FB vir tvařící se jako aktualizace flashplayer

Zpráva

Danstahr · #16 Příspěvek od **Danstahr** » 22 srp 2011 16:38

Nevadí, až to bude, tak to bude.

standysman · #17 Příspěvek od **standysman** » 22 srp 2011 20:20

tak hotovo ten první nic nenašel, kromě 3 keygenu viz:

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Verze databáze: 5214

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

22.8.2011 19:35:37
mbam-log-2011-08-22 (19-35-35).txt

Typ kontroly: Úplný test (C:\|D:\|G:\|)
Testované objekty: 255953
Uplynulý čas: 2 hodin, 14 minut, 10 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 3

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
c:\program files\Sony\vegas pro 9.0\Keygen.exe (Trojan.Agent.CK) -> No action taken.
d:\Download\superspeed ramdisk\keygen.exe (Backdoor.RBot) -> No action taken.
c:\WINDOWS\system32\h@tkeysh@@k.dll (Trojan.Agent) -> No action taken.

standysman · #18 Příspěvek od **standysman** » 22 srp 2011 20:25

aha ta jedna věc tam je asi špatně,
a ten druhej chvili makal a pak restartoval dle instrukcí, log je tady:

All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56466 bytes

User: All Users

User: All Users.WINDOWS.0

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56466 bytes

User: Default User.WINDOWS.0

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Standysman
->Temp folder emptied: 265673650 bytes
->Temporary Internet Files folder emptied: 24659426 bytes
->Java cache emptied: 626480 bytes
->FireFox cache emptied: 293949131 bytes
->Google Chrome cache emptied: 222484711 bytes
->Flash cache emptied: 126227 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2134153 bytes
%systemroot%\System32 .tmp files removed: 2504 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16203200 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 155478583 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 936,00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
========== FILES ==========
C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-STANDA-Standysman.job moved successfully.
C:\WINDOWS\tasks\AppleSoftwareUpdate.job moved successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-796845957-343818398-682003330-1003Core.job moved successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-796845957-343818398-682003330-1003UA.job moved successfully.
C:\WINDOWS\tasks\prismDowngrade.job moved successfully.
C:\WINDOWS\tasks\prismShakeIcon.job moved successfully.
File/Folder C:\D not found.
File/Folder C:\WINDOWS.0 not found.
C:\WINDOWS\ntbtlog.txt moved successfully.
C:\WINDOWS\winlog-ids.txt moved successfully.
C:\WINDOWS\winlog-dirs.txt moved successfully.
C:\WINDOWS\services32.exe moved successfully.
========== SERVICES/DRIVERS ==========
Service gupdate stopped successfully!
Service gupdate deleted successfully!
Service gupdatem stopped successfully!
Service gupdatem deleted successfully!
Service JavaQuickStarterService stopped successfully!
Service JavaQuickStarterService deleted successfully!
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\GrooveMonitor deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ToolBoxFX deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HP Software Update deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeAAMUpdater-1.0 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SwitchBoard deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeCS5ServiceManager deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\RemoteControl11 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ScanRegistry deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\BigDogPath deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\StrongDC++\StrongDC.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\Program Files\uTorrent\uTorrent.exe deleted successfully.

OTM by OldTimer - Version 3.1.18.0 log created on 08222011_193842

Danstahr · #19 Příspěvek od **Danstahr** » 22 srp 2011 20:31

Jen to všechno pěkně smažte...

Stáhněte OTL.

Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
Zaskrtnete okenko Pro vsechny uzivatele
Zaskrtnete okenko Kontrola na havet "LOP"
Zaskrtnete okenko Kontrola na havet "Purity"
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

Kód: Vybrat vše

netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
autochk.exe
cdrom.sys
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
explorer.exe
hal.dll
Changer.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys
JakNDis.sys
KR10N.sys
logevent.dll
lsass.exe
mv61xx.sys
ndis.sys
netlogon.dll
ntelogon.dll
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys
nvrd32.sys
nvstor.sys
nvstor32.sys
scecli.dll
sceclt.dll
smss.exe
svchost.exe
symmpi.sys
tcpip.sys
userinit.exe
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
winlogon.exe
ws2_32.dll
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\*k.dll
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
*crack* /s
*keygen* /s
CREATERESTOREPOINT

Kliknete na tlacitko Prohledat
Po dokonceni skenu (cca 10 az 15 min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte

standysman · #20 Příspěvek od **standysman** » 22 srp 2011 20:59

Otl zde.

OTL Extras logfile created on: 22.8.2011 21:44:11 - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = H:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3,37 Gb Total Physical Memory | 1,07 Gb Available Physical Memory | 31,88% Memory free
5,16 Gb Paging File | 3,08 Gb Available in Paging File | 59,75% Paging File free
Paging file location(s): G:\pagefile.sys 2020 2034 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19,54 Gb Total Space | 2,17 Gb Free Space | 11,11% Space Free | Partition Type: NTFS
Drive D: | 54,98 Gb Total Space | 3,23 Gb Free Space | 5,87% Space Free | Partition Type: NTFS
Drive G: | 2,00 Gb Total Space | 0,03 Gb Free Space | 1,56% Space Free | Partition Type: NTFS
Drive H: | 1002,05 Mb Total Space | 991,24 Mb Free Space | 98,92% Space Free | Partition Type: FAT32

Computer Name: STANDA | User Name: Standysman | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-796845957-343818398-682003330-1003\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Expression\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Expression\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"9100:TCP" = 9100:TCP:*:Enabled:tiskarna
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\CyberLink\PowerDVD11\PowerDVD11.exe" = C:\Program Files\CyberLink\PowerDVD11\PowerDVD11.exe:*:Enabled:CyberLink PowerDVD 11.0 -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerDVD11\PDVD11Serv.exe" = C:\Program Files\CyberLink\PowerDVD11\PDVD11Serv.exe:*:Enabled:CyberLink PowerDVD 11.0 RC Service -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe" = C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe:*:Enabled:CyberLink Media Server -- (CyberLink)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Program Files\Java\jre6\launch4j-tmp\frd.exe" = C:\Program Files\Java\jre6\launch4j-tmp\frd.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\hp_CLJ_CM1015-CM1017_Full_Solution\setup\HPZnet01.exe" = C:\hp_CLJ_CM1015-CM1017_Full_Solution\setup\HPZnet01.exe:*:Enabled:hpznet01.exe
"C:\hp_CLJ_CM1015-CM1017_Full_Solution\setup\hppniprint01.exe" = C:\hp_CLJ_CM1015-CM1017_Full_Solution\setup\hppniprint01.exe:*:Enabled:hppniprint01.exe
"C:\hp_CLJ_CM1015-CM1017_Full_Solution\setup\hppniprint64.exe" = C:\hp_CLJ_CM1015-CM1017_Full_Solution\setup\hppniprint64.exe:*:Enabled:hppniprint64.exe
"C:\hp_CLJ_CM1015-CM1017_Full_Solution\setup\hppnicifs01.exe" = C:\hp_CLJ_CM1015-CM1017_Full_Solution\setup\hppnicifs01.exe:*:Enabled:hppnicifs01.exe
"C:\hp_CLJ_CM1015-CM1017_Full_Solution\setup\hpntwkexe.exe" = C:\hp_CLJ_CM1015-CM1017_Full_Solution\setup\hpntwkexe.exe:*:Enabled:hpntwkexe.exe
"C:\Program Files\Foxit Software\PDF Editor\PDFEdit.exe" = C:\Program Files\Foxit Software\PDF Editor\PDFEdit.exe:*:Enabled:Foxit PDF Editor, the first REAL editor for PDF files! -- (Foxit Software Company)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\BitLord2\BitLord.exe" = C:\Program Files\BitLord2\BitLord.exe:*:Enabled:Bitlord2
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze
"C:\Program Files\Raptr\raptr.exe" = C:\Program Files\Raptr\raptr.exe:*:Enabled:Raptr Client
"C:\Program Files\Raptr\raptr_im.exe" = C:\Program Files\Raptr\raptr_im.exe:*:Enabled:Raptr IM
"C:\Program Files\Pinnacle\Studio 15\Programs\RM.exe" = C:\Program Files\Pinnacle\Studio 15\Programs\RM.exe:*:Enabled:Render Manager
"C:\Program Files\Pinnacle\Studio 15\Programs\Studio.exe" = C:\Program Files\Pinnacle\Studio 15\Programs\Studio.exe:*:Enabled:Studio
"C:\Program Files\Pinnacle\Studio 15\Programs\umi.exe" = C:\Program Files\Pinnacle\Studio 15\Programs\umi.exe:*:Enabled:umi
"C:\Program Files\Common Files\soft602\langserv.exe" = C:\Program Files\Common Files\soft602\langserv.exe:*:Enabled:Software602 Spell Checker -- ()
"C:\Program Files\totalcmd\TOTALCMD.EXE" = C:\Program Files\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit -- (Ghisler Software GmbH)
"C:\Program Files\CyberLink\PowerDVD11\PowerDVD11.exe" = C:\Program Files\CyberLink\PowerDVD11\PowerDVD11.exe:*:Enabled:CyberLink PowerDVD 11.0 -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerDVD11\PDVD11Serv.exe" = C:\Program Files\CyberLink\PowerDVD11\PDVD11Serv.exe:*:Enabled:CyberLink PowerDVD 11.0 RC Service -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe" = C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe:*:Enabled:CyberLink Media Server -- (CyberLink)
"C:\Program Files\mektek.net\MTX\mtx.exe" = C:\Program Files\mektek.net\MTX\mtx.exe:*:Enabled:MTX
"D:\Hry\mech\MW4Mercs.exe" = D:\Hry\mech\MW4Mercs.exe:*:Enabled:MechWarrior IV
"D:\Hry\mech\mw4\mw4x\MW4x.exe" = D:\Hry\mech\mw4\mw4x\MW4x.exe:*:Enabled:MechWarrior IV
"D:\Hry\mech\mw4\MW4.exe" = D:\Hry\mech\mw4\MW4.exe:*:Enabled:MechWarrior IV
"D:\Hry\ccgeneralszerohour\game.dat" = D:\Hry\ccgeneralszerohour\game.dat:*:Enabled:game -- ()
"C:\Program Files\Tunngle\TnglCtrl.exe" = C:\Program Files\Tunngle\TnglCtrl.exe:*:Enabled:Tunngle Service -- (Tunngle.net GmbH)
"C:\Program Files\Tunngle\Tunngle.exe" = C:\Program Files\Tunngle\Tunngle.exe:*:Enabled:Tunngle Client -- (Tunngle.net GmbH)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{067cbba3-9fd4-4c0c-b40a-28edcd13b2b0}_is1" = Dipito Osobní Vyhledávač 1.2
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}" = HP USB Disk Storage Format Tool
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{32C74893-0243-4235-A6F3-201F0E5D2C03}" = Software602 Print2PDF
"{33EFDAD7-1686-465A-AE0A-26F22E380315}" = Product_Min_QFolder
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39B975A6-93A3-4C71-9EAD-7BE9F9DF3D22}" = Product_Full_QFolder
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{52A73602-D30A-4CAF-A997-D7171C59637F}" = hppCLJCM1017
"{5396E5FA-91D2-46F0-A95B-D055D8077DD8}" = hppTLBXFXCM1017
"{546C143E-68DC-314D-97BC-1E454E3BA429}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - CSY
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5E65E94D-69F2-4850-9E93-6459C53A0F50}" = Microsoft .NET Framework 1.1 Czech Language Pack
"{631141AD-79AA-447F-B403-21C704D39B8C}" = UPC Fiber Power Optimizer
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64635543-70E7-436D-8D6D-4A721595029E}" = Microsoft IntelliPoint 5.2
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{66BDF565-6A07-4407-B9D3-229D41A24B0E}" = hppscanCM1017
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"{6A5925BF-AC13-4A9E-A3E7-D2A6F7FBFFD2}" = hppFonts
"{6E5AB107-172B-4F17-8ABB-357C59EF1B08}" = Vegas Pro 9.0
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7C679F14-CF4A-46E1-BDE9-2571E61C5FEB}" = Software602 Form Filler
"{7F362F06-A9A3-440F-8B19-6A01A72723C4}" = AuthenTec Fingerprint Sensor Minimum Install
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8A7CAA24-7B23-410B-A7C3-F994B0944160}" = Microsoft Virtual PC 2007
"{8C82E5F6-2C76-44CF-A23E-1356A022442E}" = hppIOFiles
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{90120000-0010-0405-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Czech) 12
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0015-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}_ENTERPRISE_{294B4278-CF7B-40B9-86A1-2D3FF0C2C524}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_WebDesigner_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-001F-041B-0000-0000000FF1CE}_ENTERPRISE_{10EC59E5-9BCE-4884-BB1A-E28627220232}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_WebDesigner_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0026-0000-0000-0000000FF1CE}" = Microsoft Expression Web
"{90120000-0026-0000-0000-0000000FF1CE}_WebDesigner_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0026-0000-0000-0000000FF1CE}_WebDesigner_{9037FDA8-8383-4B6F-859D-D49C3C625225}" = Microsoft Expression Web Service Pack 1 (SP1)
"{90120000-0026-0409-0000-0000000FF1CE}" = Microsoft Expression Web MUI (English)
"{90120000-0026-0409-0000-0000000FF1CE}_WebDesigner_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2007
"{90120000-0044-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}_ENTERPRISE_{E12F9D31-4025-4BC6-B1B2-AB262C5580B0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_WebDesigner_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2007
"{90120000-00BA-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_WebDesigner_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{93C069D4-2F86-4570-A6DF-BFABBA1E4AFD}" = hpzTLBXFX
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9D0F85-5658-4A5E-95A9-65F7DB2916EE}" = Broadcom 440x 10/100 Integrated Controller
"{A2C9CD1B-2551-3AED-B244-6698FB929FA6}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - CSY
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A6AB9F06-41A7-471A-9C4F-FC95F1129E98}" = hppManualsCM1017
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A8361CC1-6B90-4525-B04C-E2F58078A366}" = Camera Plus
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1029-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Czech
"{AE751709-EA28-4148-96D5-A524BBB08F05}" = hppusgCM1017
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D96E4F13-2635-4CBD-9308-F99228929C41}" = RamDisk Plus 10.0
"{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{DD73CA82-EA82-38AA-863D-9A24A018DC96}" = Microsoft .NET Framework 3.5 Language Pack SP1 - csy
"{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EEE0E494-7023-45A5-ADA6-CE3144E703BF}" = hppScanTo
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F232C87C-6E92-4775-8210-DFE90B7777D9}" = CyberLink PowerDVD 11
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FB322C66-B122-424C-8CF8-C5BE8FA091A6}" = STORMWARE POHODA CZ Standard
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Bezdrátový adaptér Broadcom 802.11 LAN" = Bezdrátový adaptér Broadcom 802.11 LAN
"BSPlayerf" = BS.Player FREE
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0
"CyberLink PowerDVD 11.0.1620.51" = CyberLink PowerDVD 11.0.1620.51 - odinstalovat češtinu
"DAEMON Tools Lite" = DAEMON Tools Lite
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Foxit PDF Editor" = Foxit PDF Editor
"GOM Player" = GOM Player
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Color LaserJet CM1015_CM1017" = HP Color LaserJet CM1015/CM1017 MFP 1.0
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPExtendedCapabilities" = HP Customer Participation Program 7.0
"HPOCR" = OCR Software by I.R.I.S 7.0
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"ie8" = Windows Internet Explorer 8
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{F232C87C-6E92-4775-8210-DFE90B7777D9}" = CyberLink PowerDVD 11
"InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaInfo" = MediaInfo 0.7.43
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - csy" = Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MOV to AVI MPEG WMV Converter_is1" = MOV to AVI MPEG WMV Converter 1.8.4
"Mozilla Firefox 5.0 (x86 cs)" = Mozilla Firefox 5.0 (x86 cs)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"nLite_is1" = nLite 1.4.9.1
"Pdf995" = Pdf995
"Prism" = Prism Video File Converter
"SpeedFan" = SpeedFan (remove only)
"StepMania" = StepMania (remove only)
"STORMWARE PDF Printer_is1" = STORMWARE PDF Printer 5.0.0.614
"StrongDC++" = StrongDC++ 2.41
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Totalcmd" = Total Commander (Remove or Repair)
"Tunngle beta_is1" = Tunngle beta
"UPC Fiber Power Optimizer" = UPC Fiber Power Optimizer
"uTorrent" = µTorrent
"WebDesigner" = Microsoft Expression Web
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-796845957-343818398-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"WinSetupFromUSB" = WinSetupFromUSB

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4.8.2011 0:04:29 | Computer Name = STANDA | Source = TnglCtrl.exe | ID = 0
Description =

Error - 4.8.2011 0:04:29 | Computer Name = STANDA | Source = TnglCtrl.exe | ID = 0
Description =

Error - 4.8.2011 0:04:29 | Computer Name = STANDA | Source = TnglCtrl.exe | ID = 0
Description =

Error - 4.8.2011 0:04:29 | Computer Name = STANDA | Source = TnglCtrl.exe | ID = 0
Description =

Error - 9.8.2011 5:55:32 | Computer Name = STANDA | Source = PerfNet | ID = 2004
Description = Nelze otevřít službu serveru. Data o výkonu serveru nejsou k dispozici.
Vrácený chybový kód je v datech DWORD 0.

Error - 11.8.2011 3:56:39 | Computer Name = STANDA | Source = MsiInstaller | ID = 1023
Description = Aktualizaci KB2539631 produktu Microsoft .NET Framework 2.0 Service
Pack 2 nebylo možné nainstalovat. Kód chyby: 1603. Další informace naleznete v
souboru protokolu C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\Temp\Microsoft .NET
Framework 2.0-KB2539631_20110811_075252968-Msi0.txt.

Error - 11.8.2011 3:56:41 | Computer Name = STANDA | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb2539631,
P2 1029, P3 1603, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 xp, P10
0.

Error - 14.8.2011 11:09:56 | Computer Name = STANDA | Source = crypt32 | ID = 131080
Description = Načtení automatické aktualizace pořadového čísla kořenového seznamu
jiného výrobce z: <http://www.download.windowsupdate.com/m ... ootseq.txt>
se nezdařilo. Chyba: Daná operace se vrátila, protože vypršel časový limit.

Error - 16.8.2011 7:34:54 | Computer Name = STANDA | Source = crypt32 | ID = 131080
Description = Načtení automatické aktualizace pořadového čísla kořenového seznamu
jiného výrobce z: <http://www.download.windowsupdate.com/m ... ootseq.txt>
se nezdařilo. Chyba: Daná operace se vrátila, protože vypršel časový limit.

Error - 16.8.2011 7:43:59 | Computer Name = STANDA | Source = crypt32 | ID = 131080
Description = Načtení automatické aktualizace pořadového čísla kořenového seznamu
jiného výrobce z: <http://www.download.windowsupdate.com/m ... ootseq.txt>
se nezdařilo. Chyba: Daná operace se vrátila, protože vypršel časový limit.

[ Application Events ]
Error - 4.8.2011 0:04:29 | Computer Name = STANDA | Source = TnglCtrl.exe | ID = 0
Description =

Error - 4.8.2011 0:04:29 | Computer Name = STANDA | Source = TnglCtrl.exe | ID = 0
Description =

Error - 4.8.2011 0:04:29 | Computer Name = STANDA | Source = TnglCtrl.exe | ID = 0
Description =

Error - 4.8.2011 0:04:29 | Computer Name = STANDA | Source = TnglCtrl.exe | ID = 0
Description =

Error - 9.8.2011 5:55:32 | Computer Name = STANDA | Source = PerfNet | ID = 2004
Description = Nelze otevřít službu serveru. Data o výkonu serveru nejsou k dispozici.
Vrácený chybový kód je v datech DWORD 0.

Error - 11.8.2011 3:56:39 | Computer Name = STANDA | Source = MsiInstaller | ID = 1023
Description = Aktualizaci KB2539631 produktu Microsoft .NET Framework 2.0 Service
Pack 2 nebylo možné nainstalovat. Kód chyby: 1603. Další informace naleznete v
souboru protokolu C:\WINDOWS\system32\config\SYSTEM~1\LOCALS~1\Temp\Microsoft .NET
Framework 2.0-KB2539631_20110811_075252968-Msi0.txt.

Error - 11.8.2011 3:56:41 | Computer Name = STANDA | Source = HotFixInstaller | ID = 5000
Description = EventType visualstudio8setup, P1 microsoft .net framework 2.0-kb2539631,
P2 1029, P3 1603, P4 msi, P5 f, P6 9.0.40215.0, P7 install, P8 x86, P9 xp, P10
0.

Error - 14.8.2011 11:09:56 | Computer Name = STANDA | Source = crypt32 | ID = 131080
Description = Načtení automatické aktualizace pořadového čísla kořenového seznamu
jiného výrobce z: <http://www.download.windowsupdate.com/m ... ootseq.txt>
se nezdařilo. Chyba: Daná operace se vrátila, protože vypršel časový limit.

Error - 16.8.2011 7:34:54 | Computer Name = STANDA | Source = crypt32 | ID = 131080
Description = Načtení automatické aktualizace pořadového čísla kořenového seznamu
jiného výrobce z: <http://www.download.windowsupdate.com/m ... ootseq.txt>
se nezdařilo. Chyba: Daná operace se vrátila, protože vypršel časový limit.

Error - 16.8.2011 7:43:59 | Computer Name = STANDA | Source = crypt32 | ID = 131080
Description = Načtení automatické aktualizace pořadového čísla kořenového seznamu
jiného výrobce z: <http://www.download.windowsupdate.com/m ... ootseq.txt>
se nezdařilo. Chyba: Daná operace se vrátila, protože vypršel časový limit.

[ OSession Events ]
Error - 11.3.2011 13:06:36 | Computer Name = STANDA | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 189
seconds with 180 seconds of active time. This session ended with a crash.

Error - 22.4.2011 8:00:25 | Computer Name = STANDA | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6555.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 15927
seconds with 1860 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 22.8.2011 13:53:50 | Computer Name = STANDA | Source = Service Control Manager | ID = 7001
Description = Služba Klient DNS závisí na službě Ovladač protokolu TCP/IP, která
neuspěla při spuštění v důsledku následující chyby: %%31

Error - 22.8.2011 13:53:50 | Computer Name = STANDA | Source = Service Control Manager | ID = 7001
Description = Služba Podpora rozhraní NetBIOS nad protokolem TCP/IP závisí na službě
AFD, která neuspěla při spuštění v důsledku následující chyby: %%31

Error - 22.8.2011 13:53:50 | Computer Name = STANDA | Source = Service Control Manager | ID = 7001
Description = Služba Pomocná služba protokolu IPv6 závisí na službě Ovladač protokolu
Microsoft IPv6, která neuspěla při spuštění v důsledku následující chyby: %%31

Error - 22.8.2011 13:53:50 | Computer Name = STANDA | Source = Service Control Manager | ID = 7001
Description = Služba Služby IPSEC závisí na službě Ovladač IPSEC, která neuspěla
při spuštění v důsledku následující chyby: %%31

Error - 22.8.2011 13:53:50 | Computer Name = STANDA | Source = Service Control Manager | ID = 7001
Description = Služba TunngleService závisí na službě Klient DHCP, která neuspěla
při spuštění v důsledku následující chyby: %%1068

Error - 22.8.2011 13:53:50 | Computer Name = STANDA | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: AFD Fips intelppm IPSec kl2 KLIF MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip Tcpip6
vmm

Error - 22.8.2011 14:58:16 | Computer Name = STANDA | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1084 při pokusu o spuštění služby StiSvc
s argumenty za účelem spuštění serveru: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 22.8.2011 14:58:39 | Computer Name = STANDA | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1084 při pokusu o spuštění služby StiSvc
s argumenty za účelem spuštění serveru: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 22.8.2011 15:24:18 | Computer Name = STANDA | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1084 při pokusu o spuštění služby StiSvc
s argumenty za účelem spuštění serveru: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 22.8.2011 15:41:30 | Computer Name = STANDA | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1084 při pokusu o spuštění služby StiSvc
s argumenty za účelem spuštění serveru: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

< End of report >

standysman · #21 Příspěvek od **standysman** » 22 srp 2011 21:00

a ten druhej:

OTL logfile created on: 22.8.2011 21:44:11 - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = H:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3,37 Gb Total Physical Memory | 1,07 Gb Available Physical Memory | 31,88% Memory free
5,16 Gb Paging File | 3,08 Gb Available in Paging File | 59,75% Paging File free
Paging file location(s): G:\pagefile.sys 2020 2034 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19,54 Gb Total Space | 2,17 Gb Free Space | 11,11% Space Free | Partition Type: NTFS
Drive D: | 54,98 Gb Total Space | 3,23 Gb Free Space | 5,87% Space Free | Partition Type: NTFS
Drive G: | 2,00 Gb Total Space | 0,03 Gb Free Space | 1,56% Space Free | Partition Type: NTFS
Drive H: | 1002,05 Mb Total Space | 991,24 Mb Free Space | 98,92% Space Free | Partition Type: FAT32

Computer Name: STANDA | User Name: Standysman | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.08.22 21:40:04 | 000,580,096 | ---- | M] (OldTimer Tools) -- H:\OTL.exe
PRC - [2008.04.14 09:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2010.04.11 19:48:06 | 000,327,680 | ---- | M] () -- C:\Program Files\WinRAR\rarlng.dll
MOD - [2010.03.15 12:28:24 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll

========== Win32 Services (SafeList) ==========

SRV - [2011.07.15 03:14:44 | 000,741,624 | ---- | M] (Tunngle.net GmbH) [Auto | Stopped] -- C:\Program Files\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2011.04.20 05:56:47 | 000,083,240 | ---- | M] () [Auto | Stopped] -- C:\Program Files\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe -- (CLHNServiceForPowerDVD)
SRV - [2011.03.31 15:37:11 | 000,312,616 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe -- (CyberLink PowerDVD 11.0 Service)
SRV - [2011.03.31 15:37:06 | 000,070,952 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe -- (CyberLink PowerDVD 11.0 Monitor Service)
SRV - [2011.03.14 10:59:40 | 000,084,520 | ---- | M] (Software602 a.s.) [Auto | Stopped] -- C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe -- (602XML Updater)
SRV - [2011.03.11 17:21:26 | 000,365,336 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe -- (AVP)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)

========== Driver Services (SafeList) ==========

DRV - [2011.05.19 15:27:16 | 002,649,216 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2011.05.14 23:40:28 | 000,229,208 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\VMM.sys -- (vmm)
DRV - [2011.04.20 05:56:48 | 000,071,664 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Stopped] -- C:\Program Files\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD.sys -- (ntk_PowerDVD)
DRV - [2011.04.12 11:16:53 | 000,077,296 | ---- | M] (CyberLink Corp.) [2011/05/28 23:57:38] [Kernel | Auto | Stopped] -- C:\Program Files\CyberLink\PowerDVD11\Common\NavFilter\000.fcl -- ({329F96B6-DF1E-4328-BFDA-39EA953C1312})
DRV - [2011.03.11 17:59:25 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011.03.11 16:56:06 | 000,475,736 | ---- | M] (Kaspersky Lab) [File_System | System | Stopped] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2011.02.03 17:31:42 | 000,104,376 | ---- | M] (e2eSoft) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VCam_WDM.sys -- (VCam_WDM)
DRV - [2010.12.18 13:03:56 | 000,021,696 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2010.06.09 18:43:52 | 000,011,352 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\kl2.sys -- (kl2)
DRV - [2010.06.09 18:43:50 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\kl1.sys -- (KL1)
DRV - [2010.05.07 13:06:26 | 000,032,856 | ---- | M] (Kaspersky Lab ZAO) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2010.02.11 14:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009.11.02 21:27:24 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009.09.16 08:02:40 | 000,027,136 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tap0901t.sys -- (tap0901t) TAP-Win32 Adapter V9 (Tunngle)
DRV - [2009.06.18 08:23:46 | 000,065,944 | ---- | M] (SuperSpeed LLC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SscRdBus.sys -- (SscRdBus) Virtual bus device (SuperSpeed LLC)
DRV - [2009.03.18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2007.11.16 15:58:22 | 000,037,504 | ---- | M] (SuperSpeed LLC) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SscRdCls.sys -- (SscRdCls) RAM Disk (SuperSpeed LLC)
DRV - [2007.01.29 06:20:34 | 000,059,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VMNetSrv.sys -- (VPCNetS2)
DRV - [2006.08.28 14:40:48 | 001,160,320 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005.09.23 22:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2005.08.05 12:33:56 | 000,045,312 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2003.01.20 09:37:40 | 000,094,032 | R--- | M] (VM) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbVM31b.sys -- (ZSMC301b)
DRV - [2001.10.24 12:46:48 | 000,097,120 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2001.08.17 21:11:26 | 000,054,271 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bcm42xx5.sys -- (BCM42XX) Broadcom iLine10(tm)
DRV - [1996.04.03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-796845957-343818398-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-796845957-343818398-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.2.556
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.2.556
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:3.3.3.2

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@software602.cz/602XML Filler: C:\Program Files\Software602\602XML\Filler\npfiller.dll (Software602 a.s.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Standysman\Local Settings\Data aplikací\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Standysman\Local Settings\Data aplikací\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\dipito.com/DipitoPS: C:\Program Files\Dipito\npdipitops.dll (Libor Sobotik)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru [2011.06.11 23:39:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru [2011.06.11 23:39:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru [2011.06.11 23:39:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.06.28 22:33:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.07.27 15:09:38 | 000,000,000 | ---D | M]

[2011.03.14 18:41:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Standysman\Data aplikací\Mozilla\Extensions
[2011.07.01 22:08:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Standysman\Data aplikací\Mozilla\Firefox\Profiles\4sr6mibw.default\extensions
[2011.05.06 11:01:06 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Standysman\Data aplikací\Mozilla\Firefox\Profiles\4sr6mibw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.07.01 22:08:52 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Documents and Settings\Standysman\Data aplikací\Mozilla\Firefox\Profiles\4sr6mibw.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2011.03.28 15:49:21 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Standysman\Data aplikací\Mozilla\Firefox\Profiles\4sr6mibw.default\extensions\engine@conduit.com
[2011.06.11 23:39:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.03.15 10:39:21 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak
[2011.03.15 10:39:16 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak
File not found (No name found) --
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\STANDYSMAN\DATA APLIKACĂ\MOZILLA\FIREFOX\PROFILES\4SR6MIBW.DEFAULT\EXTENSIONS\{BA14329E-9550-4989-B3F2-9732E92D17CC}
[2011.03.14 18:18:05 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011.06.28 22:33:49 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.13 10:49:10 | 000,002,208 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\heureka-cz.xml
[2011.05.13 10:49:10 | 000,000,638 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
[2011.03.03 19:52:54 | 000,001,687 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\mall-cz.xml
[2011.05.13 10:49:10 | 000,001,367 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml
[2011.05.13 10:49:10 | 000,000,654 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml
[2011.05.13 10:49:10 | 000,001,179 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2011.08.22 19:42:56 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [HPUsageTracking] c:\Program Files\HP\HP UT\bin\hppusg.exe ( )
O4 - HKLM..\Run: [Print2PDF Print Monitor] C:\Program Files\Software602\Print2PDF\Print2PDF.exe (Software602)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-796845957-343818398-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Expression\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O15 - HKU\S-1-5-21-796845957-343818398-682003330-1003\..Trusted Domains: dhlive.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-796845957-343818398-682003330-1003\..Trusted Domains: dhlive.net ([]http in Trusted sites)
O15 - HKU\S-1-5-21-796845957-343818398-682003330-1003\..Trusted Domains: homecams.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-796845957-343818398-682003330-1003\..Trusted Domains: inoveo.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-796845957-343818398-682003330-1003\..Trusted Domains: inoveo.com ([]https in Trusted sites)
O16 - DPF: {703C152F-46F5-4C39-8DE5-D113F9BD4031} http://model.dhlive.net/_component/fmew ... .1.0.7.CAB (FMEWebEncoder Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\kloehk.dll (Kaspersky Lab ZAO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Nebe.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Nebe.bmp
O31 - SafeBoot: UseAlternatShell - 1
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.09.17 13:54:03 | 000,204,038 | ---- | M] () - C:\auto.jpg -- [ NTFS ]
O32 - AutoRun File - [2011.03.11 15:36:47 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.divxa32 - C:\WINDOWS\System32\msaud32_divx.acm (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011.08.22 17:11:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Standysman\Data aplikací\Malwarebytes
[2011.08.22 17:10:33 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011.08.22 17:10:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Malwarebytes' Anti-Malware
[2011.08.22 17:10:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
[2011.08.22 17:10:17 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.08.22 17:10:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.08.22 16:32:46 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011.08.22 16:32:45 | 000,000,000 | ---D | C] -- C:\rsit
[2011.08.11 10:40:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Standysman\Local Settings\Data aplikací\PCHealth
[2011.08.10 13:31:05 | 000,139,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rdpwd.sys
[2011.08.10 13:30:49 | 000,010,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndistapi.sys
[2011.08.07 23:02:43 | 000,000,000 | ---D | C] -- C:\Program Files\SuperSpeed
[2011.08.07 23:02:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\SuperSpeed
[2011.08.04 15:32:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Standysman\Data aplikací\Software602
[2011.08.04 15:27:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Standysman\Data aplikací\pdf995
[2011.08.04 15:20:50 | 000,249,856 | ---- | C] (TODO: <Company name>) -- C:\WINDOWS\System32\pdfmona.dll
[2011.08.04 15:20:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\pdf995
[2011.08.04 15:20:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Software995
[2011.08.04 15:20:48 | 000,000,000 | ---D | C] -- C:\Program Files\pdf995
[2011.07.27 15:16:12 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Standysman\Dokumenty\My Web Sites
[2011.07.27 15:10:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Microsoft Expression
[2011.07.27 15:09:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2011.07.27 15:09:00 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2011.07.27 15:07:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Expression

========== Files - Modified Within 30 Days ==========

[2011.08.22 19:53:11 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.08.22 19:52:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.08.22 17:10:33 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2011.08.22 16:37:05 | 000,000,360 | RHS- | M] () -- C:\boot.ini
[2011.08.22 13:11:08 | 000,000,968 | -HS- | M] () -- C:\WINDOWS\KLIF.spi
[2011.08.22 11:02:46 | 000,035,593 | ---- | M] () -- C:\fakturatelefon.pdf
[2011.08.22 10:33:32 | 000,884,266 | ---- | M] () -- C:\smlouva0001.pdf
[2011.08.18 14:01:33 | 000,141,106 | ---- | M] () -- C:\Informace o parcele.pdf
[2011.08.18 13:00:33 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\Standysman\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.08.15 17:57:35 | 001,201,067 | ---- | M] () -- C:\skenovat0034.pdf
[2011.08.15 11:34:21 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011.08.14 23:27:00 | 000,035,545 | ---- | M] () -- C:\Documents and Settings\Standysman\Dokumenty\Faktura_1100165081.pdf
[2011.08.11 12:55:50 | 000,343,681 | ---- | M] () -- C:\Invoice 205536.pdf
[2011.08.11 11:58:07 | 000,049,290 | ---- | M] () -- C:\Faktura_110100007.pdf
[2011.08.11 10:34:33 | 000,445,510 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.08.11 10:34:33 | 000,443,474 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2011.08.11 10:34:33 | 000,085,130 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2011.08.11 10:34:33 | 000,073,386 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.08.11 09:50:15 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011.08.07 23:17:31 | 013,320,192 | -H-- | M] () -- C:\SsRd0001.cif
[2011.08.07 23:02:43 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\RamDisk Plus.lnk
[2011.08.07 19:37:27 | 000,467,024 | ---- | M] () -- C:\formularcp.pdf
[2011.08.04 15:31:20 | 000,065,135 | ---- | M] () -- C:\Documents and Settings\Standysman\Dokumenty\Create PDF.pdf
[2011.08.04 15:31:18 | 000,000,059 | ---- | M] () -- C:\WINDOWS\wpd99.drv
[2011.08.04 15:29:52 | 000,249,856 | ---- | M] (TODO: <Company name>) -- C:\WINDOWS\System32\pdfmona.dll
[2011.08.04 15:29:52 | 000,051,716 | ---- | M] () -- C:\WINDOWS\System32\pdf995mon.dll
[2011.08.04 15:27:16 | 000,000,028 | ---- | M] () -- C:\WINDOWS\pdf995.ini
[2011.08.01 19:16:27 | 000,049,586 | ---- | M] () -- C:\Documents and Settings\Standysman\Dokumenty\Smlouva_zpr_8_Stará.rtf
[2011.07.31 20:46:43 | 000,056,355 | ---- | M] () -- C:\Faktura_110100006.pdf
[2011.07.29 14:57:46 | 000,000,132 | ---- | M] () -- C:\Documents and Settings\Standysman\Data aplikací\Adobe Formát PNG CS5 – předvolby
[2011.07.28 10:04:27 | 003,694,664 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.07.25 17:08:54 | 005,969,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll

========== Files Created - No Company Name ==========

[2011.08.22 17:10:33 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2011.08.22 13:05:40 | 000,000,968 | -HS- | C] () -- C:\WINDOWS\KLIF.spi
[2011.08.22 11:02:46 | 000,035,593 | ---- | C] () -- C:\fakturatelefon.pdf
[2011.08.22 10:33:11 | 000,884,266 | ---- | C] () -- C:\smlouva0001.pdf
[2011.08.18 14:01:32 | 000,141,106 | ---- | C] () -- C:\Informace o parcele.pdf
[2011.08.15 17:56:55 | 001,201,067 | ---- | C] () -- C:\skenovat0034.pdf
[2011.08.14 23:27:00 | 000,035,545 | ---- | C] () -- C:\Documents and Settings\Standysman\Dokumenty\Faktura_1100165081.pdf
[2011.08.11 12:55:49 | 000,343,681 | ---- | C] () -- C:\Invoice 205536.pdf
[2011.08.11 11:58:06 | 000,049,290 | ---- | C] () -- C:\Faktura_110100007.pdf
[2011.08.07 23:17:28 | 013,320,192 | -H-- | C] () -- C:\SsRd0001.cif
[2011.08.07 23:02:43 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\RamDisk Plus.lnk
[2011.08.07 19:37:22 | 000,467,024 | ---- | C] () -- C:\formularcp.pdf
[2011.08.04 15:31:18 | 000,065,135 | ---- | C] () -- C:\Documents and Settings\Standysman\Dokumenty\Create PDF.pdf
[2011.08.04 15:27:16 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2011.08.04 15:20:50 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2011.08.04 15:20:50 | 000,000,059 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2011.08.01 19:16:27 | 000,049,586 | ---- | C] () -- C:\Documents and Settings\Standysman\Dokumenty\Smlouva_zpr_8_Stará.rtf
[2011.07.31 20:46:43 | 000,056,355 | ---- | C] () -- C:\Faktura_110100006.pdf
[2011.07.29 14:57:46 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Standysman\Data aplikací\Adobe Formát PNG CS5 – předvolby
[2011.07.21 23:01:09 | 000,000,045 | ---- | C] () -- C:\WINDOWS\Twacker.ini
[2011.07.21 23:01:02 | 000,000,046 | ---- | C] () -- C:\WINDOWS\lifeview.ini
[2011.05.27 15:10:30 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011.04.18 18:08:02 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Standysman\Data aplikací\$_hpcst$.hpc
[2011.04.11 02:40:06 | 000,304,712 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\FontCache3.0.0.0.dat
[2011.04.09 22:15:04 | 000,002,047 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2011.04.09 22:15:02 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2011.03.18 21:07:38 | 000,000,978 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2011.03.15 13:02:13 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Standysman\Local Settings\Data aplikací\fusioncache.dat
[2011.03.15 12:53:40 | 000,000,139 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2011.03.15 12:52:59 | 000,000,719 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2011.03.15 12:50:51 | 000,120,160 | ---- | C] () -- C:\WINDOWS\hppins06.dat
[2011.03.15 12:50:51 | 000,001,300 | ---- | C] () -- C:\WINDOWS\hppmdl06.dat
[2011.03.14 18:40:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011.03.13 14:39:40 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011.03.11 16:57:24 | 000,115,369 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2011.03.11 16:57:24 | 000,097,859 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2011.03.11 16:54:33 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\Standysman\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.03.11 16:11:35 | 000,004,249 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011.03.11 16:10:19 | 003,694,664 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.03.11 15:55:22 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2011.03.11 15:39:08 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011.03.11 15:33:42 | 000,021,812 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009.09.09 20:01:40 | 000,027,675 | ---- | C] () -- C:\WINDOWS\System32\drivers\klopp.dat
[2006.04.03 18:22:18 | 000,000,668 | ---- | C] () -- C:\WINDOWS\System32\hppapr05.dat
[2005.10.14 12:56:50 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005.10.14 12:56:50 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005.10.14 12:56:50 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005.10.14 11:56:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005.10.14 11:56:50 | 000,778,240 | ---- | C] () -- C:\WINDOWS\System32\DivXsm.exe
[2005.10.14 11:56:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005.10.14 11:56:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005.10.14 11:56:50 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005.10.14 11:56:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2005.10.14 11:56:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll
[2005.10.14 11:56:48 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\MMAVILNG.exe
[2004.08.17 15:58:58 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004.08.02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2001.10.25 16:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001.10.25 16:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001.10.25 16:00:00 | 000,445,510 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001.10.25 16:00:00 | 000,443,474 | ---- | C] () -- C:\WINDOWS\System32\perfh005.dat
[2001.10.25 16:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001.10.25 16:00:00 | 000,269,162 | ---- | C] () -- C:\WINDOWS\System32\perfi005.dat
[2001.10.25 16:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001.10.25 16:00:00 | 000,085,130 | ---- | C] () -- C:\WINDOWS\System32\perfc005.dat
[2001.10.25 16:00:00 | 000,073,386 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001.10.25 16:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001.10.25 16:00:00 | 000,032,072 | ---- | C] () -- C:\WINDOWS\System32\perfd005.dat
[2001.10.25 16:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001.10.25 16:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001.10.25 16:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001.07.07 04:00:00 | 000,003,165 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI
[1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2011.03.11 17:32:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
[2011.05.28 23:55:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\install_clap
[2011.08.04 15:31:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\pdf995
[2011.05.29 00:08:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\PDVD
[2011.04.10 21:42:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Pinnacle
[2011.03.28 18:15:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Pinnacle Studio Ultimate Collection
[2011.04.05 15:16:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\regid.1986-12.com.adobe
[2011.06.25 17:55:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Sony
[2011.03.24 13:11:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\STORMWARE
[2011.05.28 23:55:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Temp
[2011.07.21 17:22:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Tunngle
[2011.03.11 18:06:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\{3155EF3F-3778-4C4C-B0F3-3E48423B8965}
[2011.05.01 16:19:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Standysman\Data aplikací\602Installer
[2011.05.01 16:19:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Standysman\Data aplikací\602XML
[2011.06.06 14:51:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Standysman\Data aplikací\Azureus
[2011.06.12 20:23:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Standysman\Data aplikací\BSplayer
[2011.06.12 20:01:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Standysman\Data aplikací\BSplayer Pro
[2011.03.11 18:09:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Standysman\Data aplikací\DAEMON Tools Lite
[2011.04.07 11:40:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Standysman\Data aplikací\Dipito
[2011.03.11 19:23:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Standysman\Data aplikací\IrfanView
[2011.08.04 15:27:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Standysman\Data aplikací\pdf995
[2011.06.25 17:59:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Standysman\Data aplikací\Publish Providers
[2011.03.28 15:56:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Standysman\Data aplikací\Raptr
[2011.08.04 15:32:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Standysman\Data aplikací\Software602
[2011.06.27 18:11:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Standysman\Data aplikací\Sony
[2011.07.02 20:41:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Standysman\Data aplikací\Sony Creative Software
[2011.03.28 00:51:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Standysman\Data aplikací\STORMWARE
[2011.08.05 00:01:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Standysman\Data aplikací\Tunngle
[2011.08.22 13:07:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Standysman\Data aplikací\uTorrent
[2011.03.14 18:18:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Standysman\Data aplikací\VitySoft

========== Purity Check ==========

========== Custom Scans ==========

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"CTFMON.EXE" = C:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 09:52:18 | 000,015,360 | ---- | M] (Microsoft Corporation)
"H/PC Connection Agent" = "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" -- [2006.11.13 16:50:20 | 001,289,000 | ---- | M] (Microsoft Corporation)
"Skype" = "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized -- [2011.06.15 15:02:58 | 015,141,768 | R--- | M] (Skype Technologies S.A.)

< c:\windows\*.* /U >

< %SYSTEMDRIVE%\*.exe >
[2008.04.08 12:46:45 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\devcon.exe
[2007.02.06 11:07:10 | 000,521,128 | ---- | M] (Microsoft Corporation) -- C:\DPINST.exe
[2008.05.02 11:11:10 | 000,364,721 | ---- | M] () -- C:\DPsFnshr.exe
[2008.05.02 11:11:14 | 000,282,725 | ---- | M] () -- C:\DSPdsblr.exe
[2008.04.08 12:46:45 | 000,020,992 | ---- | M] () -- C:\makePNF.exe
[2008.04.08 12:46:45 | 000,137,728 | ---- | M] () -- C:\mute.exe
[2008.05.02 11:11:17 | 000,235,131 | ---- | M] () -- C:\pmtimer.exe

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2011.05.01 16:19:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Standysman\Data aplikací\602Installer
[2011.05.01 16:19:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Standysman\Data aplikací\602XML
[2011.04.06 16:09:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Standysman\Data aplikací\Adobe
[2011.05.27 20:00:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Standysman\Data aplikací\Apple Computer
[2011.06.06 14:51:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Standysman\Data aplikací\Azureus
[2011.06.12 20:23:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Standysman\Data aplikací\BSplayer
[2011.06.12 20:01:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Standysman\Data aplikací\BSplayer Pro
[2011.05.29 00:05:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Standysman\Data aplikací\CyberLink
[2011.03.11 18:09:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Standysman\Data aplikací\DAEMON Tools Lite
[2011.04.07 11:40:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Standysman\Data aplikací\Dipito
[2011.03.23 01:08:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Standysman\Data aplikací\Google
[2011.03.18 00:49:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Standysman\Data aplikací\GRETECH
[2011.03.15 13:10:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Standysman\Data aplikací\HP
[2011.04.13 18:43:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Standysman\Data aplikací\HpUpdate
[2011.03.11 15:41:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Standysman\Data aplikací\Identities
[2011.03.11 15:54:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Standysman\Data aplikací\InstallShield
[2011.03.11 19:23:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Standysman\Data aplikací\IrfanView
[2011.03.11 18:02:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Standysman\Data aplikací\Macromedia
[2011.08.22 17:11:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Standysman\Data aplikací\Malwarebytes
[2011.07.29 15:20:20 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Standysman\Data aplikací\Microsoft
[2011.03.14 18:41:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Standysman\Data aplikací\Mozilla
[2011.05.10 16:04:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Standysman\Data aplikací\NCH Software
[2011.08.04 15:27:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Standysman\Data aplikací\pdf995
[2011.06.25 17:59:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Standysman\Data aplikací\Publish Providers
[2011.03.28 15:56:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Standysman\Data aplikací\Raptr
[2011.08.22 13:13:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Standysman\Data aplikací\Skype
[2011.07.09 20:12:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Standysman\Data aplikací\skypePM
[2011.08.04 15:32:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Standysman\Data aplikací\Software602
[2011.06.27 18:11:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Standysman\Data aplikací\Sony
[2011.07.02 20:41:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Standysman\Data aplikací\Sony Creative Software
[2011.03.28 00:51:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Standysman\Data aplikací\STORMWARE
[2011.03.14 18:17:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Standysman\Data aplikací\Sun
[2011.08.05 00:01:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Standysman\Data aplikací\Tunngle
[2011.08.22 13:07:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Standysman\Data aplikací\uTorrent
[2011.03.14 18:18:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Standysman\Data aplikací\VitySoft
[2011.03.11 19:03:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Standysman\Data aplikací\WinRAR

< %APPDATA%\*.exe /s >
[2011.03.28 15:50:17 | 000,310,208 | ---- | M] (Georgia Institute of Technology) -- C:\Documents and Settings\Standysman\Data aplikací\Azureus\plugins\mlab\ShaperProbeC.exe
[2009.08.11 21:21:26 | 000,087,552 | ---- | M] () -- C:\Documents and Settings\Standysman\Data aplikací\BSplayer\AC3 Filter\ac3config.exe
[2009.08.11 21:21:30 | 000,090,112 | ---- | M] () -- C:\Documents and Settings\Standysman\Data aplikací\BSplayer\AC3 Filter\spdif_test.exe
[2010.03.22 14:52:04 | 000,697,690 | ---- | M] () -- C:\Documents and Settings\Standysman\Data aplikací\BSplayer\AC3 Filter\unins000.exe
[2010.02.23 17:01:52 | 001,185,871 | ---- | M] () -- C:\Documents and Settings\Standysman\Data aplikací\BSplayer\FFDShow\unins000.exe
[2010.08.14 10:42:54 | 000,113,152 | ---- | M] () -- C:\Documents and Settings\Standysman\Data aplikací\BSplayer\Haali media splitter\dsmux.exe
[2010.08.14 10:45:10 | 000,358,400 | ---- | M] () -- C:\Documents and Settings\Standysman\Data aplikací\BSplayer\Haali media splitter\gdsmux.exe
[2010.08.14 10:42:06 | 000,137,728 | ---- | M] () -- C:\Documents and Settings\Standysman\Data aplikací\BSplayer\Haali media splitter\mkv2vfr.exe
[2010.09.30 15:30:22 | 000,042,305 | ---- | M] () -- C:\Documents and Settings\Standysman\Data aplikací\BSplayer\Haali media splitter\uninstall.exe
[2011.04.23 16:53:45 | 000,057,344 | R--- | M] (Macrovision Corporation) -- C:\Documents and Settings\Standysman\Data aplikací\Microsoft\Installer\{7F362F06-A9A3-440F-8B19-6A01A72723C4}\ARPPRODUCTICON.exe

< MD5 for: AGP440.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.04.14 10:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.04.14 10:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.14 01:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\agp440.sys
[2008.04.14 01:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.04.14 10:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 10:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\atapi.sys
[2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2008.04.14 09:52:12 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\ServicePackFiles\i386\autochk.exe
[2008.04.14 05:22:10 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\autochk.exe
[2008.04.14 09:52:12 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\system32\autochk.exe
[2004.08.17 15:49:22 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=CEA8636EC12F062C1ED8A7CB4E75324F -- C:\WINDOWS\$NtServicePackUninstall$\autochk.exe

< MD5 for: CDROM.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2008.04.14 10:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008.04.14 10:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008.04.14 01:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\cdrom.sys
[2008.04.14 01:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2004.08.03 22:59:54 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys

< MD5 for: CRYPTSVC.DLL >
[2004.08.17 15:49:04 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll
[2008.04.14 09:51:40 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[2008.04.14 05:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\cryptsvc.dll
[2008.04.14 09:51:40 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2008.04.14 09:51:42 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 05:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\eventlog.dll
[2008.04.14 09:51:42 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll
[2004.08.17 15:49:08 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008.04.14 09:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 09:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\explorer.exe
[2004.08.17 15:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: HAL.DLL >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2008.04.14 10:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2008.04.14 10:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll
[2008.04.14 01:01:30 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=4329EE7D502C9113EBA0F9570392F5EE -- C:\WINDOWS\system32\HAL.DLL
[2008.04.14 01:01:34 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll
[2008.04.13 20:31:32 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\hal.dll
[2004.08.03 22:59:14 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=DFCE51FD96909D1B97D4A1A72D060D77 -- C:\WINDOWS\$NtServicePackUninstall$\hal.dll

< MD5 for: CHANGER.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2008.04.14 10:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
[2008.04.14 10:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Changer.sys
[2008.04.14 01:11:00 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\ServicePackFiles\i386\changer.sys
[2008.04.13 20:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\changer.sys

< MD5 for: ISAPNP.SYS >
[2008.04.14 10:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2008.04.14 10:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:isapnp.sys
[2001.10.25 16:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\$NtServicePackUninstall$\isapnp.sys
[2008.04.14 08:57:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\ServicePackFiles\i386\isapnp.sys
[2008.04.14 04:27:53 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\isapnp.sys
[2008.04.14 08:57:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\drivers\isapnp.sys

< MD5 for: LSASS.EXE >
[2004.08.17 15:49:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
[2008.04.14 09:52:30 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[2008.04.14 05:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\lsass.exe
[2008.04.14 09:52:30 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\lsass.exe

< MD5 for: NDIS.SYS >
[2008.04.14 01:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\ndis.sys
[2008.04.14 01:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2004.08.03 23:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

< MD5 for: NETLOGON.DLL >
[2009.02.06 20:47:20 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=1F43B8C0F4C767FBED89711C30E704D9 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009.02.06 20:47:20 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=1F43B8C0F4C767FBED89711C30E704D9 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004.08.17 15:49:14 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008.04.14 09:51:52 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 05:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\netlogon.dll
[2008.04.14 09:51:52 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004.08.17 15:49:18 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008.04.14 09:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 05:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\scecli.dll
[2008.04.14 09:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SMSS.EXE >
[2004.08.17 15:49:28 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\$NtServicePackUninstall$\smss.exe
[2008.04.14 09:52:48 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\ServicePackFiles\i386\smss.exe
[2008.04.14 05:22:47 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\smss.exe
[2008.04.14 09:52:48 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\smss.exe

< MD5 for: SVCHOST.EXE >
[2008.04.14 09:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008.04.14 05:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\svchost.exe
[2008.04.14 09:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe
[2004.08.17 15:49:28 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: TCPIP.SYS >
[2008.06.20 12:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2008.06.20 12:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[2008.04.14 01:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.04.14 01:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008.04.13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2004.08.03 23:14:42 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.04.14 09:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\userinit.exe
[2008.04.14 09:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe
[2004.08.17 15:49:28 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004.08.17 15:49:28 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 09:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 05:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\winlogon.exe
[2008.04.14 09:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WS2_32.DLL >
[2004.08.17 15:49:22 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
[2008.04.14 09:52:08 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008.04.14 05:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\ws2_32.dll
[2008.04.14 09:52:08 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\*k.dll >
[2009.03.08 05:32:48 | 000,128,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\advpack.dll
[2001.10.25 16:00:00 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\csseqchk.dll
[2008.04.14 09:51:40 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\d3d8thk.dll
[2001.10.25 16:00:00 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dpnwsock.dll
[2001.10.25 16:00:00 | 000,042,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dpwsock.dll
[2008.04.14 09:51:44 | 000,072,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\hlink.dll
[2008.04.14 09:51:44 | 000,065,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\icwphbk.dll
[2001.10.25 16:00:00 | 000,005,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\kbduk.dll
[2001.10.25 16:00:00 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\langwrbk.dll
[2008.04.14 09:51:46 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lpk.dll
[2001.10.25 16:00:00 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mag_hook.dll
[2008.04.14 09:51:46 | 000,086,016 | ---- | M] (Conexant) -- C:\WINDOWS\system32\mdmxsdk.dll
[2008.04.14 09:51:50 | 000,275,968 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mstask.dll
[2008.06.20 18:04:19 | 000,247,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mswsock.dll
[2001.10.25 16:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\narrhook.dll
[2008.04.14 09:51:54 | 000,026,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\perfdisk.dll
[2008.04.14 09:51:56 | 000,286,792 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\slextspk.dll
[2001.10.25 16:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svcpack.dll
[2001.10.25 16:00:00 | 000,018,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\vga64k.dll
[2009.03.08 05:34:48 | 000,236,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\webcheck.dll
[2001.10.25 16:00:00 | 000,002,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winsock.dll
[2009.01.30 21:34:08 | 000,535,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wmdrmsdk.dll

< %systemroot%\System32\config\*.sav >
[2011.03.11 16:09:18 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2011.03.11 16:09:18 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2011.03.11 16:09:18 | 000,479,232 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2011.08.22 19:53:11 | 000,002,206 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs

< *crack* /s >

< *keygen* /s >

< End of report >

Danstahr · #22 Příspěvek od **Danstahr** » 22 srp 2011 21:21

Spusťte znovu OTL, do okna dole vložte následující skript a klikněte na tlačítko Opravit. Po restartu se otevře skript, ten sem vložte.

Kód: Vybrat vše

:Commands
[EmptyTemp]
[ResetHosts]
[EmptyFlash]
[clearallrestorepoints]

:OTL
O15 - HKU\S-1-5-21-796845957-343818398-682003330-1003\..Trusted Domains: dhlive.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-796845957-343818398-682003330-1003\..Trusted Domains: dhlive.net ([]http in Trusted sites)
O15 - HKU\S-1-5-21-796845957-343818398-682003330-1003\..Trusted Domains: homecams.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-796845957-343818398-682003330-1003\..Trusted Domains: inoveo.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-796845957-343818398-682003330-1003\..Trusted Domains: inoveo.com ([]https in Trusted sites)

standysman · #23 Příspěvek od **standysman** » 22 srp 2011 21:36

log zde:

All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: All Users.WINDOWS.0

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User.WINDOWS.0

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Standysman
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 0,00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: All Users.WINDOWS.0

User: Default User
->Flash cache emptied: 0 bytes

User: Default User.WINDOWS.0

User: LocalService

User: NetworkService

User: Standysman
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

Restore points cleared and new OTL Restore Point set!
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-796845957-343818398-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\dhlive.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-796845957-343818398-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\dhlive.net\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-796845957-343818398-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\homecams.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-796845957-343818398-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\inoveo.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-796845957-343818398-682003330-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\inoveo.com\ not found.

OTL by OldTimer - Version 3.2.26.5 log created on 08222011_223159

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Danstahr · #24 Příspěvek od **Danstahr** » 22 srp 2011 21:38

Jak je na tom PC?

standysman · #25 Příspěvek od **standysman** » 22 srp 2011 21:44

pc je na tom defacto pořád stejně. můžu nějak pomoci? ty názvy služeb, které jsme mazali či co, se na tom počítači kdysi používali, systém, vždy najede do nouzového režimu a musím spusti explorer.exe ručně. Žádne služby nefungují, ani sít, zvuk nic. vpravo u hodin jsou jenom hodiny místo obvyklých milionu ikonek od sítě apod. jestli je to moc zadělaný šlo by kdyžtak nějak zprovoznit sít, kvůli záloze a udělala by se reinstalace? nebo přes nějaký bootovatelný linux, aby šly zkopírovat nějaké soubory. a pak by se to celé zformátovalo konkréně by byla potřeba záloha outlooku coý nevím jestli se linux dostane do osobních složek windows xp.

Danstahr · #26 Příspěvek od **Danstahr** » 22 srp 2011 21:47

Linux se dostane všude, změnit práva je dílem okamžiku, ale zvládneme to i bez reinstalace

.

Odinstalujte antivir - může být nabořený virem a dělat tuhle neplechu.

Kliknete na Start a pote Spustit, pripadne pouzijte klavesou zkratku Win+R

Vyskoci na Vas okenko, do ktereho zkopirujte text nize
Kód: Vybrat vše
```
msconfig
```
Kliknete na OK
Prepnete se na zalozku Spuštění počítače
Podivejte se, ci nemate zaskrtnute Bezpecne spousteni - pokud ano, tak odskrtnete
Restartujte PC a dejte vedet, jestli se neco zmenilo

standysman · #27 Příspěvek od **standysman** » 22 srp 2011 21:59

kaspersky odinstalovat nejde, napise to chybu že instalační služba window není v nouzovém režimu dostupná,
ohledně ms config taková záložka tam není, ani nic podobného. ještě mě napadá že těšně před pádem systému jsem záhledl na c boot.ini, kterej přece není normálně vidět, tak jestli ten vir neupravil boot.ini a proto se to spouští v nouzáku nebo tak něco.

standysman · #28 Příspěvek od **standysman** » 22 srp 2011 22:01

na kartě boot.ini byla možnost safeboot tak jsem ji odškrtl

standysman · #29 Příspěvek od **standysman** » 22 srp 2011 22:02

užnaběhlo normálně, jenom nechtělo heslo do mého profilu

standysman · #30 Příspěvek od **standysman** » 22 srp 2011 22:06

kaspersky píše něco ve smyslu, že by rád začal hledat malware protože zaznameal změny v systémových službách

VIRY.CZ

FB vir tvařící se jako aktualizace flashplayer

Re: FB vir tvařící se jako aktualizace flashplayer

Re: FB vir tvařící se jako aktualizace flashplayer

Re: FB vir tvařící se jako aktualizace flashplayer

Re: FB vir tvařící se jako aktualizace flashplayer

Re: FB vir tvařící se jako aktualizace flashplayer

Re: FB vir tvařící se jako aktualizace flashplayer

Re: FB vir tvařící se jako aktualizace flashplayer

Re: FB vir tvařící se jako aktualizace flashplayer

Re: FB vir tvařící se jako aktualizace flashplayer

Re: FB vir tvařící se jako aktualizace flashplayer

Re: FB vir tvařící se jako aktualizace flashplayer

Re: FB vir tvařící se jako aktualizace flashplayer

Re: FB vir tvařící se jako aktualizace flashplayer

Re: FB vir tvařící se jako aktualizace flashplayer

Re: FB vir tvařící se jako aktualizace flashplayer