Prosím o kontrolu logu - blbne outlook expres

wov · Příspěvekod **wov** » 23 dub 2010 11:59

Prosím o kontrolu logu. Začal mi blbnout outlook expres, nejdou odstránit zprávy. Super Antispywere našel a odstránil nějaké breberky, ale zdá se mi být i PC pomalejší. a OE stále blbne.

Logfile of HijackThis v1.99.1
Scan saved at 11:56:02, on 23.4.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\program files\u-storage tools2.1\ustorage.exe
C:\PROGRA~1\Avast4\ashDisp.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Opera\opera.exe
C:\totalcmd\TOTALCMD.EXE
C:\DOCUME~1\Riwalsro\LOCALS~1\Temp\_tc\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atlas.cz
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - Default URLSearchHook is missing
O1 - Hosts: 192.166.1.5 riwal1
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O4 - HKLM\..\Run: [Zástupce stránky vlastností sběrnice High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NVRTCLK] C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [UStorage] c:\program files\u-storage tools2.1\ustorage.exe sys_auto_run C:\Program Files\U-Storage Tools2.1
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [ToolBoxFX] "C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se5483.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - (no file)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Update Service (gupdate1c99661481656ec) (gupdate1c99661481656ec) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Centrum zabezpečení (wscsvc) - Unknown owner - C:\WINDOWS\C:\WINDOWS\System32\svchost.exe (file missing)

Reklama

Příspěvekod **jaro3** » 23 dub 2010 12:21

Projdi nastavení Keria , Avastu , zda Ti neblokují outlook expres. Máš správně nainstalován účet? pop3 a smtp?

Buď bych odinstaloval Winpatrol nebo SpywareTerminator.

Odinstaluj:
ICQToolbar
Crawler Toolbar

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - (no file)

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Aktualizuj javu:
Java SE Runtime Environment 6u20
Vyber OS ( předpokládám Windows), dej zatržítko agree-continue
Vyber:
Windows Offline Installation
jre-6u20-windows-i586-p.exe
Ostatní javy odeber v přidat/odebrat programy.

Doufám , že to neřešíš paralelně na virech,cz!!

wov · Příspěvekod **wov** » 23 dub 2010 13:02

Udělal jsem to ale v Mallwarebytes se mi to podařilo smazat.

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Verze databáze: 4024

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

23.4.2010 12:58:25
mbam-log-2010-04-23 (12-58-25).txt

Typ skenu: Rychlý sken
Skenované objekty: 103876
Uplynulý čas: 7 minuta(y), 10 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 4
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
HKEY_CLASSES_ROOT\CLSID\{62f96656-0788-4d00-8e32-d41c239e205b} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{15c7d7ad-a87a-4c0d-9d8b-637fcd3488ef} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bhonew.bho (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Bind (Malware.Trace) -> Quarantined and deleted successfully.

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

Příspěvekod **jaro3** » 23 dub 2010 13:44

OK.

Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

wov · Příspěvekod **wov** » 23 dub 2010 14:36

Provedeno

ComboFix 10-04-21.01 - Riwalsro 23.04.2010 14:20:10.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.511.265 [GMT 2:00]
Spuštěný z: c:\documents and settings\Riwalsro\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100422-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Kerio Personal Firewall *disabled* {333BECA0-DED8-4139-A516-8D9E44E22669}
.
/wow section - STAGE 7

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\INSTALL.LOG

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-03-23 do 2010-04-23 )))))))))))))))))))))))))))))))
.

2010-04-23 11:10 . 2010-04-23 11:32 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-23 10:48 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-23 10:48 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-23 10:48 . 2010-04-23 10:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-23 10:04 . 2010-04-23 10:04 -------- d-----w- c:\program files\trend micro
2010-04-23 10:04 . 2010-04-23 10:04 -------- d-----w- C:\rsit
2010-04-14 09:07 . 2010-04-14 09:07 -------- d-----w- c:\program files\Common Files\Skype
2010-04-13 13:06 . 2010-04-13 13:06 -------- d-----w- c:\program files\CodeStuff
2010-04-06 11:34 . 2010-03-16 06:51 600680 ----a-w- c:\windows\system32\nvuninst.exe
2010-04-06 11:34 . 2010-04-06 11:35 -------- d-----w- c:\program files\NVIDIA Corporation
2010-04-06 11:33 . 2010-03-16 06:51 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-04-06 11:33 . 2010-03-16 06:51 4075520 ----a-w- c:\windows\system32\nvcuda.dll
2010-04-06 11:33 . 2010-03-16 06:51 2646632 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-04-06 11:33 . 2010-03-16 06:51 2030184 ----a-w- c:\windows\system32\nvcuvid.dll
2010-04-06 11:33 . 2010-03-16 06:51 11640832 ----a-w- c:\windows\system32\nvcompiler.dll
2010-04-06 11:33 . 2010-03-16 06:51 1097728 ----a-w- c:\windows\system32\nvapi.dll
2010-04-06 11:33 . 2010-03-16 06:51 2183470 ----a-w- c:\windows\system32\nvdata.bin
2010-04-06 11:33 . 2010-04-06 11:33 -------- d-----w- C:\NVIDIA

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-23 11:34 . 2005-01-31 08:23 -------- d-----w- c:\program files\Java
2010-04-23 11:34 . 2005-01-31 08:20 -------- d-----w- c:\program files\Common Files\Java
2010-04-23 10:32 . 2008-07-24 08:59 -------- d-----w- c:\program files\ICQToolbar
2010-04-23 10:27 . 2009-05-20 09:51 -------- d-----w- c:\program files\Spyware Terminator
2010-04-23 08:30 . 2009-02-06 10:38 -------- d-----w- c:\program files\CCleaner16
2010-04-23 07:11 . 2005-01-07 22:18 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-04-23 07:07 . 2006-01-04 09:59 -------- d-----w- c:\program files\Avast4
2010-04-06 05:22 . 2004-08-18 12:00 74426 ----a-w- c:\windows\system32\perfc005.dat
2010-04-06 05:22 . 2004-08-18 12:00 401726 ----a-w- c:\windows\system32\perfh005.dat
2010-03-24 07:29 . 2010-03-24 07:29 -------- d-----w- c:\program files\Bonjour
2010-03-24 07:29 . 2010-03-24 07:29 -------- d-----w- c:\program files\Common Files\Apple
2010-03-24 07:28 . 2010-03-24 07:28 -------- d-----w- c:\program files\Apple Software Update
2010-03-24 07:04 . 2010-03-24 06:52 -------- d-----w- c:\program files\Opera
2010-03-16 11:54 . 2010-03-16 11:54 -------- d-----w- c:\program files\CDBurnerXP
2010-03-16 06:51 . 2005-01-07 21:52 600680 ----a-w- c:\windows\system32\nvudisp.exe
2010-03-16 06:51 . 2004-08-25 09:14 6432128 ----a-w- c:\windows\system32\nv4_disp.dll
2010-03-16 06:51 . 2004-08-25 09:14 215656 ----a-w- c:\windows\system32\nvcodins.dll
2010-03-16 06:51 . 2004-08-25 09:14 215656 ----a-w- c:\windows\system32\nvcod.dll
2010-03-16 06:51 . 2004-08-25 09:14 14757888 ----a-w- c:\windows\system32\nvoglnt.dll
2010-03-16 06:51 . 2004-08-25 09:14 10232352 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-03-16 01:37 . 2010-03-16 01:37 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-03-16 01:37 . 2010-03-16 01:37 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2010-03-16 01:37 . 2010-03-16 01:37 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-03-16 01:37 . 2010-03-16 01:37 13670504 ----a-w- c:\windows\system32\nvcpl.dll
2010-03-16 01:37 . 2010-03-16 01:37 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-03-16 01:37 . 2010-03-16 01:37 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-03-02 12:08 . 2005-01-11 08:46 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-12 10:46 . 2010-02-12 10:46 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 10:46 . 2010-02-12 10:46 107808 ----a-w- c:\windows\system32\dns-sd.exe
2008-07-25 08:10 . 2008-07-25 08:06 1 ----a-w- c:\program files\MSWINSCK.OCX
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-04-28 1830128]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-04-23 3037696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zástupce stránky vlastností sběrnice High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 61952]
"NVRTCLK"="c:\windows\system32\NVRTCLK\NVRTClk.exe" [2003-12-30 24576]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2005-02-21 230592]
"UStorage"="c:\program files\u-storage tools2.1\ustorage.exe" [2003-06-05 340043]
"avast!"="c:\progra~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"CHotkey"="mHotkey.exe" [2002-07-05 491008]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-04-29 2221352]
"ToolBoxFX"="c:\program files\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2008-08-01 53248]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-01-18 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-01-18 217088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-03-16 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-03-16 13670504]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-04-23 2176512]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-18 15360]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 1634304]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 10:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2005-12-15 13:57 10472 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"FreeRAM XP"="c:\program files\Free RAM XP Pro\FreeRAM XP Pro.exe" -win
"swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"LVCOMSX"=c:\windows\system32\LVCOMSX.EXE
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\strongdc++\\StrongDC.exe"=
"c:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4gui.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 tffsport;M-Systems DiskOnChip 2000;c:\windows\system32\drivers\tffsport.sys [11.5.2005 11:05 149376]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [20.6.2008 15:03 114768]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [26.9.2005 12:05 286720]
R1 kbfilter;Keyboard Filter Driver;c:\windows\system32\drivers\kbfilter.sys [8.1.2005 14:24 12856]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [26.9.2005 12:05 81920]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [28.4.2009 11:33 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [28.4.2009 11:33 72944]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [20.5.2009 11:51 142592]
R1 UsbFltr;WayTechUSBFilterDriver;c:\windows\system32\drivers\UsbFltr.sys [19.1.2006 9:58 8576]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [20.6.2008 15:03 20560]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [28.4.2009 11:33 7408]
S2 gupdate1c99661481656ec;Google Update Service (gupdate1c99661481656ec);c:\program files\Google\Update\GoogleUpdate.exe [24.2.2009 11:21 133104]
S3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [7.1.2005 23:25 1128320]
S3 OEMSTOR;USB Mass Storage;c:\windows\system32\drivers\USBMSDk.sys [11.5.2005 11:23 17024]
S3 USTOR;U-Storage Controller;c:\windows\system32\drivers\UStork.sys [11.5.2005 11:07 19826]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - JAVAQUICKSTARTERSERVICE
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - SP_RSSRV
*Deregistered* - MBAMSwissArmy

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'

2010-04-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-24 09:21]

2010-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-24 09:21]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.atlas.cz
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Riwalsro\Data aplikací\Mozilla\Firefox\Profiles\71ljx1ml.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - component: c:\documents and settings\Riwalsro\Data aplikací\Mozilla\Firefox\Profiles\71ljx1ml.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npfiller.dll
FF - plugin: c:\program files\Opera\program\plugins\nppdf32.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-Run-Cmaudio - cmicnfg.cpl

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-23 14:30
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(764)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\LMIinit.dll
.
Celkový čas: 2010-04-23 14:34:46
ComboFix-quarantined-files.txt 2010-04-23 12:34

Před spuštěním: Volných bajtů: 19 436 240 896
Po spuštění: Volných bajtů: 19 409 338 368

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - CF31F95E7F572EA1D19719ADCDCD4DDE

Příspěvekod **jaro3** » 23 dub 2010 15:01

Spybot - Search & Destroy
Spyware Terminator
WinPatrol

Dva z nich odinstaluj, nebo u nich trvale vypni rez. ochranu ( štít) !!

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

Folder::
c:\program files\ICQToolbar

Firefox::
FF - ProfilePath - c:\documents and settings\Riwalsro\Data aplikací\Mozilla\Firefox\Profiles\71ljx1ml.default\
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

wov · Příspěvekod **wov** » 23 dub 2010 15:34

Provedeno

ComboFix 10-04-21.01 - Riwalsro 23.04.2010 15:19:24.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.511.244 [GMT 2:00]
Spuštěný z: c:\documents and settings\Riwalsro\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Riwalsro\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100423-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Kerio Personal Firewall *disabled* {333BECA0-DED8-4139-A516-8D9E44E22669}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\ICQToolbar
c:\program files\ICQToolbar\Games.xml

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-03-23 do 2010-04-23 )))))))))))))))))))))))))))))))
.

2010-04-23 11:10 . 2010-04-23 11:32 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-23 10:48 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-23 10:48 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-23 10:48 . 2010-04-23 10:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-23 10:04 . 2010-04-23 10:04 -------- d-----w- c:\program files\trend micro
2010-04-23 10:04 . 2010-04-23 10:04 -------- d-----w- C:\rsit
2010-04-14 09:07 . 2010-04-14 09:07 -------- d-----w- c:\program files\Common Files\Skype
2010-04-13 13:06 . 2010-04-13 13:06 -------- d-----w- c:\program files\CodeStuff
2010-04-06 11:34 . 2010-03-16 06:51 600680 ----a-w- c:\windows\system32\nvuninst.exe
2010-04-06 11:34 . 2010-04-06 11:35 -------- d-----w- c:\program files\NVIDIA Corporation
2010-04-06 11:33 . 2010-03-16 06:51 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-04-06 11:33 . 2010-03-16 06:51 4075520 ----a-w- c:\windows\system32\nvcuda.dll
2010-04-06 11:33 . 2010-03-16 06:51 2646632 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-04-06 11:33 . 2010-03-16 06:51 2030184 ----a-w- c:\windows\system32\nvcuvid.dll
2010-04-06 11:33 . 2010-03-16 06:51 11640832 ----a-w- c:\windows\system32\nvcompiler.dll
2010-04-06 11:33 . 2010-03-16 06:51 1097728 ----a-w- c:\windows\system32\nvapi.dll
2010-04-06 11:33 . 2010-03-16 06:51 2183470 ----a-w- c:\windows\system32\nvdata.bin
2010-04-06 11:33 . 2010-04-06 11:33 -------- d-----w- C:\NVIDIA

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-23 13:10 . 2009-05-20 09:51 -------- d-----w- c:\program files\Spyware Terminator
2010-04-23 11:34 . 2005-01-31 08:23 -------- d-----w- c:\program files\Java
2010-04-23 11:34 . 2005-01-31 08:20 -------- d-----w- c:\program files\Common Files\Java
2010-04-23 08:30 . 2009-02-06 10:38 -------- d-----w- c:\program files\CCleaner16
2010-04-23 07:11 . 2005-01-07 22:18 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-04-23 07:07 . 2006-01-04 09:59 -------- d-----w- c:\program files\Avast4
2010-04-06 05:22 . 2004-08-18 12:00 74426 ----a-w- c:\windows\system32\perfc005.dat
2010-04-06 05:22 . 2004-08-18 12:00 401726 ----a-w- c:\windows\system32\perfh005.dat
2010-03-24 07:29 . 2010-03-24 07:29 -------- d-----w- c:\program files\Bonjour
2010-03-24 07:29 . 2010-03-24 07:29 -------- d-----w- c:\program files\Common Files\Apple
2010-03-24 07:28 . 2010-03-24 07:28 -------- d-----w- c:\program files\Apple Software Update
2010-03-24 07:04 . 2010-03-24 06:52 -------- d-----w- c:\program files\Opera
2010-03-16 11:54 . 2010-03-16 11:54 -------- d-----w- c:\program files\CDBurnerXP
2010-03-16 06:51 . 2005-01-07 21:52 600680 ----a-w- c:\windows\system32\nvudisp.exe
2010-03-16 06:51 . 2004-08-25 09:14 6432128 ----a-w- c:\windows\system32\nv4_disp.dll
2010-03-16 06:51 . 2004-08-25 09:14 215656 ----a-w- c:\windows\system32\nvcodins.dll
2010-03-16 06:51 . 2004-08-25 09:14 215656 ----a-w- c:\windows\system32\nvcod.dll
2010-03-16 06:51 . 2004-08-25 09:14 14757888 ----a-w- c:\windows\system32\nvoglnt.dll
2010-03-16 06:51 . 2004-08-25 09:14 10232352 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-03-16 01:37 . 2010-03-16 01:37 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-03-16 01:37 . 2010-03-16 01:37 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2010-03-16 01:37 . 2010-03-16 01:37 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-03-16 01:37 . 2010-03-16 01:37 13670504 ----a-w- c:\windows\system32\nvcpl.dll
2010-03-16 01:37 . 2010-03-16 01:37 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-03-16 01:37 . 2010-03-16 01:37 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-03-02 12:08 . 2005-01-11 08:46 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-12 10:46 . 2010-02-12 10:46 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 10:46 . 2010-02-12 10:46 107808 ----a-w- c:\windows\system32\dns-sd.exe
2008-07-25 08:10 . 2008-07-25 08:06 1 ----a-w- c:\program files\MSWINSCK.OCX
.

((((((((((((((((((((((((((((( SnapShot@2010-04-23_12.30.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-23 12:40 . 2010-04-23 12:40 16384 c:\windows\Temp\Perflib_Perfdata_62c.dat
+ 2010-04-23 12:40 . 2010-04-23 12:40 16384 c:\windows\Temp\Perflib_Perfdata_5e4.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-04-28 1830128]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-04-23 3037696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zástupce stránky vlastností sběrnice High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 61952]
"NVRTCLK"="c:\windows\system32\NVRTCLK\NVRTClk.exe" [2003-12-30 24576]
"UStorage"="c:\program files\u-storage tools2.1\ustorage.exe" [2003-06-05 340043]
"avast!"="c:\progra~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"CHotkey"="mHotkey.exe" [2002-07-05 491008]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-04-29 2221352]
"ToolBoxFX"="c:\program files\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2008-08-01 53248]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-01-18 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-01-18 217088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-03-16 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-03-16 13670504]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-18 15360]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 1634304]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 10:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2005-12-15 13:57 10472 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"FreeRAM XP"="c:\program files\Free RAM XP Pro\FreeRAM XP Pro.exe" -win
"swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"LVCOMSX"=c:\windows\system32\LVCOMSX.EXE
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
"NeroFilterCheck"=c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\strongdc++\\StrongDC.exe"=
"c:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4gui.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 tffsport;M-Systems DiskOnChip 2000;c:\windows\system32\drivers\tffsport.sys [11.5.2005 11:05 149376]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [20.6.2008 15:03 114768]
R1 fwdrv;Firewall Driver;c:\windows\system32\drivers\fwdrv.sys [26.9.2005 12:05 286720]
R1 kbfilter;Keyboard Filter Driver;c:\windows\system32\drivers\kbfilter.sys [8.1.2005 14:24 12856]
R1 khips;Kerio HIPS Driver;c:\windows\system32\drivers\khips.sys [26.9.2005 12:05 81920]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [28.4.2009 11:33 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [28.4.2009 11:33 72944]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [20.5.2009 11:51 142592]
R1 UsbFltr;WayTechUSBFilterDriver;c:\windows\system32\drivers\UsbFltr.sys [19.1.2006 9:58 8576]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [20.6.2008 15:03 20560]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [28.4.2009 11:33 7408]
S2 gupdate1c99661481656ec;Google Update Service (gupdate1c99661481656ec);c:\program files\Google\Update\GoogleUpdate.exe [24.2.2009 11:21 133104]
S3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [7.1.2005 23:25 1128320]
S3 OEMSTOR;USB Mass Storage;c:\windows\system32\drivers\USBMSDk.sys [11.5.2005 11:23 17024]
S3 USTOR;U-Storage Controller;c:\windows\system32\drivers\UStork.sys [11.5.2005 11:07 19826]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'

2010-04-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-24 09:21]

2010-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-24 09:21]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.atlas.cz
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Riwalsro\Data aplikací\Mozilla\Firefox\Profiles\71ljx1ml.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - component: c:\documents and settings\Riwalsro\Data aplikací\Mozilla\Firefox\Profiles\71ljx1ml.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-23 15:27
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(788)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\LMIinit.dll
.
Celkový čas: 2010-04-23 15:31:05
ComboFix-quarantined-files.txt 2010-04-23 13:31
ComboFix2.txt 2010-04-23 12:34

Před spuštěním: Volných bajtů: 19 387 461 632
Po spuštění: Volných bajtů: 19 345 457 152

- - End Of File - - A665C90861F916FFB4DADA6D5D37D65A

a tady HJT

Logfile of HijackThis v1.99.1
Scan saved at 15:33:42, on 23.4.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\program files\u-storage tools2.1\ustorage.exe
C:\PROGRA~1\Avast4\ashDisp.exe
C:\WINDOWS\mHotkey.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Opera\opera.exe
C:\totalcmd\TOTALCMD.EXE
C:\DOCUME~1\Riwalsro\LOCALS~1\Temp\_tc\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atlas.cz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O1 - Hosts: 192.166.1.5 riwal1
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Zástupce stránky vlastností sběrnice High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [NVRTCLK] C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe
O4 - HKLM\..\Run: [UStorage] c:\program files\u-storage tools2.1\ustorage.exe sys_auto_run C:\Program Files\U-Storage Tools2.1
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [ToolBoxFX] "C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_20.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_20.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se5483.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Update Service (gupdate1c99661481656ec) (gupdate1c99661481656ec) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

Příspěvekod **jaro3** » 23 dub 2010 16:06

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG či Avast, následně T-Cleaner smaž a zapni si AVG či Avast.

Stáhni si Dial-a-fix
Explorer/IE/OE/shell/WMP - Pokusí se o opravu Internet Exploreru, Outlook Expressu, Windows Media Playeru atd.

Klikni na službu(dej zatržítko) a potom na GO.

Stáhni si OTL
na plochu. Ujisti se , že máš zavřena všechna ostatní okna a poklepej na ikonu OTL.Nahoře v okně pod Výstup klikni na minimální výstup.Pod Běžné registry změň na Vše. Zatrhni Kontrola na havěť “LOP“ a Kontrola na havěť “ Purity“ . Klikni na Prohledat. Všechny ostatní nastavení ponech jak jsou. Sken může trvat dlouho, až skončí otevřou se dva logy:
OTL.Txt
Extras.Txt
Jsou uloženy ve stejném místě jako OTL. Oba logy sem prosím zkopíruj.

wov · Příspěvekod **wov** » 23 dub 2010 16:57

OTL

OTL logfile created on: 23.4.2010 16:46:59 - Run 1
OTL by OldTimer - Version 3.2.2.0 Folder = C:\Documents and Settings\Riwalsro\Plocha
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

511,00 Mb Total Physical Memory | 236,00 Mb Available Physical Memory | 46,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 91,00% Paging File free
Paging file location(s): C:\pagefile.sys 4000 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111,78 Gb Total Space | 22,81 Gb Free Space | 20,41% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RIWAL2-VLADO
Current User Name: Riwalsro
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Riwalsro\Plocha\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Spyware Terminator\sp_rsser.exe (Crawler.com)
PRC - C:\Program Files\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Program Files\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe (Kerio Technologies)
PRC - C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe (Kerio Technologies)
PRC - C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\Video\FxSvr2.exe (Logitech Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\U-Storage Tools2.1\UStorage.exe ( )
PRC - C:\WINDOWS\mHotkey.exe (Chicony)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Riwalsro\Plocha\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (sp_rssrv) -- C:\Program Files\Spyware Terminator\sp_rsser.exe (Crawler.com)
SRV - (avast! Antivirus) -- C:\Program Files\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner) -- C:\Program Files\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (aswUpdSv) -- C:\Program Files\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (NMSAccessU) -- c:\Program Files\CDBurnerXP\NMSAccessU.exe ()
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (KPF4) -- C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe (Kerio Technologies)

========== Driver Services (SafeList) ==========

DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (aswMon2) -- C:\WINDOWS\system32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswSP) -- C:\WINDOWS\system32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (aswTdi) -- C:\WINDOWS\system32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswRdr) -- C:\WINDOWS\system32\drivers\aswRdr.sys (ALWIL Software)
DRV - (Aavmker4) -- C:\WINDOWS\system32\drivers\aavmker4.sys (ALWIL Software)
DRV - (StarOpen) -- C:\WINDOWS\system32\StarOpen.sys ()
DRV - (sp_rsdrv2) -- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ()
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (cdrbsdrv) -- C:\WINDOWS\system32\drivers\CDRBSDRV.SYS (B.H.A Corporation)
DRV - (HPFXBULK) -- C:\WINDOWS\system32\drivers\hpfxbulk.sys (Hewlett Packard)
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
DRV - (fwdrv) -- C:\WINDOWS\system32\drivers\fwdrv.sys (Kerio Technologies)
DRV - (khips) -- C:\WINDOWS\system32\drivers\khips.sys ()
DRV - (PID_08A0) QuickCam IM(PID_08A0) -- C:\WINDOWS\system32\drivers\LV302AV.SYS (Logitech Inc.)
DRV - (pepifilter) -- C:\WINDOWS\system32\drivers\lv302af.sys (Logitech Inc.)
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (usbaudio) Ovladač zvukové karty USB (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (tffsport) -- C:\WINDOWS\system32\DRIVERS\tffsport.sys (M-Systems)
DRV - (cmudax) -- C:\WINDOWS\system32\drivers\cmudax.sys (C-Media Inc)
DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell)
DRV - (GVCplDrv) -- C:\WINDOWS\system32\drivers\GVCplDrv.sys ()
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (HdAudAddService) -- C:\WINDOWS\system32\drivers\Hdaudio.sys (Windows (R) Server 2003 DDK provider)
DRV - (UsbFltr) -- C:\WINDOWS\system32\drivers\UsbFltr.sys (Waytech Development, Inc.)
DRV - (USTOR) -- C:\WINDOWS\system32\drivers\UStork.sys (USB Mass Storage.)
DRV - (kbfilter) -- C:\WINDOWS\system32\drivers\kbfilter.sys (WayTech Development, Inc.)
DRV - (OEMSTOR) -- C:\WINDOWS\system32\drivers\USBMSDk.sys (USB Mass Storage.)
DRV - (irsir) -- C:\WINDOWS\system32\drivers\irsir.sys (Microsoft Corporation)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Prev Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.atlas.cz
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz"
FF - prefs.js..extensions.enabledItems: xmlfiller@software602.cz:3.1.6
FF - prefs.js..extensions.enabledItems: {3112ca9c-de6d-4884-a869-9855de68056c}:7.0.20100326W
FF - prefs.js..extensions.enabledItems: {ea614400-e918-4741-9a97-7a972ff7c30b}:2.0.3
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.3

FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010.04.23 13:32:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.15 12:10:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.23 13:10:18 | 000,000,000 | ---D | M]

[2009.01.24 17:44:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Riwalsro\Data aplikací\Mozilla\Extensions
[2009.01.24 17:44:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Riwalsro\Data aplikací\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010.04.23 09:37:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Riwalsro\Data aplikací\Mozilla\Firefox\Profiles\71ljx1ml.default\extensions
[2010.04.23 09:25:42 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Riwalsro\Data aplikací\Mozilla\Firefox\Profiles\71ljx1ml.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008.07.24 10:59:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Riwalsro\Data aplikací\Mozilla\Firefox\Profiles\71ljx1ml.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.03.10 14:57:42 | 000,000,000 | ---D | M] (Seznam liĹˇtiÄŤka) -- C:\Documents and Settings\Riwalsro\Data aplikací\Mozilla\Firefox\Profiles\71ljx1ml.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
[2009.03.17 13:05:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Riwalsro\Data aplikací\Mozilla\Firefox\Profiles\71ljx1ml.default\extensions\autopager@mozilla.org
[2009.08.05 07:53:39 | 000,001,331 | ---- | M] () -- C:\Documents and Settings\Riwalsro\Data aplikací\Mozilla\Firefox\Profiles\71ljx1ml.default\searchplugins\crawlersrch.xml
[2010.03.10 14:57:48 | 000,002,049 | ---- | M] () -- C:\Documents and Settings\Riwalsro\Data aplikací\Mozilla\Firefox\Profiles\71ljx1ml.default\searchplugins\firmycz.xml
[2010.04.23 09:37:49 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Riwalsro\Data aplikací\Mozilla\Firefox\Profiles\71ljx1ml.default\searchplugins\icqplugin-1.xml
[2008.07.24 10:58:53 | 000,000,962 | ---- | M] () -- C:\Documents and Settings\Riwalsro\Data aplikací\Mozilla\Firefox\Profiles\71ljx1ml.default\searchplugins\icqplugin.xml
[2010.03.10 14:57:48 | 000,002,044 | ---- | M] () -- C:\Documents and Settings\Riwalsro\Data aplikací\Mozilla\Firefox\Profiles\71ljx1ml.default\searchplugins\mapycz.xml
[2009.02.09 14:46:55 | 000,001,692 | ---- | M] () -- C:\Documents and Settings\Riwalsro\Data aplikací\Mozilla\Firefox\Profiles\71ljx1ml.default\searchplugins\sfd.xml
[2010.03.10 14:57:48 | 000,002,210 | ---- | M] () -- C:\Documents and Settings\Riwalsro\Data aplikací\Mozilla\Firefox\Profiles\71ljx1ml.default\searchplugins\zbocz.xml
[2010.04.23 13:33:06 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.04.15 12:10:17 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010.04.23 13:33:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.01.14 13:41:23 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\xmlfiller@software602.cz
[2010.04.15 12:10:10 | 000,023,000 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010.04.15 12:10:10 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2007.04.10 17:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
[2010.04.23 13:32:30 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009.12.17 16:39:34 | 000,090,112 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npfiller.dll
[2010.04.15 12:10:13 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2010.04.04 01:43:36 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2005.11.27 17:10:28 | 000,126,976 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2005.11.27 17:10:28 | 000,126,976 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2005.11.27 17:10:28 | 000,126,976 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2005.11.27 17:10:28 | 000,126,976 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2005.11.27 17:10:28 | 000,126,976 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2009.09.21 11:24:16 | 000,001,329 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml
[2010.03.09 16:20:41 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010.03.09 16:20:41 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.03.09 16:20:41 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.03.09 16:20:42 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.03.09 16:20:42 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.03.09 16:20:42 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2009.02.06 15:25:09 | 000,292,161 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 192.166.1.5 riwal1
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 10061 more lines...
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Adresa) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Adresa) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O3 - HKCU\..\Toolbar\WebBrowser: (&Odkazy) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [CHotkey] C:\WINDOWS\mHotkey.exe (Chicony)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe (Logitech Inc.)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVRTCLK] C:\WINDOWS\system32\NVRTClk\NVRTClk.exe ()
O4 - HKLM..\Run: [ToolBoxFX] C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe (HP)
O4 - HKLM..\Run: [UStorage] c:\program files\u-storage tools2.1\ustorage.exe ( )
O4 - HKLM..\Run: [Zástupce stránky vlastností sběrnice High Definition Audio] C:\WINDOWS\System32\Hdaudpropshortcut.exe (Windows (R) Server 2003 DDK provider)
O4 - HKCU..\Run: [SpywareTerminatorUpdate] C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\Riwalsro\Nabídka Start\Programy\Po spuštění\AutorunsDisabled [2009.04.07 08:31:16 | 000,000,000 | -H-D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_20.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resour ... se5483.cab (Windows Live Safety Center Base Module)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.254
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (3am Labs, Inc.)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Proces mezipaměti kategorií součástí - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Riwalsro\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Riwalsro\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.04.23 16:45:02 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2010.04.23 16:44:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2010.04.23 16:44:03 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2010.04.23 16:41:09 | 000,562,176 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Riwalsro\Plocha\OTL.exe
[2010.04.23 16:36:04 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010.04.23 14:18:06 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010.04.23 13:33:02 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010.04.23 13:33:01 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010.04.23 13:33:01 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010.04.23 13:33:01 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010.04.23 13:11:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Sun
[2010.04.23 13:10:18 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010.04.23 12:48:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Riwalsro\Data aplikací\Malwarebytes
[2010.04.23 12:48:42 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.04.23 12:48:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
[2010.04.23 12:48:39 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.04.23 12:48:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.04.23 10:58:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Adobe
[2010.04.14 11:07:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010.04.14 09:31:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Adobe
[2010.04.13 15:06:07 | 000,000,000 | ---D | C] -- C:\Program Files\CodeStuff
[2010.04.10 22:11:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Apple
[2010.04.06 13:34:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\NVIDIA Corporation
[2010.04.06 13:34:43 | 000,600,680 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvuninst.exe
[2010.04.06 13:34:42 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2010.04.06 13:33:59 | 000,061,440 | ---- | C] (Khronos Group) -- C:\WINDOWS\System32\OpenCL.dll
[2010.04.06 13:33:57 | 011,640,832 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcompiler.dll
[2010.04.06 13:33:57 | 004,075,520 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuda.dll
[2010.04.06 13:33:57 | 002,646,632 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvenc.dll
[2010.04.06 13:33:57 | 002,030,184 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcuvid.dll
[2010.04.06 13:33:57 | 001,097,728 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvapi.dll
[2010.04.06 13:33:46 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2010.04.06 13:31:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\nView_Profiles
[2010.03.30 11:22:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Riwalsro\Data aplikací\WinRAR
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.04.23 16:49:02 | 000,000,940 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.04.23 16:44:59 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010.04.23 16:44:59 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010.04.23 16:44:01 | 000,002,742 | ---- | M] () -- C:\WINDOWS\WINCMD.INI
[2010.04.23 16:41:09 | 000,562,176 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Riwalsro\Plocha\OTL.exe
[2010.04.23 16:38:13 | 000,335,992 | ---- | M] () -- C:\Documents and Settings\Riwalsro\Plocha\Dial-a-fix-v0.60.0.24.zip
[2010.04.23 15:31:07 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.04.23 15:27:34 | 000,000,277 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.04.23 14:42:15 | 000,276,202 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010.04.23 14:40:28 | 000,000,936 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.04.23 14:39:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.04.23 14:39:05 | 010,223,616 | ---- | M] () -- C:\Documents and Settings\Riwalsro\NTUSER.DAT
[2010.04.23 14:38:52 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\Riwalsro\ntuser.ini
[2010.04.23 14:18:24 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010.04.23 13:54:52 | 000,002,565 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\ACDSee 9 Photo Manager.lnk
[2010.04.23 13:54:27 | 000,228,864 | ---- | M] () -- C:\Documents and Settings\Riwalsro\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.23 13:32:29 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010.04.23 13:32:29 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010.04.23 13:32:29 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010.04.23 13:32:29 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010.04.23 13:32:27 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010.04.23 12:48:46 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2010.04.23 12:39:35 | 000,002,519 | ---- | M] () -- C:\Documents and Settings\Riwalsro\Plocha\Corel PHOTO-PAINT 12 (2).lnk
[2010.04.23 12:28:06 | 000,002,561 | ---- | M] () -- C:\Documents and Settings\Riwalsro\Plocha\Microsoft Office Word 2003.lnk
[2010.04.23 12:23:24 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Spyware Terminator.lnk
[2010.04.23 10:30:17 | 000,001,566 | ---- | M] () -- C:\Documents and Settings\Riwalsro\Plocha\CCleaner.lnk
[2010.04.23 10:11:04 | 000,000,082 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010.04.23 09:08:04 | 000,002,544 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010.04.23 08:18:40 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.04.22 08:38:21 | 000,141,659 | -H-- | M] () -- C:\treeinfo.wc
[2010.04.21 11:14:09 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Adobe Reader 9.lnk
[2010.04.21 02:53:13 | 000,002,282 | ---- | M] () -- C:\Documents and Settings\Riwalsro\Plocha\Google Chrome.lnk
[2010.04.20 12:02:42 | 000,002,509 | ---- | M] () -- C:\Documents and Settings\Riwalsro\Plocha\CorelDRAW 12 (2).lnk
[2010.04.17 22:11:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010.04.14 14:21:56 | 000,002,517 | ---- | M] () -- C:\Documents and Settings\Riwalsro\Plocha\Microsoft Office Excel 2003.lnk
[2010.04.14 11:06:05 | 000,002,283 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Skype.lnk
[2010.04.14 10:53:10 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Google Earth.lnk
[2010.04.13 15:06:09 | 000,001,724 | ---- | M] () -- C:\Documents and Settings\Riwalsro\Plocha\CodeStuff Starter.lnk
[2010.04.06 07:22:18 | 000,403,968 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.04.06 07:22:18 | 000,401,726 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2010.04.06 07:22:18 | 000,074,426 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2010.04.06 07:22:18 | 000,063,188 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.04.06 07:22:15 | 000,956,044 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.04.02 13:59:46 | 000,000,229 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.03.30 11:22:12 | 000,000,684 | ---- | M] () -- C:\Documents and Settings\Riwalsro\Plocha\WinRAR.lnk
[2010.03.30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.03.30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.04.23 16:38:13 | 000,335,992 | ---- | C] () -- C:\Documents and Settings\Riwalsro\Plocha\Dial-a-fix-v0.60.0.24.zip
[2010.04.23 14:18:24 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010.04.23 14:18:14 | 000,261,312 | ---- | C] () -- C:\cmldr
[2010.04.23 12:48:46 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2010.04.23 12:23:24 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Spyware Terminator.lnk
[2010.04.14 10:53:10 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Google Earth.lnk
[2010.04.13 15:06:09 | 000,001,724 | ---- | C] () -- C:\Documents and Settings\Riwalsro\Plocha\CodeStuff Starter.lnk
[2010.04.13 15:03:34 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Startup.cpl
[2010.04.06 13:34:00 | 000,009,046 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
[2010.04.06 13:33:56 | 002,183,470 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2009.11.23 10:04:04 | 000,009,255 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009.11.12 14:48:58 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\StarOpen.sys
[2009.07.27 09:59:42 | 000,001,464 | ---- | C] () -- C:\WINDOWS\tefview.ini
[2009.05.20 11:51:32 | 000,142,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2008.06.11 14:24:12 | 000,000,418 | ---- | C] () -- C:\WINDOWS\WEBTRAN4.INI
[2008.06.11 14:24:09 | 000,001,274 | ---- | C] () -- C:\WINDOWS\WDICT32.INI
[2008.06.11 14:24:08 | 000,003,334 | ---- | C] () -- C:\WINDOWS\WTRAN32.INI
[2008.06.11 14:20:03 | 000,001,384 | ---- | C] () -- C:\WINDOWS\SETUPACT.INI
[2007.08.01 13:59:38 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2007.03.14 10:10:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\AUTORUN.INI
[2007.02.06 15:04:51 | 000,558,592 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2007.02.06 15:04:48 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2006.10.18 18:38:49 | 000,000,082 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006.03.23 15:03:23 | 000,000,544 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2006.01.30 15:46:19 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2006.01.30 15:46:17 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006.01.30 15:46:15 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2006.01.04 18:08:03 | 000,000,491 | ---- | C] () -- C:\WINDOWS\Instit.ini
[2006.01.04 18:08:02 | 000,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll
[2005.12.07 12:31:00 | 000,202,752 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2005.11.30 16:04:55 | 000,000,272 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2005.10.26 09:08:55 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2005.10.12 11:37:28 | 000,000,229 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005.09.26 12:05:06 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\drivers\khips.sys
[2005.05.11 11:29:15 | 000,000,026 | ---- | C] () -- C:\WINDOWS\tsctv.ini
[2005.02.26 17:08:46 | 000,002,580 | ---- | C] () -- C:\WINDOWS\System32\gah95on6.ini
[2005.02.26 17:08:45 | 000,000,035 | ---- | C] () -- C:\WINDOWS\System32\bln02nqv.ini
[2005.02.26 17:08:45 | 000,000,035 | ---- | C] () -- C:\WINDOWS\System32\70tovmto.ini
[2005.02.18 09:25:50 | 000,000,016 | ---- | C] () -- C:\WINDOWS\Temp.ini
[2005.02.12 15:15:30 | 000,000,331 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005.02.03 13:03:48 | 000,085,403 | ---- | C] () -- C:\WINDOWS\Debug.ini
[2005.01.20 11:59:16 | 000,000,032 | ---- | C] () -- C:\WINDOWS\barcode.ini
[2005.01.11 10:47:22 | 000,001,229 | ---- | C] () -- C:\WINDOWS\vista32.ini
[2005.01.11 10:47:22 | 000,000,189 | ---- | C] () -- C:\WINDOWS\KPCMS.INI
[2005.01.11 10:47:22 | 000,000,036 | ---- | C] () -- C:\WINDOWS\umaxdrv.ini
[2005.01.11 10:47:20 | 000,001,571 | ---- | C] () -- C:\WINDOWS\faxcpp1.ini
[2005.01.11 10:47:20 | 000,000,422 | ---- | C] () -- C:\WINDOWS\faxcpp.ini
[2005.01.11 10:46:52 | 000,047,616 | R--- | C] () -- C:\WINDOWS\ucmsp_32.dll
[2005.01.11 10:46:45 | 000,135,200 | ---- | C] () -- C:\WINDOWS\u2x00_32.dll
[2005.01.11 10:46:45 | 000,106,528 | ---- | C] () -- C:\WINDOWS\u1230_32.dll
[2005.01.11 10:46:45 | 000,065,536 | ---- | C] () -- C:\WINDOWS\u2200_32.dll
[2005.01.11 10:46:44 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\usq3400.dll
[2005.01.11 10:46:44 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\sqEp2Usb.dll
[2005.01.11 10:46:44 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\SQUSBIO.dll
[2005.01.11 10:46:44 | 000,016,475 | ---- | C] () -- C:\WINDOWS\uns5400.ini
[2005.01.11 10:46:44 | 000,016,279 | ---- | C] () -- C:\WINDOWS\uns3400.ini
[2005.01.11 10:46:44 | 000,010,435 | ---- | C] () -- C:\WINDOWS\scan05a.ini
[2005.01.11 10:46:44 | 000,006,932 | ---- | C] () -- C:\WINDOWS\System32\glscan.sys
[2005.01.11 10:46:44 | 000,000,902 | ---- | C] () -- C:\WINDOWS\umaxuapi.ini
[2005.01.11 10:46:43 | 000,030,208 | ---- | C] () -- C:\WINDOWS\uxmail32.dll
[2005.01.11 10:46:42 | 000,068,608 | ---- | C] () -- C:\WINDOWS\vufile32.dll
[2005.01.11 10:46:41 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\drivers\udnt.sys
[2005.01.11 10:44:21 | 000,000,261 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2005.01.09 14:30:21 | 000,000,703 | ---- | C] () -- C:\WINDOWS\WTRDICT.INI
[2005.01.09 14:29:49 | 000,001,278 | ---- | C] () -- C:\WINDOWS\WINTRAN.INI
[2005.01.08 19:22:38 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\sh33w32.dll
[2005.01.08 13:49:00 | 000,002,742 | ---- | C] () -- C:\WINDOWS\WINCMD.INI
[2005.01.08 00:15:19 | 000,000,494 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005.01.07 23:50:45 | 000,023,040 | R--- | C] () -- C:\WINDOWS\System32\drivers\GVCplDrv.sys
[2005.01.07 23:25:50 | 000,028,672 | R--- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2004.08.18 14:00:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004.08.18 14:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004.03.01 10:43:09 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll
[2004.03.01 08:53:21 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2004.01.06 00:50:40 | 000,245,760 | ---- | C] () -- C:\WINDOWS\System32\ImxEx.dll
[2003.09.30 12:47:47 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2003.09.30 12:47:47 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2003.09.30 12:47:47 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2003.09.30 12:47:46 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2003.09.30 12:47:46 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2003.04.09 16:38:04 | 000,005,664 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002.03.21 16:39:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[2001.07.07 05:00:00 | 000,003,165 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI
[1999.01.27 14:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll

========== LOP Check ==========

[2005.01.21 09:21:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ACD Systems
[2010.03.16 13:54:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Canneverbe Limited
[2007.12.27 12:40:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Downloaded Installations
[2009.12.30 13:21:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Installations
[2006.03.10 09:41:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\MSScanAppDataDir
[2009.12.30 13:33:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Nokia
[2007.12.27 12:42:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\PC Suite
[2005.06.28 12:21:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Pinnacle
[2009.06.03 16:31:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\River Past G5
[2010.04.23 12:28:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
[2007.08.02 10:49:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\vsosdk
[2009.01.24 17:10:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Riwalsro\Data aplikací\ACD Systems
[2009.06.10 10:06:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Riwalsro\Data aplikací\BVS Solitaire Collection
[2010.03.16 13:57:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Riwalsro\Data aplikací\Canneverbe Limited
[2008.05.20 07:33:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Riwalsro\Data aplikací\Datalayer
[2009.11.23 09:59:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Riwalsro\Data aplikací\FotoWire
[2009.01.24 17:10:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Riwalsro\Data aplikací\ICQ
[2006.01.17 12:27:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Riwalsro\Data aplikací\ICQLite
[2009.12.30 13:05:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Riwalsro\Data aplikací\Nokia
[2009.12.30 13:05:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Riwalsro\Data aplikací\Nokia Multimedia Player
[2010.03.24 08:59:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Riwalsro\Data aplikací\Opera
[2008.01.04 09:18:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Riwalsro\Data aplikací\PC Suite
[2007.11.06 16:00:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Riwalsro\Data aplikací\Pegasys Inc
[2009.01.24 17:00:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Riwalsro\Data aplikací\Pmcc
[2007.11.01 11:35:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Riwalsro\Data aplikací\River Past G5
[2010.04.23 15:10:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Riwalsro\Data aplikací\Spyware Terminator
[2008.03.27 13:51:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Riwalsro\Data aplikací\Vso

========== Purity Check ==========

< End of report >

wov · Příspěvekod **wov** » 23 dub 2010 16:58

Musel jsem to rozdělit, nešlo to poslat.

Extras

OTL Extras logfile created on: 23.4.2010 16:46:59 - Run 1
OTL by OldTimer - Version 3.2.2.0 Folder = C:\Documents and Settings\Riwalsro\Plocha
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

511,00 Mb Total Physical Memory | 236,00 Mb Available Physical Memory | 46,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 91,00% Paging File free
Paging file location(s): C:\pagefile.sys 4000 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111,78 Gb Total Space | 22,81 Gb Free Space | 20,41% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RIWAL2-VLADO
Current User Name: Riwalsro
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\strongdc++\StrongDC.exe" = C:\Program Files\strongdc++\StrongDC.exe:*:Enabled:StrongDC++ -- (Big Muscle, KohlSoft® Corporation ;-)

)
"C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe" = C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe:*:Enabled:Kerio Personal Firewall 4 - GUI -- (Kerio Technologies)
"C:\Program Files\ICQ6\ICQ.exe" = C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, Inc.)
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- (Skype Technologies)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02091327-B124-4216-9D71-58C0E24F5392}" = Nokia PC Suite
"{04F3BF74-9E34-4D3E-93C3-D3D1F24199C8}" = PC Connectivity Solution
"{05ADEEC8-BD58-43D9-A9E3-1F53B0DA117A}" = Opera 10.51
"{08C0729E-3E50-11DF-9D81-005056806466}" = Google Earth
"{10CB3889-B38F-4D4A-BFB2-AB4765B5FA65}" = hppCLJCM1312
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{333BECA0-DED8-4139-A516-8D9E44E22669}" = Kerio Personal Firewall
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3C812AD2-62BC-4C56-8FDB-18B26034B3A5}" = hppManualsCM1312
"{4359B248-BF0A-4FB6-8FEA-C32E2321AE26}" = hppscanCM1312
"{4629338A-8B55-49BE-B175-CB7F377078C5}" = Mio Transfer
"{4677C101-8278-4861-A708-326A8AB14DF2}" = hppSendFaxCM1312
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}" = Nokia Software Updater
"{4F896DE0-EF26-11D5-BBEC-00D0B740900A}" = Multimedia keyboard driver Ver1.07
"{4FE82277-309E-4A0F-AEDE-6F4BD210E3D9}" = STORMWARE POHODA Klient CZ Premium
"{505AFDC0-5E72-4928-8368-5DEA385E3647}" = CorelDRAW Graphics Suite 12
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{52D02A2B-03D2-4E34-A358-DC5D951FD296}" = Nokia Connectivity Cable Driver
"{548EAC70-EE00-11DD-908C-005056806466}" = Google Earth
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{583EDB12-4CEA-48B5-A7BA-88069DD47BA2}" = hppQFolderCM1312
"{5932A5C4-BB44-4CFB-AD66-1B826F4D788B}" = CDBurnerXP
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5F518478-A35E-4029-88DA-A3ED5A3BE2DA}" = hppScanToCM1312
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D4428A0-4A14-4173-92E2-CE966C7BC862}" = hppFaxUtilityCM1312
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{75DEC63E-92C6-403C-ABDF-8AEFEC61C704}" = hppFaxDrvCM1312
"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
"{784CFD4D-1BA5-4DB5-9377-84DAF0D19EF1}" = WinXP Manager
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EEDB90E-6ABC-42bb-AD4C-39DEE05E3EEA}" = HP Color LaserJet CM1312 MFP Series 4.0
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90110405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0405-0000-0000000FF1CE}" = Sada Compatibility Pack pro systém Office 2007
"{995F2783-8311-49BF-833E-DB659774B4F6}" = hppFonts
"{9DE3F260-B88E-42CE-90E7-73C78C37D95E}" = 32 Bit HP BiDi Channel Components Installer
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1029-7B44-A93000000001}" = Adobe Reader 9.3.2 - Czech
"{AD61A93E-64CE-4815-8E14-39E744A9A74A}" = STORMWARE POHODA Klient CZ Premium
"{B01118C1-2D38-4D73-9AA8-7330CD13268A}" = hppPQVideoCM1312
"{B19A4DDE-424A-4B51-8E24-7D8DE263AF7F}" = Guitar Alchemist Free
"{B1F3DEDA-B3F6-4F7A-9687-B28D897884E7}" = STORMWARE POHODA Klient CZ
"{B2D41883-3BFC-4BA0-A2F6-5A2C9836C238}" = ACDSee 9 Photo Manager
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{B95350D0-DA64-468E-9DD0-308C78409538}" = hppTLBXFXCM1312
"{BB406CEB-6207-4512-9BB2-89950DC9D6B6}_is1" = ConvertXtoDVD 2.2.3.258
"{C43048A9-742C-4DAD-90D2-E3B53C9DB825}" = Logitech QuickCam Software
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE8E7F69-1221-4EB1-9620-AA4601AC5F22}" = STORMWARE POHODA Klient CZ
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D142FE39-3386-4d82-9AD3-36D4A92AC3C2}" = DocMgr
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = AusLogics Disk Defrag
"{E1B2DF7C-A176-4A1D-9D32-3CEC5037A524}" = Apple Application Support
"{E692347E-2AFA-44AE-8197-5A34308B84CC}" = 602XML Filler rozšíření pro Mozilla Firefox
"{E72D350E-9628-425C-80BC-8C1BD7561029}" = Nero 8 Essentials
"{E92BCB17-FD2B-4AE3-882D-7C91B382AA66}" = hpzTLBXFX
"{EF9E4EF6-9F83-4DA5-B696-66D0C9901E8E}" = WinXP Manager
"{F7F7FE98-9D77-449B-A4EB-6F527AD1CCB4}" = hppusgCM1312
"0852D05415AB9A4F1EF451E342267F76C776ED2F" = Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1)
"4CFD94C379217A02D5EA067615FF789CD731BCDB" = Windows Driver Package - Nokia (WUDFRd) WPD (11/03/2006 6.82.26.2)
"AC3Filter" = AC3Filter (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced WindowsCarev1.7" = Advanced WindowsCare
"avast!" = avast! Antivirus
"BVSSOL_is1" = BVS Solitaire Collection version 5.2
"CCleaner" = CCleaner
"C-Media Audio Driver" = C-Media High Definition Audio Driver
"CodeStuff Starter" = CodeStuff Starter
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.1.5
"Corel Uninstaller" = Corel Uninstaller
"Easy Video Joiner_is1" = Easy Video Joiner 4.36
"GOM Player" = GOM Player
"hp deskjet 6122 series_Driver" = hp deskjet 6122 series
"HP Document Manager" = HP Document Manager 1.0
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"IsoBuster_is1" = IsoBuster 1.7
"Jigsaw Puzzle Platinum Edition" = Jigsaw Puzzle Platinum Edition
"KLiteCodecPack_is1" = K-Lite Codec Pack 2.83 Full
"Lexicon 4.0" = Lingea Lexicon 2002
"Logitech Print Service" = Logitech Print Service
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Media Key" = Media Key
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Picasa 3" = Picasa 3
"QcDrv" = ##CAMERADRIVERNAME##
"Shop for HP Supplies" = Shop for HP Supplies
"Sprint & FineReader 5.0 Office Try&Buy" = Sprint & FineReader 5.0 Office Try&Buy
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.3
"Spyware Terminator_is1" = Spyware Terminator
"STORMWARE PDF Printer_is1" = STORMWARE PDF Printer 5.0.0.614
"Totalcmd" = Total Commander (Remove or Repair)
"WinASO RegDefrag_is1" = WinASO RegDefrag 1.2
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WinRAR archiver" = WinRAR

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Verdict Free" = Slovník Verdict Free

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 9.12.2009 9:00:10 | Computer Name = RIWAL2-VLADO | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of \\Riwal1\pohoda\Data\PSC.ldb failed, 00000035.

Error - 9.12.2009 9:45:22 | Computer Name = RIWAL2-VLADO | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of \\Riwal1\pohoda\Data\26225131_2009.ldb failed, 00000035.

Error - 9.12.2009 9:45:23 | Computer Name = RIWAL2-VLADO | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of \\Riwal1\pohoda\Data\Pohoda.ldb failed, 00000035.

Error - 9.12.2009 12:21:35 | Computer Name = RIWAL2-VLADO | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of \\Riwal1\pohoda\Data\26225131_2009.ldb failed, 00000035.

Error - 9.12.2009 12:21:36 | Computer Name = RIWAL2-VLADO | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of \\Riwal1\pohoda\Data\Pohoda.ldb failed, 00000035.

Error - 9.12.2009 12:21:38 | Computer Name = RIWAL2-VLADO | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of \\Riwal1\pohoda\Log\Zalohasys.tmp failed, 00000035.

Error - 9.12.2009 12:21:38 | Computer Name = RIWAL2-VLADO | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of \\Riwal1\pohoda\Data\Svatky.ldb failed, 00000035.

Error - 9.12.2009 12:21:39 | Computer Name = RIWAL2-VLADO | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of \\Riwal1\pohoda\Data\PSC.ldb failed, 00000035.

Error - 10.12.2009 6:33:49 | Computer Name = RIWAL2-VLADO | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of \\Riwal1\pohoda\Data\26225131_2009.ldb failed, 00000035.

Error - 10.12.2009 6:33:50 | Computer Name = RIWAL2-VLADO | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of \\Riwal1\pohoda\Data\Pohoda.ldb failed, 00000035.

[ Application Events ]
Error - 23.4.2010 8:42:33 | Computer Name = RIWAL2-VLADO | Source = WmiAdapter | ID = 4099
Description = Otevření služby se nezdařil

Error - 23.4.2010 8:42:35 | Computer Name = RIWAL2-VLADO | Source = WmiAdapter | ID = 4099
Description = Otevření služby se nezdařil

Error - 23.4.2010 8:42:36 | Computer Name = RIWAL2-VLADO | Source = WmiAdapter | ID = 4099
Description = Otevření služby se nezdařil

Error - 23.4.2010 8:42:38 | Computer Name = RIWAL2-VLADO | Source = WmiAdapter | ID = 4099
Description = Otevření služby se nezdařil

Error - 23.4.2010 8:42:39 | Computer Name = RIWAL2-VLADO | Source = WmiAdapter | ID = 4099
Description = Otevření služby se nezdařil

Error - 23.4.2010 8:42:41 | Computer Name = RIWAL2-VLADO | Source = WmiAdapter | ID = 4099
Description = Otevření služby se nezdařil

Error - 23.4.2010 8:42:42 | Computer Name = RIWAL2-VLADO | Source = WmiAdapter | ID = 4099
Description = Otevření služby se nezdařil

Error - 23.4.2010 8:42:43 | Computer Name = RIWAL2-VLADO | Source = WmiAdapter | ID = 4099
Description = Otevření služby se nezdařil

Error - 23.4.2010 8:42:45 | Computer Name = RIWAL2-VLADO | Source = WmiAdapter | ID = 4099
Description = Otevření služby se nezdařil

Error - 23.4.2010 8:42:47 | Computer Name = RIWAL2-VLADO | Source = WmiAdapter | ID = 4099
Description = Otevření služby se nezdařil

[ System Events ]
Error - 23.4.2010 8:41:23 | Computer Name = RIWAL2-VLADO | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1058 při pokusu o spuštění služby hpqcxs08
s argumenty za účelem spuštění serveru: {1DAEDD8A-30ED-4585-9CF1-13BDF7791DDE}

Error - 23.4.2010 8:41:23 | Computer Name = RIWAL2-VLADO | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1058 při pokusu o spuštění služby hpqcxs08
s argumenty za účelem spuštění serveru: {1DAEDD8A-30ED-4585-9CF1-13BDF7791DDE}

Error - 23.4.2010 8:41:23 | Computer Name = RIWAL2-VLADO | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1058 při pokusu o spuštění služby hpqcxs08
s argumenty za účelem spuštění serveru: {1DAEDD8A-30ED-4585-9CF1-13BDF7791DDE}

Error - 23.4.2010 8:41:23 | Computer Name = RIWAL2-VLADO | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1058 při pokusu o spuštění služby hpqcxs08
s argumenty za účelem spuštění serveru: {1DAEDD8A-30ED-4585-9CF1-13BDF7791DDE}

Error - 23.4.2010 8:41:53 | Computer Name = RIWAL2-VLADO | Source = Service Control Manager | ID = 7001
Description = Služba Sledování infračerveného přenosu závisí na službě Terminálová
služba, která neuspěla při spuštění v důsledku následující chyby: %%1058

Error - 23.4.2010 8:41:59 | Computer Name = RIWAL2-VLADO | Source = Service Control Manager | ID = 7009
Description = Vypršel časový limit (30000 milisekund) čekání na připojení služby
avast! Web Scanner.

Error - 23.4.2010 8:41:59 | Computer Name = RIWAL2-VLADO | Source = Service Control Manager | ID = 7000
Description = Služba avast! Web Scanner neuspěla při spuštění v důsledku následující
chyby: %%1053

Error - 23.4.2010 8:46:04 | Computer Name = RIWAL2-VLADO | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1058 při pokusu o spuštění služby MDM
s argumenty za účelem spuštění serveru: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

Error - 23.4.2010 9:10:21 | Computer Name = RIWAL2-VLADO | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1058 při pokusu o spuštění služby MDM
s argumenty za účelem spuštění serveru: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

Error - 23.4.2010 9:15:24 | Computer Name = RIWAL2-VLADO | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1058 při pokusu o spuštění služby MDM
s argumenty za účelem spuštění serveru: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

< End of report >

Příspěvekod **jaro3** » 23 dub 2010 19:18

Poklepej na ikonu OTL na ploše.Ujisti se , že máš všechny ostatní aplikace a prohlížeče zavřeny.
Pod Vlastní skenování/opravy do okénka vlož následující text, zobrazený zeleně:

Kód: Vybrat vše

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
O1 HOSTS File: ([2009.02.06 15:25:09 | 000,292,161 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 192.166.1.5 riwal1
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 10061 more lines...
O4 - Startup: C:\Documents and Settings\Riwalsro\Nabídka Start\Programy\Po spuštění\AutorunsDisabled [2009.04.07 08:31:16 | 000,000,000 | -H-D | M]
O18 - Protocol\Handler\msdaipp - No CLSID value found
018 - Protocol\Handler\ipp - No CLSID value found
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O34 - HKLM BootExecute: (autocheck autochk *) - File not found

:Files
C:\WINDOWS\System32\*.tmp 
C:\WINDOWS\*.tmp 
C:\WINDOWS\system32\*.tmp.dll 
C:\WINDOWS\system32\SET*.tmp 
c:\windows\Tasks\*.job 
C:\WINDOWS\tasks\SA.DAT
C:\WINDOWS\AUTORUN.INI
C:\WINDOWS\_delis32.ini
C:\WINDOWS\System32\CddbCdda.dll
C:\WINDOWS\System32\gah95on6.ini
C:\WINDOWS\System32\bln02nqv.ini
C:\WINDOWS\System32\70tovmto.ini
C:\WINDOWS\Temp.ini

:Reg
:Commands
[resethosts]
[purity]
[emptytemp]
[start explorer]
[Reboot]

Poté klikni nahoře na Opravit. Nech program nerušeně běžet, na konci se provede restart PC.
Po restartu se objeví log , prosím zkopíruj sem celý jeho obsah.

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
C:\WINDOWS\Instit.ini
Pokud už byl soubor testován-klikni na otestovat znovu.

Až skončí test všech antivirů, vlož sem pak odkaz na stránku s výsledky.

wov · Příspěvekod **wov** » 25 dub 2010 09:02

Provedeno

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
No active process named firefox.exe was found!
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
127.0.0.1 localhost removed from HOSTS file successfully
192.166.1.5 riwal1 removed from HOSTS file successfully
127.0.0.1 www.007guard.com removed from HOSTS file successfully
127.0.0.1 007guard.com removed from HOSTS file successfully
127.0.0.1 008i.com removed from HOSTS file successfully
127.0.0.1 www.008k.com removed from HOSTS file successfully
127.0.0.1 008k.com removed from HOSTS file successfully
127.0.0.1 www.00hq.com removed from HOSTS file successfully
127.0.0.1 00hq.com removed from HOSTS file successfully
127.0.0.1 010402.com removed from HOSTS file successfully
127.0.0.1 www.032439.com removed from HOSTS file successfully
127.0.0.1 032439.com removed from HOSTS file successfully
127.0.0.1 www.0scan.com removed from HOSTS file successfully
127.0.0.1 0scan.com removed from HOSTS file successfully
127.0.0.1 1000gratisproben.com removed from HOSTS file successfully
127.0.0.1 www.1001namen.com removed from HOSTS file successfully
127.0.0.1 1001namen.com removed from HOSTS file successfully
127.0.0.1 www.100888290cs.com removed from HOSTS file successfully
127.0.0.1 100888290cs.com removed from HOSTS file successfully
127.0.0.1 www.100sexlinks.com removed from HOSTS file successfully
127.0.0.1 100sexlinks.com removed from HOSTS file successfully
127.0.0.1 www.10sek.com removed from HOSTS file successfully
127.0.0.1 10sek.com removed from HOSTS file successfully
127.0.0.1 www.1-2005-search.com removed from HOSTS file successfully
C:\Documents and Settings\Riwalsro\Nabídka Start\Programy\Po spuštění\AutorunsDisabled folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ deleted successfully.
File Protocol\Handler\msdaipp - No CLSID value found not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0\ deleted successfully.
File About:Home not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully.
========== FILES ==========
File\Folder C:\WINDOWS\System32\*.tmp not found.
File\Folder C:\WINDOWS\*.tmp not found.
File\Folder C:\WINDOWS\system32\*.tmp.dll not found.
File\Folder C:\WINDOWS\system32\SET*.tmp not found.
c:\windows\Tasks\AppleSoftwareUpdate.job moved successfully.
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\WINDOWS\tasks\SA.DAT moved successfully.
C:\WINDOWS\AUTORUN.INI moved successfully.
C:\WINDOWS\_delis32.ini moved successfully.
C:\WINDOWS\System32\CddbCdda.dll moved successfully.
C:\WINDOWS\System32\gah95on6.ini moved successfully.
C:\WINDOWS\System32\bln02nqv.ini moved successfully.
C:\WINDOWS\System32\70tovmto.ini moved successfully.
C:\WINDOWS\Temp.ini moved successfully.
========== REGISTRY ==========
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Flash cache emptied: 41 bytes

User: LocalService

User: LogMeInRemoteUser

User: NetworkService

User: Riwalsro
->Java cache emptied: 0 bytes
->Apple Safari cache emptied: 101794 bytes
->Flash cache emptied: 3382 bytes

%systemdrive% .tmp files removed: 393216 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 37768 bytes
Windows Temp folder emptied: 16384 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 360320 bytes

Total Files Cleaned = 1,00 mb

OTL by OldTimer - Version 3.2.2.0 log created on 04252010_085149

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\_avast4_\Webshlock.txt not found!
C:\WINDOWS\temp\Perflib_Perfdata_5e4.dat moved successfully.

Registry entries deleted on Reboot...

a stránka:
http://www.virustotal.com/cs/analisis/e ... 1272178806

Prosím o kontrolu logu - blbne outlook expres

Prosím o kontrolu logu - blbne outlook expres

Re: Prosím o kontrolu logu - blbne outlook expres

Re: Prosím o kontrolu logu - blbne outlook expres

Re: Prosím o kontrolu logu - blbne outlook expres

Re: Prosím o kontrolu logu - blbne outlook expres

Re: Prosím o kontrolu logu - blbne outlook expres

Re: Prosím o kontrolu logu - blbne outlook expres

Re: Prosím o kontrolu logu - blbne outlook expres

Re: Prosím o kontrolu logu - blbne outlook expres

Re: Prosím o kontrolu logu - blbne outlook expres

Re: Prosím o kontrolu logu - blbne outlook expres

Re: Prosím o kontrolu logu - blbne outlook expres

Kdo je online