Vypnutí PC

Zpráva

#16 Příspěvek od **vyosek** » 25 zář 2011 17:28

Havet se usadila v bodech obnoveni - smazte je dle navodu kolegy riffa http://www.viry.cz/forum/viewtopic.php?f=11&t=47040

Zkuste spustit nyni ComboFix dle navodu jak jsem psal vyse

erorr · #17 Příspěvek od **erorr** » 25 zář 2011 18:21

provedeno ale combofix se opět zasekl. Možná to bude tím, že není upně vypnutý antyvirus. Ja ho moc ovládat neumím ale z části sem ho určitě vypl

#18 Příspěvek od **vyosek** » 26 zář 2011 08:23

Stahnete OTL (viz muj podpis) a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
Zaskrtnete okenko Pro vsechny uzivatele
Zaskrtnete okenko Kontrola na havet "LOP"
Zaskrtnete okenko Kontrola na havet "Purity"
Stari souboru zmente z 30 dnu na 7 dnu
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

Kód: Vybrat vše

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
autochk.exe
cdrom.sys
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
explorer.exe
hal.dll
Changer.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys
JakNDis.sys
KR10N.sys
logevent.dll
lsass.exe
mv61xx.sys
ndis.sys
netlogon.dll
ntelogon.dll
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys
nvrd32.sys
nvstor.sys
nvstor32.sys
scecli.dll
sceclt.dll
smss.exe
svchost.exe
symmpi.sys
tcpip.sys
userinit.exe
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
winlogon.exe
ws2_32.dll
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s

type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5

Kliknete na tlacitko Prohledat
Po dokonceni skenu (cca 10 az 15 min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte

erorr · #19 Příspěvek od **erorr** » 26 zář 2011 13:03

OTL log:

OTL logfile created on: 26.9.2011 13:36:28 - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Jirka\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,28 Gb Available Physical Memory | 63,96% Memory free
3,85 Gb Paging File | 3,19 Gb Available in Paging File | 83,01% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 326,20 Gb Total Space | 147,41 Gb Free Space | 45,19% Space Free | Partition Type: NTFS
Drive D: | 458,19 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: SAFAR-6A88902D4 | User Name: Jirka | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - [2011.09.26 13:33:58 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jirka\Plocha\OTL.exe
PRC - [2011.09.08 18:34:41 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011.08.17 13:15:28 | 000,534,880 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2011.08.17 13:00:38 | 000,402,328 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2011.08.02 09:16:04 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\Steam.exe
PRC - [2010.10.25 01:11:06 | 000,360,960 | ---- | M] (iZ3D Inc.) -- C:\Hry\iZ3D Driver\Win32\S3DCService.exe
PRC - [2010.06.07 21:12:12 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010.06.07 21:12:08 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2010.04.01 11:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Hry\DAEMON Tools Lite\DTLite.exe
PRC - [2010.03.10 03:10:38 | 000,086,016 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe
PRC - [2009.10.22 20:07:00 | 000,146,448 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
PRC - [2009.10.22 20:07:00 | 000,124,240 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2009.10.22 20:07:00 | 000,070,728 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2009.10.22 20:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2009.10.22 20:07:00 | 000,027,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
PRC - [2009.10.22 20:07:00 | 000,021,256 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
PRC - [2009.10.06 20:08:42 | 000,928,256 | ---- | M] (Planit Software Limited) -- C:\Program Files\Common Files\Planit\2010.10\cls\cls.exe
PRC - [2009.08.25 16:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2009.08.25 16:00:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2009.08.25 16:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2009.08.25 16:00:00 | 000,091,456 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe
PRC - [2008.10.15 17:13:58 | 000,439,632 | ---- | M] (RealVNC Ltd.) -- C:\Program Files\RealVNC\VNC4\winvnc4.exe
PRC - [2008.06.18 12:01:56 | 000,077,824 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SoundMan.exe
PRC - [2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.09.09 07:51:40 | 000,488,728 | ---- | M] (Dassault Systemes) -- C:\Program Files\SolidWorks\swScheduler\swBOEngine.exe
PRC - [2007.01.01 23:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe
PRC - [2006.12.21 08:30:02 | 000,206,400 | ---- | M] (SafeNet, Inc) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
PRC - [2006.08.22 02:00:20 | 000,316,992 | ---- | M] (SafeNet, Inc.) -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
PRC - [2004.05.12 17:18:56 | 000,367,104 | ---- | M] () -- C:\Program Files\MultiKeyboard Driver\KbdDrv.exe

========== Modules (No Company Name) ==========

MOD - [2011.09.22 20:06:12 | 014,410,024 | ---- | M] () -- C:\Program Files\Steam\bin\libcef.dll
MOD - [2011.09.22 20:05:58 | 000,914,216 | ---- | M] () -- C:\Program Files\Steam\bin\avcodec-52.dll
MOD - [2011.09.22 20:05:58 | 000,190,248 | ---- | M] () -- C:\Program Files\Steam\bin\chromehtml.dll
MOD - [2011.09.22 20:05:58 | 000,155,432 | ---- | M] () -- C:\Program Files\Steam\bin\avformat-52.dll
MOD - [2011.09.22 20:05:58 | 000,091,432 | ---- | M] () -- C:\Program Files\Steam\bin\avutil-50.dll
MOD - [2011.09.08 18:34:32 | 001,846,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011.08.11 10:10:08 | 006,277,280 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2010.10.18 19:15:01 | 000,073,216 | ---- | M] () -- C:\WINDOWS\system32\winjty32.dll
MOD - [2010.07.06 12:44:14 | 000,970,752 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2010.03.10 03:10:38 | 000,086,016 | ---- | M] () -- C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe
MOD - [2010.02.18 00:49:10 | 000,323,584 | ---- | M] () -- C:\Hry\WinRAR\rarlng.dll
MOD - [2010.02.10 18:10:12 | 000,141,824 | ---- | M] () -- C:\Hry\WinRAR\RarExt.dll
MOD - [2009.11.17 18:17:18 | 000,026,112 | R--- | M] () -- C:\Program Files\Common Files\Planit\2010.10\Language\cs-CZ\lic_res.dll
MOD - [2009.10.06 18:55:18 | 000,009,216 | ---- | M] () -- C:\Program Files\Common Files\Planit\2010.10\cls\edgecbk.dll
MOD - [2009.10.06 18:50:52 | 000,214,016 | ---- | M] () -- C:\Program Files\Common Files\Planit\2010.10\cls\utils.dll
MOD - [2009.10.06 18:50:36 | 000,047,616 | ---- | M] () -- C:\Program Files\Common Files\Planit\2010.10\cls\stlport_allocator.dll
MOD - [2009.10.06 18:50:34 | 000,060,928 | ---- | M] () -- C:\Program Files\Common Files\Planit\2010.10\cls\platform.dll
MOD - [2009.08.25 16:00:00 | 000,057,344 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\boost_thread-vc71-mt-1_32.dll
MOD - [2009.04.07 05:32:10 | 000,022,723 | ---- | M] () -- C:\WINDOWS\system32\cl31cl3.dll
MOD - [2007.08.21 21:46:34 | 000,059,160 | ---- | M] () -- C:\Program Files\SolidWorks\zlib.dll
MOD - [2007.04.02 14:49:20 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll
MOD - [2005.08.22 16:38:16 | 003,264,512 | ---- | M] () -- C:\Program Files\McAfee\Common Framework\cryptocme2.dll
MOD - [2004.05.12 17:18:56 | 000,367,104 | ---- | M] () -- C:\Program Files\MultiKeyboard Driver\KbdDrv.exe
MOD - [2004.02.02 06:17:06 | 000,028,672 | ---- | M] () -- C:\Program Files\MultiKeyboard Driver\KeyDll.dll
MOD - [2001.10.28 17:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011.08.17 13:00:38 | 000,402,328 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2010.12.17 21:31:33 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.12.07 20:13:48 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2010.10.25 01:11:06 | 000,360,960 | ---- | M] (iZ3D Inc.) [Auto | Running] -- C:\Hry\iZ3D Driver\Win32\S3DCService.exe -- (S3DSvc32) S3D Service (Win32)
SRV - [2010.03.10 03:10:38 | 000,086,016 | ---- | M] () [Auto | Running] -- C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe -- (mi-raysat_3dsmax2011_32)
SRV - [2009.10.22 20:07:00 | 000,146,448 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)
SRV - [2009.10.22 20:07:00 | 000,070,728 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2009.10.22 20:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2009.10.22 20:07:00 | 000,021,256 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe -- (McAfeeEngineService)
SRV - [2009.08.25 16:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2008.10.15 17:13:58 | 000,439,632 | ---- | M] (RealVNC Ltd.) [Auto | Running] -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)
SRV - [2006.12.21 08:30:02 | 000,206,400 | ---- | M] (SafeNet, Inc) [Auto | Running] -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe -- (SentinelProtectionServer)
SRV - [2006.08.22 02:00:20 | 000,316,992 | ---- | M] (SafeNet, Inc.) [Auto | Running] -- C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe -- (SentinelKeysServer)

========== Driver Services (SafeList) ==========

DRV - [2011.09.22 21:31:31 | 000,060,800 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\Jirka\Plocha\TrueSight.sys -- (TrueSight)
DRV - [2010.12.05 18:09:23 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2010.10.06 19:04:02 | 000,034,968 | ---- | M] () [Kernel | System | Running] -- C:\Hry\iZ3D Driver\Win32\S3DInjectionDriver.sys -- (iZ3DInjectionDriver)
DRV - [2010.07.11 15:16:35 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010.07.06 10:11:21 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2009.10.22 20:07:00 | 000,343,664 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009.10.22 20:07:00 | 000,091,672 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009.10.22 20:07:00 | 000,075,704 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2009.10.22 20:07:00 | 000,065,448 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2009.10.22 20:07:00 | 000,063,728 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2009.10.22 20:07:00 | 000,043,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2008.07.03 11:03:14 | 004,745,216 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008.01.04 08:10:16 | 000,105,856 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2006.12.21 08:30:02 | 000,090,688 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2006.09.24 15:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2006.07.01 22:42:58 | 000,043,008 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006.06.01 18:47:40 | 000,334,976 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dumant.sys -- (DumaNT)
DRV - [2004.07.14 13:54:42 | 000,676,864 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2004.02.01 06:53:20 | 000,026,166 | ---- | M] (Compuware Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbfilt.sys -- (Usbfilt)
DRV - [1996.04.03 21:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\giveio.sys -- (giveio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-861567501-606747145-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchster.net/
IE - HKU\S-1-5-21-861567501-606747145-839522115-1004\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.6\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-861567501-606747145-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "searchster.net"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.selectedEngine: "Searchster.Net"
FF - prefs.js..browser.startup.homepage: "http://www.google.cz/"
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.3
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3
FF - prefs.js..extensions.enabledItems: battlefieldplay4free@ea.com:1.0.42.2
FF - prefs.js..extensions.enabledItems: Subscription@helper.com:2.9
FF - prefs.js..extensions.enabledItems: Search_Toolbar@skywebsearch.com:3.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=green ... =302398&p="
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.09.08 18:34:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.17 16:27:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\FireFox\Extensions\\Subscription@helper.com: C:\Program Files\SM\FF [2010.12.19 17:50:29 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\FireFox\Extensions\\Search_Toolbar@skywebsearch.com: C:\Program Files\Searchster.Net\FF [2010.12.19 17:51:06 | 000,000,000 | ---D | M]

[2010.07.07 19:24:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jirka\Data aplikací\Mozilla\Extensions
[2011.05.05 19:16:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jirka\Data aplikací\Mozilla\Firefox\Profiles\z9opovad.default\extensions
[2010.11.01 16:51:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Jirka\Data aplikací\Mozilla\Firefox\Profiles\z9opovad.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.02.15 15:35:54 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Documents and Settings\Jirka\Data aplikací\Mozilla\Firefox\Profiles\z9opovad.default\extensions\battlefieldplay4free@ea.com
[2010.12.19 17:51:07 | 000,002,121 | ---- | M] () -- C:\Documents and Settings\Jirka\Data aplikací\Mozilla\Firefox\Profiles\z9opovad.default\searchplugins\Searchster.xml
[2011.08.31 10:59:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.08.26 12:17:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.12.22 21:40:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.06.08 16:11:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.08.31 10:59:06 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM
[2010.08.25 15:24:03 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011.08.31 10:59:06 | 000,000,000 | ---D | M] (pdfforge Toolbar) -- C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF
[2011.09.08 18:34:44 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.01.01 10:00:00 | 000,002,208 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\heureka-cz.xml
[2010.01.01 10:00:00 | 000,000,638 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
[2010.01.01 10:00:00 | 000,001,367 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml
[2010.01.01 10:00:00 | 000,000,654 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml
[2010.01.01 10:00:00 | 000,001,179 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2011.09.22 21:29:54 | 000,000,729 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (ShowBarObj Class) - {2863E737-DD3F-4280-9AF8-E9E79C16F312} - C:\Program Files\Searchster.Net\MinBHO.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.6\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (SignatureManagerBHO) - {C6CC9344-BC12-4EA7-9E37-46D61866C771} - C:\Program Files\SM\SubsHelperBHO.dll (SM Technologies)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.6\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Searchster.Net) - {F334C7B0-8774-4d5b-BD7A-4F448D03A1AE} - C:\Program Files\Searchster.Net\Searchster.Net.dll (Searchster.Net Company)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AlcWzrd] C:\WINDOWS\alcwzrd.exe (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [GEST] m‘|\ü File not found
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SoundMan.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [WinSys2] C:\WINDOWS\system32\WinSys2.exe ()
O4 - HKU\S-1-5-21-861567501-606747145-839522115-1004..\Run: [DAEMON Tools Lite] C:\hry\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-861567501-606747145-839522115-1004..\Run: [PCSpeedUp] "C:\Program Files\Zrychleni Pocitace\PCSpeedUp.exe" File not found
O4 - HKU\S-1-5-21-861567501-606747145-839522115-1004..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\CLS 2010.10.lnk = C:\WINDOWS\Installer\{32941B29-1D13-4237-88AD-90B9A588E7EA}\NewShortcut11.70787B93_F30E_4877_AFB6_34DDA9EE532D.exe (Acresso Software Inc.)
O4 - Startup: C:\Documents and Settings\Jirka\Nabídka Start\Programy\Po spuštění\Jádro Plánovače úloh SolidWorks.lnk = C:\Program Files\SolidWorks\swScheduler\swBOEngine.exe (Dassault Systemes)
O4 - Startup: C:\Documents and Settings\Jirka\Nabídka Start\Programy\Po spuštění\MutiKeyboard Driver.lnk = C:\Program Files\MultiKeyboard Driver\KbdDrv.exe ()
O4 - Startup: C:\Documents and Settings\Jirka\Nabídka Start\Programy\Po spuštění\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\Martina\Nabídka Start\Programy\Po spuštění\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\safar\Nabídka Start\Programy\Po spuštění\Jádro Plánovače úloh SolidWorks.lnk = C:\Program Files\SolidWorks\swScheduler\swBOEngine.exe (Dassault Systemes)
O4 - Startup: C:\Documents and Settings\safar\Nabídka Start\Programy\Po spuštění\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-861567501-606747145-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-861567501-606747145-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O9 - Extra 'Tools' menuitem : Signature Manager options - {755B05A7-0770-4185-B5F6-E75A2CA527E2} - C:\Program Files\SM\SubsHelper.dll (SM Technologies)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BFE88896-EF61-405E-B3E3-BFB524A9BBDD}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\winjty32: DllName - (winjty32.dll) - C:\WINDOWS\System32\winjty32.dll ()
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Jirka\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jirka\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.07.01 10:41:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011.05.17 10:54:36 | 000,000,000 | R--D | M] - D:\autorun -- [ CDFS ]
O32 - AutoRun File - [2011.05.16 12:53:20 | 001,807,353 | R--- | M] (TopQer s.r.o. ) - D:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2009.08.20 22:45:31 | 000,000,051 | R--- | M] () - D:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{2b960862-a188-11df-b9fe-001fd0b54177}\Shell - "" = Autorun
O33 - MountPoints2\{2b960862-a188-11df-b9fe-001fd0b54177}\Shell\AutoRun\command - "" = F:\Install_Nokia_Ovi_Suite.exe
O33 - MountPoints2\{d55e61c4-b1ae-11df-ba2f-001fd0b54177}\Shell\AutoRun\command - "" = F:\cbbw88s.exe
O33 - MountPoints2\{d55e61c4-b1ae-11df-ba2f-001fd0b54177}\Shell\open\Command - "" = F:\cbbw88s.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: SSHNAS - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 7 Days ==========

[2011.09.26 13:33:54 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jirka\Plocha\OTL.exe
[2011.09.25 19:06:16 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011.09.25 19:05:54 | 004,227,131 | R--- | C] (Swearware) -- C:\Documents and Settings\Jirka\Plocha\ComboFix.exe
[2011.09.24 17:21:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jirka\Data aplikací\Malwarebytes
[2011.09.24 17:21:26 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011.09.24 17:21:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Malwarebytes' Anti-Malware
[2011.09.24 17:21:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
[2011.09.24 17:21:22 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.09.24 17:18:18 | 007,622,112 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jirka\Plocha\mbam-setup.exe
[2011.09.24 17:07:53 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jirka\Plocha\TFC.exe
[2011.09.23 16:13:00 | 001,547,056 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Jirka\Plocha\tdsskiller.exe
[2011.09.22 20:11:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jirka\Plocha\RK_Quarantine
[2011.09.22 20:02:42 | 000,000,000 | --SD | C] -- C:\Beruska
[2011.09.22 20:01:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2011.09.21 19:55:06 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011.09.21 19:52:46 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011.09.21 19:52:46 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011.09.21 19:52:46 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011.09.21 19:52:46 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011.09.21 19:52:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011.09.21 19:49:26 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.09.21 19:49:23 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Jirka\Nabídka Start\Programy\Nástroje pro správu
[2011.09.21 19:45:57 | 004,222,691 | R--- | C] (Swearware) -- C:\Documents and Settings\Jirka\Plocha\ComboFix.exe.com
[2011.09.21 19:20:24 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011.09.21 19:20:24 | 000,000,000 | ---D | C] -- C:\rsit
[2011.09.19 17:51:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jirka\.idlerc
[2011.09.19 17:37:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jirka\Nabídka Start\Programy\Python 2.6
[2011.09.19 16:29:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jirka\Data aplikací\Blender Foundation

========== Files - Modified Within 7 Days ==========

[2011.09.26 13:38:05 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2011.09.26 13:33:58 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jirka\Plocha\OTL.exe
[2011.09.26 13:29:43 | 000,002,445 | ---- | M] () -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\CLS 2010.10.lnk
[2011.09.26 13:29:40 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.09.26 13:29:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.09.25 19:05:52 | 004,227,131 | R--- | M] (Swearware) -- C:\Documents and Settings\Jirka\Plocha\ComboFix.exe
[2011.09.24 22:01:51 | 000,185,687 | -H-- | M] () -- C:\treeinfo.wc
[2011.09.24 17:21:26 | 000,000,692 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2011.09.24 17:18:41 | 007,622,112 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jirka\Plocha\mbam-setup.exe
[2011.09.24 17:08:26 | 000,534,536 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.09.24 17:08:26 | 000,529,244 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2011.09.24 17:08:26 | 000,113,110 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2011.09.24 17:08:26 | 000,099,814 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.09.24 17:07:53 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jirka\Plocha\TFC.exe
[2011.09.23 16:13:07 | 001,547,056 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Jirka\Plocha\tdsskiller.exe
[2011.09.22 21:31:31 | 000,060,800 | ---- | M] () -- C:\Documents and Settings\Jirka\Plocha\TrueSight.sys
[2011.09.22 20:11:08 | 000,657,920 | ---- | M] () -- C:\Documents and Settings\Jirka\Plocha\RogueKiller.exe
[2011.09.21 19:55:11 | 000,000,339 | RHS- | M] () -- C:\boot.ini
[2011.09.21 19:46:31 | 004,222,691 | R--- | M] (Swearware) -- C:\Documents and Settings\Jirka\Plocha\ComboFix.exe.com

========== Files Created - No Company Name ==========

[2011.09.26 13:38:05 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2011.09.24 17:21:26 | 000,000,692 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2011.09.22 20:11:31 | 000,060,800 | ---- | C] () -- C:\Documents and Settings\Jirka\Plocha\TrueSight.sys
[2011.09.22 20:11:08 | 000,657,920 | ---- | C] () -- C:\Documents and Settings\Jirka\Plocha\RogueKiller.exe
[2011.09.21 19:55:11 | 000,000,223 | ---- | C] () -- C:\Boot.bak
[2011.09.21 19:55:09 | 000,261,312 | RHS- | C] () -- C:\cmldr
[2011.09.21 19:52:46 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011.09.21 19:52:46 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011.09.21 19:52:46 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011.09.21 19:52:46 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011.09.21 19:52:46 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011.02.23 15:18:36 | 000,190,464 | ---- | C] () -- C:\WINDOWS\System32\PCGW32.DLL
[2011.01.18 21:37:54 | 000,075,776 | ---- | C] () -- C:\WINDOWS\cadkasdeinst01e.exe
[2011.01.08 11:47:29 | 000,000,390 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011.01.01 13:57:10 | 000,240,608 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011.01.01 13:57:08 | 000,240,608 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011.01.01 13:57:08 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011.01.01 13:56:50 | 002,293,194 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010.12.20 18:07:58 | 000,005,053 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\dxocfpfg.etb
[2010.12.20 18:07:58 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\2677094964
[2010.12.11 20:44:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Licenses.INI
[2010.12.10 21:16:47 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\Jirka\Data aplikací\PnkBstrK.sys
[2010.12.06 19:40:55 | 000,141,200 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010.12.06 19:40:50 | 000,281,656 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2010.12.06 19:40:41 | 000,075,136 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2010.12.05 18:09:23 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2010.11.19 17:49:45 | 000,000,124 | ---- | C] () -- C:\WINDOWS\RhinoCAM 2.0.INI
[2010.10.25 17:37:56 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\drivers\giveio.sys
[2010.10.18 19:15:01 | 000,073,216 | ---- | C] () -- C:\WINDOWS\System32\winjty32.dll
[2010.09.14 12:50:00 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\Jirka\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.29 19:56:07 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.08.02 20:39:57 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2010.07.06 12:22:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010.07.06 10:31:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\msicpl.ini
[2010.07.06 10:21:03 | 000,131,072 | R--- | C] () -- C:\WINDOWS\System32\smdll.dll
[2010.07.06 10:20:59 | 000,262,144 | R--- | C] () -- C:\WINDOWS\System32\HookShield.dll
[2010.07.06 10:20:59 | 000,258,048 | R--- | C] () -- C:\WINDOWS\System32\HookMAp.dll
[2010.07.06 10:20:59 | 000,032,768 | R--- | C] () -- C:\WINDOWS\System32\Auxiliary.dll
[2010.07.06 10:20:58 | 000,208,896 | R--- | C] () -- C:\WINDOWS\System32\WinSys2.exe
[2010.07.06 10:09:30 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2010.07.01 12:26:02 | 000,004,249 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010.07.01 12:25:03 | 000,291,680 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.07.01 10:43:37 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010.07.01 10:39:27 | 000,021,812 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009.11.06 10:58:04 | 000,178,975 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009.04.07 05:32:10 | 000,022,723 | ---- | C] () -- C:\WINDOWS\System32\cl31cl3.dll
[2008.05.03 05:16:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006.06.01 18:47:40 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\nvStInst.exe
[2006.06.01 18:47:40 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\stereoi.dll
[2005.10.14 12:56:50 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005.10.14 12:56:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005.10.14 12:56:50 | 000,778,240 | ---- | C] () -- C:\WINDOWS\System32\DivXsm.exe
[2005.10.14 12:56:50 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005.10.14 12:56:50 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005.10.14 12:56:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005.10.14 12:56:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005.10.14 12:56:50 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005.10.14 12:56:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2004.08.17 16:58:58 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004.08.02 15:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2001.11.29 16:22:34 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\nvstreg.exe
[2001.11.29 16:20:24 | 000,368,640 | ---- | C] () -- C:\WINDOWS\System32\nvimage.dll
[2001.10.25 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001.10.25 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001.10.25 14:00:00 | 000,534,536 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001.10.25 14:00:00 | 000,529,244 | ---- | C] () -- C:\WINDOWS\System32\perfh005.dat
[2001.10.25 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001.10.25 14:00:00 | 000,269,162 | ---- | C] () -- C:\WINDOWS\System32\perfi005.dat
[2001.10.25 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001.10.25 14:00:00 | 000,113,110 | ---- | C] () -- C:\WINDOWS\System32\perfc005.dat
[2001.10.25 14:00:00 | 000,099,814 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001.10.25 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001.10.25 14:00:00 | 000,032,072 | ---- | C] () -- C:\WINDOWS\System32\perfd005.dat
[2001.10.25 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001.10.25 14:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001.10.25 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2010.12.17 21:47:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Autodesk
[2010.10.19 16:33:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Codemasters
[2010.07.11 15:15:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
[2010.12.19 10:36:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\DassaultSystemes
[2011.01.15 20:35:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Electronic Arts
[2011.02.23 15:21:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\iZ3D Driver
[2010.11.18 19:54:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\McNeel
[2010.12.11 19:56:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Planit
[2010.12.11 19:56:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\SafeNet Sentinel
[2010.12.20 19:10:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TSplines
[2010.12.20 20:13:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jirka\Data aplikací\Autodesk
[2011.09.19 16:29:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jirka\Data aplikací\Blender Foundation
[2010.10.19 13:59:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jirka\Data aplikací\DAEMON Tools Lite
[2010.12.05 18:10:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jirka\Data aplikací\DassaultSystemes
[2010.07.11 14:10:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jirka\Data aplikací\GHISLER
[2011.02.23 15:18:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jirka\Data aplikací\iZ3D Driver
[2011.01.15 21:17:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jirka\Data aplikací\Need for Speed World
[2010.07.09 11:34:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jirka\Data aplikací\OpenOffice.org
[2010.08.03 07:25:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jirka\Data aplikací\pdfforge
[2011.08.31 10:59:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jirka\Data aplikací\Search Settings
[2010.11.23 15:54:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jirka\Data aplikací\Synthesia
[2011.02.02 17:59:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jirka\Data aplikací\The Creative Assembly
[2011.08.22 19:50:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jirka\Data aplikací\TS3Client
[2011.04.17 14:19:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jirka\Data aplikací\wargaming.net
[2010.10.23 16:12:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martina\Data aplikací\OpenOffice.org
[2010.08.04 07:52:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martina\Data aplikací\pdfforge
[2010.12.05 12:27:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Martina\Data aplikací\Search Settings
[2010.12.17 21:47:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\safar\Data aplikací\Autodesk
[2011.01.18 21:38:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\safar\Data aplikací\CAD-KAS
[2010.11.18 19:53:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\safar\Data aplikací\DAEMON Tools Lite
[2010.12.19 10:36:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\safar\Data aplikací\DassaultSystemes
[2010.12.30 13:40:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\safar\Data aplikací\GARMIN
[2010.07.06 12:26:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\safar\Data aplikací\GHISLER
[2010.12.17 20:30:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\safar\Data aplikací\MilkShape 3D 1.x.x
[2010.07.06 12:45:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\safar\Data aplikací\OpenOffice.org
[2010.08.25 15:09:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\safar\Data aplikací\pdfforge
[2010.11.23 21:28:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\safar\Data aplikací\Search Settings

========== Purity Check ==========

========== Custom Scans ==========

< >

< >

< MD5 for: AGP440.SYS >
[2004.08.17 16:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010.07.06 11:53:42 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2010.07.06 11:53:42 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004.08.17 16:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010.07.06 11:53:42 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2010.07.06 11:53:42 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2008.04.14 05:22:10 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\cmdcons\autochk.exe
[2008.04.14 05:22:10 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\ServicePackFiles\i386\autochk.exe
[2008.04.14 05:22:10 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\system32\autochk.exe
[2004.08.17 16:49:22 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=CEA8636EC12F062C1ED8A7CB4E75324F -- C:\WINDOWS\$NtServicePackUninstall$\autochk.exe

< MD5 for: CDROM.SYS >
[2004.08.17 16:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2010.07.06 11:53:42 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2010.07.06 11:53:42 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2004.08.03 23:59:54 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys

< MD5 for: CRYPTSVC.DLL >
[2004.08.17 16:49:04 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll
[2008.04.14 05:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[2008.04.14 05:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2008.04.14 05:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 05:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll
[2004.08.17 16:49:08 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004.08.17 16:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: HAL.DLL >
[2004.08.17 16:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2010.07.06 11:53:42 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2010.07.06 11:53:42 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll
[2008.04.13 20:31:28 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=4329EE7D502C9113EBA0F9570392F5EE -- C:\WINDOWS\system32\HAL.DLL
[2008.04.13 20:31:32 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll
[2004.08.03 23:59:14 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=DFCE51FD96909D1B97D4A1A72D060D77 -- C:\WINDOWS\$NtServicePackUninstall$\hal.dll

< MD5 for: CHANGER.SYS >
[2004.08.17 16:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2010.07.06 11:53:42 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
[2010.07.06 11:53:42 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Changer.sys
[2008.04.13 20:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\ServicePackFiles\i386\changer.sys

< MD5 for: ISAPNP.SYS >
[2010.07.06 11:53:42 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2010.07.06 11:53:42 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:isapnp.sys
[2001.10.25 14:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\$NtServicePackUninstall$\isapnp.sys
[2008.04.14 04:27:53 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\ServicePackFiles\i386\isapnp.sys
[2008.04.14 04:27:53 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\drivers\isapnp.sys

< MD5 for: LSASS.EXE >
[2004.08.17 16:49:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
[2008.04.14 05:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[2008.04.14 05:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\lsass.exe

< MD5 for: NDIS.SYS >
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2004.08.04 00:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

< MD5 for: NETLOGON.DLL >
[2009.02.06 20:47:20 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=1F43B8C0F4C767FBED89711C30E704D9 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009.02.06 20:47:20 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=1F43B8C0F4C767FBED89711C30E704D9 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004.08.17 16:49:14 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008.04.14 05:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 05:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004.08.17 16:49:18 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008.04.14 05:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 05:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SMSS.EXE >
[2004.08.17 16:49:28 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\$NtServicePackUninstall$\smss.exe
[2004.08.17 15:49:28 | 000,164,864 | ---- | M] (Microsoft Corporation) MD5=3C100B7FDB179B63829103DF6541337F -- C:\cmdcons\SYSTEM32\SMSS.EXE
[2008.04.14 05:22:47 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\ServicePackFiles\i386\smss.exe
[2008.04.14 05:22:47 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\smss.exe

< MD5 for: SVCHOST.EXE >
[2008.04.14 05:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008.04.14 05:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe
[2004.08.17 16:49:28 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: TCPIP.SYS >
[2008.06.20 12:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2008.06.20 12:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[2008.04.13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.04.13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2004.08.04 00:14:42 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe
[2004.08.17 16:49:28 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004.08.17 16:49:28 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 05:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 05:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WS2_32.DLL >
[2004.08.17 16:49:22 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
[2008.04.14 05:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008.04.14 05:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\ws2_32.dll

< >

< %systemroot%*.* /U /s >
[12 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[1 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]
[948 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >
[2007.11.07 09:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2010.09.10 15:28:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jirka\Data aplikací\Adobe
[2010.12.20 20:13:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jirka\Data aplikací\Autodesk
[2011.09.19 16:29:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jirka\Data aplikací\Blender Foundation
[2010.10.19 13:59:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jirka\Data aplikací\DAEMON Tools Lite
[2010.12.05 18:10:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jirka\Data aplikací\DassaultSystemes
[2010.07.11 14:10:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jirka\Data aplikací\GHISLER
[2010.07.07 18:42:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jirka\Data aplikací\Identities
[2011.02.23 15:18:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jirka\Data aplikací\iZ3D Driver
[2010.07.07 19:31:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jirka\Data aplikací\Macromedia
[2011.09.24 17:21:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jirka\Data aplikací\Malwarebytes
[2011.05.23 17:56:30 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Jirka\Data aplikací\Microsoft
[2010.12.30 11:55:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jirka\Data aplikací\Mozilla
[2011.01.15 21:17:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jirka\Data aplikací\Need for Speed World
[2011.01.01 14:02:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jirka\Data aplikací\NVIDIA
[2010.07.09 11:34:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jirka\Data aplikací\OpenOffice.org
[2010.08.03 07:25:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jirka\Data aplikací\pdfforge
[2011.08.31 10:59:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jirka\Data aplikací\Search Settings
[2010.07.08 07:32:37 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Jirka\Data aplikací\SecuROM
[2010.12.07 20:17:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jirka\Data aplikací\SolidWorks
[2010.12.07 20:19:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jirka\Data aplikací\SolidWorks 2008
[2010.08.25 20:38:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jirka\Data aplikací\Sun
[2010.11.23 15:54:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jirka\Data aplikací\Synthesia
[2011.02.02 17:59:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jirka\Data aplikací\The Creative Assembly
[2011.08.22 19:50:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jirka\Data aplikací\TS3Client
[2011.04.17 14:19:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jirka\Data aplikací\wargaming.net
[2010.07.26 14:08:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jirka\Data aplikací\WinRAR

< %APPDATA%\*.exe /s >
[2011.09.19 17:37:02 | 000,025,600 | R--- | M] () -- C:\Documents and Settings\Jirka\Data aplikací\Microsoft\Installer\{110EB5C4-E995-4CFB-AB80-A5F315BEA9E8}\python_icon.exe
[2010.10.17 17:44:23 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Jirka\Data aplikací\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
[2011.01.28 17:27:06 | 001,353,088 | ---- | M] (EA Digital Illusions CE AB) -- C:\Documents and Settings\Jirka\Data aplikací\Mozilla\Firefox\Profiles\z9opovad.default\extensions\battlefieldplay4free@ea.com\plugins\BP4FUpdater.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010.07.11 15:16:35 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys

< %systemroot%\System32\config\*.sav >
[2010.07.01 12:23:55 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2010.07.01 12:23:55 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2010.07.01 12:23:55 | 000,479,232 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2011.09.24 17:08:26 | 000,113,110 | ---- | M] () -- C:\WINDOWS\system32\perfc005.dat
[2011.09.24 17:08:26 | 000,099,814 | ---- | M] () -- C:\WINDOWS\system32\perfc009.dat
[2011.09.24 17:08:26 | 000,529,244 | ---- | M] () -- C:\WINDOWS\system32\perfh005.dat
[2011.09.24 17:08:26 | 000,534,536 | ---- | M] () -- C:\WINDOWS\system32\perfh009.dat
[2011.09.24 17:08:26 | 001,295,862 | ---- | M] () -- C:\WINDOWS\system32\PerfStringBackup.INI
[2011.09.26 13:29:40 | 000,002,206 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl

< %SYSTEMDRIVE%\*.exe >
[2007.11.07 09:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"CTFMON.EXE" = C:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 05:22:17 | 000,015,360 | ---- | M] (Microsoft Corporation)
"DAEMON Tools Lite" = "C:\hry\DAEMON Tools Lite\DTLite.exe" -autorun -- [2010.04.01 11:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd)
"PCSpeedUp" = "C:\Program Files\Zrychleni Pocitace\PCSpeedUp.exe"
"MSMSGS" = "C:\Program Files\Messenger\msmsgs.exe" /background -- [2008.04.14 05:22:36 | 001,695,232 | ---- | M] (Microsoft Corporation)
"Steam" = "C:\Program Files\Steam\Steam.exe" -silent -- [2011.08.02 09:16:04 | 001,242,448 | ---- | M] (Valve Corporation)

< >

< type c:\boot.ini >> test.txt /c >
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2011.09.26 13:38:05 | 000,000,512 | ---- | M] () MD5=BD48D65F71551EC137C11AD61235AE22 -- C:\PhysicalMBR.bin

< End of report >

erorr · #20 Příspěvek od **erorr** » 26 zář 2011 13:06

Extras log:
OTL Extras logfile created on: 26.9.2011 13:36:28 - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Documents and Settings\Jirka\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,28 Gb Available Physical Memory | 63,96% Memory free
3,85 Gb Paging File | 3,19 Gb Available in Paging File | 83,01% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 326,20 Gb Total Space | 147,41 Gb Free Space | 45,19% Space Free | Partition Type: NTFS
Drive D: | 458,19 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: SAFAR-6A88902D4 | User Name: Jirka | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-861567501-606747145-839522115-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"58907:TCP" = 58907:TCP:*:Enabled:Pando Media Booster
"58907:UDP" = 58907:UDP:*:Enabled:Pando Media Booster
"57762:TCP" = 57762:TCP:*:Enabled:Pando Media Booster
"57762:UDP" = 57762:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"58433:TCP" = 58433:TCP:*:Enabled:Pando Media Booster
"58433:UDP" = 58433:UDP:*:Enabled:Pando Media Booster
"58907:TCP" = 58907:TCP:*:Enabled:Pando Media Booster
"58907:UDP" = 58907:UDP:*:Enabled:Pando Media Booster
"57762:TCP" = 57762:TCP:*:Enabled:Pando Media Booster
"57762:UDP" = 57762:UDP:*:Enabled:Pando Media Booster

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)
"C:\Hry\Bohemia Interactive\ArmA 2\arma2.exe" = C:\Hry\Bohemia Interactive\ArmA 2\arma2.exe:*:Enabled:ArmA 2 -- (Bohemia Interactive)
"C:\Hry\Bohemia Interactive\ArmA 2\arma2OA.exe" = C:\Hry\Bohemia Interactive\ArmA 2\arma2OA.exe:*:Enabled:ArmA 2 Operation Arrowhead -- (Bohemia Interactive)
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\Hry\Mass Effect 2\Binaries\MassEffect2.exe" = C:\Hry\Mass Effect 2\Binaries\MassEffect2.exe:*:Enabled:Mass Effect 2 Hra -- (BioWare)
"C:\Hry\Mass Effect 2\MassEffect2Launcher.exe" = C:\Hry\Mass Effect 2\MassEffect2Launcher.exe:*:Enabled:Mass Effect 2 Spustit -- (BioWare)
"C:\WINDOWS\system32\winver.exe" = C:\WINDOWS\system32\winver.exe:*:Enabled:winver -- (Microsoft Corporation)
"C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe" = C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe:*:Disabled:Sentinel Protection Server -- (SafeNet, Inc)
"C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe" = C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe:*:Disabled:Sentinel Keys Server -- (SafeNet, Inc.)
"C:\Hry\Activision\Call of Duty 2\CoD2MP_s.exe" = C:\Hry\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s
"C:\Program Files\EA Games\Battlefield Play4Free\BFP4f.exe" = C:\Program Files\EA Games\Battlefield Play4Free\BFP4f.exe:*:Enabled:BFP4f
"C:\Program Files\Autodesk\Backburner\monitor.exe" = C:\Program Files\Autodesk\Backburner\monitor.exe:*:Enabled:backburner 2.3 monitor -- (Autodesk, Inc.)
"C:\Program Files\Autodesk\Backburner\manager.exe" = C:\Program Files\Autodesk\Backburner\manager.exe:*:Enabled:backburner 2.3 manager -- (Autodesk, Inc.)
"C:\Program Files\Autodesk\Backburner\server.exe" = C:\Program Files\Autodesk\Backburner\server.exe:*:Enabled:backburner 2.3 server -- (Autodesk, Inc.)
"C:\Program Files\Autodesk\3ds Max 2011\3dsmax.exe" = C:\Program Files\Autodesk\3ds Max 2011\3dsmax.exe:*:Enabled:Autodesk 3ds Max 2011 32-bit -- (Autodesk, Inc.)
"C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe" = C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe:*:Enabled:mental ray satellite server for Autodesk 3ds Max 2011 32-bit -- ()
"C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32.exe" = C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32.exe:*:Enabled:mental ray satellite for Autodesk 3ds Max 2011 32-bit -- (mental images GmbH)
"C:\Hry\Landwirtschafts Simulator 2011\FarmingSimulator2011.exe" = C:\Hry\Landwirtschafts Simulator 2011\FarmingSimulator2011.exe:*:Enabled:Landwirtschafts Simulator 2011
"C:\Hry\Landwirtschafts Simulator 2011\game.exe" = C:\Hry\Landwirtschafts Simulator 2011\game.exe:*:Enabled:Landwirtschafts Simulator 2011
"F:\Skype 3.8.0.188\Data\40000014ec00002i\Skype.exe" = F:\Skype 3.8.0.188\Data\40000014ec00002i\Skype.exe:*:Enabled:Skype
"C:\Hry\World_of_Tanks\WOTLauncher.exe" = C:\Hry\World_of_Tanks\WOTLauncher.exe:*:Enabled:World of Tanks Launcher
"C:\Hry\World_of_Tanks\WorldOfTanks.exe" = C:\Hry\World_of_Tanks\WorldOfTanks.exe:*:Enabled:World of Tanks
"C:\Hry\GamersFirst\APB Reloaded\Binaries\APB.exe" = C:\Hry\GamersFirst\APB Reloaded\Binaries\APB.exe:*:Enabled:APB: APB.exe
"C:\Hry\GamersFirst\APB Reloaded\Binaries\VivoxVoiceService.exe" = C:\Hry\GamersFirst\APB Reloaded\Binaries\VivoxVoiceService.exe:*:Enabled:APB: VivoxVoiceService.exe
"C:\Hry\Traktor 2\game.exe" = C:\Hry\Traktor 2\game.exe:*:Enabled:GIANTS Game Engine
"C:\Hry\TopCD\Traktor 2\game.exe" = C:\Hry\TopCD\Traktor 2\game.exe:*:Enabled:GIANTS Game Engine -- (GIANTS Software GmbH)
"C:\Program Files\Steam\SteamApps\common\empire total war\Empire.exe" = C:\Program Files\Steam\SteamApps\common\empire total war\Empire.exe:*:Enabled:Empire: Total War -- (The Creative Assembly Ltd)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{110EB5C4-E995-4CFB-AB80-A5F315BEA9E8}" = Python 2.6
"{13B792AA-C078-43A4-8A3A-8B12D629940D}" = Counter-Strike 1.6
"{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}" = McAfee VirusScan Enterprise
"{1BF66D77-6604-4f3f-B3AE-D640AFB58A88}" = Autodesk Vault 2010 (Client)
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI
"{1FB138CC-5503-4B4A-BC42-81E9C1FF26EE}" = Autodesk Inventor Content Center Libraries 2010 (Desktop Content)
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 26
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (ECSQLEXPRESS)
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{30BEF9F2-CD3F-4B13-9E5C-BFE2F9544572}_is1" = iZ3D Driver Remove
"{32941B29-1D13-4237-88AD-90B9A588E7EA}" = Planit CLS 2010.10
"{342F5437-C87D-4BB5-89B9-B23E16C6A395}" = Microsoft VC80 Support DLLs
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2008.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52969324-463B-4643-BF36-854BE2BECB89}" = Autodesk Inventor Professional 2010
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{55D9E026-DCB0-46FF-B60A-68B972228CF6}" = Autodesk Design Review 2010
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{5783F2D7-8005-0405-0002-0060B0CE6BBA}" = AutoCAD Mechanical 2010
"{5783F2D7-8005-0405-1002-0060B0CE6BBA}" = Jazykový balíček AutoCAD Mechanical 2010 – čeština

"{5783F2D7-8028-0409-0000-0060B0CE6BBA}" = DWG TrueView 2010
"{5C2CBFFD-FC3B-4AA9-993B-CE2B8DA25B87}" = Rhinoceros 4.0
"{654986E1-B6C9-4CA4-A478-B13025E739DE}_is1" = SM
"{67574624-BF0F-0409-AF6D-19FBD86FF7F7}" = Autodesk 3ds Max 2011 32-bit
"{7036A6F4-5DAD-3908-956D-1752CD7F7E5A}" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = The Sims™ 3 Luxusní bydlení – Kolekce
"{723D0010-CA4C-4248-B206-10B80B1EDBCC}" = Jazykový balíček Autodesk Vault 2010 (Client) – čeština
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{7F4DD591-1400-0409-0000-7107D70F3DB4}" = Autodesk Inventor Professional 2010
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8B3E5A90-1F6E-4FAF-B84F-C306C8A80809}" = AeroFly Professional Deluxe
"{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
"{90280405-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional s aplikací FrontPage
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = The Sims™ 3 Povolání snů
"{93293322-B694-4270-B7FE-DDE1A681ACCA}" = linguatec Voice Reader
"{95E1E426-EE9E-4F68-8F02-58A5A09B38F3}" = Rhinoceros 4.0 SR8
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}" = Autodesk Material Library 2011
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A75A98B4-D473-44F0-976A-FEFB465401A5}" = RhinoCAM 2.0 for Rhino 4.0
"{A882D86A-02FA-4AED-AE1E-EA3C8A90E46F}" = T-Splines 3.0 WIP for Rhino
"{AA48705D-C811-4B1B-908F-C808D9896389}" = SolidWorks 2008 SP0
"{AA951B10-7089-4D60-B288-516E641F48E6}" = McAfee Agent
"{AC76BA86-7AD7-1029-7B44-A94000000001}" = Adobe Reader 9.4.6 - Czech
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Ovládací panel NVIDIA 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Ovladače grafiky 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.36
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Systémový software PhysX 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.4 Game
"{D686199B-882E-4550-92C4-BD99A8C295D0}" = Rhinoceros 4.0 SR5
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E6098043-1183-4580-89EF-423CBF807188}" = pdfforge Toolbar v4.6
"{E8AEA11B-E60A-455E-B008-E4E763604612}" = Browser Configuration Utility
"{EAFAE612-3099-4538-9D7E-AB36FE0DB755}" = Edgecam 2010.10
"{EDFE2142-CFB3-44AB-A961-DE85F6408A28}" = Sentinel Protection Installer 7.3.2
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FAB43061-FEFB-46E8-A159-96710395DB5E}" = OpenOffice.org 3.2
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"3D Object Converter for Windows 4.0" = 3D Object Converter for Windows 4.0
"3DS Import for Inventor_is1" = 3DS Import for Inventor
"3DS Import for SolidWorks_is1" = 3DS Import for SolidWorks
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ArmA 2" = ArmA 2 Uninstall
"ARMA 2 Operation Arrowhead" = ARMA 2 Operation Arrowhead Uninstall
"AutoCAD Mechanical 2010" = AutoCAD Mechanical 2010
"Autodesk Design Review 2010" = Autodesk Design Review 2010
"Autodesk FBX Plug-in 2011.1 - 3ds Max 2011" = Autodesk FBX Plug-in 2011.1 - 3ds Max 2011
"Autodesk Inventor Professional 2010" = Autodesk Inventor Professional 2010 čeština (Czech)
"Autodesk Vault 2010 (Client)" = Autodesk Vault 2010 (Client)
"BattlEye" = BattlEye Uninstall
"BattlEye for OA" = BattlEye for OA Uninstall
"Blender" = Blender (remove only)
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0
"DWG TrueView 2010" = DWG TrueView 2010
"FMS" = FMS
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mesh To Solid for Rhino_is1" = Mesh To Solid for Rhino
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile CSY Language Pack" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MilkShape 3D 1.8.2" = MilkShape 3D 1.8.2
"Mozilla Firefox 6.0.2 (x86 cs)" = Mozilla Firefox 6.0.2 (x86 cs)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Multimedia Keyboard Driver" = Multimedia Keyboard Driver
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"NVIDIAStereo" = NVIDIA Windows 95/98/ME/2000/XP Stereo Drivers
"OpenAL" = OpenAL
"PDF Editor 3" = PDF Editor 3
"PunkBusterSvc" = PunkBuster Services
"RealVNC_is1" = VNC Free Edition 4.1.3
"RhinoResurf for Rhino" = RhinoResurf for Rhino
"Searchster.Net_is1" = Searchster.Net 3.8 (20091213)
"SpeedFan" = SpeedFan (remove only)
"Steam App 10500" = Empire: Total War
"Synthesia" = Synthesia (remove only)
"Těžiště_is1" = Těžiště 1.0
"Totalcmd" = Total Commander (Remove or Repair)
"Traktor 2_is1" = Traktor 2
"Traktor Simulátor_is1" = Traktor Simulátor
"T-Splines for Rhino" = T-Splines for Rhino
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-861567501-606747145-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"TeamSpeak 3 Client" = TeamSpeak 3 Client

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3.9.2011 5:31:17 | Computer Name = SAFAR-6A88902D4 | Source = crypt32 | ID = 131083
Description = Extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou
aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>
se nezdařilo. Chyba: Při ověření se systémovými hodinami nebo časovým razítkem
podepsaného souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti.

Error - 12.9.2011 9:41:51 | Computer Name = SAFAR-6A88902D4 | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace firefox.exe, verze 6.0.2.4262, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 18.9.2011 13:29:13 | Computer Name = SAFAR-6A88902D4 | Source = Application Error | ID = 1000
Description = Chybující aplikace wscommcntr1.exe, verze 18.1.49.0, chybující modul
wscommcntr1.exe, verze 18.1.49.0, adresa chyby 0x0000bb9e.

Error - 20.9.2011 12:32:44 | Computer Name = SAFAR-6A88902D4 | Source = crypt32 | ID = 131083
Description = Extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou
aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>
se nezdařilo. Chyba: Při ověření se systémovými hodinami nebo časovým razítkem
podepsaného souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti.

Error - 20.9.2011 12:32:44 | Computer Name = SAFAR-6A88902D4 | Source = crypt32 | ID = 131083
Description = Extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou
aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>
se nezdařilo. Chyba: Při ověření se systémovými hodinami nebo časovým razítkem
podepsaného souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti.

Error - 20.9.2011 12:32:59 | Computer Name = SAFAR-6A88902D4 | Source = crypt32 | ID = 131080
Description = Načtení automatické aktualizace pořadového čísla kořenového seznamu
jiného výrobce z: <http://www.download.windowsupdate.com/m ... ootseq.txt>
se nezdařilo. Chyba: Daná operace se vrátila, protože vypršel časový limit.

Error - 24.9.2011 11:06:35 | Computer Name = SAFAR-6A88902D4 | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace firefox.exe, verze 6.0.2.4262, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 24.9.2011 12:27:04 | Computer Name = SAFAR-6A88902D4 | Source = crypt32 | ID = 131083
Description = Extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou
aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>
se nezdařilo. Chyba: Při ověření se systémovými hodinami nebo časovým razítkem
podepsaného souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti.

Error - 24.9.2011 12:27:04 | Computer Name = SAFAR-6A88902D4 | Source = crypt32 | ID = 131083
Description = Extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou
aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>
se nezdařilo. Chyba: Při ověření se systémovými hodinami nebo časovým razítkem
podepsaného souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti.

Error - 24.9.2011 12:27:19 | Computer Name = SAFAR-6A88902D4 | Source = crypt32 | ID = 131080
Description = Načtení automatické aktualizace pořadového čísla kořenového seznamu
jiného výrobce z: <http://www.download.windowsupdate.com/m ... ootseq.txt>
se nezdařilo. Chyba: Daná operace se vrátila, protože vypršel časový limit.

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

#21 Příspěvek od **vyosek** » 26 zář 2011 14:43

Spustte znovu OTL

Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

Kód: Vybrat vše

:otl
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011.08.17 13:00:38 | 000,402,328 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
IE - HKU\S-1-5-21-861567501-606747145-839522115-1004\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.6\pdfforgeToolbarIE.dll (Spigot, Inc.)
FF - prefs.js..browser.search.defaultenginename: "searchster.net"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.selectedEngine: "Searchster.Net"
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.3
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3
F - prefs.js..extensions.enabledItems: Subscription@helper.com:2.9
FF - prefs.js..extensions.enabledItems: Search_Toolbar@skywebsearch.com:3.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=302398&p="
[2010.12.19 17:51:07 | 000,002,121 | ---- | M] () -- C:\Documents and Settings\Jirka\Data aplikací\Mozilla\Firefox\Profiles\z9opovad.default\searchplugins\Searchster.xml
[2011.08.31 10:59:06 | 000,000,000 | ---D | M] (pdfforge Toolbar) -- C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF
O2 - BHO: (ShowBarObj Class) - {2863E737-DD3F-4280-9AF8-E9E79C16F312} - C:\Program Files\Searchster.Net\MinBHO.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.6\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (SignatureManagerBHO) - {C6CC9344-BC12-4EA7-9E37-46D61866C771} - C:\Program Files\SM\SubsHelperBHO.dll (SM Technologies)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.6\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Searchster.Net) - {F334C7B0-8774-4d5b-BD7A-4F448D03A1AE} - C:\Program Files\Searchster.Net\Searchster.Net.dll (Searchster.Net Company)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [GEST] m‘|\ü File not found
O4 - HKU\S-1-5-21-861567501-606747145-839522115-1004..\Run: [PCSpeedUp] "C:\Program Files\Zrychleni Pocitace\PCSpeedUp.exe" File not found
O20 - Winlogon\Notify\winjty32: DllName - (winjty32.dll) - C:\WINDOWS\System32\winjty32.dll ()
O33 - MountPoints2\{2b960862-a188-11df-b9fe-001fd0b54177}\Shell - "" = Autorun
NetSvcs: SSHNAS - File not found
[2010.08.25 15:09:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\safar\Data aplikací\pdfforge
[2010.11.23 21:28:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\safar\Data aplikací\Search Settings
[12 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[1 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]

:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=-
"Adobe ARM"=-
"SunJavaUpdateSched"=-
""=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=-
"PCSpeedUp"=-
"MSMSGS"=C-
"JP595IR86O"=-
"Steam"=-

:files
C:\WINDOWS\System32\winjty32.dll
C:\Program Files\Zrychleni Pocitace
C:\Program Files\pdfforge Toolbar
C:\Program Files\Application Updater
C:\Documents and Settings\Jirka\Data aplikací\Search Settings
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]

Nasledne kliknete na Opravit
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

erorr · #22 Příspěvek od **erorr** » 26 zář 2011 15:31

log:

All processes killed
========== OTL ==========
Service HidServ stopped successfully!
Service HidServ deleted successfully!
Service Application Updater stopped successfully!
Service Application Updater deleted successfully!
C:\Program Files\Application Updater\ApplicationUpdater.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-861567501-606747145-839522115-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
C:\Program Files\pdfforge Toolbar\IE\4.6\pdfforgeToolbarIE.dll moved successfully.
Prefs.js: "searchster.net" removed from browser.search.defaultenginename
Prefs.js: "chr-greentree_ff&type=302398" removed from browser.search.param.yahoo-fr
Prefs.js: "Searchster.Net" removed from browser.search.selectedEngine
Prefs.js: pdfforge@mybrowserbar.com:4.3 removed from extensions.enabledItems
Prefs.js: wtxpcom@mybrowserbar.com:4.3 removed from extensions.enabledItems
Prefs.js: Search_Toolbar@skywebsearch.com:3.8 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems
Prefs.js: "http://search.yahoo.com/search?fr=green ... =302398&p=" removed from keyword.URL
C:\Documents and Settings\Jirka\Data aplikací\Mozilla\Firefox\Profiles\z9opovad.default\searchplugins\Searchster.xml moved successfully.
C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF\chrome\skin folder moved successfully.
C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF\chrome\locale\EN-US folder moved successfully.
C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF\chrome\locale folder moved successfully.
C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF\chrome\content folder moved successfully.
C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF\chrome folder moved successfully.
C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2863E737-DD3F-4280-9AF8-E9E79C16F312}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2863E737-DD3F-4280-9AF8-E9E79C16F312}\ deleted successfully.
C:\Program Files\Searchster.Net\MinBHO.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}\ deleted successfully.
C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Program Files\pdfforge Toolbar\IE\4.6\pdfforgeToolbarIE.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C6CC9344-BC12-4EA7-9E37-46D61866C771}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C6CC9344-BC12-4EA7-9E37-46D61866C771}\ deleted successfully.
C:\Program Files\SM\SubsHelperBHO.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Program Files\pdfforge Toolbar\IE\4.6\pdfforgeToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{F334C7B0-8774-4d5b-BD7A-4F448D03A1AE} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F334C7B0-8774-4d5b-BD7A-4F448D03A1AE}\ deleted successfully.
C:\Program Files\Searchster.Net\Searchster.Net.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\GEST deleted successfully.
Registry value HKEY_USERS\S-1-5-21-861567501-606747145-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Run\\PCSpeedUp deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winjty32\ deleted successfully.
C:\WINDOWS\system32\winjty32.dll moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2b960862-a188-11df-b9fe-001fd0b54177}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2b960862-a188-11df-b9fe-001fd0b54177}\ not found.
SSHNAS removed from NetSvcs value successfully!
C:\Documents and Settings\safar\Data aplikací\pdfforge\temp folder moved successfully.
C:\Documents and Settings\safar\Data aplikací\pdfforge\res folder moved successfully.
C:\Documents and Settings\safar\Data aplikací\pdfforge folder moved successfully.
C:\Documents and Settings\safar\Data aplikací\Search Settings\temp folder moved successfully.
C:\Documents and Settings\safar\Data aplikací\Search Settings\res folder moved successfully.
C:\Documents and Settings\safar\Data aplikací\Search Settings\kb130\temp folder moved successfully.
C:\Documents and Settings\safar\Data aplikací\Search Settings\kb130 folder moved successfully.
C:\Documents and Settings\safar\Data aplikací\Search Settings folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP116.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1F7.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP208.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP230.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3F6.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP4FA.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP50E.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP538.tmp\System.Data.Linq.dll deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP538.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP61A.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP637.tmp\System.dll deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP637.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP6C44.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPEA21.tmp folder deleted successfully.
C:\WINDOWS\Installer\MSI6713.tmp deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\PCSpeedUp not found.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\"MSMSGS"|C- /E : value set successfully!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\JP595IR86O not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Steam deleted successfully.
========== FILES ==========
File\Folder C:\WINDOWS\System32\winjty32.dll not found.
File\Folder C:\Program Files\Zrychleni Pocitace not found.
C:\Program Files\pdfforge Toolbar\Res folder moved successfully.
C:\Program Files\pdfforge Toolbar\IE\4.6 folder moved successfully.
C:\Program Files\pdfforge Toolbar\IE folder moved successfully.
C:\Program Files\pdfforge Toolbar folder moved successfully.
C:\Program Files\Application Updater folder moved successfully.
C:\Documents and Settings\Jirka\Data aplikací\Search Settings\temp folder moved successfully.
C:\Documents and Settings\Jirka\Data aplikací\Search Settings\res folder moved successfully.
C:\Documents and Settings\Jirka\Data aplikací\Search Settings folder moved successfully.
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
File/Folder C:\WINDOWS\*.tmp not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Jirka
->Temp folder emptied: 57578578 bytes
->Temporary Internet Files folder emptied: 85674 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 241876681 bytes
->Flash cache emptied: 2171 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Martina
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 131072 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: safar
->Temp folder emptied: 592792 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 85475 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 23488636 bytes

Total Files Cleaned = 309,00 mb

[EMPTYFLASH]

User: All Users

User: Default User

User: Jirka
->Flash cache emptied: 0 bytes

User: LocalService

User: Martina
->Flash cache emptied: 0 bytes

User: NetworkService

User: safar
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

OTL by OldTimer - Version 3.2.29.1 log created on 09262011_162653

Files\Folders moved on Reboot...
C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_d0.dat moved successfully.

Registry entries deleted on Reboot...

#23 Příspěvek od **vyosek** » 26 zář 2011 15:34

Odinstalujte Avast pomoci tohoto http://files.avast.com/files/eng/aswclear.exe

v nouzovem rezimu spustte ComboFix

erorr · #24 Příspěvek od **erorr** » 26 zář 2011 15:39

pouzívam mcfee a odinstalování nepřipadá v uvahu protože nemám instalační cd ani klíč!

#25 Příspěvek od **vyosek** » 26 zář 2011 15:41

Zkuste tedy spustit ComboFix

erorr · #26 Příspěvek od **erorr** » 26 zář 2011 15:57

Nemáte v záloze nějaký návod jak ho vynout. Stale se combofix zasekni pří začátku scanu. Ale myslím si že to antivirus nedělá.

#27 Příspěvek od **vyosek** » 26 zář 2011 16:30

Zde http://www.bleepingcomputer.com/forums/topic114351.html

Pokud nepomuze, tak postupujte dale

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

Stahnete a spustte
Pro potvrzeni volby mackejte A, Enter
Po pouziti utilitu smazte
Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

Stahnete Malwarebytes' Anti-Malware (zkracene MBAM) (viz muj podpis)

Provedte aktualizaci
Provedte uplny sken - nic nemazte
MBAM miva obcas falesne detekce, proto vlozte log do prispevku a pockejte na posouzeni

erorr · #28 Příspěvek od **erorr** » 27 zář 2011 19:43

este log z mbam

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Verze databáze: 7790

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

27.9.2011 20:41:58
mbam-log-2011-09-27 (20-41-53).txt

Typ kontroly: Úplný test (C:\|)
Testované objekty: 336931
Uplynulý čas: 1 hodin, 19 minut, 18 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 1
Infikované klíče v registru: 12
Infikované hodnoty v registru: 1
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 3

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
c:\program files\common files\Spigot\wtxpcom\components\widgitoolbarff.dll (Adware.WidgiToolbar) -> No action taken.

Infikované klíče v registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{2863E737-DD3F-4280-9AF8-E9E79C16F312} (Adware.SkyMediaPack) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2863E737-DD3F-4280-9AF8-E9E79C16F312} (Adware.SkyMediaPack) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{F334C7B0-8774-4D5B-BD7A-4F448D03A1AE} (Adware.SkyLab) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F334C7B0-8774-4D5B-BD7A-4F448D03A1AE} (Adware.SkyLab) -> No action taken.
HKEY_CLASSES_ROOT\KBBar.KBBarBand (Adware.7FaSSt) -> No action taken.
HKEY_CLASSES_ROOT\KBBar.KBBarBand.1 (Adware.7FaSSt) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\JP595IR86O (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Z30KYPG3WS (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\SkyMedia (Adware.SkyMedia) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR (Trojan.Downloader) -> No action taken.

Infikované hodnoty v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM\COMPONENTS\WIDGITOOLBARFF.DLL (Adware.WidgiToolbar) -> Value: WIDGITOOLBARFF.DLL -> No action taken.

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
c:\program files\common files\Spigot\wtxpcom\components\widgitoolbarff.dll (Adware.WidgiToolbar) -> No action taken.
c:\program files\common files\Spigot\wtxpcom\components\widgitoolbarff.dll.5 (Adware.WidgiToolbar) -> No action taken.
c:\program files\common files\Spigot\wtxpcom\components\widgitoolbarff.dll.6 (Adware.WidgiToolbar) -> No action taken.

#29 Příspěvek od **vyosek** » 27 zář 2011 19:45

Nalezy smazte, bude nasledovat log, ten rad uvidim

erorr · #30 Příspěvek od **erorr** » 27 zář 2011 19:46

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Verze databáze: 7790

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

27.9.2011 20:45:36
mbam-log-2011-09-27 (20-45-36).txt

Typ kontroly: Úplný test (C:\|)
Testované objekty: 336931
Uplynulý čas: 1 hodin, 19 minut, 18 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 1
Infikované klíče v registru: 12
Infikované hodnoty v registru: 1
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 3

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
c:\program files\common files\Spigot\wtxpcom\components\widgitoolbarff.dll (Adware.WidgiToolbar) -> Delete on reboot.

Infikované klíče v registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{2863E737-DD3F-4280-9AF8-E9E79C16F312} (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2863E737-DD3F-4280-9AF8-E9E79C16F312} (Adware.SkyMediaPack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{F334C7B0-8774-4D5B-BD7A-4F448D03A1AE} (Adware.SkyLab) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F334C7B0-8774-4D5B-BD7A-4F448D03A1AE} (Adware.SkyLab) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\KBBar.KBBarBand (Adware.7FaSSt) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\KBBar.KBBarBand.1 (Adware.7FaSSt) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\JP595IR86O (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Z30KYPG3WS (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\SkyMedia (Adware.SkyMedia) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR (Trojan.Downloader) -> Quarantined and deleted successfully.

Infikované hodnoty v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM\COMPONENTS\WIDGITOOLBARFF.DLL (Adware.WidgiToolbar) -> Value: WIDGITOOLBARFF.DLL -> Quarantined and deleted successfully.

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
c:\program files\common files\Spigot\wtxpcom\components\widgitoolbarff.dll (Adware.WidgiToolbar) -> Delete on reboot.
c:\program files\common files\Spigot\wtxpcom\components\widgitoolbarff.dll.5 (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
c:\program files\common files\Spigot\wtxpcom\components\widgitoolbarff.dll.6 (Adware.WidgiToolbar) -> Quarantined and deleted successfully.

VIRY.CZ

Vypnutí PC

Re: Vypnutí PC

Re: Vypnutí PC

Re: Vypnutí PC

Re: Vypnutí PC

Re: Vypnutí PC

Re: Vypnutí PC

Re: Vypnutí PC

Re: Vypnutí PC

Re: Vypnutí PC

Re: Vypnutí PC

Re: Vypnutí PC

Re: Vypnutí PC

Re: Vypnutí PC

Re: Vypnutí PC

Re: Vypnutí PC