Prosba o odstranění špíny z FB

Zpráva

Marek50 · #1 Příspěvek od **Marek50** » 31 črc 2011 12:26

Dobrý den. Syn mi tímto smetím zanařádil Nb a PC i přes licenční NOD. Na NB se mi povedlo v nouzovém režimu NOD odinstalovat (rada administrátora NODu), ale PC se po náběhu v nouzovém režimu restartuje a jde do normálního režimu. Tak prosím o radu. Děkuji Marek

Danstahr · #2 Příspěvek od **Danstahr** » 31 črc 2011 12:32

Dobré odpoledne

,

Stáhněte MBAM a vložte sem jeho log podle návodu zde, při výběru skenu zvolte Úplný sken.

Zatím nic nemažte, MBAM může mít falešné detekce!

Marek50 · #3 Příspěvek od **Marek50** » 31 črc 2011 13:28

Tak toto je výsledek Malware....

Malwarebytes' Anti-Malware
www.malwarebytes.org

Verze databáze:

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

31.7.2011 14:14:04
mbam-log-2011-07-31 (14-13-30).txt

Typ: Rychlá kontrola
Kontrolované objekty: 179305
Uplynulý čas: 7 minut, 21 sekund

Infikované procesy v paměti: 11
Infikované moduly v paměti: 0
Infikované klíče v registru: 15
Infikované hodnoty v registru: 8
Infikované datové položky v registru: 3
Infikované složky: 0
Infikované soubory: 14

Infikované procesy v paměti:
c:\WINDOWS\update.tray-2-0\svchost.exe (Trojan.Dropper) -> 408 -> No action taken.
c:\WINDOWS\update.tray-3-0\svchost.exe (Trojan.Dropper) -> 248 -> No action taken.
c:\WINDOWS\update.tray-12-0\svchost.exe (Trojan.Dropper) -> 508 -> No action taken.
c:\WINDOWS\systemup.exe (Trojan.Agent) -> 1396 -> No action taken.
c:\WINDOWS\update.1\svchost.exe (Trojan.Dropper) -> 2552 -> No action taken.
c:\WINDOWS\l1rezerv.exe (Trojan.Agent) -> 612 -> No action taken.
c:\WINDOWS\sysdriver32.exe (Trojan.Delf) -> 1392 -> No action taken.
c:\WINDOWS\update.2\svchost.exe (Backdoor.Agent) -> 1388 -> No action taken.
c:\WINDOWS\update.2\svchost.exe (Backdoor.Agent) -> 3716 -> No action taken.
c:\WINDOWS\update.5.0\svchost.exe (Trojan.Downloader) -> 632 -> No action taken.
c:\WINDOWS\update.5.0\svchost.exe (Trojan.Downloader) -> 1696 -> No action taken.

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpdrivers (Trojan.Dropper) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvsysdriver32 (Trojan.Delf) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srviecheck (Backdoor.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvbtcclient (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wxpdrivers (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SRVSYSDRIVER32 (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{77D6DDFA-7834-4541-B2B3-A8B0FB0E3924} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{7558E739-8E7C-44BB-BCE7-1BF0D72B7026} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\ToolBand.XTTBPos00.1 (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\ToolBand.XTTBPos00 (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> No action taken.

Infikované hodnoty v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tray_ico0 (Trojan.Dropper) -> Value: tray_ico0 -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tray_ico1 (Trojan.Dropper) -> Value: tray_ico1 -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tray_ico2 (Trojan.Dropper) -> Value: tray_ico2 -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\systemup (Trojan.Agent) -> Value: systemup -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\l1rezerv.exe (Trojan.Agent) -> Value: l1rezerv.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32.exe (Trojan.Delf) -> Value: sysdriver32.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32_.exe (Trojan.Delf) -> Value: sysdriver32_.exe -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpDrivers\ImagePath (Trojan.Agent) -> Value: ImagePath -> No action taken.

Infikované datové položky v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
c:\WINDOWS\update.tray-2-0\svchost.exe (Trojan.Dropper) -> No action taken.
c:\WINDOWS\update.tray-3-0\svchost.exe (Trojan.Dropper) -> No action taken.
c:\WINDOWS\update.tray-12-0\svchost.exe (Trojan.Dropper) -> No action taken.
c:\WINDOWS\systemup.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\update.1\svchost.exe (Trojan.Dropper) -> No action taken.
c:\WINDOWS\Temp\1193529.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\7294264.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\958884.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\212374168.exe (Trojan.FakeAlert.Gen) -> No action taken.
c:\WINDOWS\l1rezerv.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\sysdriver32.exe (Trojan.Delf) -> No action taken.
c:\WINDOWS\sysdriver32_.exe (Trojan.Delf) -> No action taken.
c:\WINDOWS\update.2\svchost.exe (Backdoor.Agent) -> No action taken.
c:\WINDOWS\update.5.0\svchost.exe (Trojan.Downloader) -> No action taken.

Danstahr · #4 Příspěvek od **Danstahr** » 31 črc 2011 13:37

Infekci nalezenou MBAMem smažte (a příště čtěte návod pořádně!).

Pozor! Tato utilita má velkou schopnost mazat a její použití je určeno výhradně členům týmu tohoto fóra. Svévolné použití může vést ke zboření a reinstalaci systému

Stáhněte ComboFix a uložte jej na Plochu.

Vypněte všechny rezidentní štíty antivirů a všechny programy běžící na pozadí.

Spusťte ComboFix s administrátorským oprávněním.

Potvrďte licenční podmínky a případně i instalaci konzoly pro zotavení

Během skenu nechte počítač naprosto v klidu.

Sken trvá zhruba 15 minut, ale doba se může lišit v závislosti na stavu systému

Po dokončení skenu se zobrazí log (pokud by se neotevřel, lze jej nalézt na systémovém disku jako ComboFix.txt), obsah logu vložte sem

ComboFixu si do dalšího pokynu nevšímejte

Marek50 · #5 Příspěvek od **Marek50** » 31 črc 2011 14:29

Tak jsem to projel a po projetí se PC samo restartovalo a ComboFix.txt nikde není. Co dále?

Danstahr · #6 Příspěvek od **Danstahr** » 31 črc 2011 14:55

Log není ani na systémovém disku? Tak na to půjdeme jinak...

Stáhněte OTL.

Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
Zaskrtnete okenko Pro vsechny uzivatele
Zaskrtnete okenko Kontrola na havet "LOP"
Zaskrtnete okenko Kontrola na havet "Purity"
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

Kód: Vybrat vše

netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
autochk.exe
cdrom.sys
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
explorer.exe
hal.dll
Changer.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys
JakNDis.sys
KR10N.sys
logevent.dll
lsass.exe
mv61xx.sys
ndis.sys
netlogon.dll
ntelogon.dll
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys
nvrd32.sys
nvstor.sys
nvstor32.sys
scecli.dll
sceclt.dll
smss.exe
svchost.exe
symmpi.sys
tcpip.sys
userinit.exe
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
winlogon.exe
ws2_32.dll
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
*crack* /s
*keygen* /s
CREATERESTOREPOINT

Kliknete na tlacitko Prohledat
Po dokonceni skenu (cca 10 az 15 min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte

Marek50 · #7 Příspěvek od **Marek50** » 31 črc 2011 15:39

OTL logfile created on: 31.7.2011 16:19:34 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\uzivatel\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,50 Gb Total Physical Memory | 1,84 Gb Available Physical Memory | 73,52% Memory free
4,35 Gb Paging File | 3,82 Gb Available in Paging File | 87,80% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 100,83 Gb Total Space | 22,63 Gb Free Space | 22,44% Space Free | Partition Type: NTFS
Drive D: | 37,57 Gb Total Space | 20,22 Gb Free Space | 53,83% Space Free | Partition Type: NTFS
Drive E: | 195,31 Gb Total Space | 93,04 Gb Free Space | 47,64% Space Free | Partition Type: NTFS
Drive F: | 197,26 Gb Total Space | 107,82 Gb Free Space | 54,66% Space Free | Partition Type: NTFS

Computer Name: PC | User Name: uzivatel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.07.31 16:05:26 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\uzivatel\Plocha\OTL.exe
PRC - [2011.05.15 13:58:57 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010.06.02 16:58:20 | 000,246,520 | ---- | M] () -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe
PRC - [2010.05.01 08:51:28 | 000,217,088 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe
PRC - [2010.05.01 08:50:00 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) -- C:\WINDOWS\system32\dgdersvc.exe
PRC - [2009.09.06 13:38:06 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2008.09.01 00:50:20 | 000,062,848 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\CNAB4RPK.EXE
PRC - [2008.04.14 14:00:00 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005.01.14 09:32:38 | 000,053,248 | ---- | M] () -- C:\WINDOWS\system32\PAStiSvc.exe

========== Modules (SafeList) ==========

MOD - [2011.07.31 16:05:26 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\uzivatel\Plocha\OTL.exe
MOD - [2010.08.23 18:12:33 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (wuauserv)
SRV - File not found [On_Demand | Stopped] -- -- (scan)
SRV - File not found [Auto | Stopped] -- -- (ImmunetProtect)
SRV - [2010.06.02 16:58:20 | 000,246,520 | ---- | M] () [Auto | Running] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010.05.04 04:33:54 | 009,241,088 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Samsung\Kies\WiselinkPro\WiselinkPro.exe -- (KiesAllShare)
SRV - [2010.05.01 08:51:28 | 000,217,088 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2010.05.01 08:50:00 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\dgdersvc.exe -- (dgdersvc)
SRV - [2009.09.06 13:38:06 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2008.11.11 09:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2005.01.14 09:32:38 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PAStiSvc.exe -- (STI Simulator)

========== Driver Services (SafeList) ==========

DRV - [2011.07.28 19:59:07 | 000,304,712 | ---- | M] (BitDefender S.R.L.) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Trufos.sys -- (Trufos)
DRV - [2011.07.28 19:59:06 | 000,047,952 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ImmunetProtect.sys -- (ImmunetProtectDriver)
DRV - [2011.07.28 19:59:06 | 000,032,208 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ImmunetSelfProtect.sys -- (ImmunetSelfProtectDriver)
DRV - [2011.07.06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010.12.21 15:04:06 | 000,141,264 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2010.12.21 13:47:38 | 000,134,000 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2010.08.03 12:28:36 | 000,055,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2010.06.06 17:43:29 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010.05.01 08:51:28 | 000,036,640 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010.05.01 08:50:00 | 000,018,136 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2010.04.27 04:25:16 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2010.04.27 04:25:16 | 000,100,224 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bserd.sys -- (ss_bserd)
DRV - [2010.04.27 04:25:16 | 000,098,432 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV - [2010.04.27 04:25:16 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV - [2009.11.12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009.10.13 17:42:22 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)) WsAudio_DeviceS(5)
DRV - [2009.10.13 17:42:22 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)) WsAudio_DeviceS(4)
DRV - [2009.10.13 17:42:22 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)) WsAudio_DeviceS(3)
DRV - [2009.10.13 17:42:22 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)) WsAudio_DeviceS(2)
DRV - [2009.10.13 17:42:22 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)) WsAudio_DeviceS(1)
DRV - [2009.05.14 15:49:32 | 000,094,360 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.08.24 13:55:50 | 000,030,464 | ---- | M] (CamTrax Technologies) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CamSpaceJoy.sys -- (CamSpaceJoy)
DRV - [2008.08.24 13:55:48 | 000,014,848 | ---- | M] (CamTrax Technologies) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CamSpaceBus.sys -- (CamSpaceBus)
DRV - [2005.05.06 08:27:00 | 000,232,064 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2005.04.08 10:46:18 | 000,162,176 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pfc027.sys -- (PAC207)
DRV - [2004.08.13 10:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004.06.04 10:27:46 | 000,840,960 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P17.sys -- (P17)
DRV - [2003.09.22 02:48:06 | 000,130,192 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2003.09.22 02:47:38 | 000,178,672 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://eis.esnips.com/page/search/?clie ... fde8d1391d

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-484763869-1500820517-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Prev Search Bar = http://google.icq.com/search/search_frame.php
IE - HKU\S-1-5-21-484763869-1500820517-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Prev Search Page = http://google.icq.com
IE - HKU\S-1-5-21-484763869-1500820517-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
IE - HKU\S-1-5-21-484763869-1500820517-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
IE - HKU\S-1-5-21-484763869-1500820517-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.seznam.cz/ [binary data]
IE - HKU\S-1-5-21-484763869-1500820517-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKU\S-1-5-21-484763869-1500820517-1177238915-1003\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-484763869-1500820517-1177238915-1003\..\URLSearchHook: {33CD02D0-8C93-4926-A2FE-2CE72CE7DF1A} - C:\Program Files\CentrumczToolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-484763869-1500820517-1177238915-1003\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-484763869-1500820517-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.order.1: "eSnips Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - prefs.js..extensions.enabledItems: Cetrumcz@igeared:1.202.012.001
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: quickstores@quickstores.de:1.2.0
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_result ... r=1.2.6&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\Cetrumcz@igeared: C:\Program Files\CentrumczToolbar\Firefox\Cetrumcz@igeared [2010.03.23 20:19:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.15 13:58:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.28 18:18:07 | 000,000,000 | ---D | M]

[2010.02.17 10:27:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Extensions
[2011.07.23 18:47:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\fd0q09el.default\extensions
[2010.07.10 13:53:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\fd0q09el.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.06.22 12:40:02 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\fd0q09el.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.07.23 18:47:19 | 000,000,000 | ---D | M] (Seznam liĹˇtiÄŤka) -- C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\fd0q09el.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
[2010.11.19 18:56:57 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\fd0q09el.default\extensions\quickstores@quickstores.de
[2011.07.31 12:07:06 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\fd0q09el.default\searchplugins\icqplugin-1.xml
[2011.05.09 20:54:18 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\fd0q09el.default\searchplugins\icqplugin-10.xml
[2011.05.09 21:08:59 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\fd0q09el.default\searchplugins\icqplugin-11.xml
[2011.06.27 09:28:07 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\fd0q09el.default\searchplugins\icqplugin-12.xml
[2010.08.04 12:30:37 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\fd0q09el.default\searchplugins\icqplugin-2.xml
[2010.09.15 17:43:35 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\fd0q09el.default\searchplugins\icqplugin-3.xml
[2010.09.22 13:00:33 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\fd0q09el.default\searchplugins\icqplugin-4.xml
[2010.12.04 12:21:18 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\fd0q09el.default\searchplugins\icqplugin-5.xml
[2010.12.11 12:53:54 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\fd0q09el.default\searchplugins\icqplugin-6.xml
[2011.04.01 19:20:00 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\fd0q09el.default\searchplugins\icqplugin-7.xml
[2011.04.02 11:11:50 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\fd0q09el.default\searchplugins\icqplugin-8.xml
[2011.05.04 20:46:09 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\fd0q09el.default\searchplugins\icqplugin-9.xml
[2010.07.04 09:35:29 | 000,001,056 | ---- | M] () -- C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\fd0q09el.default\searchplugins\icqplugin.xml
[2011.07.08 17:33:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.02.27 21:12:14 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.09.23 18:27:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011.07.08 17:33:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2010.05.15 11:06:53 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\quickstores@quickstores.de
[2011.05.09 20:54:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2011.05.09 20:54:03 | 000,000,000 | ---D | M] (Seznam liĹˇtiÄŤka) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
File not found (No name found) --
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\UZIVATEL\DATA APLIKACĂ\MOZILLA\FIREFOX\PROFILES\FD0Q09EL.DEFAULT\EXTENSIONS\{800B5000-A755-47E1-992B-48A1C1357F07}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\UZIVATEL\DATA APLIKACĂ\MOZILLA\FIREFOX\PROFILES\FD0Q09EL.DEFAULT\EXTENSIONS\{EA614400-E918-4741-9A97-7A972FF7C30B}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\UZIVATEL\DATA APLIKACĂ\MOZILLA\FIREFOX\PROFILES\FD0Q09EL.DEFAULT\EXTENSIONS\QUICKSTORES@QUICKSTORES.DE
[2010.09.23 18:27:29 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011.05.15 13:58:56 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.01.29 03:22:28 | 000,001,425 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Cetrumcz_igeared.xml
[2010.05.08 09:57:37 | 000,002,029 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\esnips.xml
[2010.01.01 10:00:00 | 000,002,208 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\heureka-cz.xml
[2010.01.01 10:00:00 | 000,000,638 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
[2010.01.01 10:00:00 | 000,001,367 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml
[2010.01.01 10:00:00 | 000,000,654 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml
[2010.01.01 10:00:00 | 000,001,179 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2011.07.31 12:37:54 | 000,203,160 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 vkontakte.ru
O1 - Hosts: 127.0.0.1 www.vkontakte.ru
O1 - Hosts: 127.0.0.1 login.vk.com
O1 - Hosts: 127.0.0.1 vk.com
O1 - Hosts: 127.0.0.1 www.vk.com
O1 - Hosts: 127.0.0.1 odnoklassniki.ru
O1 - Hosts: 127.0.0.1 www.odnoklassniki.ru
O1 - Hosts: 127.0.0.1 facebook.com
O1 - Hosts: 127.0.0.1 www.facebook.com
O1 - Hosts: 127.0.0.1 af-za.facebook.com
O1 - Hosts: 127.0.0.1 az-az.facebook.com
O1 - Hosts: 127.0.0.1 id-id.facebook.com
O1 - Hosts: 127.0.0.1 ms-my.facebook.com
O1 - Hosts: 127.0.0.1 bs-ba.facebook.com
O1 - Hosts: 127.0.0.1 ca-es.facebook.com
O1 - Hosts: 127.0.0.1 cs-cz.facebook.com
O1 - Hosts: 127.0.0.1 cy-gb.facebook.com
O1 - Hosts: 127.0.0.1 da-dk.facebook.com
O1 - Hosts: 127.0.0.1 de-de.facebook.com
O1 - Hosts: 127.0.0.1 et-ee.facebook.com
O1 - Hosts: 127.0.0.1 en-gb.facebook.com
O1 - Hosts: 127.0.0.1 es-la.facebook.com
O1 - Hosts: 127.0.0.1 eo-eo.facebook.com
O1 - Hosts: 127.0.0.1 eu-es.facebook.com
O1 - Hosts: 50060 more lines...
O2 - BHO: (CentrumczToolbar BHO) - {33CD02D0-8C93-4926-A2FE-2CE72CE7DF1A} - C:\Program Files\CentrumczToolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (no name) - {B530A9A4-1722-4D16-AAD6-AA85E3AD2ADE} - No CLSID value found.
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Centrum.cz Toolbar) - {D5D47440-0750-463D-BAEF-A47D02414806} - C:\Program Files\CentrumczToolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-484763869-1500820517-1177238915-1003\..\Toolbar\WebBrowser: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKU\S-1-5-21-484763869-1500820517-1177238915-1003\..\Toolbar\WebBrowser: (Centrum.cz Toolbar) - {D5D47440-0750-463D-BAEF-A47D02414806} - C:\Program Files\CentrumczToolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [1441171.exe] File not found
O4 - HKLM..\Run: [4094608.exe] File not found
O4 - HKLM..\Run: [57591637-loader2.exe] File not found
O4 - HKLM..\Run: [6593603.exe] File not found
O4 - HKLM..\Run: [8660667.exe] File not found
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [Immunet Protect] File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [tray_ico] File not found
O4 - HKLM..\Run: [tray_ico3] File not found
O4 - HKLM..\Run: [tray_ico4] File not found
O4 - HKLM..\Run: [wxpdrv] File not found
O4 - HKU\S-1-5-21-484763869-1500820517-1177238915-1003..\Run: [CamSpace] File not found
O4 - HKU\S-1-5-21-484763869-1500820517-1177238915-1003..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-484763869-1500820517-1177238915-1003..\Run: [ICQ] File not found
O4 - HKU\S-1-5-21-484763869-1500820517-1177238915-1003..\Run: [KiesTrayAgent] File not found
O4 - HKU\S-1-5-21-484763869-1500820517-1177238915-1003..\Run: [PlayNC Launcher] File not found
O4 - HKU\S-1-5-21-484763869-1500820517-1177238915-1003..\Run: [Steam] C:\Valve\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Documents and Settings\uzivatel\Nabídka Start\Programy\Po spuštění\Xfire.lnk = C:\Program Files\Xfire\Xfire.exe (Xfire Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-484763869-1500820517-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-484763869-1500820517-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: &ICQ Toolbar Search - C:\Program Files\ICQToolbar\toolbaru.dll (ICQ Inc.)
O8 - Extra context menu item: WikiKomentáře Google... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - File not found
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 88.146.135.10 213.29.58.9
O18 - Protocol\Handler\centrumcztoolbar {61A97628-7C82-4315-957A-C74C2CDD85DF} - C:\Program Files\CentrumczToolbar\IEToolbar.dll ()
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\uzivatel\Data aplikací\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\uzivatel\Data aplikací\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O31 - SafeBoot: AlternateShell - services32.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.09.30 18:12:14 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007.12.23 00:02:26 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: wuauserv - File not found

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\WINDOWS\System32\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.dll (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011.07.31 16:05:22 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\uzivatel\Plocha\OTL.exe
[2011.07.31 14:50:25 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011.07.31 14:48:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011.07.31 14:48:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011.07.31 14:48:17 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011.07.31 14:48:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011.07.31 14:48:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011.07.31 14:48:10 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011.07.31 14:48:06 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.07.31 14:46:11 | 004,158,780 | R--- | C] (Swearware) -- C:\Documents and Settings\uzivatel\Plocha\ComboFix.exe
[2011.07.31 13:58:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\uzivatel\Data aplikací\Malwarebytes
[2011.07.31 13:58:08 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011.07.31 13:58:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Malwarebytes' Anti-Malware
[2011.07.31 13:58:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
[2011.07.31 13:58:04 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.07.31 13:58:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.07.31 13:07:46 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011.07.31 13:07:46 | 000,000,000 | ---D | C] -- C:\rsit
[2011.07.29 20:27:55 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2011.07.28 22:28:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\ESET
[2011.07.28 21:54:31 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011.07.28 19:59:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Immunet 3.0
[2011.07.28 19:59:15 | 000,032,208 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\WINDOWS\System32\drivers\ImmunetSelfProtect.sys
[2011.07.28 19:59:13 | 000,047,952 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\WINDOWS\System32\drivers\ImmunetProtect.sys
[2011.07.28 19:59:09 | 000,304,712 | ---- | C] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\Trufos.sys
[2011.07.28 19:59:04 | 000,000,000 | ---D | C] -- C:\Program Files\Immunet
[2011.07.28 19:50:20 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.tray-12-0-lnk
[2011.07.28 19:50:20 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.tray-12-0
[2011.07.23 20:09:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\MFAData
[2011.07.23 19:45:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\ufa
[2011.07.23 19:45:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\rpcminer
[2011.07.23 19:45:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\phoenix
[2011.07.23 18:57:19 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.tray-3-0-lnk
[2011.07.23 18:57:19 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.tray-3-0
[2011.07.23 18:51:02 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.5.0
[2011.07.23 18:47:58 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.2
[2011.07.23 18:46:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Data aplikací\WinRAR
[2011.07.23 18:44:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\av_ico
[2011.07.23 18:43:22 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.1
[2011.07.23 18:43:15 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.tray-2-0-lnk
[2011.07.23 18:43:15 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.tray-2-0
[2011.07.13 11:46:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\uzivatel\Dokumenty\Stronghold Crusader
[2011.07.10 12:30:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Google Earth
[2011.07.08 17:33:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011.07.08 17:33:30 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011.07.08 17:33:30 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011.07.08 17:33:30 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009.10.01 11:02:50 | 000,065,536 | R--- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.07.31 16:18:00 | 000,000,940 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011.07.31 16:15:09 | 000,000,472 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{EC33D3DD-4309-4A4E-96AE-771C5317BBF1}.job
[2011.07.31 16:05:26 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\uzivatel\Plocha\OTL.exe
[2011.07.31 14:56:10 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.07.31 14:55:53 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011.07.31 14:55:53 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2011.07.31 14:55:40 | 000,000,936 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011.07.31 14:55:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.07.31 14:50:28 | 000,000,331 | RHS- | M] () -- C:\boot.ini
[2011.07.31 14:46:20 | 004,158,780 | R--- | M] (Swearware) -- C:\Documents and Settings\uzivatel\Plocha\ComboFix.exe
[2011.07.31 14:43:41 | 000,249,324 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2011.07.31 12:37:54 | 000,203,160 | -H-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011.07.31 12:37:54 | 000,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hîsts
[2011.07.31 12:36:20 | 000,000,215 | ---- | M] () -- C:\Boot.bak
[2011.07.28 19:59:07 | 000,304,712 | ---- | M] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\Trufos.sys
[2011.07.28 19:59:06 | 000,047,952 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\WINDOWS\System32\drivers\ImmunetProtect.sys
[2011.07.28 19:59:06 | 000,032,208 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\WINDOWS\System32\drivers\ImmunetSelfProtect.sys
[2011.07.23 19:45:51 | 005,589,370 | ---- | M] () -- C:\WINDOWS\phoenix.rar
[2011.07.23 19:45:51 | 000,246,272 | ---- | M] () -- C:\WINDOWS\unrar.exe
[2011.07.23 19:45:51 | 000,182,617 | ---- | M] () -- C:\WINDOWS\ufa.rar
[2011.07.23 19:45:50 | 001,075,284 | ---- | M] () -- C:\WINDOWS\rpcminer.rar
[2011.07.23 18:52:21 | 000,000,179 | ---- | M] () -- C:\WINDOWS\info1
[2011.07.23 18:46:58 | 000,904,792 | ---- | M] () -- C:\WINDOWS\geoiplist.rar
[2011.07.23 18:45:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\loader2.exe_ok
[2011.07.17 03:24:20 | 004,636,907 | ---- | M] () -- C:\WINDOWS\geoiplist
[2011.07.15 14:51:09 | 000,162,728 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.07.14 13:52:36 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011.07.10 12:30:14 | 000,001,921 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Google Earth.lnk
[2011.07.08 17:27:33 | 000,169,472 | ---- | M] () -- C:\Documents and Settings\uzivatel\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.07.06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011.07.06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.07.31 14:50:28 | 000,000,215 | ---- | C] () -- C:\Boot.bak
[2011.07.31 14:50:26 | 000,261,312 | RHS- | C] () -- C:\cmldr
[2011.07.31 14:48:17 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011.07.31 14:48:17 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011.07.31 14:48:17 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011.07.31 14:48:17 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011.07.31 14:48:17 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011.07.23 19:45:51 | 005,589,370 | ---- | C] () -- C:\WINDOWS\phoenix.rar
[2011.07.23 19:45:51 | 000,182,617 | ---- | C] () -- C:\WINDOWS\ufa.rar
[2011.07.23 19:45:50 | 001,075,284 | ---- | C] () -- C:\WINDOWS\rpcminer.rar
[2011.07.23 18:47:51 | 000,000,179 | ---- | C] () -- C:\WINDOWS\info1
[2011.07.23 18:46:59 | 004,636,907 | ---- | C] () -- C:\WINDOWS\geoiplist
[2011.07.23 18:46:58 | 000,904,792 | ---- | C] () -- C:\WINDOWS\geoiplist.rar
[2011.07.23 18:46:58 | 000,246,272 | ---- | C] () -- C:\WINDOWS\unrar.exe
[2011.07.23 18:45:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\loader2.exe_ok
[2011.07.10 12:30:14 | 000,001,921 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Google Earth.lnk
[2010.11.28 12:56:00 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\psfind.dll
[2010.10.03 12:30:48 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.07.22 14:54:34 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2010.07.22 14:49:18 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2010.07.22 14:49:17 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2010.07.22 14:49:17 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2010.07.22 14:48:05 | 000,018,043 | ---- | C] () -- C:\WINDOWS\DIIUnin.dat
[2010.07.09 15:27:11 | 000,081,584 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\FontCache3.0.0.0.dat
[2010.07.05 16:49:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2010.07.05 16:49:08 | 000,036,640 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2010.07.05 16:48:58 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\uzivatel\Data aplikací\$_hpcst$.hpc
[2010.06.18 18:15:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\PAStiSvc.exe
[2010.05.27 16:00:04 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\CamTraxAPI.dll
[2010.05.07 07:54:16 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2010.05.07 07:54:16 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2010.05.07 07:54:16 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2010.05.07 07:54:16 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2010.02.27 21:49:06 | 000,145,408 | ---- | C] () -- C:\WINDOWS\System32\Lame.exe
[2010.02.27 21:13:06 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010.02.27 09:35:32 | 000,000,045 | -H-- | C] () -- C:\WINDOWS\dsys8955.dat
[2010.02.17 10:27:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010.01.05 20:44:39 | 000,001,187 | ---- | C] () -- C:\WINDOWS\disney.ini
[2009.12.24 20:19:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\csdlocalmon.dll
[2009.12.22 15:41:40 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009.11.22 21:12:15 | 000,000,390 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009.11.04 13:57:01 | 000,230,752 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2009.10.14 16:23:02 | 000,169,472 | ---- | C] () -- C:\Documents and Settings\uzivatel\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.10.01 11:12:39 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009.10.01 11:12:38 | 000,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009.10.01 11:12:38 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009.10.01 11:12:37 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009.10.01 11:12:36 | 000,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009.10.01 11:02:58 | 000,067,428 | R--- | C] () -- C:\WINDOWS\System32\LudaP17.ini
[2009.10.01 11:02:58 | 000,000,029 | R--- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2009.10.01 11:02:50 | 000,060,928 | R--- | C] () -- C:\WINDOWS\System32\P17.dll
[2009.10.01 11:02:50 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2009.10.01 10:48:50 | 000,005,810 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2009.09.30 20:02:27 | 000,004,249 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009.09.30 20:01:14 | 000,162,728 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009.09.30 18:14:13 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009.09.30 18:09:02 | 000,021,812 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009.08.17 00:57:00 | 001,597,690 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008.04.14 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008.04.14 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008.04.14 14:00:00 | 000,435,680 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008.04.14 14:00:00 | 000,432,418 | ---- | C] () -- C:\WINDOWS\System32\perfh005.dat
[2008.04.14 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008.04.14 14:00:00 | 000,269,162 | ---- | C] () -- C:\WINDOWS\System32\perfi005.dat
[2008.04.14 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008.04.14 14:00:00 | 000,079,460 | ---- | C] () -- C:\WINDOWS\System32\perfc005.dat
[2008.04.14 14:00:00 | 000,068,576 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008.04.14 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008.04.14 14:00:00 | 000,032,072 | ---- | C] () -- C:\WINDOWS\System32\perfd005.dat
[2008.04.14 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008.04.14 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008.04.14 14:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008.04.14 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008.04.14 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2007.11.26 22:56:28 | 000,151,415 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2007.05.15 10:07:10 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\CSD_IRIVER_GEN.DLL
[2005.04.08 10:46:18 | 000,162,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\pfc027.sys
[2005.01.25 15:15:42 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\PA207Usd.dll
[2003.04.09 16:38:04 | 000,005,664 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2009.12.22 15:41:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Canneverbe Limited
[2010.02.17 10:29:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\CentrumczToolbar
[2010.06.06 17:43:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
[2010.06.18 18:13:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Electronic Arts
[2011.07.28 22:28:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ESET
[2010.06.25 11:50:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ICQ
[2011.07.28 21:34:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\MFAData
[2010.07.05 16:51:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\PC Suite
[2009.12.20 20:20:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\PMB Files
[2010.07.05 16:49:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Samsung
[2010.08.11 10:27:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2009.11.13 22:09:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\xml_param
[2010.02.10 12:14:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uzivatel\Data aplikací\Apowersoft
[2010.02.09 12:54:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uzivatel\Data aplikací\Canneverbe Limited
[2009.12.22 15:41:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uzivatel\Data aplikací\Canneverbe_Limited
[2010.08.22 22:05:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uzivatel\Data aplikací\COWON
[2010.06.06 17:51:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uzivatel\Data aplikací\DAEMON Tools Lite
[2010.06.18 20:12:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uzivatel\Data aplikací\GetRightToGo
[2010.06.25 11:50:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uzivatel\Data aplikací\ICQ
[2009.12.03 17:15:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uzivatel\Data aplikací\ICQ Toolbar
[2009.11.25 15:06:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uzivatel\Data aplikací\ICQLite
[2010.05.08 09:53:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uzivatel\Data aplikací\Logia
[2010.05.13 15:14:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uzivatel\Data aplikací\Mumble
[2010.05.15 11:06:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uzivatel\Data aplikací\MyPhoneExplorer
[2009.10.01 11:15:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uzivatel\Data aplikací\OpenOffice.org
[2010.07.05 16:51:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uzivatel\Data aplikací\PC Suite
[2010.05.15 11:23:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uzivatel\Data aplikací\QuickStoresToolbar
[2010.07.05 16:47:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uzivatel\Data aplikací\Samsung
[2011.07.31 16:15:09 | 000,000,472 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{EC33D3DD-4309-4A4E-96AE-771C5317BBF1}.job

========== Purity Check ==========

========== Custom Scans ==========

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"CTFMON.EXE" = C:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 14:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation)
"Steam" = C:\Valve\Steam\Steam.exe -silent -- [2003.11.11 16:19:18 | 001,081,344 | ---- | M] (Valve Corporation)
"swg" = "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" -- [2009.10.07 15:55:29 | 000,039,408 | ---- | M] (Google Inc.)
"Skype" = "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized -- [2010.02.22 13:42:40 | 026,101,032 | R--- | M] (Skype Technologies S.A.)
"PlayNC Launcher" =
"DAEMON Tools Lite" = "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun -- [2009.10.30 13:57:08 | 000,369,200 | ---- | M] (DT Soft Ltd)
"CamSpace" = "C:\Documents and Settings\uzivatel\Plocha\Cam Space+Games\CamSpace\CamSpaceAgent.exe"
"ICQ" = "C:\Program Files\ICQ6.5\ICQ.exe" silent
"KiesTrayAgent" =

< c:\windows\*.* /U >
[3 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2009.10.07 16:02:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uzivatel\Data aplikací\Adobe
[2010.02.10 12:14:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uzivatel\Data aplikací\Apowersoft
[2010.02.09 12:54:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uzivatel\Data aplikací\Canneverbe Limited
[2009.12.22 15:41:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uzivatel\Data aplikací\Canneverbe_Limited
[2010.08.22 22:05:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uzivatel\Data aplikací\COWON
[2010.06.06 17:51:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uzivatel\Data aplikací\DAEMON Tools Lite
[2010.06.18 20:12:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uzivatel\Data aplikací\GetRightToGo
[2011.07.10 12:30:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uzivatel\Data aplikací\Google
[2009.10.13 19:45:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uzivatel\Data aplikací\Help
[2010.06.25 11:50:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uzivatel\Data aplikací\ICQ
[2009.12.03 17:15:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uzivatel\Data aplikací\ICQ Toolbar
[2009.11.25 15:06:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uzivatel\Data aplikací\ICQLite
[2009.09.30 18:18:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uzivatel\Data aplikací\Identities
[2010.07.20 13:14:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uzivatel\Data aplikací\InstallShield
[2010.05.08 09:53:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uzivatel\Data aplikací\Logia
[2009.10.07 12:54:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uzivatel\Data aplikací\Macromedia
[2011.07.31 13:58:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uzivatel\Data aplikací\Malwarebytes
[2011.04.27 12:11:50 | 000,000,000 | --SD | M] -- C:\Documents and Settings\uzivatel\Data aplikací\Microsoft
[2010.02.17 10:27:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uzivatel\Data aplikací\Mozilla
[2010.05.13 15:14:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uzivatel\Data aplikací\Mumble
[2010.05.15 11:06:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uzivatel\Data aplikací\MyPhoneExplorer
[2009.10.01 11:15:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uzivatel\Data aplikací\OpenOffice.org
[2010.07.05 16:51:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uzivatel\Data aplikací\PC Suite
[2010.05.15 11:23:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uzivatel\Data aplikací\QuickStoresToolbar
[2010.07.05 16:47:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uzivatel\Data aplikací\Samsung
[2011.07.31 14:44:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uzivatel\Data aplikací\Skype
[2010.06.11 13:52:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uzivatel\Data aplikací\skypePM
[2010.09.23 18:26:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uzivatel\Data aplikací\Sun
[2009.10.01 10:43:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uzivatel\Data aplikací\WinRAR
[2010.11.28 12:56:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uzivatel\Data aplikací\Xfire

< %APPDATA%\*.exe /s >
[2010.05.15 11:06:48 | 000,704,248 | ---- | M] () -- C:\Documents and Settings\uzivatel\Data aplikací\QuickStoresToolbar\unins000.exe
[2010.03.10 15:26:14 | 000,045,304 | ---- | M] (Andreas Breitschopp - Softwareentwicklung und -vertrieb) -- C:\Documents and Settings\uzivatel\Data aplikací\QuickStoresToolbar\Update.exe
[2010.06.18 04:38:36 | 000,265,528 | ---- | M] (ml) -- C:\Documents and Settings\uzivatel\Data aplikací\Samsung\Kies\UpdateTemp\MCS.Thunder.Update.exe

< MD5 for: AGP440.SYS >
[2008.04.14 14:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2008.04.14 14:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008.04.14 14:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2008.04.14 14:00:00 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\cmdcons\autochk.exe
[2008.04.14 14:00:00 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\system32\autochk.exe
[2008.04.14 14:00:00 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\system32\dllcache\autochk.exe

< MD5 for: CDROM.SYS >
[2008.04.14 14:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008.04.14 14:00:00 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys

< MD5 for: CRYPTSVC.DLL >
[2008.04.14 14:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\cryptsvc.dll
[2008.04.14 14:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\dllcache\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2008.04.14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008.04.14 14:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008.04.14 14:00:00 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 14:00:00 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: HAL.DLL >
[2008.04.14 14:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2008.04.14 14:00:00 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=4329EE7D502C9113EBA0F9570392F5EE -- C:\WINDOWS\system32\hal.dll

< MD5 for: CHANGER.SYS >
[2008.04.14 14:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys

< MD5 for: ISAPNP.SYS >
[2008.04.14 14:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2008.04.14 07:57:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\dllcache\isapnp.sys
[2008.04.14 07:57:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\drivers\isapnp.sys
[2008.04.14 14:00:00 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\isapnp.sys

< MD5 for: LSASS.EXE >
[2008.04.14 14:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\dllcache\lsass.exe
[2008.04.14 14:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\lsass.exe

< MD5 for: NDIS.SYS >
[2008.04.14 14:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\ndis.sys
[2008.04.14 14:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys

< MD5 for: NETLOGON.DLL >
[2008.04.14 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008.04.14 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008.04.14 14:00:00 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008.04.14 14:00:00 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SMSS.EXE >
[2004.08.17 15:49:28 | 000,164,864 | ---- | M] (Microsoft Corporation) MD5=3C100B7FDB179B63829103DF6541337F -- C:\cmdcons\SYSTEM32\SMSS.EXE
[2008.04.14 14:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\dllcache\smss.exe
[2008.04.14 14:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\smss.exe

< MD5 for: SVCHOST.EXE >
[2008.04.14 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008.04.14 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe
[2011.07.23 18:31:16 | 001,185,792 | -H-- | M] () MD5=F8BC8EA7B65C439E43ED68241A4651EA -- C:\WINDOWS\update.tray-12-0-lnk\svchost.exe
[2011.07.23 18:31:16 | 001,185,792 | -H-- | M] () MD5=F8BC8EA7B65C439E43ED68241A4651EA -- C:\WINDOWS\update.tray-2-0-lnk\svchost.exe
[2011.07.23 18:31:16 | 001,185,792 | -H-- | M] () MD5=F8BC8EA7B65C439E43ED68241A4651EA -- C:\WINDOWS\update.tray-3-0-lnk\svchost.exe

< MD5 for: TCPIP.SYS >
[2008.04.14 14:00:00 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.04.14 14:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008.04.14 14:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008.04.14 14:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008.04.14 14:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WS2_32.DLL >
[2008.04.14 14:00:00 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\dllcache\ws2_32.dll
[2008.04.14 14:00:00 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010.06.06 17:43:29 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys

< %systemroot%\System32\config\*.sav >
[2009.09.30 20:00:24 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2009.09.30 20:00:24 | 001,093,632 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2009.09.30 20:00:24 | 000,495,616 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.sys /3 >
[2011.07.28 19:59:06 | 000,047,952 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\WINDOWS\system32\drivers\ImmunetProtect.sys
[2011.07.28 19:59:06 | 000,032,208 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\WINDOWS\system32\drivers\ImmunetSelfProtect.sys
[2011.07.28 19:59:07 | 000,304,712 | ---- | M] (BitDefender S.R.L.) -- C:\WINDOWS\system32\drivers\Trufos.sys

< %systemroot%\system32\*.* /3 >
[2011.07.31 14:43:41 | 000,249,324 | ---- | M] () -- C:\WINDOWS\system32\NvApps.xml
[2011.07.31 14:56:10 | 000,013,646 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs

< *crack* /s >
[2003.01.15 00:11:30 | 000,129,158 | ---- | M] () -- \Documents and Settings\uzivatel\Plocha\cis3mu\Data\sound\eFirecracker1.wav
[2003.01.15 00:11:32 | 000,132,402 | ---- | M] () -- \Documents and Settings\uzivatel\Plocha\cis3mu\Data\sound\eFirecracker2.wav
[2003.12.05 14:52:40 | 000,000,796 | ---- | M] () -- \Documents and Settings\uzivatel\Plocha\GTA-SanAndreas\data\Decision\Craig\crack1.ped
[2002.05.30 18:16:22 | 000,013,160 | ---- | M] () -- \Documents and Settings\uzivatel\Plocha\Kiki (nechodit a nemazt!)\hry (Merin2,Nostale,a tak dále)\Stronghold Crusader\gm\cracks.gm1
[2006.04.07 19:55:58 | 000,029,036 | ---- | M] () -- \Program Files\ActionCube\packages\textures\craig_fortune\terrain\Rock_cracked.jpg
[2006.04.07 19:55:58 | 000,038,915 | ---- | M] () -- \Program Files\ActionCube\packages\textures\makke\cracked_mud.jpg
[2001.10.01 14:50:54 | 000,012,968 | ---- | M] () -- \Program Files\Firefly Studios\Stronghold\gm\cracks.gm1
[2008.09.23 17:19:06 | 000,016,223 | ---- | M] () -- \Program Files\MuOnline FunFirst\Data\Effect\firecracker0001.OZJ
[2008.09.23 17:19:06 | 000,017,939 | ---- | M] () -- \Program Files\MuOnline FunFirst\Data\Effect\firecracker0002.OZJ
[2008.09.23 17:19:06 | 000,020,684 | ---- | M] () -- \Program Files\MuOnline FunFirst\Data\Effect\firecracker0003.OZJ
[2008.09.23 17:19:06 | 000,023,889 | ---- | M] () -- \Program Files\MuOnline FunFirst\Data\Effect\firecracker0004.OZJ
[2008.09.23 17:19:06 | 000,027,580 | ---- | M] () -- \Program Files\MuOnline FunFirst\Data\Effect\firecracker0005.OZJ
[2008.09.23 17:19:06 | 000,029,199 | ---- | M] () -- \Program Files\MuOnline FunFirst\Data\Effect\firecracker0006.OZJ
[2008.09.23 17:19:06 | 000,028,015 | ---- | M] () -- \Program Files\MuOnline FunFirst\Data\Effect\firecracker0007.OZJ
[2008.05.20 17:23:32 | 000,011,320 | ---- | M] () -- \Program Files\MuOnline FunFirst\Data\Effect\knight_plancrack_a.bmd
[2008.05.26 11:10:42 | 000,005,648 | ---- | M] () -- \Program Files\MuOnline FunFirst\Data\Effect\knight_plancrack_b.bmd
[2008.04.24 16:01:00 | 000,160,240 | ---- | M] () -- \Program Files\MuOnline FunFirst\Data\Effect\knight_plancrack_grand.bmd
[2003.01.13 14:38:06 | 000,003,448 | ---- | M] () -- \Program Files\MuOnline FunFirst\Data\Item\firecracker.OZJ
[2006.07.03 10:30:54 | 000,016,685 | ---- | M] () -- \Program Files\MuOnline FunFirst\Data\Object40\han_mcrack.OZJ
[2003.01.14 18:11:30 | 000,129,158 | ---- | M] () -- \Program Files\MuOnline FunFirst\Data\Sound\eFirecracker1.wav
[2003.01.14 18:11:32 | 000,132,402 | ---- | M] () -- \Program Files\MuOnline FunFirst\Data\Sound\eFirecracker2.wav

< *keygen* /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:302A9871
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:1AD0EB3C

< End of report >

Marek50 · #8 Příspěvek od **Marek50** » 31 črc 2011 15:39

OTL Extras logfile created on: 31.7.2011 16:19:34 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\uzivatel\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,50 Gb Total Physical Memory | 1,84 Gb Available Physical Memory | 73,52% Memory free
4,35 Gb Paging File | 3,82 Gb Available in Paging File | 87,80% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 100,83 Gb Total Space | 22,63 Gb Free Space | 22,44% Space Free | Partition Type: NTFS
Drive D: | 37,57 Gb Total Space | 20,22 Gb Free Space | 53,83% Space Free | Partition Type: NTFS
Drive E: | 195,31 Gb Total Space | 93,04 Gb Free Space | 47,64% Space Free | Partition Type: NTFS
Drive F: | 197,26 Gb Total Space | 107,82 Gb Free Space | 54,66% Space Free | Partition Type: NTFS

Computer Name: PC | User Name: uzivatel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-484763869-1500820517-1177238915-1003\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"DisableThumbnailCache" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"58117:TCP" = 58117:TCP:*:Enabled:Pando Media Booster
"58117:UDP" = 58117:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"58117:TCP" = 58117:TCP:*:Enabled:Pando Media Booster
"58117:UDP" = 58117:UDP:*:Enabled:Pando Media Booster

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files\ICQ7.2\ICQ.exe" = C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2 -- (ICQ, LLC.)
"C:\Program Files\ICQ7.2\aolload.exe" = C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\CNAB4RPK.EXE" = C:\WINDOWS\system32\CNAB4RPK.EXE:*:Enabled:Canon LBP2900 RPC Server Process -- (CANON INC.)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files\ICQLite\ICQLite.exe" = C:\Program Files\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite
"C:\Program Files\ICQ6.5\ICQ.exe" = C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6
"E:\Mirrors edge\Binaries\MirrorsEdge.exe" = E:\Mirrors edge\Binaries\MirrorsEdge.exe:*:Enabled:Mirror's Edge™
"C:\Program Files\ICQ7.2\ICQ.exe" = C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2 -- (ICQ, LLC.)
"C:\Program Files\ICQ7.2\aolload.exe" = C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe -- (AOL LLC)
"C:\WINDOWS\system32\muzapp.exe" = C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player -- (Musiccity Co.Ltd.)
"C:\Documents and Settings\uzivatel\Dokumenty\Stažené soubory\Flash-Player.exe" = C:\Documents and Settings\uzivatel\Dokumenty\Stažené soubory\Flash-Player.exe:*:Enabled:C:\Documents and Settings\uzivatel\Dokumenty\Stažené soubory\Flash-Player.exe
"C:\WINDOWS\update.1\svchost.exe" = C:\WINDOWS\update.1\svchost.exe:*:Enabled:C:\WINDOWS\update.1\svchost.exe
"C:\WINDOWS\update.tray-2-0\svchost.exe" = C:\WINDOWS\update.tray-2-0\svchost.exe:*:Enabled:C:\WINDOWS\update.tray-2-0\svchost.exe
"C:\WINDOWS\update.2\svchost.exe" = C:\WINDOWS\update.2\svchost.exe:*:Enabled:C:\WINDOWS\update.2\svchost.exe

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1EECBA68-8BE4-4076-94DF-E9ED206B1D21}" = Star Wars Jedi Knight Jedi Academy
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23E797E9-F852-4AEA-93F0-772ED2B9D9F9}" = OpenOffice.org 3.1
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 26
"{34610DE0-3C13-42CA-8E32-01FFA38AB6E8}" = PC Connectivity Solution
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}" = Titan Quest
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 pro Windows
"{550B69DF-9C7D-4988-9535-3D7526BC0A4E}_is1" = AMV Converter Studio V1.3.3
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher
"{6AC4E434-8126-4840-BBD3-6B1EB78BBFF5}" = Solstice
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader Extreme
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}" = Microsoft Games for Windows - LIVE Redistributable
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6EE99EA-420C-4FA6-8A7C-FDB60D278855}" = VS10RuntimeWin32
"{A738259E-000C-4678-9FD9-FB79D43FB21C}" = Solstice
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1029-7B44-A94000000001}" = Adobe Reader 9.4.5 - Czech
"{AEDBD563-24BB-4EE3-8366-A654DAC2D988}" = Mirror's Edge™
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}" = Stronghold
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
"{D7BFD899-39D6-4C77-9EC9-F293E8663439}_is1" = Total Immersion Racing
"{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = jetAudio Basic
"{E24DCAFE-AAB7-40E4-9FB1-2650A71409AE}" = Operation Pridelands
"{E4D15328-8C89-484B-B9AA-F5BE9EA6D01C}" = NVIDIA PhysX v8.10.17
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"504244733D18C8F63FF584AEB290E3904E791693" = Balíček ovladače systému Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 4.65
"ActionCube" = ActionCube v0.92
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Age of Empires" = Microsoft Age of Empires
"CamSpace" = CamSpace
"Canon LBP2900" = Canon LBP2900
"CCleaner" = CCleaner
"Centrum.cz Toolbar_is1" = Centrum.cz Toolbar 1.201.029.002
"Counter-Strike 1.6 v36 protokol 48" = Counter-Strike 1.6 v36 protokol 48
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Diablo II" = Diablo II
"HolidayRO - free server" = HolidayRO - free server
"ICQToolbar" = ICQ Toolbar
"ie8" = Windows Internet Explorer 8
"InstallShield_{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
"iriver Firmware Updater" = iriver Firmware Updater (remove only)
"iriver plus 3" = iriver plus 3 (remove only)
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.7.0 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware verze 1.51.1.1800
"Metin2_is1" = Metin2
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Movie Converter" = Movie Converter (remove only)
"Mozilla Firefox 4.0.1 (x86 cs)" = Mozilla Firefox 4.0.1 (x86 cs)
"MPE" = MyPhoneExplorer
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Mumble" = Mumble and Murmur
"NosTale(CZ)_is1" = Nostale(CZ)
"NVIDIA Drivers" = NVIDIA Drivers
"PEKI dictionary" = PEKI dictionary 1.21
"PhotoFiltre" = PhotoFiltre
"Plants vs. Zombies" = Plants vs. Zombies
"QuickStores-Toolbar_is1" = QuickStores-Toolbar 1.0.0
"QuickTime" = QuickTime
"Sauerbraten" = Sauerbraten
"Steam" = Steam
"Super Sound Recorder_is1" = Super Sound Recorder 4.6
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xfire" = Xfire (remove only)
"YouTubeGet_is1" = YouTubeGet 5.8

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-484763869-1500820517-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Diablo II" = Diablo II
"MuOnline" = MuOnline

========== Last 10 Event Log Errors ==========

[ System Events ]
Error - 31.7.2011 8:56:02 | Computer Name = PC | Source = Service Control Manager | ID = 7000
Description = Služba Immunet 3.0 neuspěla při spuštění v důsledku následující chyby:
%%2

Error - 31.7.2011 8:56:02 | Computer Name = PC | Source = Service Control Manager | ID = 7023
Description = Služba Automatic Updates byla ukončena s následující chybou: %%126

Error - 31.7.2011 9:43:37 | Computer Name = PC | Source = Service Control Manager | ID = 7023
Description = Služba Automatic Updates byla ukončena s následující chybou: %%126

Error - 31.7.2011 9:44:07 | Computer Name = PC | Source = DCOM | ID = 10010
Description = Server {E60687F7-01A1-40AA-86AC-DB1CBF673334} se v daném časovém limitu
neregistroval u služby DCOM.

Error - 31.7.2011 9:44:07 | Computer Name = PC | Source = Service Control Manager | ID = 7023
Description = Služba Automatic Updates byla ukončena s následující chybou: %%126

Error - 31.7.2011 9:44:37 | Computer Name = PC | Source = DCOM | ID = 10010
Description = Server {E60687F7-01A1-40AA-86AC-DB1CBF673334} se v daném časovém limitu
neregistroval u služby DCOM.

Error - 31.7.2011 9:44:37 | Computer Name = PC | Source = Service Control Manager | ID = 7023
Description = Služba Automatic Updates byla ukončena s následující chybou: %%126

Error - 31.7.2011 9:45:07 | Computer Name = PC | Source = DCOM | ID = 10010
Description = Server {E60687F7-01A1-40AA-86AC-DB1CBF673334} se v daném časovém limitu
neregistroval u služby DCOM.

Error - 31.7.2011 9:46:23 | Computer Name = PC | Source = Service Control Manager | ID = 7023
Description = Služba Automatic Updates byla ukončena s následující chybou: %%126

Error - 31.7.2011 9:46:53 | Computer Name = PC | Source = DCOM | ID = 10010
Description = Server {E60687F7-01A1-40AA-86AC-DB1CBF673334} se v daném časovém limitu
neregistroval u služby DCOM.

< End of report >

Danstahr · #9 Příspěvek od **Danstahr** » 31 črc 2011 17:15

Spusťte znovu OTL, do okna dole vložte následující skript a klikněte na tlačítko Opravit! Po provedení oprav a restartu se otevře log, ten sem prosím vložte.

Kód: Vybrat vše

:Commands
[EmptyTemp]
[ResetHosts]
[EmptyFlash]
[Purity]

:OTL
SRV - File not found [On_Demand | Stopped] -- -- (scan)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://eis.esnips.com/page/search/?clie ... fde8d1391d
IE - HKU\S-1-5-21-484763869-1500820517-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Prev Search Bar = http://google.icq.com/search/search_frame.php
IE - HKU\S-1-5-21-484763869-1500820517-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Prev Search Page = http://google.icq.com
IE - HKU\S-1-5-21-484763869-1500820517-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
IE - HKU\S-1-5-21-484763869-1500820517-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
IE - HKU\S-1-5-21-484763869-1500820517-1177238915-1003\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-484763869-1500820517-1177238915-1003\..\URLSearchHook: {33CD02D0-8C93-4926-A2FE-2CE72CE7DF1A} - C:\Program Files\CentrumczToolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-484763869-1500820517-1177238915-1003\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.order.1: "eSnips Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.2.6&q="
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9
[2011.06.22 12:40:02 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\fd0q09el.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.11.19 18:56:57 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\fd0q09el.default\extensions\quickstores@quickstores.de
FF - prefs.js..extensions.enabledItems: quickstores@quickstores.de:1.2.0
[2011.07.31 12:07:06 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\fd0q09el.default\searchplugins\icqplugin-1.xml
[2011.05.09 20:54:18 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\fd0q09el.default\searchplugins\icqplugin-10.xml
[2011.05.09 21:08:59 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\fd0q09el.default\searchplugins\icqplugin-11.xml
[2011.06.27 09:28:07 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\fd0q09el.default\searchplugins\icqplugin-12.xml
[2010.08.04 12:30:37 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\fd0q09el.default\searchplugins\icqplugin-2.xml
[2010.09.15 17:43:35 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\fd0q09el.default\searchplugins\icqplugin-3.xml
[2010.09.22 13:00:33 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\fd0q09el.default\searchplugins\icqplugin-4.xml
[2010.12.04 12:21:18 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\fd0q09el.default\searchplugins\icqplugin-5.xml
[2010.12.11 12:53:54 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\fd0q09el.default\searchplugins\icqplugin-6.xml
[2011.04.01 19:20:00 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\fd0q09el.default\searchplugins\icqplugin-7.xml
[2011.04.02 11:11:50 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\fd0q09el.default\searchplugins\icqplugin-8.xml
[2011.05.04 20:46:09 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\fd0q09el.default\searchplugins\icqplugin-9.xml
[2010.07.04 09:35:29 | 000,001,056 | ---- | M] () -- C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\fd0q09el.default\searchplugins\icqplugin.xml
[2010.05.15 11:06:53 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\quickstores@quickstores.de
[2010.09.23 18:27:29 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
O2 - BHO: (no name) - {B530A9A4-1722-4D16-AAD6-AA85E3AD2ADE} - No CLSID value found.
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKU\S-1-5-21-484763869-1500820517-1177238915-1003\..\Toolbar\WebBrowser: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4 - HKLM..\Run: [1441171.exe] File not found
O4 - HKLM..\Run: [4094608.exe] File not found
O4 - HKLM..\Run: [57591637-loader2.exe] File not found
O4 - HKLM..\Run: [6593603.exe] File not found
O4 - HKLM..\Run: [8660667.exe] File not found
O4 - HKLM..\Run: [Immunet Protect] File not found
O4 - HKU\S-1-5-21-484763869-1500820517-1177238915-1003..\Run: [ICQ] File not found
O4 - HKU\S-1-5-21-484763869-1500820517-1177238915-1003..\Run: [KiesTrayAgent] File not found
O4 - HKU\S-1-5-21-484763869-1500820517-1177238915-1003..\Run: [PlayNC Launcher] File not found
O4 - HKU\S-1-5-21-484763869-1500820517-1177238915-1003..\Run: [CamSpace] File not found
O4 - HKLM..\Run: [tray_ico] File not found
O4 - HKLM..\Run: [tray_ico3] File not found
O4 - HKLM..\Run: [tray_ico4] File not found
O4 - HKLM..\Run: [wxpdrv] File not found
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - File not found
O31 - SafeBoot: AlternateShell - services32.exe
[2009.12.03 17:15:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uzivatel\Data aplikací\ICQ Toolbar
[2011.07.28 19:50:20 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.tray-12-0-lnk
[2011.07.28 19:50:20 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.tray-12-0
[2011.07.23 19:45:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\ufa
[2011.07.23 19:45:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\rpcminer
[2011.07.23 19:45:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\phoenix
[2011.07.23 18:57:19 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.tray-3-0-lnk
[2011.07.23 18:57:19 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.tray-3-0
[2011.07.23 18:51:02 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.5.0
[2011.07.23 18:47:58 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.2
[2011.07.23 18:44:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\av_ico
[2011.07.23 18:43:22 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.1
[2011.07.23 18:43:15 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.tray-2-0-lnk
[2011.07.23 18:43:15 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.tray-2-0
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2011.07.31 16:18:00 | 000,000,940 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011.07.31 14:55:40 | 000,000,936 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011.07.14 13:52:36 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011.07.23 19:45:51 | 005,589,370 | ---- | M] () -- C:\WINDOWS\phoenix.rar
[2011.07.23 19:45:51 | 000,246,272 | ---- | M] () -- C:\WINDOWS\unrar.exe
[2011.07.23 19:45:51 | 000,182,617 | ---- | M] () -- C:\WINDOWS\ufa.rar
[2011.07.23 19:45:50 | 001,075,284 | ---- | M] () -- C:\WINDOWS\rpcminer.rar
[2011.07.23 18:52:21 | 000,000,179 | ---- | M] () -- C:\WINDOWS\info1
[2011.07.23 18:46:58 | 000,904,792 | ---- | M] () -- C:\WINDOWS\geoiplist.rar
[2011.07.23 18:45:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\loader2.exe_ok
[2011.07.17 03:24:20 | 004,636,907 | ---- | M] () -- C:\WINDOWS\geoiplist
[2011.07.31 14:48:17 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011.07.31 14:48:17 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011.07.31 14:48:17 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011.07.31 14:48:17 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011.07.31 14:48:17 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011.07.23 19:45:51 | 005,589,370 | ---- | C] () -- C:\WINDOWS\phoenix.rar
[2011.07.23 19:45:51 | 000,182,617 | ---- | C] () -- C:\WINDOWS\ufa.rar
[2011.07.23 19:45:50 | 001,075,284 | ---- | C] () -- C:\WINDOWS\rpcminer.rar
[2011.07.23 18:47:51 | 000,000,179 | ---- | C] () -- C:\WINDOWS\info1
[2011.07.23 18:46:59 | 004,636,907 | ---- | C] () -- C:\WINDOWS\geoiplist
[2011.07.23 18:46:58 | 000,904,792 | ---- | C] () -- C:\WINDOWS\geoiplist.rar
[2011.07.23 18:46:58 | 000,246,272 | ---- | C] () -- C:\WINDOWS\unrar.exe
[2011.07.23 18:45:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\loader2.exe_ok
[2010.07.22 14:54:34 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2010.02.27 09:35:32 | 000,000,045 | -H-- | C] () -- C:\WINDOWS\dsys8955.dat
[2010.02.27 21:13:06 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
)[2008.04.14 14:00:00 | 000,435,680 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008.04.14 14:00:00 | 000,432,418 | ---- | C] () -- C:\WINDOWS\System32\perfh005.dat
[2008.04.14 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008.04.14 14:00:00 | 000,269,162 | ---- | C] () -- C:\WINDOWS\System32\perfi005.dat
[2008.04.14 14:00:00 | 000,079,460 | ---- | C] () -- C:\WINDOWS\System32\perfc005.dat
[2008.04.14 14:00:00 | 000,068,576 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008.04.14 14:00:00 | 000,032,072 | ---- | C] () -- C:\WINDOWS\System32\perfd005.dat
[2008.04.14 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2010.05.15 11:23:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uzivatel\Data aplikací\QuickStoresToolbar
[2011.07.31 16:15:09 | 000,000,472 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{EC33D3DD-4309-4A4E-96AE-771C5317BBF1}.job

:Files
1441171.exe /s
4094608.exe /s
57591637-loader2.exe /s
6593603.exe /s
8660667.exe /s
services32.exe /s
C:\Program Files\ICQ6Toolbar
C:\Documents and Settings\uzivatel\Dokumenty\Stažené soubory\Flash-Player.exe

:Reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"PlayNC Launcher"=-
"KiesTrayAgent"=-
"CamSpace"=-
"DAEMON Tools Lite"=-
"swg"=-

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP"=-
"445:TCP"=-
"137:UDP"=-
"138:UDP"=-
"58117:TCP"=-
"58117:UDP"=-

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Documents and Settings\uzivatel\Dokumenty\Stažené soubory\Flash-Player.exe"=-
"C:\WINDOWS\update.1\svchost.exe"=-
"C:\WINDOWS\update.tray-2-0\svchost.exe"=-
"C:\WINDOWS\update.2\svchost.exe"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ICQToolbar"=-

:Services
ICQ Service

Poté dejte nový log z OTL podle návodu výše, do pole Vlastní sken/opravy nic nevkládejte.

Marek50 · #10 Příspěvek od **Marek50** » 31 črc 2011 18:22

All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33237 bytes

User: uzivatel
->Temp folder emptied: 167006 bytes
->Temporary Internet Files folder emptied: 1009255998 bytes
->Java cache emptied: 4262685 bytes
->FireFox cache emptied: 70499500 bytes
->Flash cache emptied: 19523925 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2351732 bytes
%systemroot%\System32 .tmp files removed: 2832840 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16867 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 213475308 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1 261,00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: uzivatel
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

========== OTL ==========
Service scan stopped successfully!
Service scan deleted successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-484763869-1500820517-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Prev Search Bar| /E : value set successfully!
HKU\S-1-5-21-484763869-1500820517-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Prev Search Page| /E : value set successfully!
HKU\S-1-5-21-484763869-1500820517-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKU\S-1-5-21-484763869-1500820517-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-484763869-1500820517-1177238915-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-484763869-1500820517-1177238915-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{33CD02D0-8C93-4926-A2FE-2CE72CE7DF1A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33CD02D0-8C93-4926-A2FE-2CE72CE7DF1A}\ deleted successfully.
C:\Program Files\CentrumczToolbar\IEToolbar.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-484763869-1500820517-1177238915-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ deleted successfully.
C:\Program Files\ICQ6Toolbar\ICQToolBar.dll moved successfully.
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "eSnips Search" removed from browser.search.order.1
Prefs.js: "ICQ Search" removed from browser.search.selectedEngine
Prefs.js: "http://search.icq.com/search/afe_result ... r=1.2.6&q=" removed from keyword.URL
Prefs.js: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9 removed from extensions.enabledItems
Folder move failed. C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\fd0q09el.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\fd0q09el.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\fd0q09el.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\fd0q09el.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\fd0q09el.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\fd0q09el.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\fd0q09el.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\fd0q09el.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\fd0q09el.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\fd0q09el.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\fd0q09el.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\fd0q09el.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\fd0q09el.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\fd0q09el.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\fd0q09el.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\fd0q09el.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\fd0q09el.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\fd0q09el.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\fd0q09el.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\fd0q09el.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\fd0q09el.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\fd0q09el.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\fd0q09el.default\extensions\quickstores@quickstores.de\chrome scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\fd0q09el.default\extensions\quickstores@quickstores.de scheduled to be moved on reboot.
Prefs.js: quickstores@quickstores.de:1.2.0 removed from extensions.enabledItems
C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\fd0q09el.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\fd0q09el.default\searchplugins\icqplugin-10.xml moved successfully.
C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\fd0q09el.default\searchplugins\icqplugin-11.xml moved successfully.
C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\fd0q09el.default\searchplugins\icqplugin-12.xml moved successfully.
C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\fd0q09el.default\searchplugins\icqplugin-2.xml moved successfully.
C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\fd0q09el.default\searchplugins\icqplugin-3.xml moved successfully.
C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\fd0q09el.default\searchplugins\icqplugin-4.xml moved successfully.
C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\fd0q09el.default\searchplugins\icqplugin-5.xml moved successfully.
C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\fd0q09el.default\searchplugins\icqplugin-6.xml moved successfully.
C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\fd0q09el.default\searchplugins\icqplugin-7.xml moved successfully.
C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\fd0q09el.default\searchplugins\icqplugin-8.xml moved successfully.
C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\fd0q09el.default\searchplugins\icqplugin-9.xml moved successfully.
C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\fd0q09el.default\searchplugins\icqplugin.xml moved successfully.
Folder move failed. C:\Program Files\Mozilla Firefox\extensions\quickstores@quickstores.de\chrome scheduled to be moved on reboot.
Folder move failed. C:\Program Files\Mozilla Firefox\extensions\quickstores@quickstores.de scheduled to be moved on reboot.
C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF\chrome\content folder moved successfully.
C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF\chrome folder moved successfully.
C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B530A9A4-1722-4D16-AAD6-AA85E3AD2ADE}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B530A9A4-1722-4D16-AAD6-AA85E3AD2ADE}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
File C:\Program Files\ICQ6Toolbar\ICQToolBar.dll not found.
Registry value HKEY_USERS\S-1-5-21-484763869-1500820517-1177238915-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
File C:\Program Files\ICQ6Toolbar\ICQToolBar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\1441171.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\4094608.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\57591637-loader2.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\6593603.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\8660667.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Immunet Protect deleted successfully.
Registry value HKEY_USERS\S-1-5-21-484763869-1500820517-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Run\\ICQ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-484763869-1500820517-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Run\\KiesTrayAgent deleted successfully.
Registry value HKEY_USERS\S-1-5-21-484763869-1500820517-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Run\\PlayNC Launcher deleted successfully.
Registry value HKEY_USERS\S-1-5-21-484763869-1500820517-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Run\\CamSpace deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico3 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico4 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\wxpdrv deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B863453A-26C3-4e1f-A54D-A2CD196348E9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B863453A-26C3-4e1f-A54D-A2CD196348E9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B863453A-26C3-4e1f-A54D-A2CD196348E9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B863453A-26C3-4e1f-A54D-A2CD196348E9}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\\AlternateShell deleted successfully.
C:\Documents and Settings\uzivatel\Data aplikací\ICQ Toolbar folder moved successfully.
C:\WINDOWS\update.tray-12-0-lnk folder moved successfully.
C:\WINDOWS\update.tray-12-0 folder moved successfully.
C:\WINDOWS\ufa folder moved successfully.
C:\WINDOWS\rpcminer folder moved successfully.
C:\WINDOWS\phoenix\kernels\poclbm folder moved successfully.
C:\WINDOWS\phoenix\kernels\phatk folder moved successfully.
C:\WINDOWS\phoenix\kernels folder moved successfully.
C:\WINDOWS\phoenix folder moved successfully.
C:\WINDOWS\update.tray-3-0-lnk folder moved successfully.
C:\WINDOWS\update.tray-3-0 folder moved successfully.
C:\WINDOWS\update.5.0 folder moved successfully.
C:\WINDOWS\update.2 folder moved successfully.
C:\WINDOWS\av_ico folder moved successfully.
C:\WINDOWS\update.1 folder moved successfully.
C:\WINDOWS\update.tray-2-0-lnk folder moved successfully.
C:\WINDOWS\update.tray-2-0 folder moved successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\WINDOWS\imsins.BAK moved successfully.
C:\WINDOWS\phoenix.rar moved successfully.
C:\WINDOWS\unrar.exe moved successfully.
C:\WINDOWS\ufa.rar moved successfully.
C:\WINDOWS\rpcminer.rar moved successfully.
C:\WINDOWS\info1 moved successfully.
C:\WINDOWS\geoiplist.rar moved successfully.
C:\WINDOWS\loader2.exe_ok moved successfully.
C:\WINDOWS\geoiplist moved successfully.
C:\WINDOWS\PEV.exe moved successfully.
C:\WINDOWS\MBR.exe moved successfully.
C:\WINDOWS\sed.exe moved successfully.
C:\WINDOWS\grep.exe moved successfully.
C:\WINDOWS\zip.exe moved successfully.
File C:\WINDOWS\phoenix.rar not found.
File C:\WINDOWS\ufa.rar not found.
File C:\WINDOWS\rpcminer.rar not found.
File C:\WINDOWS\info1 not found.
File C:\WINDOWS\geoiplist not found.
File C:\WINDOWS\geoiplist.rar not found.
File C:\WINDOWS\unrar.exe not found.
File C:\WINDOWS\loader2.exe_ok not found.
C:\WINDOWS\system32\CmdLineExt03.dll moved successfully.
C:\WINDOWS\dsys8955.dat moved successfully.
C:\WINDOWS\system32\ezsidmv.dat moved successfully.
C:\WINDOWS\system32\perfh005.dat moved successfully.
C:\WINDOWS\system32\perfi009.dat moved successfully.
C:\WINDOWS\system32\perfi005.dat moved successfully.
C:\WINDOWS\system32\perfc005.dat moved successfully.
C:\WINDOWS\system32\perfc009.dat moved successfully.
C:\WINDOWS\system32\perfd005.dat moved successfully.
C:\WINDOWS\system32\perfd009.dat moved successfully.
C:\Documents and Settings\uzivatel\Data aplikací\QuickStoresToolbar folder moved successfully.
C:\WINDOWS\Tasks\User_Feed_Synchronization-{EC33D3DD-4309-4A4E-96AE-771C5317BBF1}.job moved successfully.
========== FILES ==========
File\Folder 1441171.exe not found.
File\Folder 4094608.exe not found.
File\Folder 57591637-loader2.exe not found.
File\Folder 6593603.exe not found.
File\Folder 8660667.exe not found.
File\Folder services32.exe not found.
C:\Program Files\ICQ6Toolbar folder moved successfully.
File\Folder C:\Documents and Settings\uzivatel\Dokumenty\Stažené soubory\Flash-Player.exe not found.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\PlayNC Launcher not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\KiesTrayAgent not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\CamSpace not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\swg deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\139:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\445:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\137:UDP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\138:UDP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\58117:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\58117:UDP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\uzivatel\Dokumenty\Stažené soubory\Flash-Player.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\update.1\svchost.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\update.tray-2-0\svchost.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\update.2\svchost.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\ICQToolbar not found.
========== SERVICES/DRIVERS ==========
Service ICQ Service stopped successfully!
Service ICQ Service deleted successfully!

OTL by OldTimer - Version 3.2.26.1 log created on 07312011_190750

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\uzivatel\Local Settings\Temp\~DF3AC.tmp not found!
File\Folder C:\Documents and Settings\uzivatel\Local Settings\Temp\~DF3C9.tmp not found!
File\Folder C:\Documents and Settings\uzivatel\Local Settings\Temp\~DF55E.tmp not found!
File\Folder C:\Documents and Settings\uzivatel\Local Settings\Temp\~DF579.tmp not found!
File\Folder C:\Documents and Settings\uzivatel\Local Settings\Temp\~DFF764.tmp not found!
File\Folder C:\Documents and Settings\uzivatel\Local Settings\Temp\~DFF76F.tmp not found!
C:\Documents and Settings\uzivatel\Local Settings\Temporary Internet Files\Content.IE5\03GP2C6M\afr[1].htm moved successfully.
C:\Documents and Settings\uzivatel\Local Settings\Temporary Internet Files\Content.IE5\03GP2C6M\viewtopic[1].htm moved successfully.
C:\Documents and Settings\uzivatel\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
C:\Documents and Settings\uzivatel\Local Settings\Temporary Internet Files\SuggestedSites.dat moved successfully.
C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\fd0q09el.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\fd0q09el.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\fd0q09el.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\fd0q09el.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\fd0q09el.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\fd0q09el.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin folder moved successfully.
C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\fd0q09el.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr folder moved successfully.
C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\fd0q09el.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk folder moved successfully.
C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\fd0q09el.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru folder moved successfully.
C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\fd0q09el.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it folder moved successfully.
C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\fd0q09el.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he folder moved successfully.
C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\fd0q09el.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr folder moved successfully.
C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\fd0q09el.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es folder moved successfully.
C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\fd0q09el.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US folder moved successfully.
C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\fd0q09el.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de folder moved successfully.
C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\fd0q09el.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs folder moved successfully.
C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\fd0q09el.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg folder moved successfully.
C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\fd0q09el.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale folder moved successfully.
C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\fd0q09el.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img folder moved successfully.
C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\fd0q09el.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content folder moved successfully.
C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\fd0q09el.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\fd0q09el.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\fd0q09el.default\extensions\quickstores@quickstores.de\chrome folder moved successfully.
C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\fd0q09el.default\extensions\quickstores@quickstores.de folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\quickstores@quickstores.de\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\quickstores@quickstores.de folder moved successfully.

Registry entries deleted on Reboot...

Danstahr · #11 Příspěvek od **Danstahr** » 31 črc 2011 22:19

Prosím ještě o nový log z OTL :

Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
Zaskrtnete okenko Pro vsechny uzivatele
Zaskrtnete okenko Kontrola na havet "LOP"
Zaskrtnete okenko Kontrola na havet "Purity"
Kliknete na tlacitko Prohledat

Marek50 · #12 Příspěvek od **Marek50** » 01 srp 2011 17:27

OTL logfile created on: 1.8.2011 18:23:40 - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\uzivatel\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,50 Gb Total Physical Memory | 1,90 Gb Available Physical Memory | 76,01% Memory free
4,35 Gb Paging File | 3,97 Gb Available in Paging File | 91,30% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 100,83 Gb Total Space | 23,63 Gb Free Space | 23,43% Space Free | Partition Type: NTFS
Drive D: | 37,57 Gb Total Space | 20,18 Gb Free Space | 53,71% Space Free | Partition Type: NTFS
Drive E: | 195,31 Gb Total Space | 93,05 Gb Free Space | 47,64% Space Free | Partition Type: NTFS
Drive F: | 197,26 Gb Total Space | 107,87 Gb Free Space | 54,69% Space Free | Partition Type: NTFS

Computer Name: PC | User Name: uzivatel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.07.31 16:05:26 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\uzivatel\Plocha\OTL.exe
PRC - [2011.05.15 13:58:57 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011.01.12 16:41:42 | 000,810,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2011.01.12 16:41:24 | 002,219,184 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2010.05.01 08:51:28 | 000,217,088 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe
PRC - [2010.05.01 08:50:00 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) -- C:\WINDOWS\system32\dgdersvc.exe
PRC - [2009.09.06 13:38:06 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2008.09.01 00:50:20 | 000,062,848 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\CNAB4RPK.EXE
PRC - [2008.04.14 14:00:00 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005.01.14 09:32:38 | 000,053,248 | ---- | M] () -- C:\WINDOWS\system32\PAStiSvc.exe

========== Modules (SafeList) ==========

MOD - [2011.07.31 16:05:26 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\uzivatel\Plocha\OTL.exe
MOD - [2010.08.23 18:12:33 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (wuauserv)
SRV - File not found [Auto | Stopped] -- -- (ImmunetProtect)
SRV - [2011.01.12 16:44:02 | 000,033,584 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2011.01.12 16:41:42 | 000,810,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2010.05.04 04:33:54 | 009,241,088 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Samsung\Kies\WiselinkPro\WiselinkPro.exe -- (KiesAllShare)
SRV - [2010.05.01 08:51:28 | 000,217,088 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2010.05.01 08:50:00 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\dgdersvc.exe -- (dgdersvc)
SRV - [2009.09.06 13:38:06 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2008.11.11 09:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2005.01.14 09:32:38 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PAStiSvc.exe -- (STI Simulator)

========== Driver Services (SafeList) ==========

DRV - [2011.07.28 19:59:07 | 000,304,712 | ---- | M] (BitDefender S.R.L.) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Trufos.sys -- (Trufos)
DRV - [2011.07.28 19:59:06 | 000,047,952 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ImmunetProtect.sys -- (ImmunetProtectDriver)
DRV - [2011.07.28 19:59:06 | 000,032,208 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ImmunetSelfProtect.sys -- (ImmunetSelfProtectDriver)
DRV - [2011.07.06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010.12.21 15:04:06 | 000,141,264 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2010.12.21 15:04:06 | 000,115,008 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010.12.21 13:47:38 | 000,134,000 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2010.12.21 13:47:38 | 000,033,120 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2010.08.03 12:28:36 | 000,055,256 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2010.06.06 17:43:29 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010.05.01 08:51:28 | 000,036,640 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010.05.01 08:50:00 | 000,018,136 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2010.04.27 04:25:16 | 000,123,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2010.04.27 04:25:16 | 000,100,224 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bserd.sys -- (ss_bserd)
DRV - [2010.04.27 04:25:16 | 000,098,432 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV - [2010.04.27 04:25:16 | 000,014,848 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV - [2009.11.12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009.10.13 17:42:22 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)) WsAudio_DeviceS(5)
DRV - [2009.10.13 17:42:22 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)) WsAudio_DeviceS(4)
DRV - [2009.10.13 17:42:22 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)) WsAudio_DeviceS(3)
DRV - [2009.10.13 17:42:22 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)) WsAudio_DeviceS(2)
DRV - [2009.10.13 17:42:22 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)) WsAudio_DeviceS(1)
DRV - [2009.05.14 15:49:32 | 000,094,360 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.08.24 13:55:50 | 000,030,464 | ---- | M] (CamTrax Technologies) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CamSpaceJoy.sys -- (CamSpaceJoy)
DRV - [2008.08.24 13:55:48 | 000,014,848 | ---- | M] (CamTrax Technologies) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CamSpaceBus.sys -- (CamSpaceBus)
DRV - [2005.05.06 08:27:00 | 000,232,064 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2005.04.08 10:46:18 | 000,162,176 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pfc027.sys -- (PAC207)
DRV - [2004.08.13 10:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2004.06.04 10:27:46 | 000,840,960 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\P17.sys -- (P17)
DRV - [2003.09.22 02:48:06 | 000,130,192 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2003.09.22 02:47:38 | 000,178,672 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-484763869-1500820517-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Prev Search Bar =
IE - HKU\S-1-5-21-484763869-1500820517-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Prev Search Page =
IE - HKU\S-1-5-21-484763869-1500820517-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKU\S-1-5-21-484763869-1500820517-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-484763869-1500820517-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.seznam.cz/ [binary data]
IE - HKU\S-1-5-21-484763869-1500820517-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKU\S-1-5-21-484763869-1500820517-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\Cetrumcz@igeared: C:\Program Files\CentrumczToolbar\Firefox\Cetrumcz@igeared [2010.03.23 20:19:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.15 13:58:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.28 18:18:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2011.07.31 21:19:39 | 000,000,000 | ---D | M]

[2010.02.17 10:27:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Extensions
[2011.07.31 19:19:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\fd0q09el.default\extensions
[2010.07.10 13:53:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\fd0q09el.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.07.23 18:47:19 | 000,000,000 | ---D | M] (Seznam liĹˇtiÄŤka) -- C:\Documents and Settings\uzivatel\Data aplikací\Mozilla\Firefox\Profiles\fd0q09el.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
[2011.07.31 19:19:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.02.27 21:12:14 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.09.23 18:27:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011.07.08 17:33:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.05.09 20:54:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2011.05.09 20:54:03 | 000,000,000 | ---D | M] (Seznam liĹˇtiÄŤka) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
File not found (No name found) --
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\UZIVATEL\DATA APLIKACĂ\MOZILLA\FIREFOX\PROFILES\FD0Q09EL.DEFAULT\EXTENSIONS\{EA614400-E918-4741-9A97-7A972FF7C30B}
[2011.05.15 13:58:56 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.01.29 03:22:28 | 000,001,425 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Cetrumcz_igeared.xml
[2010.05.08 09:57:37 | 000,002,029 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\esnips.xml
[2010.01.01 10:00:00 | 000,002,208 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\heureka-cz.xml
[2010.01.01 10:00:00 | 000,000,638 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
[2010.01.01 10:00:00 | 000,001,367 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml
[2010.01.01 10:00:00 | 000,000,654 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml
[2010.01.01 10:00:00 | 000,001,179 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2011.07.31 19:10:31 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {33CD02D0-8C93-4926-A2FE-2CE72CE7DF1A} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Centrum.cz Toolbar) - {D5D47440-0750-463D-BAEF-A47D02414806} - File not found
O3 - HKU\S-1-5-21-484763869-1500820517-1177238915-1003\..\Toolbar\WebBrowser: (Centrum.cz Toolbar) - {D5D47440-0750-463D-BAEF-A47D02414806} - File not found
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKU\S-1-5-21-484763869-1500820517-1177238915-1003..\Run: [Steam] C:\Valve\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Documents and Settings\uzivatel\Nabídka Start\Programy\Po spuštění\Xfire.lnk = C:\Program Files\Xfire\Xfire.exe (Xfire Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-484763869-1500820517-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-484763869-1500820517-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: &ICQ Toolbar Search - C:\Program Files\ICQToolbar\toolbaru.dll (ICQ Inc.)
O8 - Extra context menu item: WikiKomentáře Google... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 88.146.135.10 213.29.58.9
O18 - Protocol\Handler\centrumcztoolbar {61A97628-7C82-4315-957A-C74C2CDD85DF} - File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\uzivatel\Data aplikací\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\uzivatel\Data aplikací\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.09.30 18:12:14 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007.12.23 00:02:26 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011.08.01 15:45:39 | 000,014,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdhid.sys
[2011.08.01 15:45:29 | 000,032,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbccgp.sys
[2011.07.31 21:20:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\uzivatel\Data aplikací\ESET
[2011.07.31 19:07:50 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.07.31 16:05:22 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\uzivatel\Plocha\OTL.exe
[2011.07.31 14:50:25 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011.07.31 14:48:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011.07.31 14:48:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011.07.31 14:48:17 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011.07.31 14:48:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011.07.31 14:48:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011.07.31 14:48:10 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011.07.31 14:48:06 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.07.31 14:46:11 | 004,158,780 | R--- | C] (Swearware) -- C:\Documents and Settings\uzivatel\Plocha\ComboFix.exe
[2011.07.31 13:58:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\uzivatel\Data aplikací\Malwarebytes
[2011.07.31 13:58:08 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011.07.31 13:58:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Malwarebytes' Anti-Malware
[2011.07.31 13:58:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
[2011.07.31 13:58:04 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.07.31 13:58:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.07.31 13:07:46 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011.07.31 13:07:46 | 000,000,000 | ---D | C] -- C:\rsit
[2011.07.29 20:27:55 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2011.07.28 22:28:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\ESET
[2011.07.28 21:54:31 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011.07.28 19:59:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Immunet 3.0
[2011.07.28 19:59:15 | 000,032,208 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\WINDOWS\System32\drivers\ImmunetSelfProtect.sys
[2011.07.28 19:59:13 | 000,047,952 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\WINDOWS\System32\drivers\ImmunetProtect.sys
[2011.07.28 19:59:09 | 000,304,712 | ---- | C] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\Trufos.sys
[2011.07.28 19:59:04 | 000,000,000 | ---D | C] -- C:\Program Files\Immunet
[2011.07.23 20:09:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\MFAData
[2011.07.23 18:46:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Data aplikací\WinRAR
[2011.07.13 11:46:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\uzivatel\Dokumenty\Stronghold Crusader
[2011.07.10 12:30:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Google Earth
[2011.07.08 17:33:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011.07.08 17:33:30 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011.07.08 17:33:30 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011.07.08 17:33:30 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009.10.01 11:02:50 | 000,065,536 | R--- | C] ( ) -- C:\WINDOWS\System32\A3d.dll

========== Files - Modified Within 30 Days ==========

[2011.08.01 15:36:24 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.08.01 15:35:43 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011.08.01 15:35:37 | 000,249,324 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2011.08.01 15:35:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.07.31 21:19:46 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2011.07.31 19:10:31 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011.07.31 16:05:26 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\uzivatel\Plocha\OTL.exe
[2011.07.31 14:50:28 | 000,000,331 | RHS- | M] () -- C:\boot.ini
[2011.07.31 14:46:20 | 004,158,780 | R--- | M] (Swearware) -- C:\Documents and Settings\uzivatel\Plocha\ComboFix.exe
[2011.07.31 12:37:54 | 000,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hîsts
[2011.07.31 12:36:20 | 000,000,215 | ---- | M] () -- C:\Boot.bak
[2011.07.28 19:59:07 | 000,304,712 | ---- | M] (BitDefender S.R.L.) -- C:\WINDOWS\System32\drivers\Trufos.sys
[2011.07.28 19:59:06 | 000,047,952 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\WINDOWS\System32\drivers\ImmunetProtect.sys
[2011.07.28 19:59:06 | 000,032,208 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\WINDOWS\System32\drivers\ImmunetSelfProtect.sys
[2011.07.15 14:51:09 | 000,162,728 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.07.10 12:30:14 | 000,001,921 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Google Earth.lnk
[2011.07.08 17:27:33 | 000,169,472 | ---- | M] () -- C:\Documents and Settings\uzivatel\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.07.06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011.07.06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2011.07.31 14:50:28 | 000,000,215 | ---- | C] () -- C:\Boot.bak
[2011.07.31 14:50:26 | 000,261,312 | RHS- | C] () -- C:\cmldr
[2011.07.10 12:30:14 | 000,001,921 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Google Earth.lnk
[2010.11.28 12:56:00 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\psfind.dll
[2010.10.03 12:30:48 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.07.22 14:49:18 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2010.07.22 14:49:17 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2010.07.22 14:49:17 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2010.07.22 14:48:05 | 000,018,043 | ---- | C] () -- C:\WINDOWS\DIIUnin.dat
[2010.07.09 15:27:11 | 000,081,584 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\FontCache3.0.0.0.dat
[2010.07.05 16:49:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2010.07.05 16:49:08 | 000,036,640 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2010.07.05 16:48:58 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\uzivatel\Data aplikací\$_hpcst$.hpc
[2010.06.18 18:15:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\PAStiSvc.exe
[2010.05.27 16:00:04 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\CamTraxAPI.dll
[2010.05.07 07:54:16 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2010.05.07 07:54:16 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2010.05.07 07:54:16 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2010.05.07 07:54:16 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2010.02.27 21:49:06 | 000,145,408 | ---- | C] () -- C:\WINDOWS\System32\Lame.exe
[2010.02.17 10:27:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010.01.05 20:44:39 | 000,001,187 | ---- | C] () -- C:\WINDOWS\disney.ini
[2009.12.24 20:19:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\csdlocalmon.dll
[2009.12.22 15:41:40 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009.11.22 21:12:15 | 000,000,390 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009.11.04 13:57:01 | 000,230,752 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2009.10.14 16:23:02 | 000,169,472 | ---- | C] () -- C:\Documents and Settings\uzivatel\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.10.01 11:12:39 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009.10.01 11:12:38 | 000,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009.10.01 11:12:38 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009.10.01 11:12:37 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009.10.01 11:12:36 | 000,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009.10.01 11:02:58 | 000,067,428 | R--- | C] () -- C:\WINDOWS\System32\LudaP17.ini
[2009.10.01 11:02:58 | 000,000,029 | R--- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2009.10.01 11:02:50 | 000,060,928 | R--- | C] () -- C:\WINDOWS\System32\P17.dll
[2009.10.01 11:02:50 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2009.10.01 10:48:50 | 000,005,810 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2009.09.30 20:02:27 | 000,004,249 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009.09.30 20:01:14 | 000,162,728 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009.09.30 18:14:13 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009.09.30 18:09:02 | 000,021,812 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009.08.17 00:57:00 | 001,597,690 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008.04.14 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008.04.14 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008.04.14 14:00:00 | 000,435,680 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008.04.14 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008.04.14 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008.04.14 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008.04.14 14:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008.04.14 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008.04.14 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2007.11.26 22:56:28 | 000,151,415 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2007.05.15 10:07:10 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\CSD_IRIVER_GEN.DLL
[2005.04.08 10:46:18 | 000,162,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\pfc027.sys
[2005.01.25 15:15:42 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\PA207Usd.dll
[2003.04.09 16:38:04 | 000,005,664 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2009.12.22 15:41:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Canneverbe Limited
[2010.02.17 10:29:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\CentrumczToolbar
[2010.06.06 17:43:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
[2010.06.18 18:13:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Electronic Arts
[2011.07.28 22:28:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ESET
[2010.06.25 11:50:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ICQ
[2011.07.28 21:34:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\MFAData
[2010.07.05 16:51:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\PC Suite
[2009.12.20 20:20:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\PMB Files
[2010.07.05 16:49:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Samsung
[2010.08.11 10:27:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2009.11.13 22:09:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\xml_param
[2010.02.10 12:14:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uzivatel\Data aplikací\Apowersoft
[2010.02.09 12:54:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uzivatel\Data aplikací\Canneverbe Limited
[2009.12.22 15:41:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uzivatel\Data aplikací\Canneverbe_Limited
[2010.08.22 22:05:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uzivatel\Data aplikací\COWON
[2010.06.06 17:51:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uzivatel\Data aplikací\DAEMON Tools Lite
[2011.07.31 21:20:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uzivatel\Data aplikací\ESET
[2010.06.18 20:12:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uzivatel\Data aplikací\GetRightToGo
[2010.06.25 11:50:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uzivatel\Data aplikací\ICQ
[2009.11.25 15:06:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uzivatel\Data aplikací\ICQLite
[2010.05.08 09:53:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uzivatel\Data aplikací\Logia
[2010.05.13 15:14:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uzivatel\Data aplikací\Mumble
[2010.05.15 11:06:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uzivatel\Data aplikací\MyPhoneExplorer
[2009.10.01 11:15:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uzivatel\Data aplikací\OpenOffice.org
[2010.07.05 16:51:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uzivatel\Data aplikací\PC Suite
[2010.07.05 16:47:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uzivatel\Data aplikací\Samsung

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:302A9871
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:1AD0EB3C

< End of report >

Danstahr · #13 Příspěvek od **Danstahr** » 01 srp 2011 17:45

Jak je na tom PC?

Doopravíme drobnosti v OTL : do okna dole vložte následující skript a klikněte na tlačítko Opravit! Po provedení oprav a restartu se otevře log, ten sem prosím vložte.

Kód: Vybrat vše

:Commands
[EmptyTemp]

:OTL
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:302A9871
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:1AD0EB3C
SRV - File not found [Auto | Stopped] -- -- (wuauserv)
SRV - File not found [Auto | Stopped] -- -- (ImmunetProtect)

Bude potřeba přeinstalovat antivir. Odinstalujte jej proto, restartujte počítač a znovu jej nainstalujte.

Dejte kontrolní log z RSIT.

Marek50 · #14 Příspěvek od **Marek50** » 01 srp 2011 18:51

All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: uzivatel
->Temp folder emptied: 84977 bytes
->Temporary Internet Files folder emptied: 30369619 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 33053442 bytes
->Flash cache emptied: 1212 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 29184 bytes

Total Files Cleaned = 61,00 mb

========== OTL ==========
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:302A9871 deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:1AD0EB3C deleted successfully.
Service wuauserv stopped successfully!
Service wuauserv deleted successfully!
Service ImmunetProtect stopped successfully!
Service ImmunetProtect deleted successfully!

OTL by OldTimer - Version 3.2.26.1 log created on 08012011_194046

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

A ještě dotaz, kde vezmu kod z RSIT???

Danstahr · #15 Příspěvek od **Danstahr** » 01 srp 2011 18:56

http://www.viry.cz/forum/viewtopic.php?f=13&t=105895

VIRY.CZ

Prosba o odstranění špíny z FB

Prosba o odstranění špíny z FB

Re: Prosba o odstranění špíny z FB

Re: Prosba o odstranění špíny z FB

Re: Prosba o odstranění špíny z FB

Re: Prosba o odstranění špíny z FB

Re: Prosba o odstranění špíny z FB

Re: Prosba o odstranění špíny z FB

Re: Prosba o odstranění špíny z FB

Re: Prosba o odstranění špíny z FB

Re: Prosba o odstranění špíny z FB

Re: Prosba o odstranění špíny z FB

Re: Prosba o odstranění špíny z FB

Re: Prosba o odstranění špíny z FB

Re: Prosba o odstranění špíny z FB

Re: Prosba o odstranění špíny z FB