Problém s csrss.exe

[dantos]

Zdravím lapače virů,

Bohužel jsem podceňoval zabezpečení pc a teď bojuju ... Po včerejšém útoku havěti jsem nějakou zlikvidoval - především díky Spybotu a nasadil jsem AVG free verzi - která mi ale neustále hlásí detekci havěti, při přístupu hlavně na google, občas se to pokouší přesměrovat stránky - Avg pak hlásí umístění C:\Users\Acer\AppData\Local\Temp\csrss.exe
Můžete poradit ??

... SMAZÁNO

[Caroprd111]

Zdravím,
přečtěte si pravidla fóra a vložte sem log z RSIT.

[dantos]

Díky za info, tedy provedl jsem skenování přes RSIT:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Acer at 2011-08-07 00:09:33
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 184 GB (62%) free of 295 GB
Total RAM: 3066 MB (46% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 0:09:45, on 7.8.2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Users\Acer\AppData\Local\Temp\csrss.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Users\Acer\AppData\Roaming\Microsoft\conhost.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Acer\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Users\Acer\AppData\Roaming\dwm.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\Acer\Desktop\RSIT.exe
C:\Program Files\trend micro\Acer.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... spire_5738
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... spire_5738
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... spire_5738
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:53172
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: TBSB08223 - {0753D5E7-BCDF-4BAE-85EC-431B17D3BE72} - C:\Users\Acer\AppData\Roaming\Toolbars\eBay\ebay.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Pomocník pro přihlášení ke službě Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Toolbar for eBay - {427AB608-62F1-48D1-84D4-50C6358B7268} - C:\Users\Acer\AppData\Roaming\Toolbars\eBay\ebay.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [{FC4FCE89-AE2B-4785-B6D7-6C5FF89BFDE3}] rundll32.exe C:\Windows\system32\sshnas21.dll,GetHandle (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [{FC4FCE89-AE2B-4785-B6D7-6C5FF89BFDE3}] rundll32.exe C:\Windows\system32\sshnas21.dll,GetHandle (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube Download - C:\Users\Acer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Acer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O20 - Winlogon Notify: cryptnet32 - cryptnet32.dll (file missing)
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)
O23 - Service: NIHardwareService - Native Instruments GmbH - C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
O23 - Service: NTI IScheduleSvc - Unknown owner - C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (file missing)
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

--
End of file - 8053 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2808683438-737575968-2950562706-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2808683438-737575968-2950562706-1000UA.job
C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\ldrp7j8f.default

prefs.js - "browser.startup.homepage" - "http://www.google.cz/"
prefs.js - "extensions.enabledItems" - "{4176DFF4-4698-11DE-BEEB-45DA55D89593}:0.8.1, {20a82645-c095-46ed-80e3-08825760534b}:1.2.1, {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.16"

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"{1E73965B-8B48-48be-9C8D-68B920ABC1C4}"=C:\Program Files\AVG\AVG10\Firefox4\
"avg@igeared"=C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
np-mswmp.dll
npdeployJava1.dll
NPOFFICE.DLL
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
QuickTimePlugin.class
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files\Mozilla Firefox\searchplugins\
avg_igeared.xml
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\ldrp7j8f.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b}
{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0753D5E7-BCDF-4BAE-85EC-431B17D3BE72}]
TBSB08223 Class - C:\Users\Acer\AppData\Roaming\Toolbars\eBay\ebay.dll [2008-08-14 2484224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-12 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG10\avgssie.dll [2011-07-08 2274144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll [2011-07-26 2532680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-05-04 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{427AB608-62F1-48D1-84D4-50C6358B7268} - Toolbar for eBay - C:\Users\Acer\AppData\Roaming\Toolbars\eBay\ebay.dll [2008-08-14 2484224]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll [2011-07-26 2532680]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2008-12-17 13605408]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2009-02-14 6814240]
"PLFSetI"=C:\Windows\PLFSetI.exe [2008-07-29 200704]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-12-05 1410344]
"LManager"=C:\Program Files\Launch Manager\LManager.exe [2009-02-19 866824]
"Acer ePower Management"=C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe [2009-02-19 707104]
"AVG_TRAY"=C:\Program Files\AVG\AVG10\avgtray.exe [2011-04-18 2334560]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]
C:\Program Files\ESET\ESET Smart Security\egui.exe /hide /waitservice []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\Acer\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-14 136176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2010-11-29 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Acer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE [2010-12-13 1198592]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Acer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE [2010-12-13 1198592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet32]
cryptnet32.dll []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"msacm.siren"=sirenacm.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux1"=wdmaud.drv
"midi3"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux3"=wdmaud.drv
"wave6"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer6"=wdmaud.drv
"aux4"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
"aux5"=wdmaud.drv
"wave8"=wdmaud.drv
"midi8"=wdmaud.drv
"mixer8"=wdmaud.drv
"aux6"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux2"=wdmaud.drv
"vidc.tscc"=tsccvid.dll
"wave9"=wdmaud.drv
"midi9"=wdmaud.drv
"mixer9"=wdmaud.drv
"aux7"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 3 months======

2011-08-07 00:00:36 ----D---- C:\Program Files\trend micro
2011-08-07 00:00:35 ----D---- C:\rsit
2011-08-06 20:41:48 ----A---- C:\Users\Acer\AppData\Roaming\dwm.exe
2011-08-06 20:33:24 ----ASH---- C:\hiberfil.sys
2011-08-05 23:32:59 ----D---- C:\Program Files\Spybot - Search & Destroy
2011-08-05 22:23:56 ----HD---- C:\$AVG
2011-08-05 21:50:00 ----D---- C:\Users\Acer\AppData\Roaming\AVG10
2011-08-05 21:49:01 ----HD---- C:\ProgramData\Common Files
2011-08-05 21:48:50 ----D---- C:\ProgramData\AVG Security Toolbar
2011-08-05 21:47:32 ----D---- C:\Windows\system32\drivers\AVG
2011-08-05 21:47:32 ----D---- C:\ProgramData\AVG10
2011-08-05 21:46:51 ----D---- C:\Program Files\AVG
2011-08-05 21:43:33 ----D---- C:\ProgramData\MFAData
2011-07-30 12:22:17 ----D---- C:\ProgramData\Apple Computer
2011-07-30 12:22:17 ----D---- C:\Program Files\QuickTime
2011-07-24 10:16:58 ----D---- C:\Program Files\Microsoft Silverlight
2011-07-02 10:30:50 ----A---- C:\Windows\NetwkCfg.txt
2011-06-30 19:20:54 ----HD---- C:\Windows\system32\CanonMF Uninstaller Information
2011-06-30 19:19:56 ----A---- C:\Windows\system32\CNCMFP38.INI
2011-06-30 19:19:56 ----A---- C:\Windows\system32\CNCLSU38b.DLL
2011-06-30 19:19:56 ----A---- C:\Windows\system32\CNCLST38b.DLL
2011-06-30 19:19:56 ----A---- C:\Windows\system32\CNCLSI38b.DLL
2011-06-30 19:19:56 ----A---- C:\Windows\system32\CNCLSD38b.DLL
2011-06-30 19:19:56 ----A---- C:\Windows\system32\CNCLSC38b.DLL
2011-06-30 19:19:55 ----A---- C:\Windows\system32\CNCLSO38b.dll
2011-06-30 19:19:55 ----A---- C:\Windows\system32\CNCL4400.DLL
2011-06-30 19:19:55 ----A---- C:\Windows\system32\CNCI4400.DLL
2011-06-30 19:19:50 ----A---- C:\Windows\system32\CNCE4400.DLL
2011-06-30 19:19:50 ----A---- C:\Windows\system32\CNCC4400.DLL
2011-06-30 19:19:03 ----A---- C:\Windows\system32\CNAS0MOK.DLL
2011-06-30 19:18:57 ----D---- C:\Program Files\Canon
2011-06-23 22:20:33 ----D---- C:\Program Files\Common Files\Java
2011-06-23 22:20:12 ----A---- C:\Windows\system32\javaws.exe
2011-06-23 22:20:12 ----A---- C:\Windows\system32\javaw.exe
2011-06-23 22:20:12 ----A---- C:\Windows\system32\java.exe
2011-05-11 23:23:45 ----A---- C:\Windows\nsreg.dat
2011-05-11 23:23:43 ----D---- C:\Users\Acer\AppData\Roaming\Thunderbird
2011-05-11 23:23:20 ----D---- C:\Program Files\Mozilla Thunderbird

======List of files/folders modified in the last 3 months======

2011-08-07 00:00:36 ----RD---- C:\Program Files
2011-08-06 23:53:51 ----SHD---- C:\Windows\Installer
2011-08-06 23:53:43 ----SHD---- C:\Config.Msi
2011-08-06 23:53:41 ----D---- C:\Windows\Temp
2011-08-06 23:53:37 ----D---- C:\Windows\system32\drivers
2011-08-06 23:53:36 ----D---- C:\Windows\system32\catroot
2011-08-06 23:53:36 ----D---- C:\Windows\inf
2011-08-06 23:45:08 ----D---- C:\Windows\pss
2011-08-06 23:40:32 ----D---- C:\ProgramData\Spybot - Search & Destroy
2011-08-06 23:40:31 ----D---- C:\Windows
2011-08-06 20:41:39 ----D---- C:\Windows\system32\drivers\etc
2011-08-06 20:40:48 ----D---- C:\Windows\System32
2011-08-06 20:40:48 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-08-06 20:36:15 ----D---- C:\Windows\system32\WDI
2011-08-06 20:14:59 ----D---- C:\Windows\system32\Tasks
2011-08-06 20:14:58 ----D---- C:\Windows\Tasks
2011-08-06 12:46:15 ----D---- C:\Program Files\PhotoFilmStrip
2011-08-06 12:45:01 ----D---- C:\Program Files\Picture2avi
2011-08-06 12:43:52 ----D---- C:\Program Files\Fx Audio Editor
2011-08-06 09:29:31 ----SD---- C:\Users\Acer\AppData\Roaming\Microsoft
2011-08-06 09:29:27 ----D---- C:\Windows\system32\catroot2
2011-08-05 23:41:10 ----D---- C:\Users\Acer\AppData\Roaming\Desktopicon
2011-08-05 23:18:24 ----SD---- C:\ProgramData\Microsoft
2011-08-05 21:49:01 ----HD---- C:\ProgramData
2011-08-03 22:34:03 ----SHD---- C:\System Volume Information
2011-08-03 10:28:11 ----D---- C:\Windows\Prefetch
2011-08-01 23:55:53 ----D---- C:\Users\Acer\AppData\Roaming\Skype
2011-07-30 20:46:03 ----RD---- C:\Program Files\Skype
2011-07-30 20:45:59 ----D---- C:\ProgramData\Skype
2011-07-30 20:45:57 ----D---- C:\Program Files\Common Files
2011-07-30 20:43:30 ----D---- C:\Users\Acer\AppData\Roaming\skypePM
2011-07-14 23:23:15 ----D---- C:\Users\Acer\AppData\Roaming\Mozilla
2011-06-30 19:33:22 ----RSD---- C:\Windows\Media
2011-06-30 19:33:20 ----D---- C:\Windows\twain_32
2011-06-24 17:27:51 ----D---- C:\Program Files\Mozilla Firefox
2011-06-23 22:46:53 ----D---- C:\Program Files\OpenOffice.org 3
2011-06-23 22:46:27 ----RSD---- C:\Windows\assembly
2011-06-23 22:45:50 ----RSD---- C:\Windows\Fonts
2011-06-23 22:38:45 ----D---- C:\Program Files\Java
2011-06-23 22:32:17 ----D---- C:\Windows\winsxs
2011-06-23 22:31:35 ----D---- C:\Program Files\Common Files\microsoft shared
2011-05-25 21:55:14 ----D---- C:\ProgramData\Microsoft Help
2011-05-25 21:54:43 ----D---- C:\Program Files\Microsoft Office
2011-05-25 21:53:30 ----D---- C:\Windows\ShellNew

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AVGIDSEH;AVGIDSEH; C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx86.sys [2011-03-16 32592]
R0 UBHelper;UBHelper; C:\Windows\system32\drivers\UBHelper.sys [2008-01-31 13824]
R1 Avgldx86;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx86.sys [2011-01-07 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield; C:\Windows\system32\DRIVERS\avgmfx86.sys [2011-03-01 34896]
R1 Avgtdix;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdix.sys [2011-04-05 297168]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};Power Control [2009/04/08 07:50:06]; \??\C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-12-26 87536]
R2 irda;IrDA Protocol; C:\Windows\system32\DRIVERS\irda.sys [2008-01-21 95744]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2008-03-01 1202560]
R3 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-04-14 134480]
R3 AVGIDSFilter;AVGIDSFilter; C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-02-10 24144]
R3 AVGIDSShim;AVGIDSShim; C:\Windows\system32\DRIVERS\AVGIDSShim.Sys [2011-02-10 28624]
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2006-11-03 21264]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2009-02-14 2325728]
R3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\k57nd60x.sys [2008-09-04 223232]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw5v32.sys [2008-09-25 3666432]
R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\Drivers\NTIDrvr.sys [2008-01-31 14848]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2008-09-25 45600]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2008-12-17 7542656]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-12-05 204976]
R3 usbvideo;Zobrazovací zařízení USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
R4 eamon;eamon; C:\Windows\system32\DRIVERS\eamon.sys []
R4 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys []
R4 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys []
R4 Epfwndis;Eset Personal Firewall; C:\Windows\system32\DRIVERS\Epfwndis.sys []
R4 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys []
S3 a2djavs;a2djavs; C:\Windows\System32\Drivers\a2djavs.sys [2009-10-08 35280]
S3 a2djusb;a2djusb; C:\Windows\System32\Drivers\a2djusb.sys [2009-10-08 276304]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 NSCIRDA;NSC Infrared Device Driver; C:\Windows\system32\DRIVERS\nscirda.sys [2008-01-21 30720]
S3 RL_DJIF;usb-audio.de driver for Reloop Digital Jockey Interface; C:\Windows\System32\Drivers\rldjifu.sys [2008-06-17 365568]
S3 RL_DJIF_WDM;Digital Jockey Interface WDM Audio; C:\Windows\system32\drivers\rldjifa.sys [2008-06-17 34304]
S3 RL_DJIFM;Digital Jockey Interface WDM Midi Device; C:\Windows\system32\drivers\rldjifm.sys [2008-06-17 20992]
S3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR.SYS [2008-12-02 62976]
S3 usbaudio;Ovladač zvuků USB (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-11 73216]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2008-01-21 35328]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2008-03-18 13312]
R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2011-04-18 7398752]
R2 avgwd;AVG WatchDog; C:\Program Files\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]
R2 CLHNService;CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-12-18 75048]
R2 ePowerSvc;Acer ePower Service; C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2009-02-19 666144]
R2 Irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 NIHardwareService;NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2009-12-08 3616768]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-09-23 144632]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2008-12-17 203296]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe []
S2 NTI IScheduleSvc;NTI IScheduleSvc; C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe []
S3 AVG Security Toolbar Service;AVG Security Toolbar Service; C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-07-26 1025352]
S3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe []
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-09-23 50424]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe []

-----------------EOF-----------------

[Caroprd111]

Doporučuji odinstalovat Spybot - Search & Destroy


Stáhněte OTL http://oldtimer.geekstogo.com/OTL.scr na plochu

• Spusťte, poté do spodního políčka vložte následující skript.

Kód: Vybrat vše

 netsvcs
drivers32
savembr:0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s

/md5start
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
hal.dll
logevent.dll
netlogon.dll
ntelogon.dll
scecli.dll
sceclt.dll
ws2_32.dll
autochk.exe
csrss.exe
explorer.exe
lsass.exe
services.exe
smss.exe
spoolsv.exe
svchost.exe
userinit.exe
winlogon.exe
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
cdrom.sys 
Changer.sys
fastfat.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys 
JakNDis.sys
KR10N.sys
mv61xx.sys
ndis.sys
ntfs.sys
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys 
nvrd32.sys 
nvstor.sys
nvstor32.sys
symmpi.sys
tcpip.sys
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
/md5stop

C:\windows\system32\spool\prtprocs|dll;true;true;true /FP
%systemroot%\system32\drivers\*.sys /5
%systemroot%\system32\drivers\*.sys /X 
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\*.* /5
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\config\*.sav 
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\*.* /U /s
%systemroot%\*. /mp /s
%ALLUSERSPROFILE%\Data Aplikací\*.*
%ALLUSERSPROFILE%\Data Aplikací\*.exe /s
%ALLUSERSPROFILE%\Dáta aplikácií\*.*
%ALLUSERSPROFILE%\Dáta aplikácií\*.exe /s
%APPDATA%\*.
%APPDATA%\*.*
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe


HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS /s
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager" /v BootExecute /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager" /v "PendingFileRenameOperations" /c

type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5 

• Označte položku Pro všechny uživatele.
• Označte položky Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
• Klikněte na tlačítko Prohledat
• Po dokončení, sem vložte logy OTL.Txt a Extras.txt

[dantos]

Díky za info !!! zde jsou logy:

OTL logfile created on: 7.8.2011 0:31:38 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Acer\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000405 | Country: Czech Republic | Language: CSY | Date Format: d.M.yyyy

2,99 Gb Total Physical Memory | 1,46 Gb Available Physical Memory | 48,88% Memory free
6,19 Gb Paging File | 4,73 Gb Available in Paging File | 76,34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288,32 Gb Total Space | 179,57 Gb Free Space | 62,28% Space Free | Partition Type: NTFS

Computer Name: ACER-PC | User Name: Acer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.08.07 00:19:43 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Acer\Desktop\OTL.scr
PRC - [2011.08.06 20:41:48 | 000,195,072 | ---- | M] () -- C:\Users\Acer\AppData\Roaming\dwm.exe
PRC - [2011.08.06 09:29:32 | 000,194,048 | ---- | M] () -- C:\Users\Acer\AppData\Roaming\Microsoft\conhost.exe
PRC - [2011.08.05 21:01:37 | 000,209,408 | ---- | M] () -- C:\Users\Acer\AppData\Local\Temp\csrss.exe
PRC - [2011.06.24 17:27:44 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011.04.18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011.04.18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011.04.14 05:36:42 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011.03.28 03:00:52 | 000,351,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2011.03.16 16:05:20 | 001,025,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2011.03.16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011.02.10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011.02.08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011.02.08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2011.01.17 19:01:18 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2011.01.17 19:01:18 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009.12.08 20:26:15 | 003,616,768 | ---- | M] (Native Instruments GmbH) -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
PRC - [2009.09.03 23:52:47 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Acer\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009.02.19 22:22:44 | 000,707,104 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
PRC - [2009.02.19 18:32:36 | 000,666,144 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
PRC - [2009.02.19 05:42:48 | 000,866,824 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2008.12.18 15:51:34 | 000,075,048 | ---- | M] () -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
PRC - [2008.07.29 20:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2008.03.18 21:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe


========== Modules (SafeList) ==========

MOD - [2011.08.07 00:19:43 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Acer\Desktop\OTL.scr
MOD - [2009.04.11 08:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2009.02.19 18:32:54 | 000,215,584 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer PowerSmart Manager\SysHook.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (NTI IScheduleSvc)
SRV - File not found [On_Demand | Stopped] -- -- (McSysmon)
SRV - File not found [Unknown | Stopped] -- -- (McShield)
SRV - File not found [Disabled | Stopped] -- -- (gusvc)
SRV - [2011.07.26 10:16:02 | 001,025,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011.04.18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011.02.08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2009.12.08 20:26:15 | 003,616,768 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
SRV - [2009.02.19 18:32:36 | 000,666,144 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc)
SRV - [2008.12.18 15:51:34 | 000,075,048 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService)
SRV - [2008.03.18 21:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Disabled | Running] -- -- (epfwwfp)
DRV - File not found [Kernel | Disabled | Running] -- -- (Epfwndis)
DRV - File not found [Kernel | Disabled | Running] -- -- (epfw)
DRV - File not found [Kernel | Disabled | Running] -- -- (ehdrv)
DRV - File not found [File_System | Disabled | Running] -- -- (eamon)
DRV - [2011.04.14 21:28:18 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011.04.05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011.03.16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011.03.01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011.02.22 08:12:38 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011.02.10 07:53:30 | 000,028,624 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011.02.10 07:53:28 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011.01.07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2009.10.08 13:59:33 | 000,035,280 | ---- | M] (Native Instruments GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\a2djavs.sys -- (a2djavs)
DRV - [2009.10.08 13:59:29 | 000,276,304 | ---- | M] (Native Instruments GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\a2djusb.sys -- (a2djusb)
DRV - [2008.12.26 18:31:30 | 000,087,536 | ---- | M] (CyberLink Corp.) [2009/04/08 07:50:06] [Kernel | Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2008.12.17 01:03:00 | 007,542,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.09.25 17:37:40 | 003,666,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008.09.25 15:39:48 | 000,045,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008.09.04 06:12:56 | 000,223,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink (TM)
DRV - [2008.06.17 18:47:28 | 000,365,568 | ---- | M] (Ploytec GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rldjifu.sys -- (RL_DJIF)
DRV - [2008.06.17 18:41:00 | 000,034,304 | ---- | M] (Ploytec GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rldjifa.sys -- (RL_DJIF_WDM)
DRV - [2008.06.17 18:41:00 | 000,020,992 | ---- | M] (Ploytec GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rldjifm.sys -- (RL_DJIFM)
DRV - [2008.03.01 01:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... spire_5738
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... spire_5738


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2808683438-737575968-2950562706-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... spire_5738
IE - HKU\S-1-5-21-2808683438-737575968-2950562706-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKU\S-1-5-21-2808683438-737575968-2950562706-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2808683438-737575968-2950562706-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/
IE - HKU\S-1-5-21-2808683438-737575968-2950562706-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2808683438-737575968-2950562706-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-2808683438-737575968-2950562706-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:53172

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.cz/"
FF - prefs.js..extensions.enabledItems: {4176DFF4-4698-11DE-BEEB-45DA55D89593}:0.8.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 53172
FF - prefs.js..network.proxy.type: 1

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Acer\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Acer\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Acer\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Acer\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011.08.05 21:48:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared [2011.08.05 21:48:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.07.30 12:22:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.07.30 12:22:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.07.30 12:22:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

[2011.05.11 23:23:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Acer\AppData\Roaming\Mozilla\Extensions
[2011.05.11 23:23:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Acer\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.03.20 00:38:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Acer\AppData\Roaming\Mozilla\Extensions\pencil@evolus.vn
[2011.08.06 20:18:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\ldrp7j8f.default\extensions
[2010.04.28 20:16:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\ldrp7j8f.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.04.30 00:39:43 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\ldrp7j8f.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.06.23 22:39:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.05.06 21:42:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011.06.23 22:39:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.06.23 22:20:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
[2011.08.05 21:48:26 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
[2011.06.24 17:27:45 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.01.01 10:00:00 | 000,002,208 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\heureka-cz.xml
[2010.01.01 10:00:00 | 000,000,638 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
[2010.01.01 10:00:00 | 000,001,367 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml
[2010.01.01 10:00:00 | 000,000,654 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml
[2010.01.01 10:00:00 | 000,001,179 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2011.08.06 20:41:39 | 000,436,469 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 http://www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 http://www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 http://www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 http://www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 http://www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 http://www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 http://www.1001namen.com
O1 - Hosts: 127.0.0.1 http://www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 http://www.100sexlinks.com
O1 - Hosts: 127.0.0.1 http://www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 http://www.1-2005-search.com
O1 - Hosts: 15025 more lines...
O2 - BHO: (TBSB08223 Class) - {0753D5E7-BCDF-4BAE-85EC-431B17D3BE72} - C:\Users\Acer\AppData\Roaming\Toolbars\eBay\ebay.dll ()
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Toolbar for eBay) - {427AB608-62F1-48D1-84D4-50C6358B7268} - C:\Users\Acer\AppData\Roaming\Toolbars\eBay\ebay.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-2808683438-737575968-2950562706-1000\..\Toolbar\WebBrowser: (Toolbar for eBay) - {427AB608-62F1-48D1-84D4-50C6358B7268} - C:\Users\Acer\AppData\Roaming\Toolbars\eBay\ebay.dll ()
O3 - HKU\S-1-5-21-2808683438-737575968-2950562706-1000\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKU\.DEFAULT..\Run: [{FC4FCE89-AE2B-4785-B6D7-6C5FF89BFDE3}] File not found
O4 - HKU\S-1-5-18..\Run: [{FC4FCE89-AE2B-4785-B6D7-6C5FF89BFDE3}] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Free YouTube Download - C:\Users\Acer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Acer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.46.172.36 213.46.172.37
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-2808683438-737575968-2950562706-1000 Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-2808683438-737575968-2950562706-1000 Winlogon: Shell - (C:\Users\Acer\AppData\Roaming\dwm.exe) - C:\Users\Acer\AppData\Roaming\dwm.exe ()
O20 - Winlogon\Notify\cryptnet32: DllName - cryptnet32.dll - File not found
O24 - Desktop WallPaper: C:\Users\Acer\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta galerie Windows Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Acer\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta galerie Windows Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0789fa6c-7152-11df-ba6a-001f169130bf}\Shell - "" = AutoRun
O33 - MountPoints2\{0789fa6c-7152-11df-ba6a-001f169130bf}\Shell\AutoRun\command - "" = "G:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.tscc - C:\Windows\System32\tsccvid.dll (TechSmith Corporation)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2011.08.07 00:19:41 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Acer\Desktop\OTL.scr
[2011.08.07 00:00:36 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011.08.07 00:00:35 | 000,000,000 | ---D | C] -- C:\rsit
[2011.08.06 23:31:34 | 000,000,000 | ---D | C] -- C:\Users\Acer\Desktop\backups
[2011.08.05 23:32:59 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011.08.05 22:23:56 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011.08.05 21:50:56 | 000,000,000 | ---D | C] -- C:\Users\Acer\AppData\Local\AVG Security Toolbar
[2011.08.05 21:50:00 | 000,000,000 | ---D | C] -- C:\Users\Acer\AppData\Roaming\AVG10
[2011.08.05 21:49:01 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011.08.05 21:48:50 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
[2011.08.05 21:48:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2011
[2011.08.05 21:47:32 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2011.08.05 21:47:32 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2011.08.05 21:46:51 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011.08.05 21:43:33 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011.08.05 19:19:34 | 000,000,000 | ---D | C] -- C:\Users\Acer\Documents\SPORTOVNI WEBY
[2011.07.30 20:46:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011.07.30 12:22:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011.07.30 12:22:17 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011.07.30 12:22:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011.07.24 10:17:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011.07.24 10:16:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2009.04.08 16:33:03 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll

========== Files - Modified Within 30 Days ==========

[2011.08.07 00:33:00 | 000,000,958 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2808683438-737575968-2950562706-1000UA.job
[2011.08.07 00:32:35 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2011.08.07 00:24:01 | 000,000,252 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011.08.07 00:19:43 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Acer\Desktop\OTL.scr
[2011.08.07 00:07:58 | 000,000,000 | ---- | M] () -- C:\Users\Acer\AppData\Local\prvlcl.dat
[2011.08.07 00:00:24 | 000,781,383 | ---- | M] () -- C:\Users\Acer\Desktop\RSIT.exe
[2011.08.06 22:55:49 | 000,013,233 | ---- | M] () -- C:\Users\Acer\AppData\Roaming\FAE2.C9D
[2011.08.06 22:34:01 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.08.06 22:34:01 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.08.06 20:41:48 | 000,195,072 | ---- | M] () -- C:\Users\Acer\AppData\Roaming\dwm.exe
[2011.08.06 20:41:39 | 000,436,469 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011.08.06 20:40:48 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.08.06 20:40:48 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.08.06 20:35:00 | 000,089,096 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011.08.06 20:35:00 | 000,089,096 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.08.06 20:33:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.08.06 20:33:24 | 3215,794,176 | -HS- | M] () -- C:\hiberfil.sys
[2011.08.06 20:18:57 | 127,161,113 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011.08.06 12:26:33 | 000,008,268 | ---- | M] () -- C:\Users\Acer\AppData\Local\d3d9caps.dat
[2011.08.06 10:33:01 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2808683438-737575968-2950562706-1000Core.job
[2011.08.05 21:48:31 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011.08.01 22:14:04 | 000,002,395 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011.08.01 19:51:22 | 000,001,699 | ---- | M] () -- C:\Users\Acer\Application Data\Microsoft\Internet Explorer\Quick Launch\Notepad.lnk
[2011.08.01 19:51:15 | 000,001,699 | ---- | M] () -- C:\Users\Acer\Desktop\Notepad.lnk
[2011.07.30 15:55:42 | 000,040,448 | ---- | M] () -- C:\Users\Acer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.07.30 12:22:35 | 000,001,730 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011.07.25 21:25:37 | 000,002,697 | ---- | M] () -- C:\Users\Acer\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2011.07.23 22:45:33 | 000,002,653 | ---- | M] () -- C:\Users\Acer\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2003.lnk

========== Files Created - No Company Name ==========

[2011.08.07 00:22:22 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2011.08.07 00:00:20 | 000,781,383 | ---- | C] () -- C:\Users\Acer\Desktop\RSIT.exe
[2011.08.06 20:42:31 | 000,000,000 | ---- | C] () -- C:\Users\Acer\AppData\Local\prvlcl.dat
[2011.08.06 20:41:48 | 000,195,072 | ---- | C] () -- C:\Users\Acer\AppData\Roaming\dwm.exe
[2011.08.06 20:33:24 | 3215,794,176 | -HS- | C] () -- C:\hiberfil.sys
[2011.08.06 20:18:57 | 127,161,113 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011.08.06 10:28:59 | 000,000,252 | -H-- | C] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011.08.05 21:48:31 | 000,000,846 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011.08.05 21:00:55 | 000,013,233 | ---- | C] () -- C:\Users\Acer\AppData\Roaming\FAE2.C9D
[2011.08.01 19:51:22 | 000,001,699 | ---- | C] () -- C:\Users\Acer\Application Data\Microsoft\Internet Explorer\Quick Launch\Notepad.lnk
[2011.08.01 19:51:15 | 000,001,699 | ---- | C] () -- C:\Users\Acer\Desktop\Notepad.lnk
[2011.07.30 12:22:35 | 000,001,730 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011.07.14 23:22:58 | 000,000,958 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2808683438-737575968-2950562706-1000UA.job
[2011.07.14 23:22:56 | 000,000,906 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2808683438-737575968-2950562706-1000Core.job
[2011.06.30 19:19:56 | 000,000,375 | ---- | C] () -- C:\Windows\System32\CNCMFP38.INI
[2011.05.11 23:23:45 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.04.30 00:46:37 | 000,000,048 | ---- | C] () -- C:\Windows\picture2avi.ini
[2011.04.20 22:04:11 | 000,295,042 | ---- | C] () -- C:\Windows\System32\shimg.dll
[2011.04.20 22:04:11 | 000,000,016 | ---- | C] () -- C:\Windows\System32\crt.dat
[2010.11.17 21:53:35 | 000,000,384 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.06.09 21:52:27 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010.05.22 01:06:55 | 000,000,668 | ---- | C] () -- C:\Windows\Mp3ACutjoin.ini
[2010.05.22 00:54:54 | 000,000,005 | ---- | C] () -- C:\Windows\System32\SySMACJ.dat
[2010.02.19 18:25:42 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009.10.27 00:55:07 | 000,040,448 | ---- | C] () -- C:\Users\Acer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.09.26 19:25:16 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.26 19:25:16 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.09.06 22:04:02 | 000,008,268 | ---- | C] () -- C:\Users\Acer\AppData\Local\d3d9caps.dat
[2009.09.06 11:23:09 | 000,089,096 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.09.03 23:57:22 | 000,089,096 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.04.08 08:50:35 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini
[2009.04.08 08:43:02 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2009.04.08 08:43:02 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2009.04.08 08:43:02 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe
[2009.04.08 08:43:02 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2009.04.08 08:42:03 | 000,090,772 | ---- | C] () -- C:\Windows\System32\drivers\RtConvEQ.DAT
[2009.04.08 08:42:03 | 000,000,536 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat
[2009.04.08 08:42:03 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2009.02.18 20:48:55 | 000,000,028 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2009.02.18 13:20:22 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.02.11 22:03:58 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2009.02.11 22:03:58 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2009.02.11 22:03:57 | 000,000,057 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,400,544 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,587,178 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,101,250 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011.05.05 20:47:33 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\Ableton
[2009.02.18 14:08:05 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\Acer GameZone Console
[2011.08.05 21:50:00 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\AVG10
[2009.09.23 21:16:09 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\BeatportDownloader.EE670286545758FAB4A69D4439CF6054F83E0AC2.1
[2011.08.05 23:41:10 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\Desktopicon
[2011.04.30 00:40:12 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\DVDVideoSoft
[2011.04.30 00:39:42 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\DVDVideoSoftIEHelpers
[2009.11.01 14:26:51 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\ESET
[2009.09.07 21:17:57 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\eSobi
[2010.10.15 19:54:34 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\GTCO CalComp
[2009.10.26 20:40:01 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\ICQ
[2011.03.11 16:09:13 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\klavaro
[2010.05.22 00:44:46 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\Meda MP3 Splitter Gold 4.2
[2009.10.31 20:12:38 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\OpenOffice.org
[2010.03.20 00:38:55 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\Pencil
[2009.09.22 22:34:29 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\PowerCinema
[2009.09.22 22:11:14 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\SoftDMA
[2011.05.11 23:23:44 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\Thunderbird
[2009.09.27 23:49:01 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\Toolbars
[2011.08.06 20:13:02 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.08.07 00:24:01 | 000,000,252 | -H-- | M] () -- C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job

========== Purity Check ==========



========== Custom Scans ==========


< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >

< >


< MD5 for: AGP440.SYS >
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2009.04.11 08:27:20 | 000,643,072 | ---- | M] (Microsoft Corporation) MD5=10761177A6EBE45843F443E99509F5E7 -- C:\Windows\System32\autochk.exe
[2009.04.11 08:27:20 | 000,643,072 | ---- | M] (Microsoft Corporation) MD5=10761177A6EBE45843F443E99509F5E7 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6002.18005_none_e3df6655bee2ee3b\autochk.exe
[2008.01.21 04:24:45 | 000,642,560 | ---- | M] (Microsoft Corporation) MD5=2FC5BE79B51714B479809358E4908FC3 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6001.18000_none_e1f3ed49c1c122ef\autochk.exe

< MD5 for: CDROM.SYS >
[2008.01.21 04:23:02 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_a29e71c6\cdrom.sys
[2008.01.21 04:23:02 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6001.18000_none_5fa95be2a3c76a4a\cdrom.sys
[2009.04.11 06:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\System32\drivers\cdrom.sys
[2009.04.11 06:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_c949a5b6\cdrom.sys
[2009.04.11 06:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6002.18005_none_6194d4eea0e93596\cdrom.sys
[2006.11.02 10:51:44 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=8D1866E61AF096AE8B582454F5E4D303 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_e487f727\cdrom.sys

< MD5 for: CNGAUDIT.DLL >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: CRYPTSVC.DLL >
[2008.01.21 04:24:35 | 000,128,000 | ---- | M] (Microsoft Corporation) MD5=6DE363F9F99334514C46AEC02D3E3678 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6001.18000_none_75ff99649acf4de9\cryptsvc.dll
[2009.04.11 08:28:18 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=FB27772BEAF8E1D28CCD825C09DA939B -- C:\Windows\System32\cryptsvc.dll
[2009.04.11 08:28:18 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=FB27772BEAF8E1D28CCD825C09DA939B -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6002.18005_none_77eb127097f11935\cryptsvc.dll

< MD5 for: CSRSS.EXE >
[2011.08.05 21:01:37 | 000,209,408 | ---- | M] () MD5=0F7914288A6D1B62EBEE17A3FAC077AF -- C:\Users\Acer\AppData\Local\Temp\csrss.exe
[2008.01.21 04:24:54 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=ABCA209EBA02CB59233614DB83B4F50D -- C:\Windows\System32\csrss.exe
[2008.01.21 04:24:54 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=ABCA209EBA02CB59233614DB83B4F50D -- C:\Windows\winsxs\x86_microsoft-windows-csrss_31bf3856ad364e35_6.0.6001.18000_none_58e3e3d7e415ae4c\csrss.exe

< MD5 for: EXPLORER.EXE >
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 04:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: FASTFAT.SYS >
[2009.04.11 06:13:52 | 000,142,848 | ---- | M] (Microsoft Corporation) MD5=1E9B9A70D332103C52995E957DC09EF8 -- C:\Windows\System32\drivers\fastfat.sys
[2009.04.11 06:13:52 | 000,142,848 | ---- | M] (Microsoft Corporation) MD5=1E9B9A70D332103C52995E957DC09EF8 -- C:\Windows\winsxs\x86_microsoft-windows-fat_31bf3856ad364e35_6.0.6002.18005_none_b09ea48c5485f42b\fastfat.sys
[2008.01.21 04:24:13 | 000,143,360 | ---- | M] (Microsoft Corporation) MD5=3C489390C2E2064563727752AF8EAB9E -- C:\Windows\winsxs\x86_microsoft-windows-fat_31bf3856ad364e35_6.0.6001.18000_none_aeb32b80576428df\fastfat.sys

< MD5 for: HAL.DLL >
[2009.04.11 08:32:46 | 000,177,128 | ---- | M] (Microsoft Corporation) MD5=B8D52005181A15D7D1470CBF2AF214DD -- C:\Windows\System32\hal.dll

< MD5 for: IASTORV.SYS >
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: ISAPNP.SYS >
[2006.11.02 11:50:24 | 000,047,208 | ---- | M] (Microsoft Corporation) MD5=350FCA7E73CF65BCEF43FAE1E4E91293 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\isapnp.sys
[2008.01.21 04:23:01 | 000,049,720 | ---- | M] (Microsoft Corporation) MD5=6C70698A3E5C4376C6AB5C7C17FB0614 -- C:\Windows\System32\drivers\isapnp.sys
[2008.01.21 04:23:01 | 000,049,720 | ---- | M] (Microsoft Corporation) MD5=6C70698A3E5C4376C6AB5C7C17FB0614 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\isapnp.sys
[2008.01.21 04:23:01 | 000,049,720 | ---- | M] (Microsoft Corporation) MD5=6C70698A3E5C4376C6AB5C7C17FB0614 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\isapnp.sys
[2008.01.21 04:23:01 | 000,049,720 | ---- | M] (Microsoft Corporation) MD5=6C70698A3E5C4376C6AB5C7C17FB0614 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\isapnp.sys
[2008.01.21 04:23:01 | 000,049,720 | ---- | M] (Microsoft Corporation) MD5=6C70698A3E5C4376C6AB5C7C17FB0614 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\isapnp.sys

< MD5 for: LSASS.EXE >
[2009.06.15 14:51:56 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=203D86EBD6D8E4C8501B222421E81506 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22152_none_a886901f7335e2fc\lsass.exe
[2009.09.10 16:44:14 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=2D3AC5E7AC01E905F3ABD2D745FE3A9B -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.22223_none_a8a80213731ca5a7\lsass.exe
[2009.06.15 14:48:49 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=3978F3540329E16C0AC3BCF677E5669F -- C:\Windows\System32\lsass.exe
[2009.06.15 14:48:49 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=3978F3540329E16C0AC3BCF677E5669F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18051_none_a7fbf30a5a1929db\lsass.exe
[2009.02.13 09:26:04 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=59DE082968FDD257FFF0D209B9A5B460 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16820_none_a44eb0105fb4d975\lsass.exe
[2009.06.15 15:03:38 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=6F1F23D3599EAE17734451936B7F17C6 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22450_none_a69e1da376115b2a\lsass.exe
[2009.06.15 14:57:59 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=A911ECAC81F94ADEAFBE8E3F7873EDB0 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18272_none_a600dfae5d0228c9\lsass.exe
[2009.02.13 06:58:37 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=AFF8A58280863629CA4FFA9E0B259F1E -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21010_none_a4e2f4e978ca9090\lsass.exe
[2009.06.15 14:59:08 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=BA9A67672E025078C77967731BCFC560 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21067_none_a4b3e75378eccda6\lsass.exe
[2009.06.15 15:10:12 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=C731B1FE449D4E9CEA358C9D55B69BE9 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.16870_none_a418a0745fdd652a\lsass.exe
[2009.09.09 13:09:38 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=CB7E838C140B4087B2DA323F2D4523C5 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22518_none_a6d1618975e9b345\lsass.exe
[2009.09.10 16:47:51 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=D09A5DA84B7C9CA9B02EBCD7FAE41C8D -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6000.21125_none_a4dd285578ce285b\lsass.exe
[2008.01.21 04:24:15 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=DCF733788C7D088D814E5F80EB4B3E0F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18000_none_a64a8ac25ccb3836\lsass.exe
[2008.01.21 04:24:15 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=DCF733788C7D088D814E5F80EB4B3E0F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18215_none_a644c0145ccecd28\lsass.exe
[2008.01.21 04:24:15 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=DCF733788C7D088D814E5F80EB4B3E0F -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6002.18005_none_a83603ce59ed0382\lsass.exe
[2009.02.13 10:20:29 | 000,009,728 | ---- | M] (Microsoft Corporation) MD5=F4C62B07E5BF96F1FDCA9DB393ECED22 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.22376_none_a68e7da1761c2def\lsass.exe

< MD5 for: NDIS.SYS >
[2009.04.11 08:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\System32\drivers\ndis.sys
[2009.04.11 08:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6002.18005_none_a9b2a4d31930d864\ndis.sys
[2008.01.21 04:23:50 | 000,529,464 | ---- | M] (Microsoft Corporation) MD5=9BDC71790FA08F0A0B5F10462B1BD0B1 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.18000_none_a7c72bc71c0f0d18\ndis.sys

< MD5 for: NETLOGON.DLL >
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NTFS.SYS >
[2009.04.11 08:32:49 | 001,083,880 | ---- | M] (Společnost Microsoft) MD5=6A4A98CEE84CF9E99564510DDA4BAA47 -- C:\Windows\System32\drivers\ntfs.sys
[2009.04.11 08:32:49 | 001,083,880 | ---- | M] (Microsoft Corporation) MD5=6A4A98CEE84CF9E99564510DDA4BAA47 -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6002.18005_none_a85ca2c91a0d64df\ntfs.sys
[2008.01.21 04:23:51 | 001,081,912 | ---- | M] (Microsoft Corporation) MD5=B4EFFE29EB4F15538FD8A9681108492D -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6001.18000_none_a67129bd1ceb9993\ntfs.sys

< MD5 for: NVRAID.SYS >
[2008.01.21 04:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\System32\drivers\nvraid.sys
[2008.01.21 04:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvraid.sys
[2008.01.21 04:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) MD5=2EDF9E7751554B42CBB60116DE727101 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvraid.sys
[2006.11.02 11:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) MD5=E69E946F80C1C31C53003BFBF50CBB7C -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< MD5 for: SERVICES.EXE >
[2008.01.21 04:24:48 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2009.04.11 08:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\System32\services.exe
[2009.04.11 08:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

< MD5 for: SMSS.EXE >
[2008.01.21 04:23:50 | 000,064,000 | ---- | M] (Microsoft Corporation) MD5=6701DDAF68BEDE6BBEEA9D514D73A35B -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.0.6001.18000_none_ac3aa7fd19319fba\smss.exe
[2009.04.11 08:28:04 | 000,064,000 | ---- | M] (Microsoft Corporation) MD5=98AF15A94CD6AC37248E72E5FE789B35 -- C:\Windows\System32\smss.exe
[2009.04.11 08:28:04 | 000,064,000 | ---- | M] (Microsoft Corporation) MD5=98AF15A94CD6AC37248E72E5FE789B35 -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.0.6002.18005_none_ae26210916536b06\smss.exe

< MD5 for: SPOOLSV.EXE >
[2009.04.11 08:28:05 | 000,127,488 | ---- | M] (Microsoft Corporation) MD5=524BFBEA40E6E404737CCBC754647A2E -- C:\Windows\System32\spoolsv.exe
[2009.04.11 08:28:05 | 000,127,488 | ---- | M] (Microsoft Corporation) MD5=524BFBEA40E6E404737CCBC754647A2E -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6002.18005_none_d8371c2dbeaa9062\spoolsv.exe
[2008.01.21 04:24:45 | 000,125,952 | ---- | M] (Microsoft Corporation) MD5=846CDF9A3CF4DA9B306ADFB7D55EE4C2 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6001.18000_none_d64ba321c188c516\spoolsv.exe

< MD5 for: SVCHOST.EXE >
[2008.01.21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008.01.21 04:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: TCPIP.SYS >
[2008.04.26 10:08:16 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=01EC1E92595F839BEE70D439C46796E3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22167_none_b36dd19b7fae39c7\tcpip.sys
[2009.04.11 08:33:02 | 000,897,000 | ---- | M] (Microsoft Corporation) MD5=0E6B0885C3D5E4643ED2D043DE3433D8 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18005_none_b5098b5e63880c42\tcpip.sys
[2009.08.15 23:30:53 | 000,816,640 | ---- | M] (Microsoft Corporation) MD5=2512B4D1353370D6688B1AF1F5AFA1CF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d425ab49af00\tcpip.sys
[2009.08.14 19:01:55 | 000,900,168 | ---- | M] (Microsoft Corporation) MD5=2608E71AAD54564647D4BB984E1925AA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys
[2009.08.14 16:24:47 | 000,813,568 | ---- | M] (Microsoft Corporation) MD5=300208927321066EA53761FDC98747C6 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16908_none_5fa75f38922bdbf4\tcpip.sys
[2009.08.14 18:27:34 | 000,904,776 | ---- | M] (Microsoft Corporation) MD5=65877AA1B6A7CB797488E831698973E9 -- C:\Windows\System32\drivers\tcpip.sys
[2009.08.14 18:27:34 | 000,904,776 | ---- | M] (Microsoft Corporation) MD5=65877AA1B6A7CB797488E831698973E9 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18091_none_b4a43aea63d4a25f\tcpip.sys
[2008.04.26 10:26:49 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=82E266BEE5F0167E41C6ECFDD2A79C02 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys
[2009.08.14 19:07:56 | 000,897,608 | ---- | M] (Microsoft Corporation) MD5=8A7AD2A214233F684242F289ED83EBC3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_b3144862666d6db3\tcpip.sys
[2008.01.21 04:25:03 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=FC6E2835D667774D409C7C7021EAF9C4 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys
[2009.08.14 18:33:50 | 000,905,784 | ---- | M] (Microsoft Corporation) MD5=FF71856BD4CD6D4367F9FD84BE79A874 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_b58e289d7caa2a80\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< MD5 for: WS2_32.DLL >
[2008.01.21 04:24:48 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B304D47D5744BA20FCB99FB8B2C07B0B -- C:\Windows\System32\ws2_32.dll
[2008.01.21 04:24:48 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B304D47D5744BA20FCB99FB8B2C07B0B -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6001.18000_none_f2b7b0c2ce5605c4\ws2_32.dll

< >

< C:\windows\system32\spool\prtprocs|dll;true;true;true /FP >
[2008.01.21 04:23:14 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\HPZPPLHN.DLL
[2006.11.02 14:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2004.03.22 16:17:08 | 000,025,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\mdippr.dll
[2006.10.26 21:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll
[2009.09.03 23:54:34 | 000,003,584 | ---- | M] (Lexmark International Inc.) -- C:\Windows\System32\spool\prtprocs\w32x86\cs-CZ\LMPRTPRC.DLL.mui
[2006.11.02 14:40:56 | 000,003,584 | ---- | M] (Lexmark International Inc.) -- C:\Windows\System32\spool\prtprocs\w32x86\en-US\LMPRTPRC.DLL.mui

< %systemroot%\system32\drivers\*.sys /5 >

< %systemroot%\system32\drivers\*.sys /X >
[2006.10.19 23:27:24 | 000,000,000 | ---- | M] () -- C:\Windows\system32\drivers\1025_ACER_Aspire 5738.mrk
[2006.09.18 23:26:46 | 003,440,660 | ---- | M] () -- C:\Windows\system32\drivers\gm.dls
[2006.09.18 23:26:46 | 000,000,646 | ---- | M] () -- C:\Windows\system32\drivers\gmreadme.txt
[2008.01.21 04:23:51 | 000,000,003 | ---- | M] () -- C:\Windows\system32\drivers\MsftWdf_Kernel_01007_Inbox_Critical.Wdf
[2009.04.08 08:43:50 | 000,000,000 | -H-- | M] () -- C:\Windows\system32\drivers\Msft_Kernel_SynTP_01007.Wdf
[2009.09.03 23:53:13 | 000,000,000 | -H-- | M] () -- C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2009.10.29 12:09:13 | 000,000,000 | -H-- | M] () -- C:\Windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2009.02.10 21:21:58 | 000,090,772 | ---- | M] () -- C:\Windows\system32\drivers\RtConvEQ.DAT
[2009.02.10 21:21:58 | 000,000,536 | ---- | M] () -- C:\Windows\system32\drivers\RtHdatEx.dat
[2007.07.14 00:11:56 | 000,000,008 | ---- | M] () -- C:\Windows\system32\drivers\rtkhdaud.dat

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\*.* /5 >
[2011.08.07 00:34:01 | 000,003,216 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.08.07 00:34:01 | 000,003,216 | -H-- | M] () -- C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.08.06 20:40:48 | 000,101,250 | ---- | M] () -- C:\Windows\system32\perfc009.dat
[2011.08.06 20:40:48 | 000,587,178 | ---- | M] () -- C:\Windows\system32\perfh009.dat
[2011.08.06 20:40:48 | 000,690,960 | ---- | M] () -- C:\Windows\system32\PerfStringBackup.INI

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\config\*.sav >
[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\system32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\system32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\system32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\system32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\system32\config\SYSTEM.SAV

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\*.* /U /s >
[7 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[43 C:\Windows\Temp\*.tmp files -> C:\Windows\Temp\*.tmp -> ]

< %systemroot%\*. /mp /s >

< %ALLUSERSPROFILE%\Data Aplikací\*.* >

< %ALLUSERSPROFILE%\Data Aplikací\*.exe /s >

< %ALLUSERSPROFILE%\Dáta aplikácií\*.* >

< %ALLUSERSPROFILE%\Dáta aplikácií\*.exe /s >

< %APPDATA%\*. >
[2011.05.05 20:47:33 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\Ableton
[2009.02.18 14:08:05 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\Acer GameZone Console
[2009.09.23 21:14:51 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\Adobe
[2010.06.09 21:45:10 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\Apple Computer
[2011.08.05 21:50:00 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\AVG10
[2009.09.23 21:16:09 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\BeatportDownloader.EE670286545758FAB4A69D4439CF6054F83E0AC2.1
[2009.09.22 22:11:03 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\CyberLink
[2011.08.05 23:41:10 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\Desktopicon
[2011.04.30 00:40:12 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\DVDVideoSoft
[2011.04.30 00:39:42 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\DVDVideoSoftIEHelpers
[2009.11.01 14:26:51 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\ESET
[2009.09.07 21:17:57 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\eSobi
[2009.09.07 21:06:31 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\Google
[2010.10.15 19:54:34 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\GTCO CalComp
[2009.10.26 20:40:01 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\ICQ
[2009.09.03 23:51:27 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\Identities
[2011.03.11 16:09:13 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\klavaro
[2009.09.03 23:52:03 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\Macromedia
[2010.05.22 00:44:46 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\Meda MP3 Splitter Gold 4.2
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\Media Center Programs
[2011.08.06 09:29:31 | 000,000,000 | --SD | M] -- C:\Users\Acer\AppData\Roaming\Microsoft
[2011.07.14 23:23:15 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\Mozilla
[2009.10.31 20:12:38 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\OpenOffice.org
[2010.03.20 00:38:55 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\Pencil
[2009.09.22 22:34:29 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\PowerCinema
[2011.08.01 23:55:53 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\Skype
[2011.07.30 20:43:30 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\skypePM
[2009.09.22 22:11:14 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\SoftDMA
[2011.05.11 23:23:44 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\Thunderbird
[2009.09.27 23:49:01 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\Toolbars
[2009.12.26 17:18:16 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\WinRAR

< %APPDATA%\*.* >
[2011.08.06 20:41:48 | 000,195,072 | ---- | M] () -- C:\Users\Acer\AppData\Roaming\dwm.exe
[2011.08.06 22:55:49 | 000,013,233 | ---- | M] () -- C:\Users\Acer\AppData\Roaming\FAE2.C9D

< %APPDATA%\*.exe /s >
[2011.08.06 20:41:48 | 000,195,072 | ---- | M] () -- C:\Users\Acer\AppData\Roaming\dwm.exe
[2010.04.26 18:03:22 | 000,038,784 | ---- | M] () -- C:\Users\Acer\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2011.08.06 09:29:32 | 000,194,048 | ---- | M] () -- C:\Users\Acer\AppData\Roaming\Microsoft\conhost.exe
[2008.04.24 10:37:24 | 000,049,152 | ---- | M] () -- C:\Users\Acer\AppData\Roaming\Toolbars\eBay\uninstall.exe
[2008.04.24 10:37:26 | 000,065,536 | ---- | M] () -- C:\Users\Acer\AppData\Roaming\Toolbars\eBay\update.exe

< %SYSTEMDRIVE%\*.exe >

< >

< >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2009-10-29 10:36:02

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS /s >
"JobInactivityTimeout" = 7776000
"JobMinimumRetryDelay" = 600
"JobNoProgressTimeout" = 1209600
"LogFileFlags" = 0
"LogFileMinMemory" = 120
"LogFileSize" = 1
"TimeQuantaLength" = 300
"UseLmCompat" = 2
"IGDSearcherDLL" = bitsigd.dll -- [2009.04.11 08:28:18 | 000,031,744 | ---- | M] (Microsoft Corporation)
"StateIndex" = 0

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager" /v BootExecute /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\SESSION MANAGER
BOOTEXECUTE REG_MULTI_SZ autocheck autochk *\0C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync\0C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager" /v "PendingFileRenameOperations" /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\SESSION MANAGER
PENDINGFILERENAMEOPERATIONS REG_MULTI_SZ \??\C:\Users\Acer\AppData\Local\MICROS~1\Windows\TEMPOR~1\Content.IE5\index.dat\0\??\C:\Users\Acer\AppData\Roaming\MICROS~1\Windows\Cookies\index.dat\0\??\C:\Users\Acer\AppData\Roaming\MICROS~1\Windows\Cookies\Low\index.dat\0\??\C:\Users\Acer\AppData\Local\MICROS~1\Windows\History\History.IE5\index.dat\0\??\C:\Users\Acer\AppData\Local\Temp\_iu14D2N.tmp

< >

< type c:\boot.ini >> test.txt /c >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2011.08.07 00:32:35 | 000,000,512 | ---- | M] () MD5=767304ECFE4BC260554649D7630070A0 -- C:\PhysicalMBR.bin

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:7B2D4DC5
@Alternate Data Stream - 229 bytes -> C:\ProgramData\Temp:8FF81EB0

< End of report >

[dantos]

OTL Extras logfile created on: 7.8.2011 0:31:38 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Acer\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000405 | Country: Czech Republic | Language: CSY | Date Format: d.M.yyyy

2,99 Gb Total Physical Memory | 1,46 Gb Available Physical Memory | 48,88% Memory free
6,19 Gb Paging File | 4,73 Gb Available in Paging File | 76,34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288,32 Gb Total Space | 179,57 Gb Free Space | 62,28% Space Free | Partition Type: NTFS

Computer Name: ACER-PC | User Name: Acer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2808683438-737575968-2950562706-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2808683438-737575968-2950562706-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 3

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{128088F8-E39F-468C-88D0-65BE2E8D26CF}" = rport=138 | protocol=17 | dir=out | app=system |
"{18752227-8958-4FFE-A807-3A56428630C5}" = rport=445 | protocol=6 | dir=out | app=system |
"{519740BB-5259-493C-8D32-90D13517811F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{5BE5B60E-E0B7-49EE-A390-03021ACA69A5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{612212D1-410E-47B7-B783-A45D254C42AA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6A0CAF7D-1AE1-4FFF-930B-3882BC399E3F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{75949C05-B973-427C-A7D9-6FE94BF02E1A}" = lport=138 | protocol=17 | dir=in | app=system |
"{78671943-2A13-408C-A9D7-1046C4BA3F81}" = rport=137 | protocol=17 | dir=out | app=system |
"{7EA12C27-2EE8-42E3-848A-2B1E6CD2AF6A}" = lport=139 | protocol=6 | dir=in | app=system |
"{83CDE647-F2B5-4242-8E30-600DBD9BC442}" = lport=137 | protocol=17 | dir=in | app=system |
"{8B8834CD-7914-4A28-A79E-8D0FA4B22389}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{9F932DC7-9E5A-4F53-83E5-7C76CF10791C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A0D807AE-2EDD-4511-A8F6-D22F6D42377E}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{A765B4F6-81D7-4014-96EB-93C44AC44CC6}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{AD696B96-03BB-4537-B0F4-CC1DC5829458}" = lport=445 | protocol=6 | dir=in | app=system |
"{B60E4DD3-E7C9-406A-9621-E6CEE5991E5D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BD4128EB-794E-40D5-A4F0-4BFC20459FFC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{C6D285DC-33BF-4E69-BAED-3302698A3D14}" = rport=139 | protocol=6 | dir=out | app=system |
"{D95756D8-0C7A-443A-B25C-42DC75937B57}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FD9A5A53-129F-4E7E-8DE8-4F4344F379D6}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{017D2D04-85DA-4F70-B33D-D5F947A55676}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{089C711E-87FB-48DB-8B53-1E238B63DCF9}" = protocol=17 | dir=in | app=c:\program files\einstruction\device manager\jre\bin\javaw.exe |
"{12DE14BE-A105-4CD4-8E90-C7A6BABD8A0E}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{1A429D8A-7B6C-4406-8A19-8D01996C2B33}" = protocol=6 | dir=in | app=c:\program files\einstruction\device manager\jre\bin\javaw.exe |
"{23426A3B-479E-40C7-8A1D-5579AC720F3C}" = protocol=6 | dir=in | app=c:\users\acer\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{261F26E1-4D0B-4F4A-97F7-EBEDCC258EA0}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe |
"{27D55468-16EC-4B0B-A048-EC708522172D}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{317BA66C-6403-4946-8DAD-39B5DB948D3A}" = protocol=17 | dir=in | app=c:\users\acer\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{3F015F13-91FF-4501-BBE8-79004792828A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{40837E23-ABCC-47E5-866F-289E97CB6D9E}" = protocol=17 | dir=in | app=c:\users\acer\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{44C53D76-FC6E-473F-B977-91E362661B71}" = protocol=6 | dir=in | app=c:\program files\einstruction\device manager\jre\bin\java.exe |
"{498995AE-8E2B-4517-9D6C-D89D39DA1DC2}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{4F4E0965-BBA5-4870-9894-FFC4F1DDC148}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{5B932C9A-32AA-4D83-B158-E2B82A76A819}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{6E8BDBCB-93B0-4F03-9ADF-2B94E565B54D}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{75B2BBA7-8465-477C-A9B6-D8A16455ADA6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{7676E556-18C2-41EA-B592-DEBC6C0653AC}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{7804FB55-DA68-45D1-B9D8-4833A984AB44}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{8DF10987-80E3-461D-A633-3E229495BB00}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{9280A92C-70EC-4555-A2BE-5E1620133DB6}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{96A1749A-14E6-41DE-A9C8-F57A42C8D640}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{98531B6E-5A0B-455A-830A-874F192B9DFD}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{9BBA8132-B13D-4E58-8947-E6A29003FAF9}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe |
"{9F792745-F536-48A7-8F6E-DCAB90563FCF}" = protocol=17 | dir=in | app=c:\program files\einstruction\device manager\launch.exe |
"{A15925C2-96A8-4146-B1D9-356044AB1DDE}" = protocol=6 | dir=in | app=c:\program files\einstruction\device manager\launch.exe |
"{A8982A68-CCBA-499F-B851-39845E7EC297}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{A8CC19F5-1EE9-4AD1-AD37-CC4E2B25222B}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{B1059DBF-0C99-402C-A6D5-ADF4A968A6F7}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{B65E17F6-7CE8-4E1B-B5D5-72713EBA87A9}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{C3091078-DF1D-4AA2-8E13-0B8039F8BE34}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C3AC3648-4746-4D5C-8695-00FD69E7AA78}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CA9F2352-8A59-414F-8DDA-29FB65B74371}" = protocol=17 | dir=in | app=c:\program files\einstruction\device manager\jre\bin\java.exe |
"{CAB7A654-F344-417A-8552-A4402BC20312}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{CD3B5332-490A-4A89-9325-B475EA9C341C}" = protocol=6 | dir=in | app=c:\users\acer\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{D7594AC6-6FE1-4181-A53D-4D38980F7F1F}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{DCD74AC1-89BA-484D-B904-E6FD1C373FE2}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{E26AFADA-7B35-4FF0-B5F6-18AE9B3752AB}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{013CCA52-DA56-4133-AC2B-1988A9568C30}" = Native Instruments Audio 4 DJ Driver
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{0886900B-B2F3-452C-B580-60F1253F7F80}" = Native Instruments Controller Editor
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{10B43A43-FF73-47FD-83E8-A503E84F9ED6}" = OpenOffice.org 3.3
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23A66953-369C-4d22-A189-C6E403D4A19F}" = Native Instruments Audio 2 DJ Driver
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 26
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{2AAC4085-DCBF-417B-AEBD-182197839240}" = Native Instruments Traktor
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{4129CA8E-7E75-4eee-BAE5-AA7707AA7708}" = Canon MF4400 Series
"{470BB39A-7231-4077-AD3D-86067AD04604}" = Native Instruments Audio 8 DJ Driver
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{5310C7A5-A385-6E26-66E9-C0F0CA5A7E45}" = BeatportDownloader
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}" = Suite
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{669A032D-4E28-3D11-BB26-8AD5D51EFE87}" = Google Talk Plugin
"{6767DFEE-8909-453A-B553-C7693912B2EB}" = Canon MF Toolbox 4.9.1.1.mf11
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{695B13B2-7919-4EC5-8601-092F0D2DE069}" = AVG 2011
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90110405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AF0B106-56F1-461B-A270-95BC1682E282}" = Broadcom Gigabit NetLink Controller
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6
"{BD86C297-41C7-4DB5-82C4-98DE3399A2EF}" = Asistent pro přihlášení ke službě Windows Live
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E7C92C22-436B-46C4-AAF2-80C4C569A55F}" = AVG 2011
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AVG" = AVG 2011
"CCleaner" = CCleaner (remove only)
"Free Studio_is1" = Free Studio version 5.0.9
"GridVista" = Acer GridVista
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InterwriteWorkspaceLanguagePack-Czech" = InterwriteWorkspaceLanguagePack-Czech
"Klavaro_is1" = Klavaro-1.7.4
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.0.4 (Basic)
"Live 7.0.10" = Live 7.0.10
"Live 8.2.2" = Live 8.2.2
"LManager" = Launch Manager
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 5.0 (x86 cs)" = Mozilla Firefox 5.0 (x86 cs)
"Mozilla Thunderbird (3.1.10)" = Mozilla Thunderbird (3.1.10)
"Native Instruments Audio 2 DJ Driver" = Native Instruments Audio 2 DJ Driver
"Native Instruments Audio 4 DJ Driver" = Native Instruments Audio 4 DJ Driver
"Native Instruments Audio 8 DJ Driver" = Native Instruments Audio 8 DJ Driver
"Native Instruments Controller Editor" = Native Instruments Controller Editor
"Native Instruments Service Center" = Native Instruments Service Center
"Native Instruments Traktor" = Native Instruments Traktor
"Native Instruments Traktor 3 LE" = Native Instruments Traktor 3 LE
"NVIDIA Drivers" = NVIDIA Drivers
"Pencil" = Pencil
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"USB_AUDIO_DEusb-audio.deRLDJIF" = Digital Jockey Interface Driver
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WM Converter 2.0" = WM Converter 2.0

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

[Caroprd111]

Znovu spusťte OTL a do spodního bílého okna vložte následující skript. Poté klikněte na Opravit, PC se restartuje, výsledný log vložte sem. Poté napište stav PC.

Kód: Vybrat vše

:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]

:OTL
SRV - File not found [Auto | Stopped] -- -- (NTI IScheduleSvc)
SRV - File not found [On_Demand | Stopped] -- -- (McSysmon)
SRV - File not found [Unknown | Stopped] -- -- (McShield)
SRV - File not found [Disabled | Stopped] -- -- (gusvc)
DRV - File not found [Kernel | Disabled | Running] -- -- (epfwwfp)
DRV - File not found [Kernel | Disabled | Running] -- -- (Epfwndis)
DRV - File not found [Kernel | Disabled | Running] -- -- (epfw)
DRV - File not found [Kernel | Disabled | Running] -- -- (ehdrv)
DRV - File not found [File_System | Disabled | Running] -- -- (eamon)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKU\.DEFAULT..\Run: [{FC4FCE89-AE2B-4785-B6D7-6C5FF89BFDE3}] File not found
O4 - HKU\S-1-5-18..\Run: [{FC4FCE89-AE2B-4785-B6D7-6C5FF89BFDE3}] File not found
O20 - Winlogon\Notify\cryptnet32: DllName - cryptnet32.dll - File not found
[2011.08.07 00:24:01 | 000,000,252 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011.08.06 22:55:49 | 000,013,233 | ---- | M] () -- C:\Users\Acer\AppData\Roaming\FAE2.C9D
[2011.08.06 22:34:01 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.08.06 22:34:01 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.08.06 20:41:48 | 000,195,072 | ---- | M] () -- C:\Users\Acer\AppData\Roaming\dwm.exe
[2011.08.06 09:29:32 | 000,194,048 | ---- | M] () -- C:\Users\Acer\AppData\Roaming\Microsoft\conhost.exe
@Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:7B2D4DC5
@Alternate Data Stream - 229 bytes -> C:\ProgramData\Temp:8FF81EB0

[dantos]

Díky, po opravě naskočila modrá obrazovka a restart, poté jsem tedy spustil OTL znovu ...
(AVG mi při spuštění googlu zahlásilo pouze tento proces C:\USERS\ACER\APPDATA\ROAMING\DWM.EXE)

OTL logfile created on: 7.8.2011 1:13:31 - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Acer\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18828)
Locale: 00000405 | Country: Czech Republic | Language: CSY | Date Format: d.M.yyyy

2,99 Gb Total Physical Memory | 1,90 Gb Available Physical Memory | 63,51% Memory free
6,19 Gb Paging File | 5,16 Gb Available in Paging File | 83,37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288,32 Gb Total Space | 179,13 Gb Free Space | 62,13% Space Free | Partition Type: NTFS

Computer Name: ACER-PC | User Name: Acer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.08.07 00:19:43 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Acer\Desktop\OTL.scr
PRC - [2011.08.06 20:41:48 | 000,195,072 | ---- | M] () -- C:\Users\Acer\AppData\Roaming\dwm.exe
PRC - [2011.08.06 09:29:32 | 000,194,048 | ---- | M] () -- C:\Users\Acer\AppData\Roaming\Microsoft\conhost.exe
PRC - [2011.08.05 21:01:37 | 000,209,408 | ---- | M] () -- C:\Users\Acer\AppData\Local\Temp\csrss.exe
PRC - [2011.06.24 17:27:44 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011.04.18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011.04.18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011.04.14 05:36:42 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011.03.16 16:05:20 | 001,025,888 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2011.03.16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011.02.10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011.02.08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011.02.08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2009.12.08 20:26:15 | 003,616,768 | ---- | M] (Native Instruments GmbH) -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
PRC - [2009.09.03 23:52:47 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Acer\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2009.04.11 08:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.02.19 22:22:44 | 000,707,104 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe
PRC - [2009.02.19 18:32:36 | 000,666,144 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe
PRC - [2009.02.19 05:42:48 | 000,866,824 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2008.12.18 15:51:34 | 000,075,048 | ---- | M] () -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
PRC - [2008.07.29 20:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2008.03.18 21:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2008.01.21 04:24:56 | 000,485,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mspaint.exe


========== Modules (SafeList) ==========

MOD - [2011.08.07 00:19:43 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Acer\Desktop\OTL.scr
MOD - [2009.04.11 08:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2009.02.19 18:32:54 | 000,215,584 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer PowerSmart Manager\SysHook.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (NTI IScheduleSvc)
SRV - File not found [On_Demand | Stopped] -- -- (McSysmon)
SRV - File not found [Unknown | Stopped] -- -- (McShield)
SRV - File not found [Disabled | Stopped] -- -- (gusvc)
SRV - [2011.07.26 10:16:02 | 001,025,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011.04.18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011.02.08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2009.12.08 20:26:15 | 003,616,768 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
SRV - [2009.02.19 18:32:36 | 000,666,144 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc)
SRV - [2008.12.18 15:51:34 | 000,075,048 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService)
SRV - [2008.03.18 21:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2011.04.14 21:28:18 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011.04.05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011.03.16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011.03.01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011.02.22 08:12:38 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011.02.10 07:53:30 | 000,028,624 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011.02.10 07:53:28 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011.01.07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2009.10.08 13:59:33 | 000,035,280 | ---- | M] (Native Instruments GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\a2djavs.sys -- (a2djavs)
DRV - [2009.10.08 13:59:29 | 000,276,304 | ---- | M] (Native Instruments GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\a2djusb.sys -- (a2djusb)
DRV - [2008.12.26 18:31:30 | 000,087,536 | ---- | M] (CyberLink Corp.) [2009/04/08 07:50:06] [Kernel | Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2008.12.17 01:03:00 | 007,542,656 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.09.25 17:37:40 | 003,666,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008.09.25 15:39:48 | 000,045,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008.09.04 06:12:56 | 000,223,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink (TM)
DRV - [2008.06.17 18:47:28 | 000,365,568 | ---- | M] (Ploytec GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rldjifu.sys -- (RL_DJIF)
DRV - [2008.06.17 18:41:00 | 000,034,304 | ---- | M] (Ploytec GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rldjifa.sys -- (RL_DJIF_WDM)
DRV - [2008.06.17 18:41:00 | 000,020,992 | ---- | M] (Ploytec GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rldjifm.sys -- (RL_DJIFM)
DRV - [2008.03.01 01:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... spire_5738
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... spire_5738


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2808683438-737575968-2950562706-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACA ... spire_5738
IE - HKU\S-1-5-21-2808683438-737575968-2950562706-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKU\S-1-5-21-2808683438-737575968-2950562706-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2808683438-737575968-2950562706-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/
IE - HKU\S-1-5-21-2808683438-737575968-2950562706-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2808683438-737575968-2950562706-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-2808683438-737575968-2950562706-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:53172

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.cz/"
FF - prefs.js..extensions.enabledItems: {4176DFF4-4698-11DE-BEEB-45DA55D89593}:0.8.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 53172
FF - prefs.js..network.proxy.type: 1

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Acer\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Acer\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Acer\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Acer\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011.08.05 21:48:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared [2011.08.05 21:48:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.07.30 12:22:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.07.30 12:22:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.07.30 12:22:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

[2011.05.11 23:23:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Acer\AppData\Roaming\Mozilla\Extensions
[2011.05.11 23:23:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Acer\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.03.20 00:38:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Acer\AppData\Roaming\Mozilla\Extensions\pencil@evolus.vn
[2011.08.06 20:18:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\ldrp7j8f.default\extensions
[2010.04.28 20:16:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\ldrp7j8f.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.04.30 00:39:43 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\ldrp7j8f.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.06.23 22:39:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.05.06 21:42:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011.06.23 22:39:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.06.23 22:20:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
[2011.08.05 21:48:26 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
[2011.06.24 17:27:45 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.01.01 10:00:00 | 000,002,208 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\heureka-cz.xml
[2010.01.01 10:00:00 | 000,000,638 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
[2010.01.01 10:00:00 | 000,001,367 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml
[2010.01.01 10:00:00 | 000,000,654 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml
[2010.01.01 10:00:00 | 000,001,179 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2011.08.06 20:41:39 | 000,436,469 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 http://www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 http://www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 http://www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 http://www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 http://www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 http://www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 http://www.1001namen.com
O1 - Hosts: 127.0.0.1 http://www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 http://www.100sexlinks.com
O1 - Hosts: 127.0.0.1 http://www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 http://www.1-2005-search.com
O1 - Hosts: 15025 more lines...
O2 - BHO: (TBSB08223 Class) - {0753D5E7-BCDF-4BAE-85EC-431B17D3BE72} - C:\Users\Acer\AppData\Roaming\Toolbars\eBay\ebay.dll ()
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Toolbar for eBay) - {427AB608-62F1-48D1-84D4-50C6358B7268} - C:\Users\Acer\AppData\Roaming\Toolbars\eBay\ebay.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-2808683438-737575968-2950562706-1000\..\Toolbar\WebBrowser: (Toolbar for eBay) - {427AB608-62F1-48D1-84D4-50C6358B7268} - C:\Users\Acer\AppData\Roaming\Toolbars\eBay\ebay.dll ()
O3 - HKU\S-1-5-21-2808683438-737575968-2950562706-1000\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Acer ePower Management] C:\Program Files\Acer\Acer PowerSmart Manager\ePowerTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [conhost] C:\Users\Acer\AppData\Roaming\Microsoft\conhost.exe ()
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKU\.DEFAULT..\Run: [{FC4FCE89-AE2B-4785-B6D7-6C5FF89BFDE3}] File not found
O4 - HKU\S-1-5-18..\Run: [{FC4FCE89-AE2B-4785-B6D7-6C5FF89BFDE3}] File not found
F3 - HKU\S-1-5-21-2808683438-737575968-2950562706-1000 WinNT: Load - (C:\Users\Acer\AppData\Local\Temp\csrss.exe) - C:\Users\Acer\AppData\Local\Temp\csrss.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Free YouTube Download - C:\Users\Acer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Acer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.46.172.36 213.46.172.37
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-2808683438-737575968-2950562706-1000 Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-2808683438-737575968-2950562706-1000 Winlogon: Shell - (C:\Users\Acer\AppData\Roaming\dwm.exe) - C:\Users\Acer\AppData\Roaming\dwm.exe ()
O20 - Winlogon\Notify\cryptnet32: DllName - cryptnet32.dll - File not found
O24 - Desktop WallPaper: C:\Users\Acer\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta galerie Windows Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Acer\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta galerie Windows Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0789fa6c-7152-11df-ba6a-001f169130bf}\Shell - "" = AutoRun
O33 - MountPoints2\{0789fa6c-7152-11df-ba6a-001f169130bf}\Shell\AutoRun\command - "" = "G:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011.08.07 01:07:21 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011.08.07 00:19:41 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Acer\Desktop\OTL.scr
[2011.08.07 00:00:36 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011.08.07 00:00:35 | 000,000,000 | ---D | C] -- C:\rsit
[2011.08.06 23:31:34 | 000,000,000 | ---D | C] -- C:\Users\Acer\Desktop\backups
[2011.08.05 23:32:59 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011.08.05 22:23:56 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011.08.05 21:50:56 | 000,000,000 | ---D | C] -- C:\Users\Acer\AppData\Local\AVG Security Toolbar
[2011.08.05 21:50:00 | 000,000,000 | ---D | C] -- C:\Users\Acer\AppData\Roaming\AVG10
[2011.08.05 21:49:01 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011.08.05 21:48:50 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
[2011.08.05 21:48:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2011
[2011.08.05 21:47:32 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2011.08.05 21:47:32 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2011.08.05 21:46:51 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011.08.05 21:43:33 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011.08.05 19:19:34 | 000,000,000 | ---D | C] -- C:\Users\Acer\Documents\SPORTOVNI WEBY
[2011.07.30 20:46:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011.07.30 12:22:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011.07.30 12:22:17 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011.07.30 12:22:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011.07.24 10:17:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011.07.24 10:16:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2009.04.08 16:33:03 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll

========== Files - Modified Within 30 Days ==========

[2011.08.07 01:14:31 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.08.07 01:14:31 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.08.07 01:08:49 | 000,089,096 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011.08.07 01:08:49 | 000,089,096 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.08.07 01:07:37 | 000,000,252 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011.08.07 01:07:33 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.08.07 01:07:33 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.08.07 01:07:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.08.07 01:07:11 | 3215,794,176 | -HS- | M] () -- C:\hiberfil.sys
[2011.08.07 01:07:07 | 440,040,648 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.08.07 00:37:58 | 000,000,000 | ---- | M] () -- C:\Users\Acer\AppData\Local\prvlcl.dat
[2011.08.07 00:33:00 | 000,000,958 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2808683438-737575968-2950562706-1000UA.job
[2011.08.07 00:32:35 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2011.08.07 00:19:43 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Acer\Desktop\OTL.scr
[2011.08.07 00:00:24 | 000,781,383 | ---- | M] () -- C:\Users\Acer\Desktop\RSIT.exe
[2011.08.06 22:55:49 | 000,013,233 | ---- | M] () -- C:\Users\Acer\AppData\Roaming\FAE2.C9D
[2011.08.06 20:41:48 | 000,195,072 | ---- | M] () -- C:\Users\Acer\AppData\Roaming\dwm.exe
[2011.08.06 20:41:39 | 000,436,469 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011.08.06 20:18:57 | 127,161,113 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011.08.06 12:26:33 | 000,008,268 | ---- | M] () -- C:\Users\Acer\AppData\Local\d3d9caps.dat
[2011.08.06 10:33:01 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2808683438-737575968-2950562706-1000Core.job
[2011.08.05 21:48:31 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011.08.01 22:14:04 | 000,002,395 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011.08.01 19:51:22 | 000,001,699 | ---- | M] () -- C:\Users\Acer\Application Data\Microsoft\Internet Explorer\Quick Launch\Notepad.lnk
[2011.08.01 19:51:15 | 000,001,699 | ---- | M] () -- C:\Users\Acer\Desktop\Notepad.lnk
[2011.07.30 15:55:42 | 000,040,448 | ---- | M] () -- C:\Users\Acer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.07.30 12:22:35 | 000,001,730 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011.07.25 21:25:37 | 000,002,697 | ---- | M] () -- C:\Users\Acer\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2011.07.23 22:45:33 | 000,002,653 | ---- | M] () -- C:\Users\Acer\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2003.lnk

========== Files Created - No Company Name ==========

[2011.08.07 01:07:07 | 440,040,648 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011.08.07 00:22:22 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2011.08.07 00:00:20 | 000,781,383 | ---- | C] () -- C:\Users\Acer\Desktop\RSIT.exe
[2011.08.06 20:42:31 | 000,000,000 | ---- | C] () -- C:\Users\Acer\AppData\Local\prvlcl.dat
[2011.08.06 20:41:48 | 000,195,072 | ---- | C] () -- C:\Users\Acer\AppData\Roaming\dwm.exe
[2011.08.06 20:33:24 | 3215,794,176 | -HS- | C] () -- C:\hiberfil.sys
[2011.08.06 20:18:57 | 127,161,113 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011.08.06 10:28:59 | 000,000,252 | -H-- | C] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011.08.05 21:48:31 | 000,000,846 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2011.08.05 21:00:55 | 000,013,233 | ---- | C] () -- C:\Users\Acer\AppData\Roaming\FAE2.C9D
[2011.08.01 19:51:22 | 000,001,699 | ---- | C] () -- C:\Users\Acer\Application Data\Microsoft\Internet Explorer\Quick Launch\Notepad.lnk
[2011.08.01 19:51:15 | 000,001,699 | ---- | C] () -- C:\Users\Acer\Desktop\Notepad.lnk
[2011.07.30 12:22:35 | 000,001,730 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011.07.14 23:22:58 | 000,000,958 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2808683438-737575968-2950562706-1000UA.job
[2011.07.14 23:22:56 | 000,000,906 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2808683438-737575968-2950562706-1000Core.job
[2011.06.30 19:19:56 | 000,000,375 | ---- | C] () -- C:\Windows\System32\CNCMFP38.INI
[2011.05.11 23:23:45 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.04.30 00:46:37 | 000,000,048 | ---- | C] () -- C:\Windows\picture2avi.ini
[2011.04.20 22:04:11 | 000,295,042 | ---- | C] () -- C:\Windows\System32\shimg.dll
[2011.04.20 22:04:11 | 000,000,016 | ---- | C] () -- C:\Windows\System32\crt.dat
[2010.11.17 21:53:35 | 000,000,384 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.06.09 21:52:27 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010.05.22 01:06:55 | 000,000,668 | ---- | C] () -- C:\Windows\Mp3ACutjoin.ini
[2010.05.22 00:54:54 | 000,000,005 | ---- | C] () -- C:\Windows\System32\SySMACJ.dat
[2010.02.19 18:25:42 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2009.10.27 00:55:07 | 000,040,448 | ---- | C] () -- C:\Users\Acer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.09.26 19:25:16 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.26 19:25:16 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.09.06 22:04:02 | 000,008,268 | ---- | C] () -- C:\Users\Acer\AppData\Local\d3d9caps.dat
[2009.09.06 11:23:09 | 000,089,096 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.09.03 23:57:22 | 000,089,096 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.04.08 08:50:35 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini
[2009.04.08 08:43:02 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2009.04.08 08:43:02 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2009.04.08 08:43:02 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe
[2009.04.08 08:43:02 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2009.04.08 08:42:03 | 000,090,772 | ---- | C] () -- C:\Windows\System32\drivers\RtConvEQ.DAT
[2009.04.08 08:42:03 | 000,000,536 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat
[2009.04.08 08:42:03 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2009.02.18 20:48:55 | 000,000,028 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2009.02.18 13:20:22 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.02.11 22:03:58 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2009.02.11 22:03:58 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2009.02.11 22:03:57 | 000,000,057 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,400,544 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,587,178 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,101,250 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011.05.05 20:47:33 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\Ableton
[2009.02.18 14:08:05 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\Acer GameZone Console
[2011.08.05 21:50:00 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\AVG10
[2009.09.23 21:16:09 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\BeatportDownloader.EE670286545758FAB4A69D4439CF6054F83E0AC2.1
[2011.08.05 23:41:10 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\Desktopicon
[2011.04.30 00:40:12 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\DVDVideoSoft
[2011.04.30 00:39:42 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\DVDVideoSoftIEHelpers
[2009.11.01 14:26:51 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\ESET
[2009.09.07 21:17:57 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\eSobi
[2010.10.15 19:54:34 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\GTCO CalComp
[2009.10.26 20:40:01 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\ICQ
[2011.03.11 16:09:13 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\klavaro
[2010.05.22 00:44:46 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\Meda MP3 Splitter Gold 4.2
[2009.10.31 20:12:38 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\OpenOffice.org
[2010.03.20 00:38:55 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\Pencil
[2009.09.22 22:34:29 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\PowerCinema
[2009.09.22 22:11:14 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\SoftDMA
[2011.05.11 23:23:44 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\Thunderbird
[2009.09.27 23:49:01 | 000,000,000 | ---D | M] -- C:\Users\Acer\AppData\Roaming\Toolbars
[2011.08.06 20:13:02 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.08.07 01:07:37 | 000,000,252 | -H-- | M] () -- C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:7B2D4DC5
@Alternate Data Stream - 229 bytes -> C:\ProgramData\Temp:8FF81EB0

< End of report >

[Caroprd111]

Pokračujte podle návodu http://www.bleepingcomputer.com/combofi ... t-combofix

[dantos]

Díky za odkaz, jak jsem si projížděl ten návod, tak to "nejlepší" mě teprve čeká nechám to na zítra, holt na hloupost se platí alespoň vyplýtvaným časem.

[Caroprd111]

Ok

[dantos]

Zdravím,

Omlouvám se za delší nečinnost -- scan ComboFixem jsem provedl dle instrukcí, tady je log:

ComboFix 11-08-11.02 - Acer 11.08.2011 18:09:51.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3066.2340 [GMT 2:00]
Spuštěný z: c:\users\Acer\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Acer\AppData\Roaming\Desktopicon
c:\users\Acer\AppData\Roaming\Desktopicon\eBay.ico
c:\users\Acer\AppData\Roaming\Microsoft\conhost.exe
c:\users\Acer\AppData\Roaming\Toolbars\eBay\tbHElper.dll
c:\windows\system32\crt.dat
c:\windows\system32\shimg.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-11 do 2011-08-11 )))))))))))))))))))))))))))))))
.
.
2011-08-11 15:55 . 2011-08-11 15:55 -------- d-----w- c:\programdata\AVG Security Toolbar
2011-08-06 22:22 . 2011-08-06 22:32 512 ----a-w- C:\PhysicalMBR.bin
2011-08-06 22:00 . 2011-08-06 22:09 -------- d-----w- c:\program files\trend micro
2011-08-06 22:00 . 2011-08-06 22:00 -------- d-----w- C:\rsit
2011-08-05 21:32 . 2011-08-06 22:18 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-08-05 20:23 . 2011-08-05 20:23 -------- d-----w- C:\$AVG
2011-08-05 19:50 . 2011-08-05 19:50 -------- d-----w- c:\users\Acer\AppData\Roaming\AVG10
2011-08-05 19:49 . 2011-08-05 19:49 -------- d--h--w- c:\programdata\Common Files
2011-08-05 19:47 . 2011-08-11 14:58 -------- d-----w- c:\windows\system32\drivers\AVG
2011-08-05 19:47 . 2011-08-07 23:24 -------- d-----w- c:\programdata\AVG10
2011-08-05 19:46 . 2011-08-05 19:46 -------- d-----w- c:\program files\AVG
2011-08-05 19:43 . 2011-08-11 15:56 -------- d-----w- c:\programdata\MFAData
2011-07-24 08:16 . 2011-07-24 08:16 -------- d-----w- c:\program files\Microsoft Silverlight
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-24 15:27 . 2011-03-25 21:07 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-07-26 2532680]
.
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0753D5E7-BCDF-4BAE-85EC-431B17D3BE72}]
2008-08-14 13:57 2484224 ----a-w- c:\users\Acer\AppData\Roaming\Toolbars\eBay\ebay.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2011-07-26 08:15 2532680 ----a-w- c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{427AB608-62F1-48D1-84D4-50C6358B7268}"= "c:\users\Acer\AppData\Roaming\Toolbars\eBay\ebay.dll" [2008-08-14 2484224]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-07-26 2532680]
.
[HKEY_CLASSES_ROOT\clsid\{427ab608-62f1-48d1-84d4-50c6358b7268}]
[HKEY_CLASSES_ROOT\TBSB08223.TBSB08223.3]
[HKEY_CLASSES_ROOT\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}]
[HKEY_CLASSES_ROOT\TBSB08223.TBSB08223]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{427AB608-62F1-48D1-84D4-50C6358B7268}"= "c:\users\Acer\AppData\Roaming\Toolbars\eBay\ebay.dll" [2008-08-14 2484224]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-07-26 2532680]
.
[HKEY_CLASSES_ROOT\clsid\{427ab608-62f1-48d1-84d4-50c6358b7268}]
[HKEY_CLASSES_ROOT\TBSB08223.TBSB08223.3]
[HKEY_CLASSES_ROOT\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}]
[HKEY_CLASSES_ROOT\TBSB08223.TBSB08223]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-16 13605408]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-02-14 6814240]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-05 1410344]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-02-19 866824]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTray.exe" [2009-02-19 707104]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-04-18 2334560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKLM\~\startupfolder\C:^Users^Acer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=c:\users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^Acer^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
path=c:\users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-12 02:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-07-14 21:22 136176 ----atw- c:\users\Acer\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 15:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 10:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"BackupManagerTray"="c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -k
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2808683438-737575968-2950562706-1000]
"EnableNotificationsRef"=dword:00000003
.
R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]
R3 a2djavs;a2djavs;c:\windows\system32\Drivers\a2djavs.sys [2009-10-08 35280]
R3 a2djusb;a2djusb;c:\windows\system32\Drivers\a2djusb.sys [2009-10-08 276304]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-07-26 1025352]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-09-23 50424]
R3 RL_DJIF;usb-audio.de driver for Reloop Digital Jockey Interface;c:\windows\system32\Drivers\rldjifu.sys [2008-06-17 365568]
R3 RL_DJIF_WDM;Digital Jockey Interface WDM Audio;c:\windows\system32\drivers\rldjifa.sys [2008-06-17 34304]
R3 RL_DJIFM;Digital Jockey Interface WDM Midi Device;c:\windows\system32\drivers\rldjifm.sys [2008-06-17 20992]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 22992]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-04-04 297168]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};Power Control [2009/04/08 07:50];c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-12-26 16:31 87536]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-12-18 75048]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2009-02-19 666144]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2009-12-08 3616768]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-09-23 144632]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2008-09-04 223232]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-09-25 3666432]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-09-25 45600]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'
.
2011-08-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2808683438-737575968-2950562706-1000Core.job
- c:\users\Acer\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-14 21:22]
.
2011-08-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2808683438-737575968-2950562706-1000UA.job
- c:\users\Acer\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-14 21:22]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0405&s=2&o=vp32&d=0409&m=aspire_5738
uInternet Settings,ProxyServer = http=127.0.0.1:50465
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Acer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Acer\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 213.46.172.36 213.46.172.37
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
FF - ProfilePath - c:\users\Acer\AppData\Roaming\Mozilla\Firefox\Profiles\ldrp7j8f.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 50465
FF - prefs.js: network.proxy.type - 1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-Spybot-S&D Cleaning - c:\program files\Spybot - Search & Destroy 2\SDCleaner.exe
HKU-Default-Run-{FC4FCE89-AE2B-4785-B6D7-6C5FF89BFDE3} - c:\windows\system32\sshnas21.dll
MSConfigStartUp-egui - c:\program files\ESET\ESET Smart Security\egui.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-11 18:16
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Celkový čas: 2011-08-11 18:19:06
ComboFix-quarantined-files.txt 2011-08-11 16:19
.
Před spuštěním: Volných bajtů: 194 662 502 400
Po spuštění: Volných bajtů: 194 587 734 016
.
- - End Of File - - 761B911EB665B4BD1C576FB8BF53B9BF

[Caroprd111]

Zdravím.

Jak se chová PC? Poprosím Vás o nový log z OTL spuštěného s prvním skriptem - Prohledat.

[dantos]

Zatím se to tváří dobře, žádné přesměrování nebo podobné nekalosti, zkusím ten log.

[Caroprd111]

Ok