Prosím o kontrolu logu (problémy s pc)

nintendo · Příspěvekod **nintendo** » 26 kvě 2010 11:18

Může se prosím vás někdo mrknout na můj log z HJT ? Nedávno mi v pc AVIRA hlásila dost virů a od té doby se mi nějak moc vytěžuje mozilla a je hodně pomalá .. Díky za případnou pomoc

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:12:07, on 26.5.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Program Files (x86)\Rainmeter\Rainmeter.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Java\jre6\bin\javaw.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://qip.ru
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\tomas\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\tomas\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
O4 - HKLM\..\Policies\Explorer\Run: [rtw9ws] C:\Users\tomas\AppData\Local\Temp\jo2lej.exe
O4 - Startup: Rainmeter.lnk = C:\Program Files (x86)\Rainmeter\Rainmeter.exe
O8 - Extra context menu item: Stáhnout s IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Stáhnout s IDM obsah FLV videa - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Stáhnout s IDM všechny odkazy - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8589 bytes

Reklama

kilmal · Příspěvekod **kilmal** » 28 kvě 2010 19:07

Zdravim,
je tam jen mala mrska a nejake drobnosti.

1. OTMoveIT3

Stahnete OTMoveIT3
Pokud pouzivate Win Vista ci W7, kliknete na OTM pravym a dejte Run As Administrator ci Spustit jako spravce
Do leveho okna Paste Instructions for Items to be Moved (pod zlutou caru) vlozte obsah, ktery mate nize
Kód: Vybrat vše
:files C:\Users\tomas\AppData\Local\Temp\jo2lej.exe :reg [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "rtw9ws"=- :commands [emptytemp] [emptyflash]
Kliknete na cervene tlacitko MoveIt!
Sem pote dejte obsah okna Results (pod zelenou carou)
Pokud budete vyzvani na restart, dejte Yes, log pote najdete C:\_OTM\MovedFiles

2.Fixnuti v HJT

HJT najdete zde C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
Fix znamena ze spustite HJT
Otevre se Vam okno, kliknete na Do a system scan only
v dalsim okne najdete radky ktere mate nize
Kód: Vybrat vše
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://qip.ru R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie R3 - URLSearchHook: (no name) - - (no file) O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
Vedle nich je ctverecek do kterého udelate zatrzitko
Kliknete na Fix checked (vlevo dole)
HJT se Vas zepta zda opravdu ANO, s tim souhlasite a je hotovo

3.Toolbary

Odinstalujte nepotrebne toolbary - v pc mate DAEMON Tools Toolbar

4.CCleaner

Stahnete CCleaner, pri instalaci dejte pryc fajfku u yahoo toolbar

Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

5.Kontrola

Dejte kontrolni log z HJT
Avira Vam ty viry uspesne smazala?
Napiste jak se chova pc

nintendo · Příspěvekod **nintendo** » 12 čer 2010 10:48

Děkuji za pomoc. Zdá se , že je vše už v pořádku.. Avira ty viry hodila do karantény , tak jsem je smazal.
Ještě finální log z hjt

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:43:09, on 12.6.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Program Files (x86)\Rainmeter\Rainmeter.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\QIP\qip.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\tomas\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
O2 - BHO: SuggestMeYesBHO - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files (x86)\AutocompletePro\AutocompletePro.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\tomas\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
O4 - HKLM\..\Policies\Explorer\Run: [rtw9ws] C:\Users\tomas\AppData\Local\Temp\jo2lej.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Rainmeter.lnk = C:\Program Files (x86)\Rainmeter\Rainmeter.exe
O8 - Extra context menu item: Stáhnout s IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Stáhnout s IDM obsah FLV videa - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Stáhnout s IDM všechny odkazy - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files (x86)\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8270 bytes

Příspěvekod **jaro3** » 12 čer 2010 11:50

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\tomas\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Policies\Explorer\Run: [rtw9ws] C:\Users\tomas\AppData\Local\Temp\jo2lej.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Všechno to asi nebude , takže:

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Pokud budou problémy , spusť v nouz. režimu.

nintendo · Příspěvekod **nintendo** » 12 čer 2010 12:32

Díky.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 4190

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

12.6.2010 12:27:14
mbam-log-2010-06-12 (12-27-14).txt

Typ skenu: Rychlý sken
Skenované objekty: 123133
Uplynulý čas: 2 minuta(y), 39 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 5
Infikované hodnoty registru: 1
Infikované datové položky registru: 0
Infikované složky: 6
Infikované soubory: 12

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
HKEY_CLASSES_ROOT\TypeLib\{01bcb858-2f62-4f06-a8f4-48f927c15333} (Adware.PredictAd) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{c9ae652b-8c99-4ac2-b556-8b501182874e} (Adware.PredictAd) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{0fb6a909-6086-458f-bd92-1f8ee10042a0} (Adware.PredictAd) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0fb6a909-6086-458f-bd92-1f8ee10042a0} (Adware.PredictAd) -> No action taken.
HKEY_CLASSES_ROOT\AppID\AutocompletePro.DLL (Adware.PredictAd) -> No action taken.

Infikované hodnoty registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\support@predictad.com (Adware.PredictAd) -> No action taken.

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
C:\Program Files (x86)\AutocompletePro (Adware.PredictAd) -> No action taken.
C:\Program Files (x86)\AutocompletePro\support@predictad.com (Adware.PredictAd) -> No action taken.
C:\Program Files (x86)\AutocompletePro\support@predictad.com\chrome (Adware.PredictAd) -> No action taken.
C:\Program Files (x86)\AutocompletePro\support@predictad.com\chrome\content (Adware.PredictAd) -> No action taken.
C:\Program Files (x86)\AutocompletePro\support@predictad.com\defaults (Adware.PredictAd) -> No action taken.
C:\Program Files (x86)\AutocompletePro\support@predictad.com\defaults\preferences (Adware.PredictAd) -> No action taken.

Infikované soubory:
C:\Program Files (x86)\AutocompletePro\AutocompletePro.dll (Adware.PredictAd) -> No action taken.
C:\Program Files (x86)\AutocompletePro\FireFoxExtension.exe (Adware.PredictAd) -> No action taken.
C:\Program Files (x86)\AutocompletePro\InstTracker.exe (Adware.PredictAd) -> No action taken.
C:\Program Files (x86)\AutocompletePro\unins000.dat (Adware.PredictAd) -> No action taken.
C:\Program Files (x86)\AutocompletePro\unins000.exe (Adware.PredictAd) -> No action taken.
C:\Program Files (x86)\AutocompletePro\support@predictad.com\chrome.manifest (Adware.PredictAd) -> No action taken.
C:\Program Files (x86)\AutocompletePro\support@predictad.com\install.rdf (Adware.PredictAd) -> No action taken.
C:\Program Files (x86)\AutocompletePro\support@predictad.com\chrome\content\browserOverlay.xul (Adware.PredictAd) -> No action taken.
C:\Program Files (x86)\AutocompletePro\support@predictad.com\chrome\content\options.js (Adware.PredictAd) -> No action taken.
C:\Program Files (x86)\AutocompletePro\support@predictad.com\chrome\content\options.xul (Adware.PredictAd) -> No action taken.
C:\Program Files (x86)\AutocompletePro\support@predictad.com\chrome\content\utils.js (Adware.PredictAd) -> No action taken.
C:\Program Files (x86)\AutocompletePro\support@predictad.com\defaults\preferences\predictad.js (Adware.PredictAd) -> No action taken.

Příspěvekod **jaro3** » 12 čer 2010 14:48

. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Můžeš sem pak vložit nový log z MbAM.

Stáhni si OTH
na svojí plochu( pokud používáš Firefox , pravým klikni na OTH link a vyber uložit jako (Save as..).

Stáhni si OTL
na svojí plochu (pokud používáš Firefox , pravým klikni na OTL link a vyber uložit jako (Save as..).

Stáhni si soubor Scan.txt
na svojí plochu (pokud používáš Firefox , pravým klikni na OTL link a vyber uložit jako (Save as..).

Poklepej na soubor OTH na ploše , po spuštění programu klikni na Kill All Processes.Poté klikni na Start OTL .Poklepej Do prázdného okna pod Vlastní skenování /opravy ( Custom Scans box). Objeví se zpráva: Kliknutím na OK vyberete cestu k souboru, kliknutím na Zrušit zrušíte výběr.
Klikni na OK. Objeví se okno průzkumníku , zde klikneš na plochu a najdeš na ní soubor Scan.txt .Klikni na Otevřít.
Poté klikni na Rychle prohledat (Quick Scan). Neměň žádná jiná nastavení . Sken může trvat dlouho.
Kdy sken skončí , objeví se na ploše dva logy:
OTL.Txt a Extras.Txt , jsou uloženy ve stejném místě jako OTL.
Zkopíruj sem prosím celý obsah obou logů.

nintendo · Příspěvekod **nintendo** » 12 čer 2010 15:30

Extras.txt

OTL Extras logfile created on: 12.6.2010 15:20:24 - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\tomas\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 72,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 215,75 Gb Total Space | 116,76 Gb Free Space | 54,12% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 931,50 Gb Total Space | 37,39 Gb Free Space | 4,01% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 250,00 Gb Total Space | 82,42 Gb Free Space | 32,97% Space Free | Partition Type: NTFS

Computer Name: TOMAS-PC
Current User Name: tomas
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{17102E7B-B438-9EB7-5D85-6399D92D1078}" = ATI Catalyst Install Manager
"{404BB1FF-A84F-432F-B77B-301E88E8D1C7}" = Apple Mobile Device Support
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{50822200-2E95-4E62-A8D8-41C3B308DF5E}" = Microsoft SQL Server VSS Writer
"{68660049-8D48-427C-9FF7-139D8340CDC0}" = MSVC80_x64
"{6E740973-8E71-42F9-A910-C18452E60450}" = Microsoft SQL Server Native Client
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{96D5EB02-DE18-4DCD-A713-929B4461CA8D}" = iTunes
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A792E67C-FDA4-A301-0C3C-53BA86EFBB5A}" = ccc-utility64
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C19D4D8F-4433-4F6D-9F0C-79589FD0B973}" = Bonjour
"05B59228C7E1C21DFBE89260F879BD95880548D8" = Balíček ovladače systému Windows - Nokia Modem (10/05/2009 4.2)
"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Balíček ovladače systému Windows - Nokia Modem (06/01/2009 7.01.0.4)
"C-Media CM106 Like Sound Driver" = Point of View :: Gaming Headphone 5.1 USB
"Ext2Ifs_for_NT6" = Ext2 IFS 1.11a for Windows Vista/2008
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Balíček ovladače systému Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"SP6" = Logitech SetPoint 6.0
"WinRAR archiver" = WinRAR

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{19DC9559-9C20-4A46-A67D-7ECBA52A2788}" = Nokia PC Suite
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{2300EE96-0A41-4FAB-BD03-989EC44577A0}" = Acronis Disk Director Suite
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2ADE2157-7A5E-122C-B51D-EB8A01B15943}" = DeepBurner v1.9.0.228
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (ECSQLEXPRESS)
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{47CAFF95-C3D8-ABF2-70BC-89DE00D8FB19}" = Catalyst Control Center Graphics Light
"{4962EBAC-AE7C-1B22-1EA0-0916A7E40954}" = Catalyst Control Center Graphics Full Existing
"{49A62E2B-B35C-941D-DF48-601207CF14C0}" = Catalyst Control Center Graphics Previews Common
"{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}" = Nokia Software Updater
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{564D0000-547B-4ED8-8070-85286CC8C9BF}" = OpenOffice.org 3.0
"{59FF6830-6B81-475F-ADF6-702B3A878530}" = Opera 10.50
"{5B363E1D-8C36-4458-BAE4-D5081999E094}" = Browser Configuration Utility
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A490E11-6C8A-777C-4E00-43F3CC16A1EC}" = CCC Help English
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}" = PC Connectivity Solution
"{72736F5F-520D-472A-88CC-7B02872FD34E}" = ATI Catalyst Registration
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77919701-C3E7-09AA-D2F7-DBF42CD7C13D}" = Catalyst Control Center HydraVision Full
"{78B2F09F-BDC7-7865-CF4C-233B64A3BE51}" = Catalyst Control Center Graphics Full New
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87BB78C4-F36D-4D93-A7C7-F80F18219848}" = AMD DnD V1.0.19
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{AC76BA86-7AD7-1029-7B44-A93000000001}" = Adobe Reader 9.3.2 - Czech
"{B5F47039-9B19-4AC3-9A4A-E1CA3068E59F}" = ArcSoft TotalMedia Theatre 3
"{C084BC61-E537-11DE-8616-005056806466}" = Google Earth
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C50EF365-2898-489A-B6C7-30DAA466E9A2}" = Nokia Connectivity Cable Driver
"{D241BBEC-B1C7-7953-EDDE-D90A654A8D2C}" = ccc-core-static
"{D5C24E77-099E-9B84-5BE2-708E70B938A9}" = Catalyst Control Center Core Implementation
"{DC4757E2-BAE3-0BFE-C6E5-576CB911FF52}" = Catalyst Control Center Graphics Previews Vista
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FB8148DD-C575-4B0A-9F6C-0CFC46937930}" = Opera 10.10
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AutocompletePro3_is1" = AutocompletePro
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"Counter-Strike: Source" = Counter-Strike: Source
"Counter-Strike: Source Texture Pack 1.00" = Counter-Strike: Source Texture Pack 1.00
"ffdshow_is1" = ffdshow [rev 1723] [2007-12-24]
"Generic USB 106 Sound" = Gaming Headphone 5.1 USB
"InstallShield_{B5F47039-9B19-4AC3-9A4A-E1CA3068E59F}" = ArcSoft TotalMedia Theatre 3
"Internet Download Manager" = Internet Download Manager
"JDownloader" = JDownloader
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.4.8 (Full) BETA
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaInfo" = MediaInfo 0.7.33 (32-bit)
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"mIRC" = mIRC
"MKVtoolnix" = MKVtoolnix 2.9.9
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"netloader" = netloader
"Nokia Maps Updater_is1" = Nokia Maps Updater 1.0.12
"Nokia PC Suite" = Nokia PC Suite
"PowerISO" = PowerISO
"Rainmeter" = Rainmeter (remove only)
"Steam App 10" = Counter-Strike
"Steam App 220" = Half-Life 2
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 380" = Half-Life 2: Episode One
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 440" = Team Fortress 2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"The KMPlayer" = The KMPlayer (remove only)
"Totalcmd" = Total Commander (Remove or Repair)
"uTorrent" = µTorrent
"VentriloMIX" = VentriloMIX
"Visual IRC_is1" = Visual IRC 2.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape Streaming Services" = Octoshape Streaming Services
"PhotoFiltre Studio X" = PhotoFiltre Studio X
"QIP 2005" = QIP 2005 8095

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

nintendo · Příspěvekod **nintendo** » 12 čer 2010 15:30

OTL.txt

OTL logfile created on: 12.6.2010 15:20:24 - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\tomas\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 72,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 215,75 Gb Total Space | 116,76 Gb Free Space | 54,12% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 931,50 Gb Total Space | 37,39 Gb Free Space | 4,01% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 250,00 Gb Total Space | 82,42 Gb Free Space | 32,97% Space Free | Partition Type: NTFS

Computer Name: TOMAS-PC
Current User Name: tomas
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010.06.12 15:17:58 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\tomas\Desktop\otl.exe
PRC - [2010.06.12 15:17:43 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Users\tomas\Desktop\OTH.scr
PRC - [2010.04.16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009.08.04 18:29:54 | 000,219,360 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2009.07.21 15:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.05.13 17:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

========== Modules (SafeList) ==========

MOD - [2010.06.12 15:17:58 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\tomas\Desktop\otl.exe
MOD - [2009.07.14 03:17:54 | 000,242,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\rsaenh.dll
MOD - [2009.07.14 03:16:19 | 000,156,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\winsta.dll
MOD - [2009.07.14 03:16:19 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wkscli.dll
MOD - [2009.07.14 03:16:18 | 001,011,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WindowsCodecs.dll
MOD - [2009.07.14 03:16:16 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\microsoft shared\ink\tiptsf.dll
MOD - [2009.07.14 03:16:16 | 000,082,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\thumbcache.dll
MOD - [2009.07.14 03:16:15 | 000,363,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\StructuredQuery.dll
MOD - [2009.07.14 03:16:15 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\srvcli.dll
MOD - [2009.07.14 03:16:15 | 000,027,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\slc.dll
MOD - [2009.07.14 03:16:13 | 000,643,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\SearchFolder.dll
MOD - [2009.07.14 03:16:13 | 000,045,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\RpcRtRemote.dll
MOD - [2009.07.14 03:16:11 | 000,442,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntshrui.dll
MOD - [2009.07.14 03:16:11 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\ntlanman.dll
MOD - [2009.07.14 03:16:03 | 001,661,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\networkexplorer.dll
MOD - [2009.07.14 03:15:36 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\linkinfo.dll
MOD - [2009.07.14 03:15:28 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ieproxy.dll
MOD - [2009.07.14 03:15:14 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\EhStorShell.dll
MOD - [2009.07.14 03:15:13 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\drprov.dll
MOD - [2009.07.14 03:15:08 | 000,077,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\davclnt.dll
MOD - [2009.07.14 03:15:08 | 000,019,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\davhlpr.dll
MOD - [2009.07.14 03:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2009.07.14 03:15:07 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cscapi.dll
MOD - [2009.07.14 03:14:52 | 000,309,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\actxprxy.dll
MOD - [2009.07.14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009.07.14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010.02.03 06:17:10 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010.01.29 23:18:20 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV:64bit: - [2009.07.14 03:41:59 | 000,229,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wwansvc.dll -- (WwanSvc)
SRV:64bit: - [2009.07.14 03:41:56 | 000,202,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbiosrvc.dll -- (WbioSrvc)
SRV:64bit: - [2009.07.14 03:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009.07.14 03:41:56 | 000,163,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpo.dll -- (Power)
SRV:64bit: - [2009.07.14 03:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2009.07.14 03:41:54 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sppuinotify.dll -- (sppuinotify)
SRV:64bit: - [2009.07.14 03:41:54 | 000,029,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sensrsvc.dll -- (SensrSvc)
SRV:64bit: - [2009.07.14 03:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009.07.14 03:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (PNRPsvc)
SRV:64bit: - [2009.07.14 03:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (p2pimsvc)
SRV:64bit: - [2009.07.14 03:41:53 | 000,187,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\provsvc.dll -- (HomeGroupProvider)
SRV:64bit: - [2009.07.14 03:41:53 | 000,067,072 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\SysNative\RpcEpMap.dll -- (RpcEptMapper)
SRV:64bit: - [2009.07.14 03:41:53 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpauto.dll -- (PNRPAutoReg)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 03:41:18 | 000,231,936 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ListSvc.dll -- (HomeGroupListener)
SRV:64bit: - [2009.07.14 03:40:54 | 001,127,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2009.07.14 03:40:28 | 000,314,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2009.07.14 03:40:28 | 000,291,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\defragsvc.dll -- (defragsvc)
SRV:64bit: - [2009.07.14 03:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009.07.14 03:40:13 | 000,083,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\bthserv.dll -- (bthserv)
SRV:64bit: - [2009.07.14 03:40:10 | 000,100,864 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\bdesvc.dll -- (BDESVC)
SRV:64bit: - [2009.07.14 03:40:05 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AxInstSv.dll -- (AxInstSV)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009.07.14 03:40:01 | 000,032,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appidsvc.dll -- (AppIDSvc)
SRV:64bit: - [2009.07.14 03:39:51 | 001,503,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbengine.exe -- (wbengine)
SRV:64bit: - [2009.07.14 03:39:28 | 003,524,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\sppsvc.exe -- (sppsvc)
SRV:64bit: - [2009.07.14 03:39:11 | 000,689,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FXSSVC.exe -- (Fax)
SRV - [2010.06.09 11:16:33 | 000,395,048 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010.04.16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009.10.27 10:26:36 | 000,657,408 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009.08.04 18:29:54 | 000,219,360 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009.07.21 15:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.07.14 05:20:14 | 000,000,000 | ---D | M] [On_Demand | Stopped] -- C:\Windows\Vss -- (VSS)
SRV - [2009.07.14 05:20:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC) Služba DTC (Distributed Transaction Coordinator)
SRV - [2009.07.14 03:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\provsvc.dll -- (HomeGroupProvider)
SRV - [2009.07.14 03:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV - [2009.07.13 22:30:11 | 000,061,056 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2009.06.10 22:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2009.05.13 17:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2007.03.15 10:06:12 | 002,233,400 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe -- (AcronisOSSReinstallSvc)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2010.05.29 10:31:13 | 000,198,944 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2010.02.03 06:55:18 | 006,366,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010.02.03 06:55:18 | 006,366,720 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.02.03 05:23:58 | 000,186,880 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.01.28 16:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.12.22 13:17:12 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009.12.09 17:42:38 | 000,074,880 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2009.11.10 13:53:40 | 000,040,976 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2009.11.10 13:53:16 | 000,058,384 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009.11.10 13:53:00 | 000,056,336 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009.11.09 05:28:08 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2009.10.06 12:54:18 | 000,008,704 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64j.sys -- (UsbserFilt)
DRV:64bit: - [2009.10.06 12:53:56 | 000,025,088 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdcx64)
DRV:64bit: - [2009.10.06 12:53:56 | 000,008,704 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2009.10.06 12:53:54 | 000,018,944 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcdx64)
DRV:64bit: - [2009.08.13 10:10:42 | 000,112,240 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009.07.30 13:58:42 | 000,236,544 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,153,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ksecpkg.sys -- (KSecPkg)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:48:04 | 000,014,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hwpolicy.sys -- (hwpolicy)
DRV:64bit: - [2009.07.14 03:47:49 | 000,055,376 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fsdepends.sys -- (FsDepends)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:56 | 000,022,096 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wimmount.sys -- (WIMMount)
DRV:64bit: - [2009.07.14 03:45:55 | 000,217,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vhdmp.sys -- (vhdmp)
DRV:64bit: - [2009.07.14 03:45:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)
DRV:64bit: - [2009.07.14 03:45:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)
DRV:64bit: - [2009.07.14 03:45:55 | 000,036,432 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vdrvroot.sys -- (vdrvroot)
DRV:64bit: - [2009.07.14 03:45:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 03:45:46 | 000,214,096 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\rdyboost.sys -- (rdyboost)
DRV:64bit: - [2009.07.14 03:45:45 | 000,050,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pcw.sys -- (pcw)
DRV:64bit: - [2009.07.14 03:43:14 | 000,460,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\cng.sys -- (CNG)
DRV:64bit: - [2009.07.14 03:43:13 | 000,223,448 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fvevol.sys -- (fvevol)
DRV:64bit: - [2009.07.14 02:17:46 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rdpbus.sys -- (rdpbus)
DRV:64bit: - [2009.07.14 02:16:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV:64bit: - [2009.07.14 02:10:24 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV:64bit: - [2009.07.14 02:09:26 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wfplwf.sys -- (WfpLwf)
DRV:64bit: - [2009.07.14 02:08:13 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndiscap.sys -- (NdisCap)
DRV:64bit: - [2009.07.14 02:07:21 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vwifibus.sys -- (vwifibus)
DRV:64bit: - [2009.07.14 02:07:13 | 000,227,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\1394ohci.sys -- (1394ohci)
DRV:64bit: - [2009.07.14 02:07:00 | 000,350,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV:64bit: - [2009.07.14 02:06:52 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\umpass.sys -- (UmPass)
DRV:64bit: - [2009.07.14 02:06:32 | 000,109,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBAUDIO.sys -- (usbaudio) Ovladač zvuků USB (WDM)
DRV:64bit: - [2009.07.14 02:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2009.07.14 02:06:28 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winusb.sys -- (WinUsb)
DRV:64bit: - [2009.07.14 02:06:24 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV:64bit: - [2009.07.14 02:05:37 | 000,112,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WUDFPf.sys -- (WudfPf)
DRV:64bit: - [2009.07.14 02:02:08 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MTConfig.sys -- (MTConfig)
DRV:64bit: - [2009.07.14 02:00:34 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CompositeBus.sys -- (CompositeBus)
DRV:64bit: - [2009.07.14 02:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\beep.sys -- (Beep)
DRV:64bit: - [2009.07.14 01:52:39 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\appid.sys -- (AppID)
DRV:64bit: - [2009.07.14 01:50:17 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\scfilter.sys -- (scfilter)
DRV:64bit: - [2009.07.14 01:42:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)
DRV:64bit: - [2009.07.14 01:42:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)
DRV:64bit: - [2009.07.14 01:37:18 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\discache.sys -- (discache)
DRV:64bit: - [2009.07.14 01:31:06 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidbatt.sys -- (HidBatt)
DRV:64bit: - [2009.07.14 01:31:03 | 000,017,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CmBatt.sys -- (CmBatt)
DRV:64bit: - [2009.07.14 01:27:17 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipmi.sys -- (AcpiPmi)
DRV:64bit: - [2009.07.14 01:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009.07.14 01:19:25 | 000,060,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdppm.sys -- (AmdPPM)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008.09.25 17:39:12 | 000,270,272 | ---- | M] (Stephan Schreiber) [File_System | System | Running] -- C:\Windows\SysNative\drivers\ext2fs.sys -- (Ext2fs)
DRV:64bit: - [2008.08.28 22:49:20 | 000,080,320 | ---- | M] (Stephan Schreiber) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ifsmount.sys -- (IfsMount)
DRV:64bit: - [2008.08.28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2008.03.28 06:08:06 | 001,121,280 | ---- | M] (C-Media Electronics Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CM10664.sys -- (USBMULCD)
DRV:64bit: - [2007.08.16 11:58:38 | 000,251,392 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AVerFx2hbtv64.sys -- (AVerFx2hbtv64)
DRV - [2009.12.07 21:22:14 | 000,000,000 | ---D | M] [Kernel | System | Running] -- C:\Windows\CSC -- (CSC)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.07.14 03:16:19 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\winusb.dll -- (WinUsb)
DRV - [2009.07.14 03:16:02 | 000,014,336 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\netbios.dll -- (NetBIOS)
DRV - [2009.06.10 23:28:14 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)
DRV - [2009.06.10 23:15:18 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2009.02.06 20:40:56 | 000,161,792 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\ArcHlp.sys -- (archlp)
DRV - [2004.07.14 13:54:42 | 000,676,864 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\hardlock.sys -- (Hardlock)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.cz/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = cs
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D8 CF 6F 02 FE C0 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "QIP Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://google.cz/ig"
FF - prefs.js..extensions.enabledItems: mozilla_cc@internetdownloadmanager.com:6.9.1
FF - prefs.js..extensions.enabledItems: {FBF6D7FB-F305-4445-BB3D-FEF66579A033}:4.9
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.3
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..keyword.URL: "http://search.qip.ru/search?from=FF&query="

FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\ [2010.02.04 15:11:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.05.03 21:41:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.06.09 20:10:31 | 000,000,000 | ---D | M]

[2009.12.07 14:53:37 | 000,000,000 | ---D | M] -- C:\Users\tomas\AppData\Roaming\Mozilla\Extensions
[2010.06.12 11:04:17 | 000,000,000 | ---D | M] -- C:\Users\tomas\AppData\Roaming\Mozilla\Firefox\Profiles\9cc376f7.default\extensions
[2010.05.16 18:30:40 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\tomas\AppData\Roaming\Mozilla\Firefox\Profiles\9cc376f7.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.06.12 10:15:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tomas\AppData\Roaming\Mozilla\Firefox\Profiles\9cc376f7.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2010.05.16 18:30:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tomas\AppData\Roaming\Mozilla\Firefox\Profiles\9cc376f7.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}
[2010.04.28 20:37:10 | 000,001,832 | ---- | M] () -- C:\Users\tomas\AppData\Roaming\Mozilla\Firefox\Profiles\9cc376f7.default\searchplugins\bing.xml
[2010.01.22 12:27:15 | 000,002,055 | ---- | M] () -- C:\Users\tomas\AppData\Roaming\Mozilla\Firefox\Profiles\9cc376f7.default\searchplugins\daemon-search.xml
[2010.04.22 17:10:51 | 000,002,062 | ---- | M] () -- C:\Users\tomas\AppData\Roaming\Mozilla\Firefox\Profiles\9cc376f7.default\searchplugins\qip-search.xml
[2010.04.27 20:51:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010.03.12 19:44:46 | 000,000,638 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.03.12 19:44:46 | 000,001,687 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.03.12 19:44:46 | 000,001,367 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.03.12 19:44:46 | 000,000,654 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.03.12 19:44:46 | 000,001,179 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2010.05.20 19:20:15 | 000,000,913 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 ad.ghura.pl
O1 - Hosts: 127.0.0.1 ircgalaxy.pl
O1 - Hosts: 127.0.0.1 ru.brans.pl
O1 - Hosts: 127.0.0.1 zief.pl
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (QIPBHO Class) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\tomas\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - Startup: C:\Users\tomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk = C:\Program Files (x86)\Rainmeter\Rainmeter.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Stáhnout s IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8:64bit: - Extra context menu item: Stáhnout s IDM obsah FLV videa - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm ()
O8:64bit: - Extra context menu item: Stáhnout s IDM všechny odkazy - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Stáhnout s IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Stáhnout s IDM obsah FLV videa - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Stáhnout s IDM všechny odkazy - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.46.172.36 213.46.172.37
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: Ias - C:\Windows\SysNative\ias [2009.07.14 05:20:14 | 000,000,000 | ---D | M]
NetSvcs:64bit: Irmon - C:\Windows\SysNative\irmon.dll (Microsoft Corporation)
NetSvcs:64bit: Wmi - C:\Windows\SysNative\wmi.dll (Microsoft Corporation)
NetSvcs:64bit: Themes - C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)
NetSvcs:64bit: BDESVC - C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
NetSvcs: Ias - C:\Windows\SysWOW64\ias.dll (Microsoft Corporation)
NetSvcs: Wmi - C:\Windows\SysWOW64\wmi.dll (Microsoft Corporation)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 90 Days ==========

[2010.06.12 15:18:21 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Users\tomas\Desktop\OTL.exe
[2010.06.12 15:18:21 | 000,258,560 | ---- | C] (OldTimer Tools) -- C:\Users\tomas\Desktop\OTH.scr
[2010.06.12 12:23:08 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.06.09 20:10:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2010.06.09 20:10:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2010.06.09 20:10:05 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.06.05 15:19:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamSpeak 3 Client
[2010.06.04 11:06:48 | 000,000,000 | ---D | C] -- C:\.multiTH
[2010.06.04 08:21:22 | 000,000,000 | ---D | C] -- C:\Users\tomas\AppData\Roaming\mkvtoolnix
[2010.06.04 08:12:39 | 000,000,000 | ---D | C] -- C:\Users\tomas\AVCHDCoder
[2010.06.04 08:12:16 | 000,000,000 | ---D | C] -- C:\Users\tomas\Documents\AVCHDCoder
[2010.06.04 08:04:49 | 000,000,000 | ---D | C] -- C:\Users\tomas\AppData\Roaming\BDREBUILDER
[2010.06.04 08:04:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AviSynth 2.5
[2010.06.04 07:49:11 | 000,000,000 | ---D | C] -- C:\multiAVCHD
[2010.05.29 10:37:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Acronis
[2010.05.29 10:31:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Acronis
[2010.05.29 10:31:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acronis
[2010.05.26 11:10:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010.05.24 17:31:05 | 000,000,000 | ---D | C] -- C:\Users\tomas\AppData\Roaming\Apple Computer
[2010.05.24 17:30:04 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010.05.24 17:30:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010.05.24 17:30:04 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010.05.24 17:30:04 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2010.05.24 17:29:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2010.05.24 17:29:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010.05.24 17:29:07 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010.05.24 17:29:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010.05.21 10:52:54 | 000,000,000 | ---D | C] -- C:\Users\tomas\AppData\Roaming\Malwarebytes
[2010.05.21 10:52:40 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.05.21 10:52:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.05.21 10:52:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.05.21 10:42:41 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\tomas\AppData\Roaming\pcouffin.sys
[2010.05.21 10:42:41 | 000,000,000 | ---D | C] -- C:\Users\tomas\AppData\Roaming\Vso
[2010.05.21 10:42:41 | 000,000,000 | ---D | C] -- C:\Users\tomas\Documents\PcSetup
[2010.05.21 10:34:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010.05.21 10:34:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010.05.20 18:24:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\mIRC
[2010.05.19 23:02:01 | 000,000,000 | ---D | C] -- C:\Users\tomas\Application Data
[2010.05.19 23:01:01 | 000,000,000 | ---D | C] -- C:\Users\tomas\Documents\ArcSoft
[2010.05.19 22:58:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ArcSoft
[2010.05.19 15:31:38 | 000,000,000 | ---D | C] -- C:\Users\tomas\Documents\DVDFab
[2010.05.19 15:31:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDFab 7
[2010.05.19 14:25:28 | 000,000,000 | ---D | C] -- C:\Users\tomas\AppData\Roaming\Leadertech
[2010.05.19 14:25:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LogiShrd
[2010.05.19 14:25:09 | 000,018,960 | ---- | C] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys
[2010.05.19 14:24:41 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\LogiShrd
[2010.05.19 14:24:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Logishrd
[2010.05.19 14:24:30 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2010.05.19 14:24:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LogiShrd
[2010.05.19 14:24:10 | 000,000,000 | ---D | C] -- C:\Users\tomas\AppData\Roaming\Logitech
[2010.05.19 14:24:10 | 000,000,000 | ---D | C] -- C:\Users\tomas\AppData\Roaming\Logishrd
[2010.05.10 16:50:19 | 000,000,000 | ---D | C] -- C:\Users\tomas\AppData\Roaming\mIRC
[2010.05.10 16:49:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ViRC
[2010.05.03 21:40:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010.05.03 21:40:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010.04.28 12:04:22 | 000,281,600 | ---- | C] (Stephan Schreiber) -- C:\Windows\SysNative\ifsdrives.dll
[2010.04.28 12:04:22 | 000,270,272 | ---- | C] (Stephan Schreiber) -- C:\Windows\SysNative\drivers\ext2fs.sys
[2010.04.28 12:04:22 | 000,083,904 | ---- | C] (Stephan Schreiber) -- C:\Windows\SysNative\ifsdrives.exe
[2010.04.28 12:04:22 | 000,080,320 | ---- | C] (Stephan Schreiber) -- C:\Windows\SysNative\drivers\ifsmount.sys
[2010.04.28 07:32:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader
[2010.04.28 06:18:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2010.04.28 06:18:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2010.04.24 19:55:07 | 000,000,000 | ---D | C] -- C:\Users\tomas\Documents\AnyDVDHD
[2010.04.24 19:53:46 | 000,000,000 | ---D | C] -- C:\ProgramData\SlySoft
[2010.04.24 19:52:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SlySoft
[2010.04.24 18:54:02 | 000,000,000 | ---D | C] -- C:\Users\tomas\AppData\Local\Cinema_Squid
[2010.04.23 16:24:29 | 000,000,000 | ---D | C] -- C:\Users\tomas\.ssh
[2010.04.23 16:24:28 | 000,000,000 | ---D | C] -- C:\Users\tomas\.sshterm
[2010.04.22 16:56:00 | 000,000,000 | ---D | C] -- C:\Users\tomas\AppData\Roaming\QIP
[2010.04.22 16:55:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QIP 2010
[2010.04.15 16:29:37 | 000,000,000 | ---D | C] -- C:\Users\tomas\Documents\Rockstar Games
[2010.04.15 16:03:41 | 000,000,000 | ---D | C] -- C:\Users\tomas\AppData\Local\Rockstar Games
[2010.04.02 12:24:16 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2010.04.02 10:55:24 | 000,000,000 | ---D | C] -- C:\Users\tomas\AppData\Roaming\skypePM
[2010.04.02 10:54:50 | 000,000,000 | ---D | C] -- C:\Users\tomas\AppData\Roaming\Skype
[2010.04.02 10:54:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2010.04.01 19:10:58 | 000,000,000 | ---D | C] -- C:\Users\tomas\AppData\Local\Google
[2010.04.01 19:10:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2010.03.27 15:30:52 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DAEMON Tools Images
[2010.03.27 15:14:48 | 000,091,568 | ---- | C] (PowerISO Computing, Inc.) -- C:\Windows\SysNative\drivers\scdemu.sys
[2010.03.27 15:14:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PowerISO
[2010.03.26 19:33:32 | 000,000,000 | ---D | C] -- C:\Users\tomas\Documents\Heroes of Newerth
[2010.03.26 19:33:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Heroes of Newerth
[2010.03.23 21:45:20 | 000,000,000 | ---D | C] -- C:\Users\tomas\Documents\Square Enix
[2010.03.20 20:10:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Garena
[2010.03.20 13:47:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Warcraft III
[2010.03.18 21:25:09 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010.03.17 20:25:34 | 000,000,000 | ---D | C] -- C:\Users\tomas\AppData\Roaming\DeepBurner
[2010.03.17 20:06:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Astonsoft
[2010.03.16 13:19:29 | 000,000,000 | ---D | C] -- C:\Users\tomas\Documents\4A Games
[2010.03.16 13:15:52 | 000,000,000 | ---D | C] -- C:\Users\tomas\AppData\Local\4A Games
[2010.03.16 12:48:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\METRO 2033
[2010.03.16 10:43:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\THQ
[2010.03.15 16:27:15 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2010.03.14 21:57:14 | 000,000,000 | ---D | C] -- C:\Users\tomas\AppData\Roaming\TS3Client
[2010.03.14 21:52:49 | 000,000,000 | ---D | C] -- C:\Users\tomas\AppData\Roaming\teamspeak2

========== Files - Modified Within 90 Days ==========

[2010.06.12 15:21:49 | 038,797,312 | -HS- | M] () -- C:\Users\tomas\NTUSER.DAT
[2010.06.12 15:20:02 | 000,669,130 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2010.06.12 15:20:02 | 000,653,700 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.06.12 15:20:02 | 000,136,366 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2010.06.12 15:20:02 | 000,121,132 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.06.12 15:20:01 | 001,577,396 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.06.12 15:17:58 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\tomas\Desktop\OTL.exe
[2010.06.12 15:17:43 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Users\tomas\Desktop\OTH.scr
[2010.06.12 14:56:33 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.06.12 14:56:33 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.06.12 14:49:07 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.06.12 14:49:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.06.12 14:48:55 | 3217,678,336 | -HS- | M] () -- C:\hiberfil.sys
[2010.06.12 14:48:04 | 002,646,534 | -H-- | M] () -- C:\Users\tomas\AppData\Local\IconCache.db
[2010.06.12 12:23:10 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.06.12 10:41:01 | 000,001,845 | ---- | M] () -- C:\Users\tomas\Desktop\CCleaner.lnk
[2010.06.12 10:34:34 | 000,062,896 | ---- | M] () -- C:\Users\tomas\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.06.12 10:34:19 | 000,285,056 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.06.09 20:10:31 | 000,001,974 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.06.05 15:19:30 | 000,001,122 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2010.06.04 11:11:58 | 000,001,542 | ---- | M] () -- C:\Users\tomas\Desktop\multiAVCHD 4.1.lnk
[2010.06.04 07:49:17 | 000,001,542 | ---- | M] () -- C:\Users\tomas\Desktop\multiAVCHD 3.0.lnk
[2010.05.29 11:40:04 | 000,001,372 | ---- | M] () -- C:\Users\tomas\Desktop\HD filmy 2 (H).lnk
[2010.05.29 11:38:52 | 000,001,377 | ---- | M] () -- C:\Users\tomas\Desktop\downloading (I).lnk
[2010.05.29 10:46:50 | 000,001,024 | ---- | M] () -- C:\Windows\SysNative\AutoPartNt.let
[2010.05.29 10:31:12 | 000,001,300 | ---- | M] () -- C:\Users\Public\Desktop\Acronis Disk Director Suite.lnk
[2010.05.21 10:42:41 | 000,099,384 | ---- | M] () -- C:\Users\tomas\AppData\Roaming\inst.exe
[2010.05.21 10:42:41 | 000,082,816 | ---- | M] (VSO Software) -- C:\Users\tomas\AppData\Roaming\pcouffin.sys
[2010.05.21 10:42:41 | 000,007,859 | ---- | M] () -- C:\Users\tomas\AppData\Roaming\pcouffin.cat
[2010.05.21 10:42:41 | 000,001,167 | ---- | M] () -- C:\Users\tomas\AppData\Roaming\pcouffin.inf
[2010.05.21 07:56:22 | 000,000,040 | -HS- | M] () -- C:\ProgramData\.zreglib
[2010.05.20 19:20:07 | 000,183,808 | ---- | M] () -- C:\Windows\Xfusea.exe
[2010.05.20 18:24:27 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\mIRC.lnk
[2010.05.19 22:58:38 | 000,001,987 | ---- | M] () -- C:\Users\Public\Desktop\TotalMedia Theatre 3.lnk
[2010.05.19 14:25:09 | 000,018,960 | ---- | M] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys
[2010.05.03 19:57:10 | 000,000,600 | ---- | M] () -- C:\Users\tomas\AppData\Roaming\winscp.rnd
[2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.04.29 15:39:28 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.04.28 07:33:04 | 000,000,979 | ---- | M] () -- C:\Users\tomas\Desktop\JDownloader.lnk
[2010.04.02 10:55:24 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat

========== Files Created - No Company Name ==========

[2010.06.12 12:23:10 | 000,000,969 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.06.12 10:41:01 | 000,001,845 | ---- | C] () -- C:\Users\tomas\Desktop\CCleaner.lnk
[2010.06.09 20:10:15 | 000,001,974 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.06.05 15:19:30 | 000,001,122 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2010.06.04 11:11:58 | 000,001,542 | ---- | C] () -- C:\Users\tomas\Desktop\multiAVCHD 4.1.lnk
[2010.06.04 07:49:17 | 000,001,542 | ---- | C] () -- C:\Users\tomas\Desktop\multiAVCHD 3.0.lnk
[2010.05.29 11:16:15 | 000,001,377 | ---- | C] () -- C:\Users\tomas\Desktop\downloading (I).lnk
[2010.05.29 10:37:11 | 000,001,024 | ---- | C] () -- C:\Windows\SysNative\AutoPartNt.let
[2010.05.29 10:31:12 | 000,001,300 | ---- | C] () -- C:\Users\Public\Desktop\Acronis Disk Director Suite.lnk
[2010.05.21 10:42:42 | 000,000,055 | ---- | C] () -- C:\Users\tomas\AppData\Roaming\pcouffin.log
[2010.05.21 10:42:41 | 000,099,384 | ---- | C] () -- C:\Users\tomas\AppData\Roaming\inst.exe
[2010.05.21 10:42:41 | 000,007,859 | ---- | C] () -- C:\Users\tomas\AppData\Roaming\pcouffin.cat
[2010.05.21 10:42:41 | 000,001,167 | ---- | C] () -- C:\Users\tomas\AppData\Roaming\pcouffin.inf
[2010.05.20 19:20:13 | 000,183,808 | ---- | C] () -- C:\Windows\Xfusea.exe
[2010.05.20 18:24:27 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\mIRC.lnk
[2010.05.19 22:58:38 | 000,001,987 | ---- | C] () -- C:\Users\Public\Desktop\TotalMedia Theatre 3.lnk
[2010.04.28 14:05:30 | 000,001,372 | ---- | C] () -- C:\Users\tomas\Desktop\HD filmy 2 (H).lnk
[2010.04.28 12:04:22 | 000,000,724 | ---- | C] () -- C:\Windows\SysNative\ifsdrives_tasks.xml
[2010.04.28 07:33:04 | 000,000,979 | ---- | C] () -- C:\Users\tomas\Desktop\JDownloader.lnk
[2010.04.24 19:53:46 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010.04.02 10:55:24 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.03.22 14:42:47 | 000,000,127 | ---- | C] () -- C:\Users\tomas\seznam-souboru.txt
[2010.02.28 14:38:29 | 000,000,049 | ---- | C] () -- C:\Windows\CoolRead.ini
[2010.02.05 18:23:37 | 000,139,264 | R--- | C] () -- C:\Windows\Vmix106.dll
[2010.02.05 18:10:55 | 000,049,152 | R--- | C] () -- C:\Windows\SysWow64\CM106rm.dll
[2010.02.05 18:10:55 | 000,000,576 | ---- | C] () -- C:\Windows\Cm106.ini.cfl
[2010.02.05 18:09:45 | 000,004,599 | R--- | C] () -- C:\Windows\Cm106.ini.cfg
[2010.01.12 20:56:17 | 001,470,766 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009.12.21 20:05:19 | 000,002,982 | ---- | C] () -- C:\Windows\Cm106.ini.imi
[2009.12.21 19:57:16 | 000,000,630 | R--- | C] () -- C:\Windows\cm106.ini
[2009.12.07 15:00:33 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2009.12.07 15:00:33 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2009.12.07 15:00:32 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009.12.07 15:00:32 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009.12.07 15:00:31 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009.12.07 15:00:31 | 000,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest
[2009.12.07 14:40:19 | 000,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2009.12.07 14:40:19 | 000,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009.12.07 14:36:29 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2009.11.06 11:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.02.06 20:40:56 | 000,161,792 | ---- | C] () -- C:\Windows\SysWow64\drivers\ArcHlp.sys

========== LOP Check ==========

[2010.01.06 17:31:50 | 000,000,000 | ---D | M] -- C:\Users\tomas\AppData\Roaming\Autodesk
[2010.02.21 01:00:35 | 000,000,000 | ---D | M] -- C:\Users\tomas\AppData\Roaming\Babylon
[2010.06.04 08:04:49 | 000,000,000 | ---D | M] -- C:\Users\tomas\AppData\Roaming\BDREBUILDER
[2010.01.03 19:11:10 | 000,000,000 | ---D | M] -- C:\Users\tomas\AppData\Roaming\Bioshock
[2010.02.09 12:59:12 | 000,000,000 | ---D | M] -- C:\Users\tomas\AppData\Roaming\Bioshock2
[2009.12.22 13:21:24 | 000,000,000 | ---D | M] -- C:\Users\tomas\AppData\Roaming\DAEMON Tools Lite
[2010.03.17 20:33:40 | 000,000,000 | ---D | M] -- C:\Users\tomas\AppData\Roaming\DeepBurner
[2010.06.12 14:49:20 | 000,000,000 | ---D | M] -- C:\Users\tomas\AppData\Roaming\DMCache
[2010.02.26 18:32:04 | 000,000,000 | ---D | M] -- C:\Users\tomas\AppData\Roaming\FileZilla
[2010.02.20 00:36:04 | 000,000,000 | ---D | M] -- C:\Users\tomas\AppData\Roaming\GHISLER
[2010.04.07 23:26:16 | 000,000,000 | ---D | M] -- C:\Users\tomas\AppData\Roaming\IDM
[2010.05.19 14:25:28 | 000,000,000 | ---D | M] -- C:\Users\tomas\AppData\Roaming\Leadertech
[2010.06.04 08:21:22 | 000,000,000 | ---D | M] -- C:\Users\tomas\AppData\Roaming\mkvtoolnix
[2010.01.24 16:42:40 | 000,000,000 | ---D | M] -- C:\Users\tomas\AppData\Roaming\Nokia
[2009.12.13 01:36:40 | 000,000,000 | ---D | M] -- C:\Users\tomas\AppData\Roaming\Octoshape
[2010.01.12 17:52:11 | 000,000,000 | ---D | M] -- C:\Users\tomas\AppData\Roaming\OpenOffice.org
[2010.01.31 00:42:21 | 000,000,000 | ---D | M] -- C:\Users\tomas\AppData\Roaming\Opera
[2010.02.04 15:06:20 | 000,000,000 | ---D | M] -- C:\Users\tomas\AppData\Roaming\PC Suite
[2009.12.12 19:45:11 | 000,000,000 | ---D | M] -- C:\Users\tomas\AppData\Roaming\PhotoFiltre Studio X
[2010.04.22 16:56:00 | 000,000,000 | ---D | M] -- C:\Users\tomas\AppData\Roaming\QIP
[2009.12.08 17:58:02 | 000,000,000 | ---D | M] -- C:\Users\tomas\AppData\Roaming\Rainmeter
[2010.03.14 22:00:37 | 000,000,000 | ---D | M] -- C:\Users\tomas\AppData\Roaming\TS3Client
[2010.02.28 14:22:19 | 000,000,000 | ---D | M] -- C:\Users\tomas\AppData\Roaming\UDC Profiles
[2010.06.12 10:19:00 | 000,000,000 | ---D | M] -- C:\Users\tomas\AppData\Roaming\uTorrent
[2010.02.05 13:31:08 | 000,000,000 | ---D | M] -- C:\Users\tomas\AppData\Roaming\Voipwise
[2010.05.21 10:42:42 | 000,000,000 | ---D | M] -- C:\Users\tomas\AppData\Roaming\Vso
[2010.03.30 11:25:28 | 000,032,598 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

nintendo · Příspěvekod **nintendo** » 12 čer 2010 15:31

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2009.07.14 03:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2009.12.07 21:20:39 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2009.12.12 20:50:34 | 000,008,192 | ---- | M] () -- C:\bootsect.lxe.bak
[2009.12.07 14:42:41 | 000,000,197 | ---- | M] () -- C:\csb.log
[2007.11.07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007.11.07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007.11.07 09:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007.11.07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007.11.07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007.11.07 09:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007.11.07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007.11.07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007.11.07 09:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2009.12.12 20:50:33 | 000,383,592 | RHS- | M] () -- C:\gdrop
[2007.11.07 09:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2010.06.12 14:48:55 | 3217,678,336 | -HS- | M] () -- C:\hiberfil.sys
[2007.11.07 09:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2007.11.07 09:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2009.12.07 14:42:13 | 000,000,190 | ---- | M] () -- C:\Install.log
[2007.11.07 09:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007.11.07 09:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007.11.07 09:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007.11.07 09:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007.11.07 09:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007.11.07 09:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007.11.07 09:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007.11.07 09:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007.11.07 09:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2006.12.02 00:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2010.06.12 14:48:58 | 4290,240,512 | -HS- | M] () -- C:\pagefile.sys
[2009.12.07 14:40:16 | 000,002,135 | ---- | M] () -- C:\RHDSetup.log
[2007.11.07 09:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007.11.07 09:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007.11.07 09:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI
[2009.12.12 20:50:33 | 000,171,136 | RHS- | M] () -- C:\xeldr

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\drivers\*.sys /90 >
[2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWOW64\drivers\mbamswissarmy.sys
< End of report >

Příspěvekod **jaro3** » 12 čer 2010 21:56

Poklepej na ikonu OTL na ploše.Ujisti se , že máš všechny ostatní aplikace a prohlížeče zavřeny.
Pod Vlastní skenování/opravy do okénka vlož následující text, zobrazený zeleně:

Kód: Vybrat vše

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
FF - prefs.js..browser.search.defaultenginename: "QIP Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..keyword.URL: "http://search.qip.ru/search?from=FF&query="
O1 HOSTS File: ([2010.05.20 19:20:15 | 000,000,913 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 ad.ghura.pl
O1 - Hosts: 127.0.0.1 ircgalaxy.pl
O1 - Hosts: 127.0.0.1 ru.brans.pl
O1 - Hosts: 127.0.0.1 zief.pl
O2 - BHO: (QIPBHO Class) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\tomas\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O34 - HKLM BootExecute: (autocheck autochk *) - File not found

:Files
C:\WINDOWS\System32\*.tmp /s
C:\WINDOWS\*.tmp /s
C:\WINDOWS\system32\*.tmp.dll /s
C:\WINDOWS\system32\SET*.tmp /s
c:\windows\Tasks\*.job /s
C:\Windows\tasks\SA.DAT
C:\Users\tomas\AppData\Roaming\inst.exe
C:\Windows\Xfusea.exe
C:\ProgramData\ezsidmv.dat

:Reg
:Commands
[resethosts]
[purity]
[emptytemp]
[EMPTYFLASH]
[start explorer]
[Reboot]

Poté klikni nahoře na Opravit. Nech program nerušeně běžet, na konci se provede restart PC.
Po restartu se objeví log , prosím zkopíruj sem celý jeho obsah.

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
C:\Windows\SysWow64\drivers\ArcHlp.sys
C:\install.exe
C:\Windows\SysNative\drivers\ACPI.sys
C:\Windows\SysNative\drivers\beep.sys
C:\Windows\SysNative\drivers\NDIS.sys

Pokud už byl soubor testován-klikni na otestovat znovu.
Až skončí test všech antivirů, vlož sem pak odkazy na stránky s výsledky.

nintendo · Příspěvekod **nintendo** » 13 čer 2010 09:40

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
No active process named firefox.exe was found!
Prefs.js: "QIP Search" removed from browser.search.defaultenginename
Prefs.js: "chr-greentree_ff&type=302398" removed from browser.search.param.yahoo-fr
Prefs.js: "http://search.qip.ru/search?from=FF&query=" removed from keyword.URL
127.0.0.1 ad.ghura.pl removed from HOSTS file successfully
127.0.0.1 ircgalaxy.pl removed from HOSTS file successfully
127.0.0.1 ru.brans.pl removed from HOSTS file successfully
127.0.0.1 zief.pl removed from HOSTS file successfully
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}\ deleted successfully.
C:\Users\tomas\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully.
========== FILES ==========
File\Folder C:\WINDOWS\System32\*.tmp not found.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP66F.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp folder moved successfully.
File\Folder C:\WINDOWS\system32\*.tmp.dll not found.
File\Folder C:\WINDOWS\system32\SET*.tmp not found.
File\Folder c:\windows\Tasks\*.job not found.
C:\Windows\tasks\SA.DAT moved successfully.
C:\Users\tomas\AppData\Roaming\inst.exe moved successfully.
File\Folder C:\Windows\Xfusea.exe not found.
C:\ProgramData\ezsidmv.dat moved successfully.
========== REGISTRY ==========
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: tomas
->Temp folder emptied: 172977 bytes
->Temporary Internet Files folder emptied: 443190 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 94159700 bytes
->Flash cache emptied: 1711 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 50380 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 90,00 mb

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: tomas
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

OTL by OldTimer - Version 3.2.6.0 log created on 06132010_092317

Files\Folders moved on Reboot...
C:\Users\tomas\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

http://www.virustotal.com/cs/analisis/7008fa6004ab9e4fbc410ead8929f97056386dd65045f05059adf436fb655fad-1276414298
http://www.virustotal.com/cs/analisis/08966ce743aa1cbed0874933e104ef7b913188ecd8f0c679f7d8378516c51da2-1276414526

Složku SysNative tam nikde nemám , takže jsem ty ostatní soubory netestoval. (ani po zobrazení skrytých souborů a složek)

Příspěvekod **jaro3** » 13 čer 2010 10:11

stačí tam vložit do toho okénka myší:
C:\Windows\SysNative\drivers\ACPI.sys
C:\Windows\SysNative\drivers\beep.sys
C:\Windows\SysNative\drivers\NDIS.sys

a pak dát otestovat znovu.

Prosím o kontrolu logu (problémy s pc) Vyřešeno

Prosím o kontrolu logu (problémy s pc)

Re: Prosím o kontrolu logu (problémy s pc)

Re: Prosím o kontrolu logu (problémy s pc)

Re: Prosím o kontrolu logu (problémy s pc)

Re: Prosím o kontrolu logu (problémy s pc)

Re: Prosím o kontrolu logu (problémy s pc)

Re: Prosím o kontrolu logu (problémy s pc)

Re: Prosím o kontrolu logu (problémy s pc)

Re: Prosím o kontrolu logu (problémy s pc)

Re: Prosím o kontrolu logu (problémy s pc)

Re: Prosím o kontrolu logu (problémy s pc)

Re: Prosím o kontrolu logu (problémy s pc)

Kdo je online