Prosím o kontrolu logu nutně Vyřešeno

[Marwvek]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:32:22, on 27.11.2009
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [Videohost] C:\Users\Holly\AppData\Local\Temp\b.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{417CC2C6-C4BA-462E-B709-3F62C678079D}: NameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{417CC2C6-C4BA-462E-B709-3F62C678079D}: NameServer = 192.168.0.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{417CC2C6-C4BA-462E-B709-3F62C678079D}: NameServer = 192.168.0.1
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6084 bytes

[Reklama]

[pitimir]

Hmmm, pekne...

Stiahni OTL. Uloz na plochu a spust dvojklikom subor "OTL.exe". Otvori sa okno programu, v nom zaskrtni "Scan All Users", "Lop" aj "Purity Check" a "File Scan" zmen na 7 dni miesto 30. Potom klikni na "Run Scan". Zacne scan pocitaca, po jeho ukonceni sa otvoria dva reporty - obsah oboch potrebujem vidiet.

[Holly66]

Čau.To je můj spolubydlící a píše za mě, protože jsem neměl ůčet.Ty jsoubory jsou zde

OTL logfile created on: 8.12.2009 19:19:27 - Run 1
OTL by OldTimer - Version 3.1.11.9 Folder = C:\Users\Holly\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

4,00 Gb Total Physical Memory | 2,76 Gb Available Physical Memory | 69,08% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,88 Gb Total Space | 152,28 Gb Free Space | 65,39% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 210,82 Gb Free Space | 90,53% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOLLY-PC
Current User Name: Holly
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 7 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009.12.08 19:18:04 | 00,536,576 | ---- | M] (OldTimer Tools) -- C:\Users\Holly\Desktop\OTL.exe
PRC - [2009.11.24 19:53:15 | 00,103,736 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2009.11.24 19:53:08 | 00,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2009.11.08 20:31:50 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2009.11.03 14:50:15 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jusched.exe
PRC - [2009.09.29 13:03:46 | 00,735,960 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2009.03.01 11:59:42 | 00,172,792 | ---- | M] (ICQ, LLC.) -- C:\Program Files (x86)\ICQ6.5\ICQ.exe


========== Modules (SafeList) ==========

MOD - [2009.12.08 19:18:04 | 00,536,576 | ---- | M] (OldTimer Tools) -- C:\Users\Holly\Desktop\OTL.exe
MOD - [2009.07.14 02:03:50 | 01,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009.11.04 16:45:14 | 00,202,752 | ---- | M] (AMD) -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.09.29 13:11:14 | 00,023,296 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV:64bit: - [2009.09.29 13:03:46 | 00,735,960 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2009.07.14 02:41:59 | 00,229,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wwansvc.dll -- (WwanSvc)
SRV:64bit: - [2009.07.14 02:41:56 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wbiosrvc.dll -- (WbioSrvc)
SRV:64bit: - [2009.07.14 02:41:56 | 00,195,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009.07.14 02:41:56 | 00,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\umpo.dll -- (Power)
SRV:64bit: - [2009.07.14 02:41:55 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2009.07.14 02:41:54 | 00,065,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\sppuinotify.dll -- (sppuinotify)
SRV:64bit: - [2009.07.14 02:41:54 | 00,029,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\sensrsvc.dll -- (SensrSvc)
SRV:64bit: - [2009.07.14 02:41:53 | 01,361,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009.07.14 02:41:53 | 00,327,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pnrpsvc.dll -- (PNRPsvc)
SRV:64bit: - [2009.07.14 02:41:53 | 00,327,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pnrpsvc.dll -- (p2pimsvc)
SRV:64bit: - [2009.07.14 02:41:53 | 00,187,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\provsvc.dll -- (HomeGroupProvider)
SRV:64bit: - [2009.07.14 02:41:53 | 00,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RpcEpMap.dll -- (RpcEptMapper)
SRV:64bit: - [2009.07.14 02:41:53 | 00,025,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pnrpauto.dll -- (PNRPAutoReg)
SRV:64bit: - [2009.07.14 02:41:27 | 01,011,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 02:41:18 | 00,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ListSvc.dll -- (HomeGroupListener)
SRV:64bit: - [2009.07.14 02:40:54 | 01,127,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2009.07.14 02:40:28 | 00,314,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2009.07.14 02:40:28 | 00,291,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\defragsvc.dll -- (defragsvc)
SRV:64bit: - [2009.07.14 02:40:24 | 00,689,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009.07.14 02:40:13 | 00,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\bthserv.dll -- (bthserv)
SRV:64bit: - [2009.07.14 02:40:10 | 00,100,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\bdesvc.dll -- (BDESVC)
SRV:64bit: - [2009.07.14 02:40:05 | 00,114,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\AxInstSv.dll -- (AxInstSV)
SRV:64bit: - [2009.07.14 02:40:01 | 00,193,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009.07.14 02:40:01 | 00,032,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\appidsvc.dll -- (AppIDSvc)
SRV:64bit: - [2009.07.14 02:39:51 | 01,503,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wbengine.exe -- (wbengine)
SRV:64bit: - [2009.07.14 02:39:28 | 03,524,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\sppsvc.exe -- (sppsvc)
SRV:64bit: - [2009.07.14 02:39:11 | 00,689,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\FXSSVC.exe -- (Fax)
SRV:64bit: - [2009.02.23 16:24:24 | 01,476,360 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe -- (PDEngine)
SRV:64bit: - [2009.02.23 16:24:22 | 01,479,944 | ---- | M] (Raxco Software, Inc.) -- C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe -- (PDAgent)
SRV - [2009.11.24 19:53:15 | 00,103,736 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2009.11.24 19:53:08 | 00,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2009.07.14 04:20:14 | 00,000,000 | ---D | M] -- C:\Windows\Vss -- (VSS)
SRV - [2009.07.14 04:20:14 | 00,000,000 | ---D | M] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC) Služba DTC (Distributed Transaction Coordinator)
SRV - [2009.07.14 02:16:12 | 00,165,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\provsvc.dll -- (HomeGroupProvider)
SRV - [2009.07.14 02:15:11 | 00,253,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV - [2009.07.13 21:30:11 | 00,061,056 | ---- | M] () -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2009.06.10 21:39:58 | 00,089,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2007.05.31 17:11:54 | 00,443,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 17:11:46 | 00,225,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2009.11.04 17:17:30 | 06,088,192 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.11.04 15:51:51 | 00,867,064 | ---- | M] (Duplex Secure Ltd.) -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009.09.30 15:34:30 | 00,121,872 | ---- | M] (ATI Technologies, Inc.) -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.09.29 13:06:16 | 00,123,200 | ---- | M] (ESET) -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2009.09.29 13:03:00 | 00,136,584 | ---- | M] (ESET) -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2009.09.29 12:56:36 | 00,144,824 | ---- | M] (ESET) -- C:\Windows\SysNative\drivers\eamon.sys -- (eamon)
DRV:64bit: - [2009.08.23 05:08:10 | 00,056,320 | ---- | M] (Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E)
DRV:64bit: - [2009.07.14 02:52:21 | 00,106,576 | ---- | M] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 02:52:21 | 00,028,752 | ---- | M] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 02:52:20 | 00,194,128 | ---- | M] (AMD Technologies Inc.) -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 00,153,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ksecpkg.sys -- (KSecPkg)
DRV:64bit: - [2009.07.14 02:48:04 | 00,065,600 | ---- | M] (LSI Corporation) -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:48:04 | 00,014,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hwpolicy.sys -- (hwpolicy)
DRV:64bit: - [2009.07.14 02:47:49 | 00,055,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fsdepends.sys -- (FsDepends)
DRV:64bit: - [2009.07.14 02:47:48 | 00,077,888 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:45:56 | 00,022,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\wimmount.sys -- (WIMMount)
DRV:64bit: - [2009.07.14 02:45:55 | 00,217,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\vhdmp.sys -- (vhdmp)
DRV:64bit: - [2009.07.14 02:45:55 | 00,200,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)
DRV:64bit: - [2009.07.14 02:45:55 | 00,046,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)
DRV:64bit: - [2009.07.14 02:45:55 | 00,036,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\vdrvroot.sys -- (vdrvroot)
DRV:64bit: - [2009.07.14 02:45:55 | 00,034,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)
DRV:64bit: - [2009.07.14 02:45:55 | 00,024,656 | ---- | M] (Promise Technology) -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:45:46 | 00,214,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdyboost.sys -- (rdyboost)
DRV:64bit: - [2009.07.14 02:45:45 | 00,050,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pcw.sys -- (pcw)
DRV:64bit: - [2009.07.14 02:43:14 | 00,460,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\cng.sys -- (CNG)
DRV:64bit: - [2009.07.14 02:43:13 | 00,223,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fvevol.sys -- (fvevol)
DRV:64bit: - [2009.07.14 01:17:46 | 00,024,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpbus.sys -- (rdpbus)
DRV:64bit: - [2009.07.14 01:16:35 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV:64bit: - [2009.07.14 01:10:24 | 00,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV:64bit: - [2009.07.14 01:09:50 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009.07.14 01:09:26 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\wfplwf.sys -- (WfpLwf)
DRV:64bit: - [2009.07.14 01:08:13 | 00,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ndiscap.sys -- (NdisCap)
DRV:64bit: - [2009.07.14 01:07:21 | 00,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\vwifibus.sys -- (vwifibus)
DRV:64bit: - [2009.07.14 01:07:13 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\1394ohci.sys -- (1394ohci)
DRV:64bit: - [2009.07.14 01:07:00 | 00,350,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV:64bit: - [2009.07.14 01:06:52 | 00,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\umpass.sys -- (UmPass)
DRV:64bit: - [2009.07.14 01:06:24 | 00,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV:64bit: - [2009.07.14 01:05:37 | 00,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WUDFPf.sys -- (WudfPf)
DRV:64bit: - [2009.07.14 01:02:08 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\MTConfig.sys -- (MTConfig)
DRV:64bit: - [2009.07.14 01:00:34 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\CompositeBus.sys -- (CompositeBus)
DRV:64bit: - [2009.07.14 01:00:13 | 00,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\beep.sys -- (Beep)
DRV:64bit: - [2009.07.14 00:52:39 | 00,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\appid.sys -- (AppID)
DRV:64bit: - [2009.07.14 00:50:17 | 00,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\scfilter.sys -- (scfilter)
DRV:64bit: - [2009.07.14 00:42:58 | 00,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)
DRV:64bit: - [2009.07.14 00:42:44 | 00,021,760 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)
DRV:64bit: - [2009.07.14 00:37:18 | 00,040,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\discache.sys -- (discache)
DRV:64bit: - [2009.07.14 00:31:06 | 00,026,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidbatt.sys -- (HidBatt)
DRV:64bit: - [2009.07.14 00:31:03 | 00,017,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\CmBatt.sys -- (CmBatt)
DRV:64bit: - [2009.07.14 00:27:17 | 00,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\acpipmi.sys -- (AcpiPmi)
DRV:64bit: - [2009.07.14 00:24:27 | 00,514,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009.07.14 00:19:25 | 00,060,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\amdppm.sys -- (AmdPPM)
DRV:64bit: - [2009.06.10 21:35:53 | 00,051,712 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\Windows\SysNative\drivers\Rtnic64.sys -- (RTL8023x64)
DRV:64bit: - [2009.06.10 21:34:33 | 03,286,016 | ---- | M] (Broadcom Corporation) -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 00,468,480 | ---- | M] (Broadcom Corporation) -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 00,270,848 | ---- | M] (Broadcom Corporation) -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 00,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.02.24 18:35:44 | 00,255,552 | ---- | M] (MagicISO, Inc.) -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2009.01.09 10:49:14 | 00,099,856 | ---- | M] (Raxco Software, Inc.) -- C:\Windows\SysNative\drivers\DefragFs.sys -- (DefragFS)
DRV:64bit: - [2006.09.30 11:36:14 | 00,013,008 | ---- | M] () -- C:\Windows\SysNative\drivers\pstrip64.sys -- (PStrip64)
DRV:64bit: - [2005.03.29 01:30:38 | 00,008,192 | ---- | M] () -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2009.11.03 10:25:15 | 00,000,000 | ---D | M] -- C:\Windows\CSC -- (CSC)
DRV - [2009.07.14 02:19:10 | 00,019,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.07.14 02:16:02 | 00,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\netbios.dll -- (NetBIOS)
DRV - [2009.06.10 22:28:14 | 00,001,088 | ---- | M] () -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)
DRV - [2009.06.10 22:15:18 | 00,003,066 | ---- | M] () -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2009.02.24 18:35:44 | 00,255,552 | ---- | M] (MagicISO, Inc.) -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2678526320-101275095-830977145-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKU\S-1-5-21-2678526320-101275095-830977145-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 64 20 34 3C 9A 76 CA 01 [binary data]
IE - HKU\S-1-5-21-2678526320-101275095-830977145-1000\S-1-5-21-2678526320-101275095-830977145-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-2678526320-101275095-830977145-1000\S-1-5-21-2678526320-101275095-830977145-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.spse.pilsedu.cz:3128

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledItems: anycolor.pavlos256@gmail.com:0.3.1
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6.5
FF - prefs.js..network.proxy.backup.ftp: "proxy.spse.pilsedu.cz"
FF - prefs.js..network.proxy.backup.ftp_port: 3281
FF - prefs.js..network.proxy.backup.gopher: "proxy.spse.pilsedu.cz"
FF - prefs.js..network.proxy.backup.gopher_port: 3281
FF - prefs.js..network.proxy.backup.socks: "proxy.spse.pilsedu.cz"
FF - prefs.js..network.proxy.backup.socks_port: 3281
FF - prefs.js..network.proxy.backup.ssl: "proxy.spse.pilsedu.cz"
FF - prefs.js..network.proxy.backup.ssl_port: 3281
FF - prefs.js..network.proxy.ftp: "proxy.spse.pilsedu.cz"
FF - prefs.js..network.proxy.ftp_port: 3128
FF - prefs.js..network.proxy.gopher: "proxy.spse.pilsedu.cz"
FF - prefs.js..network.proxy.gopher_port: 3128
FF - prefs.js..network.proxy.http: "proxy.spse.pilsedu.cz"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "proxy.spse.pilsedu.cz"
FF - prefs.js..network.proxy.socks_port: 3128
FF - prefs.js..network.proxy.ssl: "proxy.spse.pilsedu.cz"
FF - prefs.js..network.proxy.ssl_port: 3128
FF - prefs.js..network.proxy.type: 1

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2009.11.08 20:31:51 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2009.11.08 20:31:51 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2009.11.03 15:25:32 | 00,000,000 | ---D | M]

[2009.11.03 13:49:08 | 00,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\Mozilla\Extensions
[2009.12.08 16:57:22 | 00,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\Mozilla\Firefox\Profiles\r1l9w9lo.default\extensions
[2009.11.22 18:53:17 | 00,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\Mozilla\Firefox\Profiles\r1l9w9lo.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2009.11.03 13:53:47 | 00,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\Mozilla\Firefox\Profiles\r1l9w9lo.default\extensions\anycolor.pavlos256@gmail.com
[2009.11.03 14:50:19 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2009.10.16 19:15:30 | 00,000,638 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2009.10.16 19:15:30 | 00,001,687 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\mall-cz.xml
[2009.10.16 19:15:30 | 00,001,367 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\seznam-cz.xml
[2009.10.16 19:15:30 | 00,000,654 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2009.10.16 19:15:30 | 00,001,179 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: (824 bytes) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2678526320-101275095-830977145-1000..\Run: [Videohost] C:\Users\Holly\AppData\Local\Temp\b.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.1.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (PDBoot.exe) - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - comfile [open] -- "%1" %* File not found
64bit: O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 7 Days ==========

[2009.12.08 19:17:37 | 00,536,576 | ---- | C] (OldTimer Tools) -- C:\Users\Holly\Desktop\OTL.exe
[2009.12.08 18:48:29 | 00,000,000 | ---D | C] -- C:\Users\Holly\AppData\Roaming\WinRAR
[2009.12.08 18:48:14 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
[2009.12.08 18:34:25 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Pivot
[2009.12.06 18:54:33 | 00,000,000 | ---D | C] -- C:\Windows\WindowsMobile
[2009.12.02 17:10:29 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\UrbanTerror
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 7 Days ==========

[2009.12.08 19:20:19 | 01,048,576 | -HS- | M] () -- C:\Users\Holly\NTUSER.DAT
[2009.12.08 19:18:04 | 00,536,576 | ---- | M] (OldTimer Tools) -- C:\Users\Holly\Desktop\OTL.exe
[2009.12.08 19:09:45 | 01,445,734 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2009.12.08 19:09:45 | 00,622,422 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2009.12.08 19:09:45 | 00,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2009.12.08 19:09:45 | 00,118,604 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2009.12.08 19:09:45 | 00,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2009.12.08 19:02:13 | 00,000,293 | ---- | M] () -- C:\Windows\game.ini
[2009.12.08 19:02:03 | 00,000,234 | -H-- | M] () -- C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2009.12.08 18:13:38 | 00,008,475 | ---- | M] () -- C:\Users\Holly\AppData\Roaming\PStrip.ini
[2009.12.08 14:56:21 | 00,008,475 | ---- | M] () -- C:\Users\Holly\AppData\Roaming\PStrip.bak
[2009.12.08 12:47:54 | 00,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2009.12.08 12:47:54 | 00,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2009.12.08 12:41:35 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009.12.08 12:41:33 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009.12.08 12:41:31 | 32,205,29152 | -HS- | M] () -- C:\hiberfil.sys
[2009.12.08 10:35:36 | 00,008,475 | ---- | M] () -- C:\Users\Holly\AppData\Roaming\PStrip.bk!
[2009.12.08 09:43:59 | 00,008,475 | ---- | M] () -- C:\Users\Holly\AppData\Roaming\PStrip.bko
[2009.12.07 23:02:26 | 05,525,059 | -H-- | M] () -- C:\Users\Holly\AppData\Local\IconCache.db
[2009.12.07 22:46:20 | 00,007,605 | ---- | M] () -- C:\Users\Holly\AppData\Local\Resmon.ResmonCfg
[2009.12.06 18:55:52 | 00,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdRapi2_01_00_00.Wdf
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009.12.06 18:55:52 | 00,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdRapi2_01_00_00.Wdf
[2009.11.25 17:03:24 | 00,179,200 | ---- | C] () -- C:\Windows\SysWow64\sshnas.dll
[2009.11.09 00:11:29 | 00,007,605 | ---- | C] () -- C:\Users\Holly\AppData\Local\Resmon.ResmonCfg
[2009.11.05 22:39:13 | 00,008,475 | ---- | C] () -- C:\Users\Holly\AppData\Roaming\PStrip.bko
[2009.11.05 16:00:29 | 00,008,475 | ---- | C] () -- C:\Users\Holly\AppData\Roaming\PStrip.bk!
[2009.11.05 16:00:26 | 00,008,475 | ---- | C] () -- C:\Users\Holly\AppData\Roaming\PStrip.bak
[2009.11.05 15:59:09 | 00,008,475 | ---- | C] () -- C:\Users\Holly\AppData\Roaming\PStrip.ini
[2009.11.05 15:57:34 | 00,000,062 | ---- | C] () -- C:\Windows\wininit.ini
[2009.11.03 19:26:03 | 00,000,293 | ---- | C] () -- C:\Windows\game.ini
[2009.08.07 19:51:34 | 00,178,430 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009.07.14 00:42:10 | 00,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 00,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2007.12.28 08:22:04 | 00,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS

========== LOP Check ==========

[2009.11.03 14:06:58 | 00,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\ICQ
[2009.11.05 14:53:46 | 00,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\SYSTEMAX Software Development
[2009.12.01 18:54:49 | 00,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\Ubisoft
[2009.11.22 19:55:45 | 00,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\uTorrent
[2009.11.03 14:56:24 | 00,000,000 | ---D | M] -- C:\Users\Holly\AppData\Roaming\VitySoft
[2009.07.14 06:08:49 | 00,016,046 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009.12.08 19:02:03 | 00,000,234 | -H-- | M] () -- C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

========== Purity Check ==========


< End of report >

[Holly66]

OTL Extras logfile created on: 8.12.2009 19:19:27 - Run 1
OTL by OldTimer - Version 3.1.11.9 Folder = C:\Users\Holly\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

4,00 Gb Total Physical Memory | 2,76 Gb Available Physical Memory | 69,08% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,88 Gb Total Space | 152,28 Gb Free Space | 65,39% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 210,82 Gb Free Space | 90,53% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOLLY-PC
Current User Name: Holly
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 7 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2678526320-101275095-830977145-1000\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SystemRoot%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
chm.file [open] -- "%SystemRoot%\hh.exe" %1
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Centrum zařízení Windows Mobile
"{7B738CD9-D107-48C7-8E65-2E6639A39C8D}" = PerfectDisk 10 Professional
"{B9F536DB-36B5-4789-AD5C-178CFA8B014B}" = ESET NOD32 Antivirus
"{D483C640-09C0-CA54-007D-20BE9FA99C72}" = ccc-utility64
"{F4EAF98E-197C-E203-FB2C-9FCAB5337473}" = ATI Catalyst Install Manager

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07B96515-9EF9-12B5-8A9A-B409E967BDBB}" = Catalyst Control Center Graphics Previews Vista
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{19FCAF1A-AD28-C086-B5A6-8E7A6DAB9B7B}" = ccc-core-static
"{1FF713E1-FE5E-4AD0-9C8C-B2E877846B45}" = Catalyst Control Center - Branding
"{257C7A78-535E-1450-C720-AE353876C816}" = Catalyst Control Center InstallProxy
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}" = Microsoft Games for Windows - LIVE Redistributable
"{45CAC750-E555-6DE3-078F-C9A4C2DF8A3E}" = Catalyst Control Center Graphics Light
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{72736F5F-520D-472A-88CC-7B02872FD34E}" = ATI Catalyst Registration
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74DEA59C-41C7-1B77-291F-43108DFBAB14}" = Catalyst Control Center Core Implementation
"{87BB78C4-F36D-4D93-A7C7-F80F18219848}" = AMD DnD V1.0.19
"{88E4B682-219A-2656-44E1-18DF1F57EAE1}" = Catalyst Control Center Graphics Full Existing
"{8C5C2D4E-5027-AC93-0531-B72C5625A0DD}" = CCC Help English
"{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed
"{95B4269C-7ED9-2E32-0E3D-3F446B495540}" = Catalyst Control Center Graphics Full New
"{A1463F00-4E89-402E-7DD3-3CF0CE98F1FA}" = Catalyst Control Center Graphics Previews Common
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"{D4D9965A-A5F8-6CF6-33E7-A1EECC2E585B}" = Catalyst Control Center HydraVision Full
"{D4E5A687-797D-44B1-8F96-4FD7A24166A9}" = Devil May Cry 4
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{F112F66E-25CA-42DD-983C-6118EB38F606}" = Microsoft Games for Windows - LIVE
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Call of Duty Modern Warfare 2_is1" = Call of Duty Modern Warfare 2
"CCleaner" = CCleaner
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.01
"GOM Player" = GOM Player
"HijackThis" = HijackThis 2.0.2
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"MagicDisc 2.7.106" = MagicDisc 2.7.106
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"OpenAL" = OpenAL
"PowerStrip 3 (remove only)" = PowerStrip 3 (remove only)
"Urban Terror_is1" = Urban Terror 4.1
"Winamp" = Winamp
"WinRAR archiver" = WinRAR

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 24.11.2009 12:49:41 | Computer Name = Holly-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: Explorer.EXE, verze: 6.1.7600.16404, časové
razítko: 0x4a765771 Název chybujícího modulu: comctl32.dll, verze: 6.10.7600.16385,
časové razítko: 0x4a5bde67 Kód výjimky: 0xc0000005 Posun chyby: 0x00000000000dae84
ID
chybujícího procesu: 0x8f0 Čas spuštění chybující aplikace: 0x01ca6cfab04ee410 Cesta
k chybující aplikaci: C:\Windows\Explorer.EXE Cesta k chybujícímu modulu: C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6\comctl32.dll
ID
zprávy: 5ba34b5e-d919-11de-a851-004f4e62b105

Error - 24.11.2009 14:54:00 | Computer Name = Holly-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: iw3mp.exe, verze: 0.0.0.0, časové razítko:
0x47043f08 Název chybujícího modulu: iw3mp.exe, verze: 0.0.0.0, časové razítko:
0x47043f08 Kód výjimky: 0xc0000005 Posun chyby: 0x00276555 ID chybujícího procesu:
0x208 Čas spuštění chybující aplikace: 0x01ca6d3775b15a0a Cesta k chybující aplikaci:
C:\Program Files (x86)\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe Cesta
k chybujícímu modulu: C:\Program Files (x86)\Activision\Call of Duty 4 - Modern
Warfare\iw3mp.exe ID zprávy: b9942afd-d92a-11de-a851-004f4e62b105

Error - 24.11.2009 15:04:54 | Computer Name = Holly-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: GTAIV.exe, verze: 1.0.4.0, časové razítko:
0x4a1ae9b0 Název chybujícího modulu: GTAIV.exe, verze: 1.0.4.0, časové razítko:
0x4a1ae9b0 Kód výjimky: 0xc000000d Posun chyby: 0x00898f11 ID chybujícího procesu:
0x844 Čas spuštění chybující aplikace: 0x01ca6d39008c8a77 Cesta k chybující aplikaci:
C:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\GTAIV.exe Cesta k chybujícímu
modulu: C:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\GTAIV.exe ID zprávy:
3faecd62-d92c-11de-a851-004f4e62b105

Error - 24.11.2009 15:05:21 | Computer Name = Holly-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: GTAIV.exe, verze: 1.0.4.0, časové razítko:
0x4a1ae9b0 Název chybujícího modulu: GTAIV.exe, verze: 1.0.4.0, časové razítko:
0x4a1ae9b0 Kód výjimky: 0xc000000d Posun chyby: 0x00898f11 ID chybujícího procesu:
0xf24 Čas spuštění chybující aplikace: 0x01ca6d391178d2e9 Cesta k chybující aplikaci:
C:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\GTAIV.exe Cesta k chybujícímu
modulu: C:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\GTAIV.exe ID zprávy:
4faaaad9-d92c-11de-a851-004f4e62b105

Error - 26.11.2009 7:44:43 | Computer Name = Holly-PC | Source = VSS | ID = 8194
Description =

Error - 6.12.2009 13:58:23 | Computer Name = Holly-PC | Source = RapiMgr | ID = 8
Description = Zařízení se systémem Windows Mobile se nepodařilo připojit z důvodu
chyby communication (0x80072745) (viz data pro kód chyby).

Error - 8.12.2009 13:46:58 | Computer Name = Holly-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: 7zFM.exe, verze: 4.65.0.0, časové razítko:
0x4987ee1a Název chybujícího modulu: 7z.dll, verze: 4.65.0.0, časové razítko: 0x4987efd0
Kód
výjimky: 0xc0000005 Posun chyby: 0x000000000009a935 ID chybujícího procesu: 0xc5c
Čas
spuštění chybující aplikace: 0x01ca782e58699a8b Cesta k chybující aplikaci: C:\Program
Files\7-Zip\7zFM.exe Cesta k chybujícímu modulu: C:\Program Files\7-Zip\7z.dll ID
zprávy: ae0c9e12-e421-11de-a1b8-00248c3d7aad

Error - 8.12.2009 13:47:12 | Computer Name = Holly-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: 7zFM.exe, verze: 4.65.0.0, časové razítko:
0x4987ee1a Název chybujícího modulu: 7z.dll, verze: 4.65.0.0, časové razítko: 0x4987efd0
Kód
výjimky: 0xc0000005 Posun chyby: 0x000000000009a935 ID chybujícího procesu: 0xa74
Čas
spuštění chybující aplikace: 0x01ca782e75da1db3 Cesta k chybující aplikaci: C:\Program
Files\7-Zip\7zFM.exe Cesta k chybujícímu modulu: C:\Program Files\7-Zip\7z.dll ID
zprávy: b650c566-e421-11de-a1b8-00248c3d7aad

Error - 8.12.2009 14:02:53 | Computer Name = Holly-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: cod2mp_s.exe, verze: 0.0.0.0, časové razítko:
0x4345db38 Název chybujícího modulu: cod2mp_s.exe, verze: 0.0.0.0, časové razítko:
0x4345db38 Kód výjimky: 0xc0000005 Posun chyby: 0x00145a88 ID chybujícího procesu:
0xeac Čas spuštění chybující aplikace: 0x01ca7830a5fc7abd Cesta k chybující aplikaci:
C:\Program Files (x86)\Activision\Call of Duty 2\cod2mp_s.exe Cesta k chybujícímu
modulu: C:\Program Files (x86)\Activision\Call of Duty 2\cod2mp_s.exe ID zprávy:
e759b979-e423-11de-a1b8-00248c3d7aad

Error - 8.12.2009 14:03:39 | Computer Name = Holly-PC | Source = Application Error | ID = 1000
Description = Název chybující aplikace: cod2mp_s.exe, verze: 0.0.0.0, časové razítko:
0x4345db38 Název chybujícího modulu: cod2mp_s.exe, verze: 0.0.0.0, časové razítko:
0x4345db38 Kód výjimky: 0xc0000005 Posun chyby: 0x00145a88 ID chybujícího procesu:
0xeb0 Čas spuštění chybující aplikace: 0x01ca7830c15afd35 Cesta k chybující aplikaci:
C:\Program Files (x86)\Activision\Call of Duty 2\cod2mp_s.exe Cesta k chybujícímu
modulu: C:\Program Files (x86)\Activision\Call of Duty 2\cod2mp_s.exe ID zprávy:
02a67bb6-e424-11de-a1b8-00248c3d7aad

[ Media Center Events ]
Error - 9.11.2009 17:55:41 | Computer Name = Holly-PC | Source = MCUpdate | ID = 0
Description = 22:55:41 - Chyba při připojování k Internetu 22:55:41 - Nelze kontaktovat
server..

Error - 10.11.2009 1:08:32 | Computer Name = Holly-PC | Source = MCUpdate | ID = 0
Description = 6:08:30 - Chyba při připojování k Internetu 6:08:31 - Nelze kontaktovat
server..

Error - 23.11.2009 2:16:58 | Computer Name = Holly-PC | Source = MCUpdate | ID = 0
Description = 7:16:58 - Chyba při připojování k Internetu 7:16:58 - Nelze kontaktovat
server..

Error - 23.11.2009 2:17:33 | Computer Name = Holly-PC | Source = MCUpdate | ID = 0
Description = 7:17:27 - Chyba při připojování k Internetu 7:17:27 - Nelze kontaktovat
server..

Error - 2.12.2009 2:15:39 | Computer Name = Holly-PC | Source = MCUpdate | ID = 0
Description = 7:15:38 - Chyba při připojování k Internetu 7:15:38 - Nelze kontaktovat
server..

Error - 2.12.2009 3:15:45 | Computer Name = Holly-PC | Source = MCUpdate | ID = 0
Description = 8:15:44 - Chyba při připojování k Internetu 8:15:44 - Nelze kontaktovat
server..

Error - 7.12.2009 2:18:33 | Computer Name = Holly-PC | Source = MCUpdate | ID = 0
Description = 7:18:33 - Chyba při připojování k Internetu 7:18:33 - Nelze kontaktovat
server..

[ System Events ]
Error - 7.12.2009 16:01:37 | Computer Name = Holly-PC | Source = bowser | ID = 8003
Description =

Error - 8.12.2009 2:13:40 | Computer Name = Holly-PC | Source = sptd | ID = 262148
Description = Ovladač zjistil interní chybu ve vlastní struktuře dat u .

Error - 8.12.2009 2:13:57 | Computer Name = Holly-PC | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: sptd

Error - 8.12.2009 4:42:57 | Computer Name = Holly-PC | Source = sptd | ID = 262148
Description = Ovladač zjistil interní chybu ve vlastní struktuře dat u .

Error - 8.12.2009 4:43:13 | Computer Name = Holly-PC | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: sptd

Error - 8.12.2009 7:41:24 | Computer Name = Holly-PC | Source = sptd | ID = 262148
Description = Ovladač zjistil interní chybu ve vlastní struktuře dat u .

Error - 8.12.2009 7:41:40 | Computer Name = Holly-PC | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: sptd

Error - 8.12.2009 13:59:03 | Computer Name = Holly-PC | Source = DCOM | ID = 10001
Description =

Error - 8.12.2009 14:01:09 | Computer Name = Holly-PC | Source = Disk | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\Harddisk4\DR13.

Error - 8.12.2009 14:01:11 | Computer Name = Holly-PC | Source = Disk | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\Harddisk4\DR13.


< End of report >

[pitimir]

Skopiruj do policka pod nazvom "Custom Scans/Fixes":

Kód: Vybrat vše

:otl
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKU\S-1-5-21-2678526320-101275095-830977145-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 64 20 34 3C 9A 76 CA 01 [binary data]
O4 - HKU\S-1-5-21-2678526320-101275095-830977145-1000..\Run: [Videohost] C:\Users\Holly\AppData\Local\Temp\b.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

:commands
[reboot]

Klikni na "Run Fix". Program zacne pracovat, mozny je restart PC. Po nom by sa ti mal objavit log, ten by som rad videl.

[Holly66]

========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
Unable to set value : HKU\S-1-5-21-2678526320-101275095-830977145-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E!
Registry value HKEY_USERS\S-1-5-21-2678526320-101275095-830977145-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Videohost not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
C:\Windows\SysWow64\tmpBC6D.tmp deleted successfully.
C:\Windows\SysWow64\tmpBD87.tmp deleted successfully.
C:\Windows\SysWow64\tmpCC25.tmp deleted successfully.
C:\Windows\SysWow64\tmpCC55.tmp deleted successfully.
File boot] not found.

OTL by OldTimer - Version 3.1.11.9 log created on 12082009_205054

[pitimir]

Sice zle ale dobre

Stiahni MbAM. Uloz na plochu, otvor "mbam-setup.exe" a nainstaluj. Updatuj. Potom spravis kompletny scan - co program najde, zmaz. Nasledny log vloz sem.

[Holly66]

Malwarebytes' Anti-Malware 1.42
Verze databáze: 3330
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

9.12.2009 16:32:54
mbam-log-2009-12-09 (16-32-54).txt

Typ kontroly: Kompletní kontrola (C:\|D:\|)
Zkontrolované objekty: 184353
Uplynulý čas: 18 minute(s), 2 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 1
Infikované adresáře: 0
Infikované soubory: 3

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Holly\AppData\Local\Temp\c.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Windows\System32\sshnas.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

[pitimir]

OK, ako to vyzera s PC teraz?

[Holly66]

Pořád mi to píše přestal pracovat. Nevidím rozdíl

[pitimir]

Ako prestal pracovat? Skus to popisat lepsie, nikde nic o probleme nevidim...

[Holly66]

Ten log jsem sem dal z tohoto důvodu. Bylo mi to řečeno viewtopic.php?f=36&t=46434