Program Files\DAEMON Tools SearchBar\Search.exe" [2009-05-28]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 [2009-05-28]
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A [2009-05-28]
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy [2009-05-28]
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2009-05-28]
O3 - Toolbar: Mario Forever Toolbar - {707db484-2428-402d-afb5-d85b387544c7} - C:\Program Files\Mario_Forever\tbMar1.dll [2009-05-28]
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2009-05-28]
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe [2009-05-28]
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [2009-05-28]
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [2009-05-28]
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing) [2009-05-28]
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe [2009-05-28]
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing) [2009-05-28]
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe [2009-05-28]
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe [2009-05-28]
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-05-28]
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe [2009-05-28]
O20 - Winlogon Notify: qlvddc - qlvddc.dll (file missing) [2009-05-28]
O23 - Service: ESET HTTP Server (ehttpsrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-05-28]
O23 - Service: Automatické aktualizace (wuauserv) - Unknown owner - C:\WINDOWS\ [2009-05-28]
O23 - Service: Služba inteligentního přenosu na pozadí (BITS) (BITS) - Unknown owner - C:\WINDOWS\ [2009-05-28]
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe [2009-05-28]
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2009-05-28]
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe [2009-05-28]
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k [2009-05-28]
O23 - Service: Automatické aktualizace (wuauserv) - Unknown owner - C:\WINDOWS\ [2009-05-28]
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 [2009-05-28]
O23 - Service: ESET HTTP Server (ehttpsrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-05-28]
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe [2009-05-28]
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL [2009-05-28]
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll [2009-05-28]
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent [2009-05-28]
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe [2009-05-28]
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-05-28]
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun [2009-05-28]
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') [2009-05-28]
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice [2009-05-28]
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe [2009-05-28]
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized [2009-05-28]
O23 - Service: Služba inteligentního přenosu na pozadí (BITS) (BITS) - Unknown owner - C:\WINDOWS\ [2009-05-28]
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll [2009-05-28]
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [2009-05-28]
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe [2009-05-28]
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe [2009-05-28]
O23 - Service: ESET HTTP Server (ehttpsrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-05-28]
O23 - Service: Automatické aktualizace (wuauserv) - Unknown owner - C:\WINDOWS\ [2009-05-28]
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe [2009-05-28]
O23 - Service: Služba inteligentního přenosu na pozadí (BITS) (BITS) - Unknown owner - C:\WINDOWS\ [2009-05-28]
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-05-28]
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-05-28]
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe [2009-05-28]
O23 - Service: ESET HTTP Server (ehttpsrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-05-28]
O23 - Service: Služba inteligentního přenosu na pozadí (BITS) (BITS) - Unknown owner - C:\WINDOWS\ [2009-05-28]
O23 - Service: Automatické aktualizace (wuauserv) - Unknown owner - C:\WINDOWS\ [2009-05-28]
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe [2009-05-28]
O3 - Toolbar: Mario Forever Toolbar - {707db484-2428-402d-afb5-d85b387544c7} - C:\Program Files\Mario_Forever\tbMar1.dll [2009-05-28]
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing) [2009-05-28]
O4 - HKLM\..\Run: [WhenUSearchWHSE] "C:\Program Files\DAEMON Tools SearchBar\whse.exe" [2009-05-28]
O2 - BHO: WhenUSearch Helper - {BA2325ED-F9EB-4830-8FCE-0BC35B16969B} - C:\Program Files\DAEMON Tools SearchBar\search.dll (file missing) [2009-05-28]
R3 - URLSearchHook: (no name) - - (no file) [2009-05-28]
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll (file missing) [2009-05-28]
O2 - BHO: (no name) - {7c5c0f58-e061-457d-9033-77307f5ed00c} - (no file) [2009-05-28]
O4 - HKLM\..\Run: [WhenUSearch] "C:\Program Files\DAEMON Tools SearchBar\Search.exe" [2009-05-28]
O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe [2009-05-28]
R3 - URLSearchHook: Mario Forever Toolbar - {707db484-2428-402d-afb5-d85b387544c7} - C:\Program Files\Mario_Forever\tbMar1.dll [2009-05-28]
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A [2009-05-28]
O4 - HKLM\..\Run: [services] C:\WINDOWS\services.exe [2009-05-28]
O4 - HKCU\..\Run: [reader_s] C:\Documents and Settings\Tomáš Pawera\reader_s.exe [2009-05-28]
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing) [2009-05-28]
O20 - Winlogon Notify: qlvddc - C:\WINDOWS\SYSTEM32\qlvddc.dll [2009-05-28]
O20 - Winlogon Notify: qlvddc - qlvddc.dll (file missing) [2009-05-30]
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [2009-05-30]
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe [2009-08-11]
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe [2009-08-11]
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll [2009-08-11]
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2009-08-11]
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy [2009-08-11]

======Hosts File======

127.0.0.1 jL.chura.pl
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com

======Security center information======

AV: 0.-1.2089877597 (disabled) (outdated)
AV: ESET NOD32 Antivirus 4.0

======System event log======

Computer Name: HOME
Event Code: 7036
Message: Stav služby Kompatibilita pro rychlé přepínání uživatelů byl změněn na: Spuštěno

Record Number: 5
Source Name: Service Control Manager
Time Written: 20090728074750.000000+120
Event Type: Informace
User:

Computer Name: HOME
Event Code: 7035
Message: Řídící příkaz Spuštěno byl službě Kompatibilita pro rychlé přepínání uživatelů úspěšně odeslán.

Record Number: 4
Source Name: Service Control Manager
Time Written: 20090728074750.000000+120
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: HOME
Event Code: 7036
Message: Stav služby Terminálová služba byl změněn na: Spuštěno

Record Number: 3
Source Name: Service Control Manager
Time Written: 20090728074750.000000+120
Event Type: Informace
User:

Computer Name: HOME
Event Code: 6005
Message: Služba Event Log byla spuštěna.

Record Number: 2
Source Name: EventLog
Time Written: 20090728074726.000000+120
Event Type: Informace
User:

Computer Name: HOME
Event Code: 6009
Message: Microsoft (R) Windows (R) 5.01. 2600 Service Pack 3 Uniprocessor Free.

Record Number: 1
Source Name: EventLog
Time Written: 20090728074726.000000+120
Event Type: Informace
User:

=====Application event log=====

Computer Name: HOME
Event Code: 1517
Message: Systém Windows uložil registr uživatele HOME\Tomáš Pawera, ale některá z aplikací nebo služeb během odhlášení registr nadále používala. Paměť používaná registrem uživatele nebyla uvolněna. Registr bude uvolněn, jakmile již nebude používán.


To je často způsobeno tím, že jsou služby spuštěny pomocí uživatelského účtu. Zkuste služby konfigurovat pro spuštění pomocí účtu místní nebo síťové služby.

Record Number: 621
Source Name: Userenv
Time Written: 20090529215512.000000+120
Event Type: Upozornění
User: NT AUTHORITY\SYSTEM

Computer Name: HOME
Event Code: 3
Message:
Record Number: 620
Source Name: RaySat_3dsmax8 Server
Time Written: 20090529214856.000000+120
Event Type: Informace
User:

Computer Name: HOME
Event Code: 3
Message:
Record Number: 619
Source Name: RaySat_3dsmax8 Server
Time Written: 20090529214856.000000+120
Event Type: Informace
User:

Computer Name: HOME
Event Code: 0
Message:
Record Number: 618
Source Name: ICQ Service
Time Written: 20090529214849.000000+120
Event Type: Informace
User:

Computer Name: HOME
Event Code: 105
Message: The service was started.

Record Number: 617
Source Name: ATI Smart
Time Written: 20090529214834.000000+120
Event Type: Informace
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Autodesk Shared;C:\Program Files\Autodesk\backburner;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\DivX Shared\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"SAFEBOOT_OPTION"=NETWORK

-----------------EOF-----------------

[Damned]

Body obnovení vypni:
Ikona Tento počítač pravým myšítkem, zvol Vlastnosti. Na záložce Obnovení systému vypni Body obnovení.
*****************************************************************************************************************************************
Stáhni si z mého podpisu HijackThis (pouze *exe, ne setup). Před uložením přejmenuj soubor HiJackThis.exe na tomáš.com.

Tento přejmenovaný soubor spusť, vypni prohlížeče, odpoj se od internetu a fixni (spustit tomáš.com, "Do a system scan only", zatrhnout políčko před hodnotou, zmáčknout "Fix checked" a poté "Ano"):

R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=explorer.exe
O1 - Hosts: ˙ţ# End of entries inserted by Spybot - Search & Destroy
O4 - HKLM\..\Run: [13895] C:\WINDOWS\system32\9.tmp.exe
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe
O4 - HKLM\..\RunOnce: [GrpConv] grpconv -o
O4 - HKCU\..\Run: [servises] C:\WINDOWS\system32\servises.exe
O4 - HKLM\..\Policies\Explorer\Run: [servises] C:\WINDOWS\system32\servises.exe
O4 - HKCU\..\Policies\Explorer\Run: [servises] C:\WINDOWS\system32\servises.exe
O4 - HKUS\S-1-5-18\..\Run: [reader_s] C:\Documents and Settings\Administrator.HOME\reader_s.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [servises] C:\WINDOWS\system32\servises.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [reader_s] C:\Documents and Settings\Administrator.HOME\reader_s.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [servises] C:\WINDOWS\system32\servises.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = ?
O23 - Service: FCI - Unknown owner - C:\WINDOWS\system32\svchost.exe:ext.exe
O23 - Service: ICF - Unknown owner - C:\WINDOWS\system32\svchost.exe:exe.exe
*****************************************************************************************************************************************
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"13895"=-
"Regedit32"=-
"reader_s"=-

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
""=-
"GrpConv"=-

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"servises"=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"servises"=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"servises"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monopod]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]



Ulož si ho jako na Plochu jako fix.reg a jako typ všechny soubory , najdi tento soubor na Ploše a poklepáním ho spusť. Budeš dotázán na přidání hodnoty do registru. Schval.
*****************************************************************************************************************************************
Spusť OTM
- Do levého sloupce (Paste Instructions for Items to be Moved) zkopíruj tyto cesty:
Poznámka: Nepoužij k označení funkci VYBRAT VŠE

Kód: Vybrat vše

:Processes
explorer.exe

:Services
zaqnxfqv7
zaqnxfqv7.sys
znvlphdfawohk3
znvlphdfawohk3.sys
aqwc2rqm
aqwc2rqm.sys
GMSIPCI
GMSIPCI.SYS
FCI
ICF
ziiiwidycp5
ziiiwidycp5.sys

:Reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"13895"=-
"Regedit32"=-
"reader_s"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
""=-
"GrpConv"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"servises"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"servises"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"servises"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monopod]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

:Files
C:\WINDOWS\System32\*.tmp /s
C:\WINDOWS\*.tmp /s
C:\WINDOWS\system32\*.tmp.dll /s
C:\WINDOWS\system32\SET*.tmp /s
C:\WINDOWS\system32\svchost.exe:ext.exe
C:\WINDOWS\System32\94.tmp
C:\WINDOWS\system32\A.tmp
C:\WINDOWS\system32\9.tmp
C:\WINDOWS\system32\8.tmp
C:\WINDOWS\system32\2.tmp
C:\WINDOWS\system32\7.tmp
C:\WINDOWS\system32\6.tmp
C:\WINDOWS\system32\3.tmp
C:\WINDOWS\system32\sys64_nov.exe
C:\WINDOWS\system32\DD.tmp
C:\WINDOWS\system32\DC.tmp
C:\WINDOWS\system32\reader_s.exe
C:\WINDOWS\system32\D9.tmp
C:\WINDOWS\system32\drivers\ziiiwidycp5.sys
C:\WINDOWS\system32\DRIVERS\zaqnxfqv7.sys
C:\WINDOWS\system32\drivers\znvlphdfawohk3.sys
C:\WINDOWS\system32\drivers\aqwc2rqm.sys
D:\INSTALL\GMSIPCI.SYS
C:\Program Files\DAEMON Tools SearchBar
C:\Program Files\ICQ6Toolbar
C:\Program Files\Mario_Forever\tbMar1.dll
C:\Program Files\DAEMON Tools Toolbar
C:\WINDOWS\services.exe
C:\WINDOWS\servises.exe
C:\WINDOWS\system32\servises.exe
C:\Documents and Settings\Tomáš Pawera\reader_s.exe
C:\WINDOWS\SYSTEM32\qlvddc.dll
C:\DOCUME~1\TOMPAW~1\LOCALS~1\Temp\c.exe
C:\Documents and Settings\Administrator.HOME\reader_s.exe

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]


- Po zkopírování klikni na tlačítko MoveIt! a vlož sem následně celý obsah z pravého sloupce, jinak uložený ve složce C:\_OTMoveIt\MovedFiles\, který bude informovat o výsledcích
- Je možné, že pokud nebudou moci být soubory odstraněny, budeš dotázán na restart počítače, v tom případě restart potvrď.

Pak ještě vlož i oba logy z OTL.

[Pawkin]

ja tam vubec obnoveni systemu nemam je to fakt divne, skusim udelat to cos napsal. a když chcu stáhnout hijackthis tak se mi pise stranka neexistuje

[Pawkin]

otl.txt


OTL logfile created on: 23.9.2009 14:21:24 - Run 3
OTL by OldTimer - Version 3.0.14.0 Folder = C:\Documents and Settings\Administrator.HOME\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

511,48 Mb Total Physical Memory | 236,05 Mb Available Physical Memory | 46,15% Memory free
865,48 Mb Paging File | 423,84 Mb Available in Paging File | 48,97% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 30,62 Gb Free Space | 41,09% Space Free | Partition Type: NTFS
Drive D: | 3,81 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2008.04.14 05:22:22 | 01,079,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009.09.23 14:15:09 | 00,162,304 | -HS- | M] () -- C:\WINDOWS\System32\winulty.exe
PRC - [2008.04.14 05:22:15 | 00,435,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cmd.exe
PRC - [2009.09.21 21:18:08 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator.HOME\Plocha\OTL.exe
PRC - [2009.09.16 15:27:54 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

========== Win32 Services (SafeList) ==========

SRV - [2007.04.13 03:20:52 | 00,033,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2006.05.03 18:43:46 | 00,434,176 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Stopped])
SRV - [2006.05.03 11:57:00 | 00,540,672 | ---- | M] () -- C:\WINDOWS\System32\ati2sgag.exe -- (ATI Smart [Auto | Stopped])
SRV - [2009.05.29 20:01:53 | 00,093,184 | ---- | M] (Autodesk) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service [Auto | Stopped])
SRV - [2007.04.13 03:21:18 | 00,068,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2009.02.06 14:27:06 | 00,020,680 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv [On_Demand | Stopped])
SRV - [2009.02.06 14:23:36 | 00,727,720 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn [Auto | Stopped])
SRV - [2008.04.14 05:21:53 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005.07.08 18:24:46 | 00,891,904 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv [Auto | Stopped])
SRV - [2009.05.31 14:52:29 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Stopped])
SRV - [2003.06.20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Stopped])
SRV - [2005.09.21 14:13:44 | 00,086,016 | ---- | M] () -- C:\Program Files\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe -- (mi-raysat_3dsmax8 [Auto | Stopped])
SRV - [2003.07.28 21:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2009.07.30 21:06:13 | 00,360,192 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\TuneUpDefragService.exe -- (TuneUp.Defrag [On_Demand | Stopped])
SRV - [2009.07.30 21:06:21 | 00,603,904 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc [Auto | Stopped])
SRV - [2008.12.11 13:31:36 | 00,027,904 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\uxtuneup.dll -- (UxTuneUp [Auto | Stopped])
SRV - [2007.01.05 21:57:30 | 00,958,976 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2009.09.23 14:15:20 | 00,094,432 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\agp440.sys -- (agp440 [Boot | Running])
DRV - [2008.09.24 10:40:22 | 04,122,368 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\ALCXWDM.SYS -- (ALCXWDM [On_Demand | Stopped])
DRV - [2006.05.03 18:50:42 | 01,540,608 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Stopped])
DRV - [2009.07.28 11:32:48 | 00,278,984 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\atksgt.sys -- (atksgt [Auto | Stopped])
DRV - [2001.08.17 20:19:20 | 00,096,256 | ---- | M] (Copyright (C) Creative Technology Ltd. 1994-2001) -- C:\WINDOWS\System32\drivers\ctlsb16.sys -- (ctlsb16 [On_Demand | Stopped])
DRV - [2009.02.06 14:19:52 | 00,113,448 | ---- | M] (ESET) -- C:\WINDOWS\System32\DRIVERS\eamon.sys -- (eamon [Auto | Stopped])
DRV - [2000.02.25 10:37:36 | 00,546,863 | R--- | M] (ESS Technology, Inc.) -- C:\WINDOWS\System32\DRIVERS\es56hpi.sys -- (Edspport [On_Demand | Stopped])
DRV - [2009.02.06 14:23:18 | 00,106,208 | ---- | M] (ESET) -- C:\WINDOWS\System32\DRIVERS\ehdrv.sys -- (ehdrv [System | Stopped])
DRV - [2009.02.06 14:24:24 | 00,093,336 | ---- | M] (ESET) -- C:\WINDOWS\System32\DRIVERS\epfwtdir.sys -- (epfwtdir [System | Running])
DRV - [2008.04.13 20:45:29 | 00,010,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\gameenum.sys -- (gameenum [On_Demand | Stopped])
DRV - [2005.07.08 18:17:54 | 00,099,584 | ---- | M] (Nero AG) -- C:\WINDOWS\System32\drivers\InCDfs.sys -- (InCDfs [Disabled | Stopped])
DRV - [2005.07.08 18:17:36 | 00,029,696 | ---- | M] (Nero AG) -- C:\WINDOWS\System32\DRIVERS\InCDPass.sys -- (InCDPass [System | Running])
DRV - [2006.07.12 11:58:02 | 00,028,672 | ---- | M] (Nero AG) -- C:\WINDOWS\System32\drivers\InCDrm.sys -- (incdrm [System | Running])
DRV - [2009.07.28 11:32:47 | 00,025,416 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\lirsgt.sys -- (lirsgt [Auto | Stopped])
DRV - [2009.08.24 16:21:56 | 00,626,336 | ---- | M] () -- C:\WINDOWS\System32\drivers\ntfs.sys -- (Ntfs [Disabled | Running])
DRV - [2006.03.02 14:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2009.05.01 23:03:38 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2009.03.25 14:29:52 | 00,130,432 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\System32\DRIVERS\Rtnicxp.sys -- (RTL8023xp [On_Demand | Running])
DRV - [2004.08.04 00:31:34 | 00,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\System32\DRIVERS\RTL8139.SYS -- (rtl8139 [On_Demand | Stopped])
DRV - [2007.11.13 12:25:52 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2006.07.05 14:46:06 | 00,063,352 | ---- | M] (Protection Technology (StarForce)) -- C:\WINDOWS\System32\drivers\sfdrv01a.sys -- (sfdrv01a [Boot | Running])
DRV - [2006.06.14 16:56:56 | 00,013,680 | ---- | M] (Protection Technology (StarForce)) -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02 [Boot | Running])
DRV - [2006.07.10 18:19:58 | 00,027,032 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\sfsync02.sys -- (sfsync02 [Boot | Running])
DRV - [2007.01.12 20:09:53 | 00,082,296 | ---- | M] (Protection Technology (StarForce)) -- C:\WINDOWS\System32\drivers\sfvfs02.sys -- (sfvfs02 [Boot | Running])
DRV - [2009.06.25 13:08:16 | 00,721,904 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2009.09.23 13:24:41 | 00,040,192 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\zillecqgv3.sys -- (zillecqgv3 [System | Running])
DRV - [2009.09.23 14:15:13 | 00,040,192 | ---- | M] () -- C:\WINDOWS\System32\drivers\zwyqwtndia5.sys -- (zwyqwtndia5 [System | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.14

FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009.05.31 14:52:32 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009.09.21 19:48:32 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009.09.16 15:28:01 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2009.08.04 11:03:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.HOME\Data aplikací\mozilla\Extensions
[2009.08.04 11:03:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.HOME\Data aplikací\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009.08.04 11:03:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.HOME\Data aplikací\mozilla\Firefox\Profiles\u9tc6as6.default\extensions
[2009.09.22 20:13:03 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009.09.16 15:28:01 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009.05.31 14:52:48 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009.09.16 15:27:54 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009.09.16 15:27:54 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009.05.01 23:02:48 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\libdivx.dll
[2009.05.31 14:52:31 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009.05.12 20:46:20 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2009.05.19 00:41:32 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2009.09.16 15:27:55 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009.06.05 17:10:12 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009.06.05 17:10:13 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009.06.05 17:10:13 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009.06.05 17:10:13 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009.06.05 17:10:13 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009.06.05 17:10:13 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009.06.05 17:10:13 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009.05.01 23:02:48 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\ssldivx.dll
[2009.06.03 17:32:27 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009.06.03 17:32:27 | 00,000,638 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
[2009.06.03 17:32:27 | 00,001,687 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\mall-cz.xml
[2009.06.03 17:32:27 | 00,001,367 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml
[2009.06.03 17:32:27 | 00,000,654 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml
[2009.06.03 17:32:27 | 00,001,179 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: (328216 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 123haustiereundmehr.com
O1 - Hosts: 127.0.0.1 123moviedownload.com
O1 - Hosts: 127.0.0.1 123simsen.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 125sms.co.uk
O1 - Hosts: 127.0.0.1 125sms.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 1337crew.info
O1 - Hosts: 127.0.0.1 1337-crew.to
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 150freesms.de
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 127.0.0.1 171203.com
O1 - Hosts: 127.0.0.1 17-plus.com
O1 - Hosts: 127.0.0.1 1800searchonline.com
O1 - Hosts: 127.0.0.1 180searchassistant.com
O1 - Hosts: 127.0.0.1 180solutions.com
O1 - Hosts: 127.0.0.1 181.365soft.info
O1 - Hosts: 127.0.0.1 1987324.com
O1 - Hosts: 127.0.0.1 1-domains-registrations.com
O1 - Hosts: 127.0.0.1 1sexparty.com
O1 - Hosts: 127.0.0.1 1sms.de
O1 - Hosts: 127.0.0.1 1spybot.com
O1 - Hosts: 127.0.0.1 1stantivirus.com
O1 - Hosts: 127.0.0.1 1stpagehere.com
O1 - Hosts: 11265 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [9626] C:\WINDOWS\System32\7.tmp.exe File not found
O4 - HKLM..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe (Heaventools Software)
O4 - HKLM..\Run: [Regedit32] C:\WINDOWS\System32\regedit.exe File not found
O4 - HKLM..\Run: [Windows Upgrate Utility] C:\WINDOWS\System32\winulty.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKLM..\RunOnce: [OTM] C:\Documents and Settings\Administrator.HOME\Local Settings\temp\Rar$EX00.000\OTMoveIt\OTM.exe (OldTimer Tools)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O9 - Extra Button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: mojebanka.cz ([www] https in Trusted sites)
O15 - HKLM\..Trusted Domains: 59 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/sh ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: TaskMan - (C:\RECYCLER\S-1-5-21-0243992721-823278279-782329928-3321\bxswin.exe) - C:\RECYCLER\S-1-5-21-0243992721-823278279-782329928-3321\bxswin.exe File not found
O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-0243992721-823278279-782329928-3321\bxswin.exe) - C:\RECYCLER\S-1-5-21-0243992721-823278279-782329928-3321\bxswin.exe File not found
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-0243337231-886787329-783463108-1055\dsregs.exe) - C:\RECYCLER\S-1-5-21-0243337231-886787329-783463108-1055\dsregs.exe File not found
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009.09.23 14:15:16 | 00,047,616 | ---- | C] () -- C:\WINDOWS\System32\sys64_nov.exe
[2009.09.23 14:15:13 | 00,040,192 | ---- | C] () -- C:\WINDOWS\System32\drivers\zwyqwtndia5.sys
[2009.09.23 14:15:12 | 00,059,904 | ---- | C] (Heaventools Software) -- C:\WINDOWS\System32\reader_s.exe
[2009.09.23 14:15:10 | 00,162,304 | -HS- | C] () -- C:\WINDOWS\System32\winulty.exe
[2009.09.23 13:49:07 | 00,000,006 | -H-- | C] () -- C:\WINDOWS\tasks\SA.DAT
[2009.09.23 13:46:13 | 00,000,000 | ---D | C] -- C:\_OTM
[2009.09.23 13:44:44 | 00,000,968 | ---- | C] () -- C:\Documents and Settings\Administrator.HOME\Plocha\fix.reg
[2009.09.22 21:54:41 | 00,040,192 | ---- | C] () -- C:\WINDOWS\System32\drivers\zillecqgv3.sys
[2009.09.22 21:16:42 | 02,128,656 | -H-- | C] () -- C:\Documents and Settings\Administrator.HOME\Local Settings\Data aplikací\IconCache.db
[2009.09.22 21:06:49 | 00,015,663 | ---- | C] () -- C:\Documents and Settings\Administrator.HOME\Dokumenty\poydrav.exe
[2009.09.22 21:06:10 | 00,000,155 | ---- | C] () -- C:\Documents and Settings\Administrator.HOME\Dokumenty\poydrav.cpp
[2009.09.22 20:59:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.HOME\Data aplikací\Dev-Cpp
[2009.09.22 20:57:31 | 00,000,000 | ---D | C] -- C:\Dev-Cpp
[2009.09.22 20:54:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.HOME\Plocha\Programováni
[2009.09.22 20:53:05 | 09,326,468 | ---- | C] () -- C:\Documents and Settings\Administrator.HOME\Plocha\devcpp-4.9.9.2_setup.exe
[2009.09.22 18:47:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.HOME\Local Settings\Data aplikací\Identities
[2009.09.22 18:47:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.HOME\Data aplikací\Identities
[2009.09.22 18:17:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.HOME\Data aplikací\TuneUp Software
[2009.09.22 18:08:05 | 00,000,146 | ---- | C] () -- C:\Documents and Settings\Administrator.HOME\Plocha\remove.bat
[2009.09.22 15:41:46 | 00,000,000 | ---D | C] -- C:\_OTL
[2009.09.21 21:18:04 | 00,535,552 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator.HOME\Plocha\OTL.exe
[2009.09.21 20:42:12 | 00,385,426 | ---- | C] () -- C:\Documents and Settings\Administrator.HOME\Plocha\OTMoveIt.rar
[2009.09.21 19:53:21 | 04,073,058 | ---- | C] () -- C:\Documents and Settings\Administrator.HOME\Plocha\tools.rar
[2009.09.21 19:29:17 | 04,608,000 | ---- | C] () -- C:\WINDOWS\System32\rmvirut.nt
[2009.09.21 19:29:17 | 00,000,045 | ---- | C] () -- C:\WINDOWS\System32\rmvirut.lst
[2009.09.14 19:09:37 | 00,000,000 | ---D | C] -- C:\rsit
[2009.09.14 19:05:23 | 00,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2009.09.14 14:51:03 | 00,000,933 | ---- | C] () -- C:\Documents and Settings\Administrator.HOME\Plocha\Spybot - Search & Destroy.lnk
[2009.09.14 14:46:55 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Administrator.HOME\Plocha\setup-spybotsd162.exe
[2009.09.14 14:46:31 | 00,000,000 | ---D | C] -- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
[2009.09.14 14:46:30 | 00,000,000 | ---D | C] -- C:\Program Files\SDHelper (Spybot - Search & Destroy)
[2009.09.14 14:46:30 | 00,000,000 | ---D | C] -- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
[2009.09.14 14:46:28 | 00,000,000 | ---D | C] -- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
[2009.09.14 13:31:32 | 00,094,432 | ---- | C] () -- C:\WINDOWS\System32\dllcache\agp440.sys
[2009.09.07 20:01:14 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator.HOME\Plocha\Nový objekt - Rastrový obrázek.bmp
[2009.09.06 15:39:45 | 02,734,080 | ---- | C] () -- C:\Documents and Settings\Administrator.HOME\Plocha\rmvirut.exe
[2009.09.06 14:20:11 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009.09.05 22:14:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.HOME\Local Settings\Data aplikací\G DATA
[2009.09.05 22:13:33 | 00,342,656 | ---- | C] (G DATA Software) -- C:\Documents and Settings\Administrator.HOME\Plocha\remover.exe
[2009.09.05 22:13:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.HOME\Data aplikací\Macromedia
[2009.09.05 22:13:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.HOME\Data aplikací\Adobe
[2009.09.05 22:08:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.HOME\Data aplikací\Sun
[2009.09.05 20:51:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.HOME\Data aplikací\Malwarebytes
[2009.08.02 13:53:47 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2009.08.01 19:18:59 | 00,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009.07.28 11:32:48 | 00,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2009.07.28 11:32:47 | 00,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2009.07.20 14:23:11 | 00,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2009.07.13 12:32:05 | 00,000,169 | ---- | C] () -- C:\WINDOWS\MaterialsDlg.ini
[2009.07.13 12:32:04 | 00,000,169 | ---- | C] () -- C:\WINDOWS\LuminancesDlg.ini
[2009.06.30 14:54:06 | 00,000,248 | ---- | C] () -- C:\WINDOWS\RomeTW.ini
[2009.06.25 13:08:14 | 00,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2009.05.24 18:12:18 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2009.05.20 19:30:58 | 00,000,052 | ---- | C] () -- C:\WINDOWS\mafosav.INI
[2007.07.23 09:03:32 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007.07.23 09:03:32 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2007.07.23 09:03:32 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2007.07.23 09:03:30 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007.07.23 09:03:30 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2007.07.23 09:03:30 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2007.07.23 09:03:30 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2007.07.23 09:03:30 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2007.07.23 09:03:30 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007.03.23 14:53:37 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007.03.07 17:41:51 | 00,000,112 | ---- | C] () -- C:\WINDOWS\OPLK.INI
[2007.03.07 17:26:58 | 00,000,359 | ---- | C] () -- C:\WINDOWS\lgfwup.ini
[2007.02.23 23:27:47 | 00,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2007.02.23 22:17:56 | 00,094,432 | ---- | C] () -- C:\WINDOWS\System32\drivers\agp440.sys
[2007.02.23 22:16:05 | 00,000,494 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007.02.23 21:58:40 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006.03.02 14:00:00 | 00,626,336 | ---- | C] () -- C:\WINDOWS\System32\drivers\ntfs.sys
[2006.03.02 14:00:00 | 00,000,632 | ---- | C] () -- C:\WINDOWS\win.ini
[2006.03.02 14:00:00 | 00,000,435 | ---- | C] () -- C:\WINDOWS\system.ini
[2005.10.14 12:56:50 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005.10.14 12:56:50 | 00,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005.10.14 12:56:50 | 00,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005.10.14 12:56:50 | 00,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005.10.14 12:56:50 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005.10.14 12:56:50 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005.10.14 12:56:50 | 00,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005.10.14 12:56:50 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2003.04.09 16:38:04 | 00,005,664 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Files - Modified Within 30 Days ==========

[3 C:\WINDOWS\System32\*.tmp files]
[2009.09.23 14:15:20 | 00,094,432 | ---- | M] () -- C:\WINDOWS\System32\drivers\agp440.sys
[2009.09.23 14:15:20 | 00,094,432 | ---- | M] () -- C:\WINDOWS\System32\dllcache\agp440.sys
[2009.09.23 14:15:16 | 00,047,616 | ---- | M] () -- C:\WINDOWS\System32\sys64_nov.exe
[2009.09.23 14:15:13 | 00,040,192 | ---- | M] () -- C:\WINDOWS\System32\drivers\zwyqwtndia5.sys
[2009.09.23 14:15:12 | 00,059,904 | ---- | M] (Heaventools Software) -- C:\WINDOWS\System32\reader_s.exe
[2009.09.23 14:15:09 | 00,162,304 | -HS- | M] () -- C:\WINDOWS\System32\winulty.exe
[2009.09.23 14:14:10 | 00,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009.09.23 14:12:32 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009.09.23 14:10:35 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009.09.23 14:08:49 | 00,000,480 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{DB97E567-291E-4B34-8D35-AE6DDBCE7786}.job
[2009.09.23 14:08:00 | 00,000,482 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{FD2844F6-6DA7-4CFC-A47D-F40495874E68}.job
[2009.09.23 14:03:12 | 00,000,500 | ---- | M] () -- C:\WINDOWS\tasks\1-Click Maintenance.job
[2009.09.23 13:44:49 | 00,000,968 | ---- | M] () -- C:\Documents and Settings\Administrator.HOME\Plocha\fix.reg
[2009.09.23 13:43:06 | 00,328,216 | RH-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009.09.23 13:24:41 | 00,040,192 | ---- | M] () -- C:\WINDOWS\System32\drivers\zillecqgv3.sys
[2009.09.22 21:16:43 | 02,128,656 | -H-- | M] () -- C:\Documents and Settings\Administrator.HOME\Local Settings\Data aplikací\IconCache.db
[2009.09.22 21:08:11 | 00,015,663 | ---- | M] () -- C:\Documents and Settings\Administrator.HOME\Dokumenty\poydrav.exe
[2009.09.22 21:06:46 | 00,000,155 | ---- | M] () -- C:\Documents and Settings\Administrator.HOME\Dokumenty\poydrav.cpp
[2009.09.22 20:53:42 | 09,326,468 | ---- | M] () -- C:\Documents and Settings\Administrator.HOME\Plocha\devcpp-4.9.9.2_setup.exe
[2009.09.22 19:46:06 | 00,034,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\svchost.exe
[2009.09.22 18:08:05 | 00,000,146 | ---- | M] () -- C:\Documents and Settings\Administrator.HOME\Plocha\remove.bat
[2009.09.21 21:18:08 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator.HOME\Plocha\OTL.exe
[2009.09.21 20:42:16 | 00,385,426 | ---- | M] () -- C:\Documents and Settings\Administrator.HOME\Plocha\OTMoveIt.rar
[2009.09.21 19:53:38 | 04,073,058 | ---- | M] () -- C:\Documents and Settings\Administrator.HOME\Plocha\tools.rar
[2009.09.21 19:29:17 | 04,608,000 | ---- | M] () -- C:\WINDOWS\System32\rmvirut.nt
[2009.09.21 19:29:17 | 00,000,045 | ---- | M] () -- C:\WINDOWS\System32\rmvirut.lst
[2009.09.21 19:12:09 | 00,361,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\TCPIP.SYS
[2009.09.21 19:12:09 | 00,361,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\TCPIP.SYS
[2009.09.14 19:06:03 | 00,000,435 | ---- | M] () -- C:\WINDOWS\system.ini
[2009.09.14 14:54:09 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090914-150641.backup
[2009.09.14 14:51:03 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\Administrator.HOME\Plocha\Spybot - Search & Destroy.lnk
[2009.09.14 14:49:18 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Administrator.HOME\Plocha\setup-spybotsd162.exe
[2009.09.07 20:01:14 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator.HOME\Plocha\Nový objekt - Rastrový obrázek.bmp
[2009.09.06 15:46:07 | 02,734,080 | ---- | M] () -- C:\Documents and Settings\Administrator.HOME\Plocha\rmvirut.exe
[2009.09.05 22:33:05 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Reader Speed Launch.lnk
[2009.09.05 22:13:46 | 00,342,656 | ---- | M] (G DATA Software) -- C:\Documents and Settings\Administrator.HOME\Plocha\remover.exe
[2009.08.24 16:21:57 | 00,626,336 | ---- | M] () -- C:\WINDOWS\System32\dllcache\ntfs.sys
[2009.08.24 16:21:56 | 00,626,336 | ---- | M] () -- C:\WINDOWS\System32\drivers\ntfs.sys

========== LOP Check ==========

[2009.09.22 20:59:38 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Administrator.HOME\Data aplikací
[2009.09.22 21:14:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.HOME\Data aplikací\Dev-Cpp
[2009.09.22 18:17:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.HOME\Data aplikací\TuneUp Software
[2009.08.01 17:37:21 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Data aplikací
[2009.05.29 19:17:19 | 00,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Data aplikací\{55A29068-F2CE-456C-9148-C869879E2357}
[2009.05.29 21:51:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Autodesk
[2007.03.07 17:28:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\CyberLink
[2009.05.28 17:34:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
[2009.05.27 18:57:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ESET
[2009.07.16 16:51:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ICQ
[2009.07.13 11:25:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\IMSIDesign
[2009.07.31 18:09:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\PC Drivers HeadQuarters
[2009.08.01 18:38:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2009.05.29 19:22:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TuneUp Software
[2009.09.23 14:03:12 | 00,000,500 | ---- | M] () -- C:\WINDOWS\Tasks\1-Click Maintenance.job
[2006.03.02 14:00:00 | 00,000,065 | -H-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009.09.23 14:10:35 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009.09.23 14:08:49 | 00,000,480 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{DB97E567-291E-4B34-8D35-AE6DDBCE7786}.job
[2009.09.23 14:08:00 | 00,000,482 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{FD2844F6-6DA7-4CFC-A47D-F40495874E68}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 52224 bytes -> C:\WINDOWS\System32\svchost.exe:ext.exe
@Alternate Data Stream - 52224 bytes -> C:\WINDOWS\System32\svchost.exe:exe.exe
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:4ABFA08C
< End of report >

[Pawkin]

extras.txt


OTL Extras logfile created on: 23.9.2009 14:21:24 - Run 3
OTL by OldTimer - Version 3.0.14.0 Folder = C:\Documents and Settings\Administrator.HOME\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

511,48 Mb Total Physical Memory | 236,05 Mb Available Physical Memory | 46,15% Memory free
865,48 Mb Paging File | 423,84 Mb Available in Paging File | 48,97% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 30,62 Gb Free Space | 41,09% Space Free | Partition Type: NTFS
Drive D: | 3,81 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"48792:TCP" = 48792:TCP:*:Enabled:System44
"35213:TCP" = 35213:TCP:*:Enabled:System36
"50631:TCP" = 50631:TCP:*:Enabled:System13
"17338:TCP" = 17338:TCP:*:Enabled:System97
"54895:TCP" = 54895:TCP:*:Enabled:System51
"56503:TCP" = 56503:TCP:*:Enabled:System59
"9474:TCP" = 9474:TCP:*:Enabled:System72
"26232:TCP" = 26232:TCP:*:Enabled:System75
"42990:TCP" = 42990:TCP:*:Enabled:System83
"4447:TCP" = 4447:TCP:*:Enabled:System04
"44175:TCP" = 44175:TCP:*:Enabled:System96
"24614:TCP" = 24614:TCP:*:Enabled:System32
"34937:TCP" = 34937:TCP:*:Enabled:System24
"12959:TCP" = 12959:TCP:*:Enabled:System78
"45673:TCP" = 45673:TCP:*:Enabled:System70
"23865:TCP" = 23865:TCP:*:Enabled:System67
"27993:TCP" = 27993:TCP:*:Enabled:System92
"6185:TCP" = 6185:TCP:*:Enabled:System76
"37698:TCP" = 37698:TCP:*:Enabled:System97
"4405:TCP" = 4405:TCP:*:Enabled:System95
"4801:TCP" = 4801:TCP:*:Enabled:System89
"59094:TCP" = 59094:TCP:*:Enabled:System65
"23748:TCP" = 23748:TCP:*:Enabled:System91
"63476:TCP" = 63476:TCP:*:Enabled:System83
"8375:TCP" = 8375:TCP:*:Enabled:System06
"49781:TCP" = 49781:TCP:*:Enabled:System16
"38296:TCP" = 38296:TCP:*:Enabled:System27
"37919:TCP" = 37919:TCP:*:Enabled:System25
"26434:TCP" = 26434:TCP:*:Enabled:System28
"12614:TCP" = 12614:TCP:*:Enabled:System98
"63827:TCP" = 63827:TCP:*:Enabled:System90
"17359:TCP" = 17359:TCP:*:Enabled:System35
"11147:TCP" = 11147:TCP:*:Enabled:System46
"63475:TCP" = 63475:TCP:*:Enabled:System32
"5475:TCP" = 5475:TCP:*:Enabled:System07
"19906:TCP" = 19906:TCP:*:Enabled:System12
"20097:TCP" = 20097:TCP:*:Enabled:System41
"26532:TCP" = 26532:TCP:*:Enabled:System52
"15443:TCP" = 15443:TCP:*:Enabled:System46
"59738:TCP" = 59738:TCP:*:Enabled:System26
"26668:TCP" = 26668:TCP:*:Enabled:System37
"59808:TCP" = 59808:TCP:*:Enabled:System55
"42806:TCP" = 42806:TCP:*:Enabled:System47
"65081:TCP" = 65081:TCP:*:Enabled:System95
"48546:TCP" = 48546:TCP:*:Enabled:System00
"30294:TCP" = 30294:TCP:*:Enabled:System66
"8486:TCP" = 8486:TCP:*:Enabled:System61
"4551:TCP" = 4551:TCP:*:Enabled:System50
"61501:TCP" = 61501:TCP:*:Enabled:System44
"11673:TCP" = 11673:TCP:*:Enabled:System52
"33704:TCP" = 33704:TCP:*:Enabled:System41
"41085:TCP" = 41085:TCP:*:Enabled:System23
"19277:TCP" = 19277:TCP:*:Enabled:System17
"25712:TCP" = 25712:TCP:*:Enabled:System15
"5575:TCP" = 5575:TCP:*:Enabled:System66
"45303:TCP" = 45303:TCP:*:Enabled:System61
"62061:TCP" = 62061:TCP:*:Enabled:System69
"22637:TCP" = 22637:TCP:*:Enabled:System32
"62365:TCP" = 62365:TCP:*:Enabled:System37
"17587:TCP" = 17587:TCP:*:Enabled:System26
"31331:TCP" = 31331:TCP:*:Enabled:System90
"36604:TCP" = 36604:TCP:*:Enabled:System93
"43002:TCP" = 43002:TCP:*:Enabled:System87
"25545:TCP" = 25545:TCP:*:Enabled:System11
"35868:TCP" = 35868:TCP:*:Enabled:System03
"42303:TCP" = 42303:TCP:*:Enabled:System97
"43801:TCP" = 43801:TCP:*:Enabled:System79
"55509:TCP" = 55509:TCP:*:Enabled:System68
"60286:TCP" = 60286:TCP:*:Enabled:System71
"55905:TCP" = 55905:TCP:*:Enabled:System52
"23727:TCP" = 23727:TCP:*:Enabled:System60
"63337:TCP" = 63337:TCP:*:Enabled:System73
"58287:TCP" = 58287:TCP:*:Enabled:System84
"16232:TCP" = 16232:TCP:*:Enabled:System76
"56529:TCP" = 56529:TCP:*:Enabled:System93
"34721:TCP" = 34721:TCP:*:Enabled:System96
"6874:TCP" = 6874:TCP:*:Enabled:System04
"17197:TCP" = 17197:TCP:*:Enabled:System98
"7202:TCP" = 7202:TCP:*:Enabled:System81
"23960:TCP" = 23960:TCP:*:Enabled:System78
"63688:TCP" = 63688:TCP:*:Enabled:System70
"12014:TCP" = 12014:TCP:*:Enabled:System50
"51742:TCP" = 51742:TCP:*:Enabled:System58
"35207:TCP" = 35207:TCP:*:Enabled:System61
"40480:TCP" = 40480:TCP:*:Enabled:System55
"7414:TCP" = 7414:TCP:*:Enabled:System92
"47142:TCP" = 47142:TCP:*:Enabled:System97
"12687:TCP" = 12687:TCP:*:Enabled:System89
"52415:TCP" = 52415:TCP:*:Enabled:System08
"16184:TCP" = 16184:TCP:*:Enabled:System36
"55912:TCP" = 55912:TCP:*:Enabled:System33
"4699:TCP" = 4699:TCP:*:Enabled:System44
"46667:TCP" = 46667:TCP:*:Enabled:System96
"24859:TCP" = 24859:TCP:*:Enabled:System88
"19809:TCP" = 19809:TCP:*:Enabled:System07
"30132:TCP" = 30132:TCP:*:Enabled:System93
"10824:TCP" = 10824:TCP:*:Enabled:System99
"48529:TCP" = 48529:TCP:*:Enabled:System95
"26721:TCP" = 26721:TCP:*:Enabled:System03
"43479:TCP" = 43479:TCP:*:Enabled:System06
"25286:TCP" = 25286:TCP:*:Enabled:System00
"47359:TCP" = 47359:TCP:*:Enabled:System23
"26443:TCP" = 26443:TCP:*:Enabled:System42
"14958:TCP" = 14958:TCP:*:Enabled:System26
"7804:TCP" = 7804:TCP:*:Enabled:System28
"53028:TCP" = 53028:TCP:*:Enabled:System34
"52732:TCP" = 52732:TCP:*:Enabled:System86
"9116:TCP" = 9116:TCP:*:Enabled:System94
"17341:TCP" = 17341:TCP:*:Enabled:System62
"35261:TCP" = 35261:TCP:*:Enabled:System70
"14177:TCP" = 14177:TCP:*:Enabled:System59
"60037:TCP" = 60037:TCP:*:Enabled:System51
"12798:TCP" = 12798:TCP:*:Enabled:System51
"52526:TCP" = 52526:TCP:*:Enabled:System32
"62849:TCP" = 62849:TCP:*:Enabled:System48
"41041:TCP" = 41041:TCP:*:Enabled:System43
"51364:TCP" = 51364:TCP:*:Enabled:System37
"39924:TCP" = 39924:TCP:*:Enabled:System30
"16954:TCP" = 16954:TCP:*:Enabled:System35
"23389:TCP" = 23389:TCP:*:Enabled:System24
"5950:TCP" = 5950:TCP:*:Enabled:System87
"64603:TCP" = 64603:TCP:*:Enabled:System04
"15923:TCP" = 15923:TCP:*:Enabled:System74
"58968:TCP" = 58968:TCP:*:Enabled:System69
"64226:TCP" = 64226:TCP:*:Enabled:System71

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- ()
"C:\NeverwinterNights\NWN\nwmain.exe" = C:\NeverwinterNights\NWN\nwmain.exe:*:Enabled:Neverwinter Nights -- (BioWare)
"C:\NeverwinterNights\NWN\nwserver.exe" = C:\NeverwinterNights\NWN\nwserver.exe:*:Enabled:Neverwinter Nights Server -- (BioWare)
"C:\Program Files\TrackMania Sunrise\TmSunrise.exe" = C:\Program Files\TrackMania Sunrise\TmSunrise.exe:*:Enabled:TmSunrise -- ()
"C:\Documents and Settings\Tomáš Pawera\Plocha\Files\1nsane\Game.exe" = C:\Documents and Settings\Tomáš Pawera\Plocha\Files\1nsane\Game.exe:*:Enabled:INSANE -- (INVICTUS Team)
"C:\Program Files\BitLord2\BitLord.exe" = C:\Program Files\BitLord2\BitLord.exe:*:Enabled:Bitlord2 -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{06792A12-AF16-42F4-BECD-BD913DE0FEC0}" = TurboCAD Deluxe 15
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Multimedia Launcher
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Backburner
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HYDRAVISION
"{4089999C-6CB7-4F9D-A2F6-DB158DBF91FB}" = Rome - Total War(TM)
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{5E65E94D-69F2-4850-9E93-6459C53A0F50}" = Microsoft .NET Framework 1.1 Czech Language Pack
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG ODD Auto Firmware Update
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F947BFE-C2DF-4779-9909-5BEE746BD0C4}" = Microsoft .NET Framework 2.0 Language Pack - CSY
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{91120405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}" = AGEIA PhysX v7.11.13
"{A5D65411-8E73-4C85-AD80-9FE8B7391CF9}" = Rome Total War - patch 1.3
"{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}" = Rome - Total War(TM)
"{AC76BA86-7AD7-1029-7B44-A70500000002}" = Adobe Reader 7.0.5 - Czech
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B97CF5C3-0487-11D8-A36E-0050BAE317E1}" = DVD Solution
"{BBC8862B-BFC8-475D-9BB8-93289703BD33}" = ESET NOD32 Antivirus
"{C1583439-B034-4881-819C-D52A0587662B}" = Neverwinter Nights Platinum Edition
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{DBB313D6-4B13-4961-BD5F-673CDA1793CC}" = Autodesk 3ds Max 8
"{DBC3FDEC-D5F4-439C-9A18-EF454A74E3DE}_is1" = NOD32 FiX v1.9
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"Autodesk DWF Viewer" = Autodesk DWF Viewer
"BitLord_is1" = BitLord v2.0
"CCleaner" = CCleaner (remove only)
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Driver Magician_is1" = Driver Magician 3.45
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.02
"FarmingSimulator2008_is1" = Landwirtschafts Simulator 2008
"FileZilla Client" = FileZilla Client 3.2.4.1
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.81
"GameSpy Arcade" = GameSpy Arcade
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InCD!UninstallKey" = InCD
"InstallShield_{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}" = Rome - Total War(TM)
"IP Changer Premium" = IP Changer Premium
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft .NET Framework 2.0 Language Pack - CSY" = Microsoft .NET Framework 2.0 Language Pack - CSY
"Mozilla Firefox (3.0.14)" = Mozilla Firefox (3.0.14)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NWNCZ" = Neverwinter Nights(TM) - Čeština
"Scorpions WinCheater 2.07 (s databází 103)_is1" = Scorpions WinCheater
"Servant Salamander 2.0" = Servant Salamander 2.0
"Skype_is1" = Skype 2.5
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"The KMPlayer" = The KMPlayer (remove only)
"TmSunrise_is1" = TrackMania Sunrise Extreme 1.5.1
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 29.6.2009 7:58:52 | Computer Name = HOME | Source = MsiInstaller | ID = 11500
Description = Product: Windows Installer Clean Up -- Error 1500. Another installation
is in progress. You must complete that installation before continuing this one.

Error - 29.6.2009 7:58:52 | Computer Name = HOME | Source = MsiInstaller | ID = 11500
Description = Product: Windows Installer Clean Up -- Error 1500. Another installation
is in progress. You must complete that installation before continuing this one.

Error - 1.7.2009 3:41:55 | Computer Name = HOME | Source = Application Error | ID = 1000
Description = Chybující aplikace nwmain.exe, verze 1.6.9.0, chybující modul ntdll.dll,
verze 5.1.2600.5755, adresa chyby 0x000101b3.

Error - 3.7.2009 4:46:19 | Computer Name = HOME | Source = Google Update | ID = 20
Description =

Error - 3.7.2009 5:46:13 | Computer Name = HOME | Source = Google Update | ID = 20
Description =

Error - 3.7.2009 6:46:10 | Computer Name = HOME | Source = Google Update | ID = 20
Description =

Error - 3.7.2009 9:50:06 | Computer Name = HOME | Source = | ID = 0
Description =

Error - 3.7.2009 9:50:06 | Computer Name = HOME | Source = | ID = 0
Description =

Error - 3.7.2009 12:42:14 | Computer Name = HOME | Source = | ID = 0
Description =

Error - 3.7.2009 12:42:14 | Computer Name = HOME | Source = | ID = 0
Description =

[ System Events ]
Error - 23.9.2009 8:09:28 | Computer Name = HOME | Source = Service Control Manager | ID = 7034
Description = Služba InCD Helper byla neočekávaně ukončena. Tento stav nastal již
1krát.

Error - 23.9.2009 8:09:33 | Computer Name = HOME | Source = Service Control Manager | ID = 7031
Description = Služba Zařazování tisku byla nečekaně ukončena. Stalo se to 1 krát.
Následující opravná akce bude spuštěna za 60000 milisekund: Restartovat službu.

Error - 23.9.2009 8:09:42 | Computer Name = HOME | Source = Service Control Manager | ID = 7034
Description = Služba Machine Debug Manager byla neočekávaně ukončena. Tento stav
nastal již 1krát.

Error - 23.9.2009 8:09:48 | Computer Name = HOME | Source = Service Control Manager | ID = 7034
Description = Služba Ati HotKey Poller byla neočekávaně ukončena. Tento stav nastal
již 1krát.

Error - 23.9.2009 8:12:41 | Computer Name = HOME | Source = sfsync02 | ID = 262156
Description =

Error - 23.9.2009 8:13:17 | Computer Name = HOME | Source = SRService | ID = 104
Description = Proces inicializace nástroje Obnovení systému se nezdařil.

Error - 23.9.2009 8:13:17 | Computer Name = HOME | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1084 při pokusu o spuštění služby EventSystem
s argumenty za účelem spuštění serveru: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 23.9.2009 8:14:00 | Computer Name = HOME | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1084 při pokusu o spuštění služby StiSvc
s argumenty za účelem spuštění serveru: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 23.9.2009 8:14:07 | Computer Name = HOME | Source = Service Control Manager | ID = 7023
Description = Služba Služba obnovení systému byla ukončena s následující chybou:
%%2

Error - 23.9.2009 8:14:07 | Computer Name = HOME | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: ehdrv Fips intelppm

[ TuneUp Events ]
Error - 1.6.2009 13:22:15 | Computer Name = HOME | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-06-01 19:22:15', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','1464',0)

Error - 2.8.2009 7:34:07 | Computer Name = HOME | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-08-02 13:34:07', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','2508',0)

Error - 2.8.2009 7:34:23 | Computer Name = HOME | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-08-02 13:34:23', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','3280',0)

Error - 2.8.2009 8:01:17 | Computer Name = HOME | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-08-02 14:01:17', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','1224',0)

Error - 2.8.2009 8:51:12 | Computer Name = HOME | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2009-08-02 14:51:11', '\device\harddiskvolume1\program
files\malwarebytes' anti-malware\mbam.exe','2156',0)


< End of report >

[tiger10]

Ten sami problém mám aj ja. PC mi restartuje po 5.min provozu.
Ale vyzral som nad PC, povedal som si, éj veru nebudem ja čakať kým PC zresetuje, resetnem ho ja, a bisťu že to pomohlo, PC ide aj 16 hodín v kuse. Takže takto, po starte PC ho nanovo restartovať

[Pawkin]

nevim je to asi blbost protože viry z kompu retartem nevyženu

[Damned]

To je pravda, restartem se nic nic nevyhání. . Přiložil jsem ti přejmenovaný HijackThis, tak fixni to, co jsem psal v předešlém příspěvku.

Poklepej na ikonu OTL na ploše.Ujisti se , že máš všechny ostatní aplikace a prohlížeče zavřeny.
Pod Custom Scans/Fixes do okénka vlož následující text, zobrazený zeleně:

Kód: Vybrat vše

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\WINDOWS\System32\winulty.exe
O1 - Hosts: 127.0.0.1 123haustiereundmehr.com
O1 - Hosts: 127.0.0.1 123moviedownload.com
O1 - Hosts: 127.0.0.1 123simsen.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 125sms.co.uk
O1 - Hosts: 127.0.0.1 125sms.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 1337crew.info
O1 - Hosts: 127.0.0.1 1337-crew.to
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 150freesms.de
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 127.0.0.1 171203.com
O1 - Hosts: 127.0.0.1 17-plus.com
O1 - Hosts: 127.0.0.1 1800searchonline.com
O1 - Hosts: 127.0.0.1 180searchassistant.com
O1 - Hosts: 127.0.0.1 180solutions.com
O1 - Hosts: 127.0.0.1 181.365soft.info
O1 - Hosts: 127.0.0.1 1987324.com
O1 - Hosts: 127.0.0.1 1-domains-registrations.com
O1 - Hosts: 127.0.0.1 1sexparty.com
O1 - Hosts: 127.0.0.1 1sms.de
O1 - Hosts: 127.0.0.1 1spybot.com
O1 - Hosts: 127.0.0.1 1stantivirus.com
O1 - Hosts: 127.0.0.1 1stpagehere.com
O4 - HKLM..\Run: [9626] C:\WINDOWS\System32\7.tmp.exe
O4 - HKLM..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe
O4 - HKLM..\Run: [Regedit32] C:\WINDOWS\System32\regedit.exe
O4 - HKLM..\Run: [Windows Upgrate Utility] C:\WINDOWS\System32\winulty.exe
O20 - HKLM Winlogon: TaskMan - (C:\RECYCLER\S-1-5-21-0243992721-823278279-782329928-3321\bxswin.exe) - C:\RECYCLER\S-1-5-21-0243992721-823278279-782329928-3321\bxswin.exe
O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-0243992721-823278279-782329928-3321\bxswin.exe) - C:\RECYCLER\S-1-5-21-0243992721-823278279-782329928-3321\bxswin.exe
O20 - HKCU Winlogon: Shell - (C:\RECYCLER\S-1-5-21-0243337231-886787329-783463108-1055\dsregs.exe) - C:\RECYCLER\S-1-5-21-0243337231-886787329-783463108-1055\dsregs.exe

:Services
DRV - [2009.09.23 13:24:41 | 00,040,192 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\zillecqgv3.sys -- (zillecqgv3 [System | Running])
DRV - [2009.09.23 14:15:13 | 00,040,192 | ---- | M] () -- C:\WINDOWS\System32\drivers\zwyqwtndia5.sys -- (zwyqwtndia5 [System | Stopped])

:Drivers
DRV - [2009.09.23 13:24:41 | 00,040,192 | ---- | M] () -- C:\WINDOWS\System32\DRIVERS\zillecqgv3.sys -- (zillecqgv3 [System | Running])
DRV - [2009.09.23 14:15:13 | 00,040,192 | ---- | M] () -- C:\WINDOWS\System32\drivers\zwyqwtndia5.sys -- (zwyqwtndia5 [System | Stopped])

:Files
C:\WINDOWS\System32\*.tmp /s
C:\WINDOWS\*.tmp /s
C:\WINDOWS\system32\*.tmp.dll /s
C:\WINDOWS\system32\SET*.tmp /s
C:\WINDOWS\System32\*.tmp
C:\WINDOWS\System32\drivers\zillecqgv3.sys
C:\WINDOWS\System32\sys64_nov.exe
C:\WINDOWS\System32\drivers\zwyqwtndia5.sys
C:\WINDOWS\System32\reader_s.exe
C:\WINDOWS\System32\winulty.exe
C:\WINDOWS\tasks\SA.DAT
C:\Documents and Settings\Administrator.HOME\Dokumenty\poydrav.exe
C:\Documents and Settings\Administrator.HOME\Dokumenty\poydrav.cpp
C:\_OTM
C:\WINDOWS\System32\svchost.exe:ext.exe

:Reg

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]


Poté klikni nahoře na Run Fix. Nech program nerušeně běžet, na konci se provede restart PC.
Po restartu se objeví log , prosím zkopíruj sem celý jeho obsah.

[tiger10]

Pawkin...

nevim je to asi blbost protože viry z kompu retartem nevyženu

Kto kto napísal že restastom vyháňam víri.
mam za to že systém samočinne generuje príkaz restart a tím že ho restartnem ja, system jednoducho oklamem ako Ďuro Anču aby mu dala.