prosím o kontrolu logu

Zpráva

paja86 · #1 Příspěvek od **paja86** » 19 lis 2011 12:40

Logfile of random's system information tool 1.09 (written by random/random)
Run by Eda at 2011-11-19 12:23:52
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 239 GB (78%) free of 305 GB
Total RAM: 1022 MB (36% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:23:57, on 19.11.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Eda\Dokumenty\Downloads\RSIT.exe
C:\Program Files\trend micro\Eda.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox.com/search/dispatc ... &%language
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2645238
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://toolbar.inbox.com/search/ie.aspx ... =11&lng=cs
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://toolbar.inbox.com/help/sa_custom ... tbid=80096
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe
O9 - Extra 'Tools' menuitem: PC Confidential - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe
O9 - Extra button: PC Confidential - {925DAB62-F9AC-4221-806A-057BFB1014AA} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 8730408968
O17 - HKLM\System\CCS\Services\Tcpip\..\{4E0CDCA4-957D-44B4-91BE-F788EEDC7B60}: NameServer = 192.168.1.131
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

--
End of file - 7948 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1259081737.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\PCConfidential.job
C:\WINDOWS\tasks\RPCReminder.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17, jqs@sun.com:1.0, {20a82645-c095-46ed-80e3-08825760534b}:1.2.1, {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20, {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.8, plugin2@gameplaylabs.com:2.0, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17"
prefs.js - "keyword.URL" - "http://search.icq.com/search/afe_result ... 2.0.1.2&q="

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi]
"Description"=ZoneAlarm Toolbar Api
"Path"=C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=6.0.12.709]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.709]
"Description"=6.0.12.709
"Path"=C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nppl3260.xpt
nsJSRealPlayerPlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
npdeployJava1.dll
NPOFFICE.DLL
nppdf32.dll
nppl3260.dll
nprpjplug.dll

C:\Program Files\Mozilla Firefox\searchplugins\
crawlersrch.xml
google.xml
heureka-cz.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default\extensions\
nostmp
plugin2@gameplaylabs.com
{20a82645-c095-46ed-80e3-08825760534b}
{800b5000-a755-47e1-992b-48a1c1357f07}

C:\Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default\searchplugins\
icqplugin-1.xml
icqplugin-10.xml
icqplugin-11.xml
icqplugin-12.xml
icqplugin-13.xml
icqplugin-14.xml
icqplugin-15.xml
icqplugin-16.xml
icqplugin-17.xml
icqplugin-18.xml
icqplugin-19.xml
icqplugin-2.xml
icqplugin-20.xml
icqplugin-3.xml
icqplugin-4.xml
icqplugin-5.xml
icqplugin-6.xml
icqplugin-7.xml
icqplugin-8.xml
icqplugin-9.xml
icqplugin.gif
icqplugin.src
icqplugin.xml
inbox-hledat.xml
inbox-hledn.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-09-05 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-12 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-04-12 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-08-30 7581696]
"nwiz"=nwiz.exe /install []
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-11-03 16269312]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-11-03 2879488]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2006-11-03 69632]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2004-11-02 32768]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"DWQueuedReporting"=c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe [2007-03-13 39264]
"PCSuiteTrayApplication"=C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe [2007-03-23 227328]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06 937920]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"TomTomHOME.exe"=C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [2011-04-22 247728]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Documents and Settings\Eda\Nabídka Start\Programy\Po spuštění
OpenOffice.org 3.1.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Documents and Settings\Eda\Plocha\Pavla\P1753577.JPG-www.facebook.exe"="C:\WINDOWS\nvsvc32.exe:*:Enabled:NVIDIA driver monitor"
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe"="C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Disabled:Google Earth"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.DIVX"=divx.dll
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=yv12vfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll

======List of files/folders created in the last 1 month======

2011-11-19 12:23:52 ----D---- C:\rsit
2011-11-11 15:43:16 ----HDC---- C:\WINDOWS\$NtUninstallKB2641690$
2011-11-09 11:47:51 ----HDC---- C:\WINDOWS\$NtUninstallKB2544893-v2$

======List of files/folders modified in the last 1 month======

2011-11-19 12:23:55 ----D---- C:\Program Files\trend micro
2011-11-19 10:15:35 ----D---- C:\WINDOWS\Temp
2011-11-19 10:04:09 ----D---- C:\WINDOWS\Prefetch
2011-11-19 08:50:33 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-11-18 17:16:51 ----D---- C:\WINDOWS
2011-11-17 08:17:17 ----SHD---- C:\WINDOWS\Installer
2011-11-17 08:17:06 ----D---- C:\Program Files\Google
2011-11-13 12:03:04 ----D---- C:\Program Files\Mozilla Firefox
2011-11-12 06:10:31 ----D---- C:\WINDOWS\system32
2011-11-11 15:43:21 ----HD---- C:\WINDOWS\inf
2011-11-11 15:43:19 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-11-11 09:41:22 ----HD---- C:\WINDOWS\$hf_mig$
2011-11-11 09:41:20 ----D---- C:\WINDOWS\system32\CatRoot2
2011-11-09 11:47:56 ----A---- C:\WINDOWS\imsins.BAK
2011-11-09 11:45:15 ----A---- C:\WINDOWS\system32\MRT.exe
2011-10-30 07:41:48 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-15 76544]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2011-07-04 30808]
R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2009-11-24 82380]
R1 AmdPPM;Ovladač procesoru HwPState AMD; C:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 33792]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2011-07-04 25432]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2011-07-04 441176]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2011-07-04 309848]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2011-07-04 43608]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2011-07-04 19544]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2011-07-04 102616]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-11-03 4394496]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-08-30 3685152]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 StillCam;Ovladač digitálního fotoaparátu pro sériový port; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-10-24 6784]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
S3 androidusb;ADB Interface Driver; C:\WINDOWS\System32\Drivers\smhwadb.sys [2009-12-24 25728]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2003-04-07 51024]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2003-04-07 16080]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2003-04-07 21456]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\nmwcd.sys [2007-02-22 137216]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\nmwcdc.sys [2007-02-22 8320]
S3 nmwcdcj;Nokia USB Port; C:\WINDOWS\system32\drivers\nmwcdcj.sys [2007-02-22 12288]
S3 nmwcdcm;Nokia USB Modem; C:\WINDOWS\system32\drivers\nmwcdcm.sys [2007-02-22 12288]
S3 smhwdev;SmartPhone dummy USB PNP Device (Normal); C:\WINDOWS\system32\DRIVERS\smhwdev.sys [2010-01-14 100864]
S3 smhwser;USB Device for Legacy Serial Communication (Normal); C:\WINDOWS\system32\DRIVERS\smhwser.sys [2010-02-04 108032]
S3 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2009-11-12 7168]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-07-04 42184]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-12 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 NMSAccess;NMSAccess; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2010-03-04 71096]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-08-30 143426]
R2 TomTomHOMEService;TomTomHOMEService; C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [2011-04-22 92592]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2007-03-26 292864]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-01-09 136176]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-01-09 136176]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-04-07 65795]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#2 Příspěvek od **Mc_Murphy** » 19 lis 2011 13:00

Zdravím.

Dej mi minutku, hnedle se na to mrknu.

#3 Příspěvek od **Mc_Murphy** » 19 lis 2011 13:06

Fixni v HJT tyto položky:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox.com/search/dispatc ... pl=11&qkw=%s&tbid=%tb_id&%language
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2645238
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://toolbar.inbox.com/search/ie.aspx ... =11&lng=cs
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://toolbar.inbox.com/help/sa_custom ... tbid=80096
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe

"Fixnout" znamená, že spustíš HJT, zvolíš možnost [Do a system scan only] a zaškrtneš čtvereček vlevo od mnou vypsaných položek. Poté klikneš na [Fix checked] a odsouhlasíš [ANO].
HJT najdeš zde: C:\Program Files\trend micro\Eda.exe

Dále stáhni OTL z tohoto odkazu a ulož jej na Plochu.

Pokud používáš Win Vista či Win7, klikni na OTL pravým myšítkem a dej Run As Administrator či Spustit jako správce.
Pokud používáš 64bitový OS, zkontroluj, zda-li je zaškrtnutý čtvereček Pro 64 bitové OS. Pokud ne, zaškrtni jej.
Zaškrtni okénko Pro všechny uživatele.
Zaškrtni okénko Kontrola na havěť "LOP".
Zaškrtni okénko Kontrola na havěť "Purity".
Stáři souborů změň z 30 dnů na 7 dnů.
Do spodního okénka Vlastní skenování/opravy vlož tento script:

Kód: Vybrat vše

safebootminimal 
safebootnetwork
drivers32
savembr:0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
/md5start
scecli.dll
autochk.exe
csrss.exe
explorer.exe
lsass.exe
services.exe
smss.exe
spoolsv.exe
svchost.exe
userinit.exe
winlogon.exe
atapi.sys
cdrom.sys 
ndis.sys
ntfs.sys
tcpip.sys
%SystemDrive%\PhysicalMBR.bin
/md5stop
C:\windows\system32\spool\prtprocs|dll;true;true;true /FP
%systemroot%\system32\drivers\*.sys /5
%systemroot%\system32\drivers\*.sys /X 
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\*.* /5
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\config\*.sav 
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\*.* /U /s
%systemroot%\*. /mp /s
%ALLUSERSPROFILE%\Data Aplikací\*.*
%ALLUSERSPROFILE%\Data Aplikací\*.exe /s
%ALLUSERSPROFILE%\Dáta aplikácií\*.*
%ALLUSERSPROFILE%\Dáta aplikácií\*.exe /s
%APPDATA%\*.
%APPDATA%\*.*
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
*crack* /s
*keygen* /s
*loader* /s
*minodlogin* /s
*tnod* /s
*AutoKMS* /s
*activator* /s
*serial* /s
*w7lxe* /s
*legalizator* /s
*registration* /s
*Office 2010* /s
*AutoRearm* /s
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager" /v BootExecute /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager" /v "PendingFileRenameOperations" /c
type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5

Klikni na tlačítko Prohledat.
Po dokončení skenu se objeví logy OTL.txt a Extras.txt, oba mi sem vlož.
Logy se nevejdou do jednoho, rozděl je tedy prosím do více příspěvků.

paja86 · #4 Příspěvek od **paja86** » 19 lis 2011 14:34

OTL Extras logfile created on: 19.11.2011 13:53:24 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Eda\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1022,48 Mb Total Physical Memory | 371,04 Mb Available Physical Memory | 36,29% Memory free
2,40 Gb Paging File | 1,96 Gb Available in Paging File | 81,79% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298,08 Gb Total Space | 233,13 Gb Free Space | 78,21% Space Free | Partition Type: NTFS

Computer Name: XP | User Name: Eda | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-823518204-484061587-725345543-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\ICQ6.5\ICQ.exe" = C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6
"C:\Documents and Settings\Eda\Plocha\Pavla\P1753577.JPG-www.facebook.exe" = C:\WINDOWS\nvsvc32.exe:*:Enabled:NVIDIA driver monitor
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Disabled:Google Earth -- (Google)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066D65EA-ED53-44E4-A96A-F81B6E409D2E}" = PC Connectivity Solution
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 20
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{4781569D-5404-1F26-4B2B-6DF444441031}" = Nero 7 Ultra Edition
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}" = Nokia PC Suite
"{5E65E94D-69F2-4850-9E93-6459C53A0F50}" = Microsoft .NET Framework 1.1 Czech Language Pack
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = Zpracování fotografií a obrázků HP 2.0 - All-in-One ovladač
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F947BFE-C2DF-4779-9909-5BEE746BD0C4}" = Microsoft .NET Framework 2.0 Language Pack - CSY
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90110405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{972B1D9B-0EAD-49E8-B7D6-3B83FD5665B1}" = Nokia Connectivity Cable Driver
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = Zpracování fotografií a obrázků HP 2.0 - All-in-One
"{9DAF5ED3-20C3-47B5-8CE0-CF82D4BE7AAD}" = OpenOffice.org 3.1
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1029-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Czech
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C900EF06-2E76-49C7-8DB0-41F629B21DC5}" = hp psc 1200 series
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"0852D05415AB9A4F1EF451E342267F76C776ED2F" = Balíček ovladače systému Windows - Nokia Modem (11/03/2006 6.82.0.1)
"0C5EDC3653FED5B121F464339EAC12534D253B25" = Windows Driver Package - Nokia Modem (02/15/2007 3.1)
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"Dialup For Android Handset" = Dialup For Android Handset
"Digsby" = Digsby
"F064B256B4A20996EA9E333B5E0F14B61AB3333D" = Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1)
"fishsim2" = fishsim2
"GamePlayLabs Plugin" = GamePlayLabs Plugin
"Google Chrome" = Google Chrome
"HP PSC 1200 Series" = Zpracování fotografií a obrázkù HP 2.0 - PSC 1200 Series
"ie8" = Windows Internet Explorer 8
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.8.3
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - CSY" = Microsoft .NET Framework 2.0 Language Pack - CSY
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 7.0.1 (x86 cs)" = Mozilla Firefox 7.0.1 (x86 cs)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"PC Suite For Android Handset" = PC Suite For Android Handset
"PCConfidential_is1" = PC Confidential 2008
"RegPowerClean_is1" = Winferno Registry Power Cleaner
"Some PDF to Word Converter_is1" = Some PDF to Word Converter 1.5
"TomTom HOME" = TomTom HOME 2.8.2.2264
"Total PDF Converter_is1" = TotalPDFConverter
"Totalcmd" = Total Commander (Remove or Repair)
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WinBase602 7.0" = WinBase602 7.0
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 27.3.2010 3:40:37 | Computer Name = XP | Source = avast! | ID = 33554522
Description =

Error - 27.3.2010 10:52:41 | Computer Name = XP | Source = avast! | ID = 33554522
Description =

Error - 27.3.2010 12:33:33 | Computer Name = XP | Source = avast! | ID = 33554522
Description =

Error - 30.3.2010 0:39:36 | Computer Name = XP | Source = avast! | ID = 33554522
Description =

Error - 30.3.2010 3:16:10 | Computer Name = XP | Source = avast! | ID = 33554522
Description =

Error - 30.3.2010 23:24:50 | Computer Name = XP | Source = avast! | ID = 33554522
Description =

Error - 31.3.2010 5:58:00 | Computer Name = XP | Source = avast! | ID = 33554522
Description =

Error - 2.4.2010 5:08:52 | Computer Name = XP | Source = avast! | ID = 33554522
Description =

Error - 20.10.2010 12:44:37 | Computer Name = XP | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 6.3.2011 6:59:50 | Computer Name = XP | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace explorer.exe, verze 6.0.2900.5512, zablokovaný
modul hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 15.3.2011 15:20:10 | Computer Name = XP | Source = crypt32 | ID = 131083
Description = Extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou
aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>
se nezdařilo. Chyba: Při ověření se systémovými hodinami nebo časovým razítkem
podepsaného souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti.

Error - 25.5.2011 15:27:02 | Computer Name = XP | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace firefox.exe, verze 2.0.1.4120, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 6.6.2011 3:27:30 | Computer Name = XP | Source = Application Error | ID = 1000
Description = Chybující aplikace fishsim2.exe, verze 0.0.0.0, chybující modul fishsim2.exe,
verze 0.0.0.0, adresa chyby 0x00084175.

Error - 6.6.2011 3:31:16 | Computer Name = XP | Source = Application Error | ID = 1000
Description = Chybující aplikace fishsim2.exe, verze 0.0.0.0, chybující modul fishsim2.exe,
verze 0.0.0.0, adresa chyby 0x00084175.

Error - 6.6.2011 3:32:23 | Computer Name = XP | Source = Application Error | ID = 1000
Description = Chybující aplikace fishsim2.exe, verze 0.0.0.0, chybující modul fishsim2.exe,
verze 0.0.0.0, adresa chyby 0x00084175.

Error - 9.6.2011 15:12:11 | Computer Name = XP | Source = TomTomHOMEService | ID = 10000
Description =

Error - 9.6.2011 15:14:00 | Computer Name = XP | Source = TomTomHOMEService | ID = 10000
Description =

Error - 10.6.2011 3:31:49 | Computer Name = XP | Source = Application Error | ID = 1000
Description = Chybující aplikace tomtomhomeruntime.exe, verze 1.9.1.3443, chybující
modul msvcr80.dll, verze 8.0.50727.3053, adresa chyby 0x000046b4.

Error - 21.6.2011 2:44:09 | Computer Name = XP | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace firefox.exe, verze 2.0.1.4120, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

[ System Events ]
Error - 13.11.2011 4:02:46 | Computer Name = XP | Source = Service Control Manager | ID = 7034
Description = Služba NVIDIA Display Driver Service byla neočekávaně ukončena. Tento
stav nastal již 1krát.

Error - 14.11.2011 9:09:55 | Computer Name = XP | Source = Service Control Manager | ID = 7034
Description = Služba NVIDIA Display Driver Service byla neočekávaně ukončena. Tento
stav nastal již 1krát.

Error - 15.11.2011 3:01:11 | Computer Name = XP | Source = W32Time | ID = 39452689
Description = Klient NTP zprostředkovatele časových údajů: Při vyhledávání DNS ručně
nakonfigurovaného partnera time.windows.com,0x1 došlo k chybě. Klient NTP se pokusí
o vyhledání pomocí služby DNS znovu za 15 minut. Chyba: Došlo k pokusu o operaci
se soketem v okamžiku nedosažitelnosti hostitele. (0x80072751)

Error - 15.11.2011 3:01:11 | Computer Name = XP | Source = W32Time | ID = 39452701
Description = Klient NTP zprostředkovatele časových údajů je konfigurován pro získávání
časových údajů z jednoho nebo více zdrojů času. Žádný z těchto zdrojů však není
aktuálně k dispozici. Po dobu 14 minut nebude proveden žádný pokus o kontaktování
zdroje. Klient NTP nemá k dispozici žádný zdroj času.

Error - 15.11.2011 3:01:27 | Computer Name = XP | Source = W32Time | ID = 39452689
Description = Klient NTP zprostředkovatele časových údajů: Při vyhledávání DNS ručně
nakonfigurovaného partnera time.windows.com,0x1 došlo k chybě. Klient NTP se pokusí
o vyhledání pomocí služby DNS znovu za 15 minut. Chyba: Došlo k pokusu o operaci
se soketem v okamžiku nedosažitelnosti hostitele. (0x80072751)

Error - 15.11.2011 3:01:27 | Computer Name = XP | Source = W32Time | ID = 39452701
Description = Klient NTP zprostředkovatele časových údajů je konfigurován pro získávání
časových údajů z jednoho nebo více zdrojů času. Žádný z těchto zdrojů však není
aktuálně k dispozici. Po dobu 14 minut nebude proveden žádný pokus o kontaktování
zdroje. Klient NTP nemá k dispozici žádný zdroj času.

Error - 15.11.2011 7:57:41 | Computer Name = XP | Source = W32Time | ID = 39452689
Description = Klient NTP zprostředkovatele časových údajů: Při vyhledávání DNS ručně
nakonfigurovaného partnera time.windows.com,0x1 došlo k chybě. Klient NTP se pokusí
o vyhledání pomocí služby DNS znovu za 15 minut. Chyba: Došlo k pokusu o operaci
se soketem v okamžiku nedosažitelnosti hostitele. (0x80072751)

Error - 15.11.2011 7:57:41 | Computer Name = XP | Source = W32Time | ID = 39452701
Description = Klient NTP zprostředkovatele časových údajů je konfigurován pro získávání
časových údajů z jednoho nebo více zdrojů času. Žádný z těchto zdrojů však není
aktuálně k dispozici. Po dobu 14 minut nebude proveden žádný pokus o kontaktování
zdroje. Klient NTP nemá k dispozici žádný zdroj času.

Error - 15.11.2011 7:57:57 | Computer Name = XP | Source = W32Time | ID = 39452689
Description = Klient NTP zprostředkovatele časových údajů: Při vyhledávání DNS ručně
nakonfigurovaného partnera time.windows.com,0x1 došlo k chybě. Klient NTP se pokusí
o vyhledání pomocí služby DNS znovu za 15 minut. Chyba: Došlo k pokusu o operaci
se soketem v okamžiku nedosažitelnosti hostitele. (0x80072751)

Error - 15.11.2011 7:57:57 | Computer Name = XP | Source = W32Time | ID = 39452701
Description = Klient NTP zprostředkovatele časových údajů je konfigurován pro získávání
časových údajů z jednoho nebo více zdrojů času. Žádný z těchto zdrojů však není
aktuálně k dispozici. Po dobu 14 minut nebude proveden žádný pokus o kontaktování
zdroje. Klient NTP nemá k dispozici žádný zdroj času.

< End of report >

paja86 · #5 Příspěvek od **paja86** » 19 lis 2011 14:35

OTL logfile created on: 19.11.2011 13:53:24 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Eda\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1022,48 Mb Total Physical Memory | 371,04 Mb Available Physical Memory | 36,29% Memory free
2,40 Gb Paging File | 1,96 Gb Available in Paging File | 81,79% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298,08 Gb Total Space | 233,13 Gb Free Space | 78,21% Space Free | Partition Type: NTFS

Computer Name: XP | User Name: Eda | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.11.19 13:51:00 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Eda\Plocha\OTL.exe
PRC - [2011.11.15 06:39:56 | 001,036,344 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2011.07.04 12:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011.07.04 12:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011.04.22 13:21:10 | 000,247,728 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2011.04.22 13:21:10 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009.09.17 20:11:40 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009.09.17 20:11:38 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2008.04.14 08:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.03.26 13:06:24 | 000,292,864 | ---- | M] (Nokia.) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2003.04.06 01:17:18 | 000,147,456 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
PRC - [2003.04.06 01:06:58 | 000,028,672 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
PRC - [2003.04.06 00:55:04 | 000,311,296 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
PRC - [2003.04.06 00:45:10 | 000,286,720 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

========== Modules (No Company Name) ==========

MOD - [2011.11.15 06:39:54 | 000,420,920 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\15.0.874.121\ppgooglenaclpluginchrome.dll
MOD - [2011.11.15 06:39:53 | 003,702,840 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\15.0.874.121\pdf.dll
MOD - [2011.11.15 06:38:16 | 000,122,952 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\15.0.874.121\avutil-51.dll
MOD - [2011.11.15 06:38:15 | 000,222,280 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\15.0.874.121\avformat-53.dll
MOD - [2011.11.15 06:38:14 | 001,746,504 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\15.0.874.121\avcodec-53.dll
MOD - [2011.11.15 03:36:18 | 008,593,056 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\15.0.874.121\gcswf32.dll
MOD - [2011.11.14 08:42:13 | 001,614,848 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\11111400\algo.dll
MOD - [2011.11.11 18:19:04 | 000,240,992 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\11111400\aswRep.dll
MOD - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
MOD - [2009.09.11 16:03:14 | 000,970,752 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2006.11.30 15:03:46 | 000,434,688 | ---- | M] () -- C:\Program Files\Total PDF Converter\axTotalConverter.dll
MOD - [2006.08.30 14:03:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll

========== Win32 Services (SafeList) ==========

SRV - [2011.07.04 12:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011.04.22 13:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010.03.04 22:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2007.03.26 13:06:24 | 000,292,864 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2003.04.07 06:32:06 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - [2011.07.04 12:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011.07.04 12:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011.07.04 12:35:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011.07.04 12:35:12 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011.07.04 12:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011.07.04 12:32:13 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011.07.04 12:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010.02.04 05:21:49 | 000,108,032 | R--- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smhwser.sys -- (smhwser) USB Device for Legacy Serial Communication (Normal)
DRV - [2010.01.14 00:02:28 | 000,100,864 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smhwdev.sys -- (smhwdev) SmartPhone dummy USB PNP Device (Normal)
DRV - [2009.12.24 09:00:40 | 000,025,728 | R--- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smhwadb.sys -- (androidusb)
DRV - [2009.11.24 12:08:05 | 000,082,380 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2009.11.12 13:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2007.04.16 21:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2007.02.22 10:15:56 | 000,137,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcd.sys -- (nmwcd)
DRV - [2007.02.22 10:15:14 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (nmwcdcm)
DRV - [2007.02.22 10:15:14 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdcj.sys -- (nmwcdcj)
DRV - [2007.02.22 10:15:14 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (nmwcdc)
DRV - [2006.11.03 00:00:00 | 004,394,496 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2004.08.03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-823518204-484061587-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-823518204-484061587-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.order.1: "Crawler Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.8
FF - prefs.js..extensions.enabledItems: plugin2@gameplaylabs.com:2.0
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_result ... 2.0.1.2&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.709: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.709: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.10.06 14:30:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.09.16 10:17:29 | 000,000,000 | ---D | M]

[2011.06.09 20:12:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Eda\Data aplikací\Mozilla\Extensions
[2011.06.09 20:12:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Eda\Data aplikací\Mozilla\Extensions\home2@tomtom.com
[2011.11.07 08:45:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default\extensions
[2010.04.27 21:27:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.11.07 08:45:52 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.05.07 18:14:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default\extensions\nostmp
[2011.04.05 15:17:47 | 000,000,000 | ---D | M] (GamePlayLabs Plugin) -- C:\Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default\extensions\plugin2@gameplaylabs.com
[2011.11.14 16:07:16 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default\searchplugins\icqplugin-1.xml
[2011.03.02 13:34:14 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default\searchplugins\icqplugin-10.xml
[2011.03.05 15:10:19 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default\searchplugins\icqplugin-11.xml
[2011.03.27 20:56:41 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default\searchplugins\icqplugin-12.xml
[2011.05.01 12:20:25 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default\searchplugins\icqplugin-13.xml
[2011.05.07 18:14:33 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default\searchplugins\icqplugin-14.xml
[2011.07.18 08:04:59 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default\searchplugins\icqplugin-15.xml
[2011.08.22 12:38:00 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default\searchplugins\icqplugin-16.xml
[2011.09.01 17:57:34 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default\searchplugins\icqplugin-17.xml
[2011.09.09 04:11:25 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default\searchplugins\icqplugin-18.xml
[2011.09.09 14:34:14 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default\searchplugins\icqplugin-19.xml
[2010.06.28 15:34:04 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default\searchplugins\icqplugin-2.xml
[2011.10.06 14:31:13 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default\searchplugins\icqplugin-20.xml
[2010.07.24 16:19:38 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default\searchplugins\icqplugin-3.xml
[2010.07.26 09:34:46 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default\searchplugins\icqplugin-4.xml
[2010.09.10 20:45:55 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default\searchplugins\icqplugin-5.xml
[2010.09.18 19:06:55 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default\searchplugins\icqplugin-6.xml
[2010.10.22 09:25:16 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default\searchplugins\icqplugin-7.xml
[2010.10.29 10:01:51 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default\searchplugins\icqplugin-8.xml
[2010.12.10 15:25:00 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default\searchplugins\icqplugin-9.xml
[2011.10.31 15:43:36 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default\searchplugins\icqplugin.gif
[2011.10.31 15:43:36 | 000,000,618 | ---- | M] () -- C:\Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default\searchplugins\icqplugin.src
[2010.06.24 07:57:26 | 000,000,947 | ---- | M] () -- C:\Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default\searchplugins\icqplugin.xml
[2010.09.10 20:45:57 | 000,002,304 | ---- | M] () -- C:\Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default\searchplugins\inbox-hledat.xml
[2010.11.30 15:21:12 | 000,002,307 | ---- | M] () -- C:\Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default\searchplugins\inbox-hledn.xml
[2011.05.07 15:28:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.05.01 10:20:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\EDA\DATA APLIKACĂ\MOZILLA\FIREFOX\PROFILES\0PQMRT3Q.DEFAULT\EXTENSIONS\{800B5000-A755-47E1-992B-48A1C1357F07}
[2009.11.20 16:39:03 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011.10.06 14:30:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.04.12 16:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.06.17 10:38:44 | 000,001,353 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\crawlersrch.xml
[2011.10.06 14:30:37 | 000,002,208 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\heureka-cz.xml
[2011.10.06 14:30:37 | 000,000,638 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
[2011.03.27 20:56:25 | 000,001,687 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\mall-cz.xml
[2011.10.06 14:30:37 | 000,001,367 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml
[2011.10.06 14:30:37 | 000,000,654 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml
[2011.10.06 14:30:37 | 000,001,179 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-cz.xml

========== Chrome ==========

CHR - default_search_provider: Seznam (Enabled)
CHR - default_search_provider: search_url = http://search.seznam.cz/?q={searchTerms}
CHR - default_search_provider: suggest_url = http:///suggest.fulltext.seznam.cz/?dict=fulltext_ff&phrase={searchTerms}&encoding={inputEncoding}&response_encoding=utf-8
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.121\pdf.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: GamePlayLabs Plugin = C:\Documents and Settings\Eda\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\ocphobfcfafpclibolpjdafgaffkaoci\1.0_0\

O1 HOSTS File: ([2006.03.02 13:00:00 | 000,000,737 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKU\S-1-5-21-823518204-484061587-725345543-1003\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKU\.DEFAULT..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)
O4 - HKU\S-1-5-18..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)
O4 - HKU\S-1-5-21-823518204-484061587-725345543-1003..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\hp psc 1000 series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-823518204-484061587-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : PC Confidential - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe (Capital Intellect, Inc)
O9 - Extra Button: PC Confidential - {925DAB62-F9AC-4221-806A-057BFB1014AA} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe (Capital Intellect, Inc)
O15 - HKLM\..Trusted Domains: mojebanka.cz ([]https in Trusted sites)
O15 - HKU\S-1-5-21-823518204-484061587-725345543-1003\..Trusted Domains: mojebanka.cz ([]https in Trusted sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windows ... 8730408968 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4E0CDCA4-957D-44B4-91BE-F788EEDC7B60}: NameServer = 192.168.1.131
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Eda\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Eda\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.11.20 15:10:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{1e399144-f343-11e0-afab-0018f3936c7d}\Shell - "" = AutoRun
O33 - MountPoints2\{1e399144-f343-11e0-afab-0018f3936c7d}\Shell\AutoRun\command - "" = J:\PcOptions.exe
O33 - MountPoints2\{962d1f86-3a83-11e0-adce-0018f3936c7d}\Shell - "" = AutoRun
O33 - MountPoints2\{962d1f86-3a83-11e0-adce-0018f3936c7d}\Shell\AutoRun\command - "" = J:\PcOptions.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: vsmon - Service
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\WINDOWS\System32\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2011.11.19 13:49:10 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Eda\Plocha\OTL.exe
[2011.11.19 12:23:52 | 000,000,000 | ---D | C] -- C:\rsit
[2011.11.17 08:17:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Google Earth

========== Files - Modified Within 30 Days ==========

[2011.11.19 13:56:25 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2011.11.19 13:54:48 | 000,000,852 | ---- | M] () -- C:\Documents and Settings\Eda\Plocha\Zástupce - RSIT.exe.lnk
[2011.11.19 13:51:00 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Eda\Plocha\OTL.exe
[2011.11.19 13:18:14 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011.11.19 13:17:50 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Google Chrome.lnk
[2011.11.19 12:23:46 | 000,781,383 | ---- | M] () -- C:\Documents and Settings\Eda\Plocha\RSIT.exe
[2011.11.19 12:23:16 | 000,935,175 | ---- | M] () -- C:\Documents and Settings\Eda\Plocha\RSITx64.exe
[2011.11.19 10:15:03 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011.11.19 08:51:53 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.11.19 08:51:44 | 000,051,048 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011.11.19 08:51:43 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\PCConfidential.job
[2011.11.19 08:51:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.11.18 17:16:51 | 000,000,000 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2011.11.18 11:39:43 | 000,000,522 | ---- | M] () -- C:\hpfr3420.xml
[2011.11.17 14:58:10 | 000,029,696 | ---- | M] () -- C:\Documents and Settings\Eda\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.11.09 11:47:56 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011.10.30 07:41:48 | 000,444,456 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.10.30 07:41:48 | 000,441,240 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2011.10.30 07:41:48 | 000,083,990 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2011.10.30 07:41:48 | 000,072,332 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.10.24 07:42:21 | 000,002,561 | ---- | M] () -- C:\Documents and Settings\Eda\Plocha\Microsoft Office Word 2003.lnk

========== Files Created - No Company Name ==========

[2011.11.19 13:54:48 | 000,000,852 | ---- | C] () -- C:\Documents and Settings\Eda\Plocha\Zástupce - RSIT.exe.lnk
[2011.11.19 12:23:46 | 000,781,383 | ---- | C] () -- C:\Documents and Settings\Eda\Plocha\RSIT.exe
[2011.11.19 12:23:16 | 000,935,175 | ---- | C] () -- C:\Documents and Settings\Eda\Plocha\RSITx64.exe
[2011.03.29 22:56:09 | 000,022,007 | ---- | C] () -- C:\Documents and Settings\Eda\Data aplikací\NMM-MetaData.db
[2011.03.04 20:41:02 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2011.03.04 18:35:50 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2010.10.20 17:57:42 | 000,041,472 | ---- | C] () -- C:\WINDOWS\System32\TAL12832.dll
[2010.10.20 17:57:42 | 000,034,816 | ---- | C] () -- C:\WINDOWS\System32\TALC9332.dll
[2010.10.20 17:57:42 | 000,034,304 | ---- | C] () -- C:\WINDOWS\System32\TALC3932.DLL
[2010.10.20 17:57:42 | 000,033,792 | ---- | C] () -- C:\WINDOWS\System32\TALEAN32.DLL
[2010.10.20 17:57:42 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\TALUPC32.dll
[2010.10.20 17:57:42 | 000,025,088 | ---- | C] () -- C:\WINDOWS\System32\TALITF32.dll
[2010.10.20 17:57:42 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\TALCBR32.dll
[2010.10.20 17:57:42 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\TALZIP32.dll
[2010.10.20 17:57:41 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\ODMA32.dll
[2010.10.20 14:44:00 | 000,000,292 | ---- | C] () -- C:\Documents and Settings\Eda\Local Settings\Data aplikací\DelUnist.bat
[2010.04.01 18:49:31 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010.01.13 06:54:02 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.11.24 17:51:40 | 000,020,458 | ---- | C] () -- C:\WINDOWS\hpoins01.dat.temp
[2009.11.24 17:51:40 | 000,016,622 | ---- | C] () -- C:\WINDOWS\hpomdl01.dat.temp
[2009.11.24 12:01:49 | 000,020,458 | ---- | C] () -- C:\WINDOWS\hpoins01.dat
[2009.11.24 12:01:49 | 000,016,622 | ---- | C] () -- C:\WINDOWS\hpomdl01.dat
[2009.11.21 19:07:45 | 000,053,120 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009.11.20 21:59:01 | 000,029,696 | ---- | C] () -- C:\Documents and Settings\Eda\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.11.20 17:13:40 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009.11.20 17:13:40 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009.11.20 17:13:38 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009.11.20 17:13:38 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009.11.20 17:13:38 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009.11.20 17:13:36 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009.11.20 17:08:06 | 000,000,508 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009.11.20 16:28:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009.11.20 16:24:01 | 000,000,123 | ---- | C] () -- C:\Documents and Settings\Eda\Local Settings\Data aplikací\fusioncache.dat
[2009.11.20 15:58:38 | 000,004,411 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009.11.20 15:57:23 | 000,265,416 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009.11.20 15:30:12 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009.11.20 15:30:12 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2009.11.20 15:30:12 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009.11.20 15:30:12 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009.11.20 15:30:11 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009.11.20 15:30:11 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2009.11.20 15:30:10 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2009.11.20 15:30:10 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2009.11.20 15:30:10 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2009.11.20 15:12:25 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009.11.20 15:07:05 | 000,021,812 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006.03.02 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006.03.02 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006.03.02 13:00:00 | 000,444,456 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006.03.02 13:00:00 | 000,441,240 | ---- | C] () -- C:\WINDOWS\System32\perfh005.dat
[2006.03.02 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006.03.02 13:00:00 | 000,269,162 | ---- | C] () -- C:\WINDOWS\System32\perfi005.dat
[2006.03.02 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006.03.02 13:00:00 | 000,083,990 | ---- | C] () -- C:\WINDOWS\System32\perfc005.dat
[2006.03.02 13:00:00 | 000,072,332 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006.03.02 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006.03.02 13:00:00 | 000,032,072 | ---- | C] () -- C:\WINDOWS\System32\perfd005.dat
[2006.03.02 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006.03.02 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006.03.02 13:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006.03.02 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006.03.02 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005.12.07 12:31:00 | 000,202,752 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2003.04.09 14:38:04 | 000,005,664 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2003.04.07 06:32:14 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll

========== LOP Check ==========

[2011.01.09 12:40:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
[2011.03.04 20:41:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Canneverbe Limited
[2010.05.29 11:45:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ICQ
[2011.01.01 13:16:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Installations
[2011.01.01 13:21:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\PC Suite
[2011.06.09 20:12:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TomTom
[2009.11.21 14:34:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Winferno
[2010.11.27 17:45:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eda\Data aplikací\602XML
[2011.03.04 20:41:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eda\Data aplikací\Canneverbe Limited
[2011.03.04 18:36:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eda\Data aplikací\CheckPoint
[2011.03.29 22:56:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eda\Data aplikací\Nokia
[2011.04.14 23:29:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eda\Data aplikací\Nokia Multimedia Player
[2011.03.15 20:31:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eda\Data aplikací\NZServis
[2009.12.11 04:43:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eda\Data aplikací\OpenOffice.org
[2011.01.01 13:28:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eda\Data aplikací\PC Suite
[2010.10.20 14:31:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eda\Data aplikací\Softplicity
[2011.03.04 19:58:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eda\Data aplikací\TeamViewer
[2011.06.09 20:12:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eda\Data aplikací\TomTom
[2010.02.26 21:24:00 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1259081737.job
[2011.11.19 08:51:43 | 000,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\PCConfidential.job
[2011.02.28 09:03:11 | 000,000,420 | ---- | M] () -- C:\WINDOWS\Tasks\RPCReminder.job

========== Purity Check ==========

========== Custom Scans ==========

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"CTFMON.EXE" = C:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 08:52:18 | 000,015,360 | ---- | M] (Microsoft Corporation)
"TomTomHOME.exe" = "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" -- [2011.04.22 13:21:10 | 000,247,728 | ---- | M] (TomTom)
"MSMSGS" = "C:\Program Files\Messenger\msmsgs.exe" /background -- [2008.04.14 08:52:38 | 001,695,232 | ---- | M] (Microsoft Corporation)

< MD5 for: ATAPI.SYS >
[2006.03.02 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2006.03.02 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2008.04.14 08:52:12 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\ServicePackFiles\i386\autochk.exe
[2008.04.14 08:52:12 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\system32\autochk.exe
[2006.03.02 13:00:00 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=CEA8636EC12F062C1ED8A7CB4E75324F -- C:\WINDOWS\$NtServicePackUninstall$\autochk.exe

< MD5 for: CDROM.SYS >
[2006.03.02 13:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008.04.14 00:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008.04.14 00:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2006.03.02 13:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys

< MD5 for: CSRSS.EXE >
[2006.03.02 13:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=490E6E57E54FAF5F23F658EA188405A1 -- C:\WINDOWS\$NtServicePackUninstall$\csrss.exe
[2008.04.14 08:52:18 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=628CE66E3FD35BFC7969DBAC245DC069 -- C:\WINDOWS\ServicePackFiles\i386\csrss.exe
[2008.04.14 08:52:18 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=628CE66E3FD35BFC7969DBAC245DC069 -- C:\WINDOWS\system32\csrss.exe

< MD5 for: EXPLORER.EXE >
[2008.04.14 08:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 08:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2006.03.02 13:00:00 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: LSASS.EXE >
[2006.03.02 13:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
[2008.04.14 08:52:30 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[2008.04.14 08:52:30 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\lsass.exe

< MD5 for: NDIS.SYS >
[2008.04.14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008.04.14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2006.03.02 13:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

< MD5 for: NTFS.SYS >
[2008.04.14 00:45:54 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\ServicePackFiles\i386\ntfs.sys
[2008.04.14 00:45:54 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\system32\drivers\ntfs.sys
[2006.03.02 13:00:00 | 000,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\WINDOWS\$NtServicePackUninstall$\ntfs.sys

< MD5 for: SCECLI.DLL >
[2006.03.02 13:00:00 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008.04.14 08:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 08:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SERVICES.EXE >
[2009.02.09 12:18:56 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=3D107D45CCFDB266E91D84B52CD7F430 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2006.03.02 13:00:00 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=6E401E61F952FBBF708AFBECEFAFAE81 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe
[2009.02.09 12:25:57 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=9EF697AF07BB8DD82C3B02CA953A95B7 -- C:\WINDOWS\system32\dllcache\services.exe
[2009.02.09 12:25:57 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=9EF697AF07BB8DD82C3B02CA953A95B7 -- C:\WINDOWS\system32\services.exe
[2008.04.14 08:52:46 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=F0D2AE69035092BF22DAD6B50FAB85C2 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2008.04.14 08:52:46 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=F0D2AE69035092BF22DAD6B50FAB85C2 -- C:\WINDOWS\ServicePackFiles\i386\services.exe

< MD5 for: SMSS.EXE >
[2006.03.02 13:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\$NtServicePackUninstall$\smss.exe
[2008.04.14 08:52:48 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\ServicePackFiles\i386\smss.exe
[2008.04.14 08:52:48 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\smss.exe

< MD5 for: SPOOLSV.EXE >
[2006.03.02 13:00:00 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=21B6FAA88044A41640E03EBB68BE93E8 -- C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe
[2010.08.17 14:19:36 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=258DD5D4283FD9F9A7166BE9AE45CE73 -- C:\WINDOWS\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[2010.08.17 14:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\system32\dllcache\spoolsv.exe
[2010.08.17 14:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\system32\spoolsv.exe
[2008.04.14 08:52:50 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=CB1090BCA0E7B40D0B5B4E4D66531809 -- C:\WINDOWS\$NtUninstallKB2347290$\spoolsv.exe
[2008.04.14 08:52:50 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=CB1090BCA0E7B40D0B5B4E4D66531809 -- C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe

< MD5 for: SVCHOST.EXE >
[2008.04.14 08:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008.04.14 08:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe
[2006.03.02 13:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: TCPIP.SYS >
[2008.04.14 00:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.04.14 00:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2006.03.02 13:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2008.06.20 12:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[2008.06.20 12:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.04.14 08:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 08:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe
[2006.03.02 13:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

< MD5 for: WINLOGON.EXE >
[2006.03.02 13:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 08:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 08:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe

< C:\windows\system32\spool\prtprocs|dll;true;true;true /FP >
[2008.07.06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2004.03.22 14:17:08 | 000,025,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008.07.06 13:06:10 | 000,147,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\x64\filterpipelineprintproc.dll

< %systemroot%\system32\drivers\*.sys /5 >

< %systemroot%\system32\drivers\*.sys /X >
[2008.04.14 08:51:38 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll
[2008.04.14 08:51:38 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll
[2008.04.14 08:51:38 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll
[2008.04.14 08:51:38 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll
[2008.04.14 08:51:38 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll
[2008.04.14 08:51:38 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll
[2008.04.14 08:51:38 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll
[2006.12.29 20:21:08 | 000,064,352 | ---- | M] () -- C:\WINDOWS\system32\drivers\ativmc20.cod
[2008.04.14 08:51:38 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll
[2008.04.14 08:51:38 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll
[2008.04.14 08:51:38 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll
[2008.04.14 08:51:38 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll
[2008.04.14 08:51:38 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll
[2008.04.14 08:51:40 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2007.04.02 21:36:04 | 000,129,045 | ---- | M] () -- C:\WINDOWS\system32\drivers\cxthsfs2.cty
[2006.03.02 13:00:00 | 003,440,660 | ---- | M] () -- C:\WINDOWS\system32\drivers\gm.dls
[2006.03.02 13:00:00 | 000,000,646 | ---- | M] () -- C:\WINDOWS\system32\drivers\gmreadme.txt
[2011.02.17 11:55:08 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
[2011.02.17 11:55:11 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\system32\drivers\Msft_Kernel_smhwadb_01005.Wdf
[2006.12.29 20:02:50 | 000,067,866 | ---- | M] () -- C:\WINDOWS\system32\drivers\netwlan5.img
[2008.04.14 08:51:56 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll
[2008.04.14 08:52:06 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\*.* /5 >
[2011.11.19 08:51:44 | 000,051,048 | ---- | M] () -- C:\WINDOWS\system32\nvapps.xml
[2011.11.19 08:51:53 | 000,002,206 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\config\*.sav >
[2009.11.20 15:56:25 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009.11.20 15:56:25 | 000,663,552 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009.11.20 15:56:25 | 000,495,616 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\*.* /U /s >
[8 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\2d95fcb065d257764a2ccd267782d792\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\2d95fcb065d257764a2ccd267782d792\*.tmp -> ]
[1 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\*.tmp files -> C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\*.tmp -> ]
[12 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> ]
[1 C:\WINDOWS\twain_32\*.tmp files -> C:\WINDOWS\twain_32\*.tmp -> ]

< %systemroot%\*. /mp /s >

< %ALLUSERSPROFILE%\Data Aplikací\*.* >
[2009.11.20 15:58:09 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Data Aplikací\desktop.ini
[2009.11.24 17:52:03 | 000,000,382 | ---- | M] () -- C:\Documents and Settings\All Users\Data Aplikací\hpzinstall.log

< %ALLUSERSPROFILE%\Data Aplikací\*.exe /s >
[2007.04.02 05:45:08 | 044,338,384 | R--- | M] () -- C:\Documents and Settings\All Users\Data Aplikací\Installations\{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\Nokia_PC_Suite_683_rel_14_1_EA.exe
[2011.01.01 13:17:43 | 000,008,192 | ---- | M] () -- C:\Documents and Settings\All Users\Data Aplikací\Installations\{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\Installations\CommonCustomActions\UninstCCD.exe
[2011.01.01 13:17:43 | 000,009,728 | ---- | M] () -- C:\Documents and Settings\All Users\Data Aplikací\Installations\{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\Installations\CommonCustomActions\UninstPCS.exe
[2011.01.01 13:17:43 | 000,015,360 | ---- | M] () -- C:\Documents and Settings\All Users\Data Aplikací\Installations\{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\Installations\CommonCustomActions\UninstPCSFEMsi.exe
[2009.11.20 16:30:39 | 000,086,016 | ---- | M] () -- C:\Documents and Settings\All Users\Data Aplikací\NOS\Adobe_Downloads\arh.exe

< %ALLUSERSPROFILE%\Dáta aplikácií\*.* >

< %ALLUSERSPROFILE%\Dáta aplikácií\*.exe /s >

< %APPDATA%\*. >
[2010.11.27 17:45:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eda\Data aplikací\602XML
[2011.03.03 12:34:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eda\Data aplikací\Adobe
[2009.12.20 10:38:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eda\Data aplikací\Ahead
[2011.03.04 20:41:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eda\Data aplikací\Canneverbe Limited
[2011.03.04 18:36:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eda\Data aplikací\CheckPoint
[2010.02.07 19:31:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eda\Data aplikací\CyberLink
[2009.11.21 14:48:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eda\Data aplikací\Digsby
[2011.06.26 05:38:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eda\Data aplikací\Google
[2009.11.25 18:14:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eda\Data aplikací\Help
[2009.11.24 12:26:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eda\Data aplikací\Hewlett-Packard
[2009.11.20 15:17:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eda\Data aplikací\Identities
[2009.11.20 16:30:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eda\Data aplikací\Macromedia
[2010.01.13 06:53:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eda\Data aplikací\Media Player Classic
[2011.03.03 12:34:08 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Eda\Data aplikací\Microsoft
[2009.11.20 16:28:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eda\Data aplikací\Mozilla
[2011.03.29 22:56:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eda\Data aplikací\Nokia
[2011.04.14 23:29:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eda\Data aplikací\Nokia Multimedia Player
[2011.03.15 20:31:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eda\Data aplikací\NZServis
[2009.12.11 04:43:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eda\Data aplikací\OpenOffice.org
[2011.01.01 13:28:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eda\Data aplikací\PC Suite
[2011.09.29 20:24:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eda\Data aplikací\Skype
[2011.09.29 18:27:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eda\Data aplikací\skypePM
[2010.10.20 14:31:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eda\Data aplikací\Softplicity
[2009.11.20 16:38:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eda\Data aplikací\Sun
[2011.03.04 19:58:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eda\Data aplikací\TeamViewer
[2011.06.09 20:12:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Eda\Data aplikací\TomTom

< %APPDATA%\*.* >
[2009.11.20 15:58:09 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Eda\Data aplikací\desktop.ini
[2011.06.01 11:25:44 | 000,022,007 | ---- | M] () -- C:\Documents and Settings\Eda\Data aplikací\NMM-MetaData.db

< %APPDATA%\*.exe /s >

< %SYSTEMDRIVE%\*.exe >
[2009.12.11 04:37:10 | 129,918,565 | ---- | M] () -- C:\OOo_3.1.1_090918_Win32Intel_install_cs.exe
[2009.12.15 14:02:26 | 000,634,880 | ---- | M] (NFO ASIA, s.r.o.) -- C:\PanelSetup.exe

< *crack* /s >

< *keygen* /s >
[2004.04.16 06:03:00 | 000,032,804 | ---- | M] () -- \Program Files\totalcmd\KeyGen.exe

< *loader* /s >
[2010.03.31 13:06:14 | 000,049,152 | ---- | M] () -- \Documents and Settings\Eda\Plocha\Pavla\telefon\PC Suite For Android Handset\Loader.exe
[2001.01.16 05:55:36 | 000,053,248 | ---- | M] () -- \Program Files\Common Files\Microsoft Shared\VS7DEBUG\COLOADER.DLL
[2001.01.16 03:22:34 | 000,002,560 | ---- | M] () -- \Program Files\Common Files\Microsoft Shared\VS7DEBUG\COLOADER.TLB
[2010.12.13 19:56:56 | 000,007,161 | ---- | M] () -- \Program Files\Digsby\lib\gui\browser\webkit\imageloader.pyo
[2010.08.24 01:16:15 | 000,001,849 | ---- | M] () -- \Program Files\Digsby\lib\plugins\digsby_about\res\ajax-loader.gif
[2010.11.22 23:49:36 | 000,007,133 | ---- | M] () -- \Program Files\Digsby\lib\plugins\digsby_updater\downloader.pyo
[2009.07.02 16:06:10 | 000,001,849 | ---- | M] () -- \Program Files\Digsby\lib\plugins\facebook\res\ajax-loader.gif
[2010.06.15 01:39:36 | 000,001,849 | ---- | M] () -- \Program Files\Digsby\lib\plugins\linkedin\res\ajax-loader.gif
[2010.02.05 23:29:18 | 000,001,849 | ---- | M] () -- \Program Files\Digsby\lib\plugins\myspace\res\ajax-loader.gif
[2009.07.14 21:44:20 | 000,001,849 | ---- | M] () -- \Program Files\Digsby\lib\plugins\twitter\res\img\ajax-loader.gif
[2009.11.04 22:21:56 | 000,014,145 | ---- | M] () -- \Program Files\Digsby\lib\syck\loaders.pyo
[2001.08.18 04:53:40 | 000,001,209 | ---- | M] () -- \Program Files\fishsim2\fsb\loaderr.fsb
[2009.09.16 22:33:50 | 000,006,308 | ---- | M] () -- \Program Files\OpenOffice.org 3\Basis\program\pythonloader.py
[2009.09.16 15:22:08 | 000,022,528 | ---- | M] () -- \Program Files\OpenOffice.org 3\Basis\program\pythonloader.uno.dll
[2009.09.17 20:12:18 | 000,000,171 | ---- | M] () -- \Program Files\OpenOffice.org 3\Basis\program\pythonloader.uno.ini
[2009.09.11 16:36:38 | 000,029,696 | ---- | M] () -- \Program Files\OpenOffice.org 3\URE\bin\javaloader.uno.dll
[2009.09.18 11:48:12 | 000,003,872 | ---- | M] () -- \Program Files\OpenOffice.org 3\URE\java\unoloader.jar
[2006.03.02 13:00:00 | 000,035,840 | ---- | M] () -- \WINDOWS\$NtServicePackUninstall$\dmloader.dll
[2008.04.14 08:51:40 | 000,035,840 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\dmloader.dll
[2008.04.14 00:01:48 | 000,230,912 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\osloader.exe
[2008.04.14 00:01:50 | 000,278,528 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\osloader.ntd
[2008.04.14 08:51:40 | 000,035,840 | ---- | M] () -- \WINDOWS\system32\dmloader.dll

< *minodlogin* /s >

< *tnod* /s >

< *AutoKMS* /s >

< *activator* /s >
[2010.03.24 22:11:36 | 000,002,650 | ---- | M] () -- \Program Files\Digsby\lib\oscar\Snactivator.pyo

< *serial* /s >
[2011.10.31 15:43:36 | 000,001,406 | ---- | M] () -- \Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon\iserialy.ico
[2008.11.14 03:40:36 | 000,000,513 | ---- | M] () -- \Documents and Settings\Eda\Plocha\Pavla\telefon\PC Suite For Android Handset\plugins\ConnectionWizardPlugin\SerialCable.png
[2007.09.03 20:17:08 | 010,111,320 | ---- | M] () -- \Documents and Settings\Eda\Plocha\Šárka\music\from pípa\15.The Prodigy - Serial Thrilla (Live).mp3
[2010.04.07 22:48:30 | 000,970,752 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
[2006.03.02 13:00:00 | 000,064,640 | ---- | M] () -- \WINDOWS\$NtServicePackUninstall$\serial.sys
[2009.11.20 16:03:56 | 000,011,776 | ---- | M] () -- \WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap.resources\1.0.5000.0_cs_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2009.11.20 16:23:51 | 000,131,072 | ---- | M] () -- \WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2009.11.20 16:22:11 | 000,011,776 | ---- | M] () -- \WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\2.0.0.0_cs_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2011.10.14 22:53:24 | 000,131,072 | ---- | M] () -- \WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2010.06.10 05:30:33 | 000,970,752 | ---- | M] () -- \WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2011.10.16 12:09:16 | 000,311,296 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\81096bfe85eb0da5f05e8a127ffa43b2\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2011.10.16 12:07:13 | 002,345,472 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\afd6134c090faf8c29cd64d4835142b2\System.Runtime.Serialization.ni.dll
[2004.07.15 14:31:54 | 000,131,072 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Serialization.Formatters.Soap.dll
[2003.04.07 19:24:52 | 000,011,776 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v1.1.4322\cs\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2008.07.25 11:17:00 | 000,131,072 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
[2005.12.20 18:13:56 | 000,011,776 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v2.0.50727\cs\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2010.04.07 22:48:30 | 000,970,752 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
[2008.04.14 07:47:26 | 000,028,416 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\grserial.sys
[2008.04.14 07:51:10 | 000,064,256 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\serial.sys
[2007.06.27 18:29:04 | 000,131,072 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\system.runtime.serialization.formatters.soap.dll
[2006.03.02 13:00:00 | 000,053,520 | ---- | M] () -- \WINDOWS\system32\dpserial.dll
[2006.03.02 13:00:00 | 000,014,336 | ---- | M] () -- \WINDOWS\system32\serialui.dll
[2006.03.02 13:00:00 | 000,053,520 | ---- | M] () -- \WINDOWS\system32\dllcache\dpserial.dll
[2006.03.02 13:00:00 | 000,014,336 | ---- | M] () -- \WINDOWS\system32\dllcache\serialui.dll
[2008.04.14 07:51:10 | 000,064,256 | ---- | M] () -- \WINDOWS\system32\drivers\serial.sys

< *w7lxe* /s >

< *legalizator* /s >

< *registration* /s >
[2010.05.01 10:20:36 | 000,001,540 | ---- | M] () -- \Program Files\Java\jre6\lib\servicetag\registration.xml
[2009.09.16 16:13:04 | 000,041,472 | ---- | M] () -- \Program Files\OpenOffice.org 3\Basis\program\productregistration.uno.dll
[2009.09.18 12:03:42 | 000,003,312 | ---- | M] () -- \Program Files\OpenOffice.org 3\Basis\program\resource\productregistrationcs.res

< *Office 2010* /s >

< *AutoRearm* /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-11-11 14:43:22

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager" /v BootExecute /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\SESSION MANAGER
BOOTEXECUTE REG_MULTI_SZ autocheck autochk *\0\0

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager" /v "PendingFileRenameOperations" /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\SESSION MANAGER

< type c:\boot.ini >> test.txt /c >
[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2011.11.19 13:56:25 | 000,000,512 | ---- | M] () MD5=F870DBA5BF7490A5B46B46677DC004C1 -- C:\PhysicalMBR.bin

< End of report >

#6 Příspěvek od **Mc_Murphy** » 19 lis 2011 15:19

Znovu spusť OTL.

Pokud používáš Win Vista či Win7, klikni na OTL pravým myšítkem a dej Run As Administrator či Spustit jako správce.
Pokud používáš 64bitový OS, zkontroluj, zda-li je zaškrtnutý čtvereček Pro 64 bitové OS. Pokud ne, zaškrtni jej.
Do spodního okénka Vlastní skenování/opravy vlož tento skript:

Kód: Vybrat vše

:OTL
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.order.1: "Crawler Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.8
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.1.2&q="
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
[2011.11.07 08:45:52 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.11.14 16:07:16 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default\searchplugins\icqplugin-1.xml
[2011.03.02 13:34:14 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default\searchplugins\icqplugin-10.xml
[2011.03.05 15:10:19 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default\searchplugins\icqplugin-11.xml
[2011.03.27 20:56:41 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default\searchplugins\icqplugin-12.xml
[2011.05.01 12:20:25 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default\searchplugins\icqplugin-13.xml
[2011.05.07 18:14:33 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default\searchplugins\icqplugin-14.xml
[2011.07.18 08:04:59 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default\searchplugins\icqplugin-15.xml
[2011.08.22 12:38:00 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default\searchplugins\icqplugin-16.xml
[2011.09.01 17:57:34 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default\searchplugins\icqplugin-17.xml
[2011.09.09 04:11:25 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default\searchplugins\icqplugin-18.xml
[2011.09.09 14:34:14 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default\searchplugins\icqplugin-19.xml
[2010.06.28 15:34:04 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default\searchplugins\icqplugin-2.xml
[2011.10.06 14:31:13 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default\searchplugins\icqplugin-20.xml
[2010.07.24 16:19:38 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default\searchplugins\icqplugin-3.xml
[2010.07.26 09:34:46 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default\searchplugins\icqplugin-4.xml
[2010.09.10 20:45:55 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default\searchplugins\icqplugin-5.xml
[2010.09.18 19:06:55 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default\searchplugins\icqplugin-6.xml
[2010.10.22 09:25:16 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default\searchplugins\icqplugin-7.xml
[2010.10.29 10:01:51 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default\searchplugins\icqplugin-8.xml
[2010.12.10 15:25:00 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default\searchplugins\icqplugin-9.xml
[2011.10.31 15:43:36 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default\searchplugins\icqplugin.gif
[2011.10.31 15:43:36 | 000,000,618 | ---- | M] () -- C:\Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default\searchplugins\icqplugin.src
[2010.06.24 07:57:26 | 000,000,947 | ---- | M] () -- C:\Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default\searchplugins\icqplugin.xml
[2010.09.10 20:45:57 | 000,002,304 | ---- | M] () -- C:\Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default\searchplugins\inbox-hledat.xml
[2010.11.30 15:21:12 | 000,002,307 | ---- | M] () -- C:\Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default\searchplugins\inbox-hledn.xml
[2010.06.17 10:38:44 | 000,001,353 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\crawlersrch.xml
O3 - HKU\S-1-5-21-823518204-484061587-725345543-1003\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
[8 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\2d95fcb065d257764a2ccd267782d792\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\2d95fcb065d257764a2ccd267782d792\*.tmp -> ]
[1 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\*.tmp files -> C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\*.tmp -> ]
[12 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> ]
[1 C:\WINDOWS\twain_32\*.tmp files -> C:\WINDOWS\twain_32\*.tmp -> ]

:Services
gupdate
gupdatem
JavaQuickStarterService
NMSAccess

:Files
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1259081737.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\Program Files\totalcmd\KeyGen.exe /d
C:\WINDOWS\tasks\PCConfidential.job
C:\WINDOWS\tasks\RPCReminder.job
%windir%\*.tmp /s
%windir%\system32\SET*.tmp /s
%windir%\system32\*.tmp.dll /s

:Commands
[emptytemp]
[emptyflash]
[resethosts]
[purity]
[clearallrestorepoints]

Klikni na tlačítko [Opravit].
Po dokončení skenu se objeví log, ten mi sem vlož.
Pokud se log nevejde do jednoho příspěvku, rozděl jej na více částí.

paja86 · #7 Příspěvek od **paja86** » 19 lis 2011 16:02

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "Crawler Search" removed from browser.search.order.1
Prefs.js: "ICQ Search" removed from browser.search.selectedEngine
Prefs.js: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.8 removed from extensions.enabledItems
Prefs.js: "http://search.icq.com/search/afe_result ... 2.0.1.2&q=" removed from keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@checkpoint.com/FFApi\ deleted successfully.
C:\Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\sites folder moved successfully.
C:\Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
C:\Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin\favicon folder moved successfully.
C:\Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin folder moved successfully.
C:\Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr folder moved successfully.
C:\Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk folder moved successfully.
C:\Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru folder moved successfully.
C:\Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it folder moved successfully.
C:\Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he folder moved successfully.
C:\Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr folder moved successfully.
C:\Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es folder moved successfully.
C:\Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US folder moved successfully.
C:\Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de folder moved successfully.
C:\Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs folder moved successfully.
C:\Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg folder moved successfully.
C:\Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale folder moved successfully.
C:\Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img folder moved successfully.
C:\Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content folder moved successfully.
C:\Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
C:\Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default\searchplugins\icqplugin-10.xml moved successfully.
C:\Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default\searchplugins\icqplugin-11.xml moved successfully.
C:\Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default\searchplugins\icqplugin-12.xml moved successfully.
C:\Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default\searchplugins\icqplugin-13.xml moved successfully.
C:\Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default\searchplugins\icqplugin-14.xml moved successfully.
C:\Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default\searchplugins\icqplugin-15.xml moved successfully.
C:\Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default\searchplugins\icqplugin-16.xml moved successfully.
C:\Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default\searchplugins\icqplugin-17.xml moved successfully.
C:\Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default\searchplugins\icqplugin-18.xml moved successfully.
C:\Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default\searchplugins\icqplugin-19.xml moved successfully.
C:\Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default\searchplugins\icqplugin-2.xml moved successfully.
C:\Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default\searchplugins\icqplugin-20.xml moved successfully.
C:\Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default\searchplugins\icqplugin-3.xml moved successfully.
C:\Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default\searchplugins\icqplugin-4.xml moved successfully.
C:\Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default\searchplugins\icqplugin-5.xml moved successfully.
C:\Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default\searchplugins\icqplugin-6.xml moved successfully.
C:\Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default\searchplugins\icqplugin-7.xml moved successfully.
C:\Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default\searchplugins\icqplugin-8.xml moved successfully.
C:\Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default\searchplugins\icqplugin-9.xml moved successfully.
C:\Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default\searchplugins\icqplugin.gif moved successfully.
C:\Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default\searchplugins\icqplugin.src moved successfully.
C:\Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default\searchplugins\icqplugin.xml moved successfully.
C:\Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default\searchplugins\inbox-hledat.xml moved successfully.
C:\Documents and Settings\Eda\Data aplikací\Mozilla\Firefox\Profiles\0pqmrt3q.default\searchplugins\inbox-hledn.xml moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml moved successfully.
Registry value HKEY_USERS\S-1-5-21-823518204-484061587-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}\ not found.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP162.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP207.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP210.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP21D.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3B.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3D2.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP4B0.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP4DC.tmp folder deleted successfully.
C:\WINDOWS\SoftwareDistribution\Download\2d95fcb065d257764a2ccd267782d792\BIT1D.tmp deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\CR_7705F.tmp\SETUP_PATCH.PACKED.7Z deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\CR_7705F.tmp folder deleted successfully.
C:\WINDOWS\Temp\AutoRunLog.tmp deleted successfully.
C:\WINDOWS\Temp\CR_12.tmp\SETUP_PATCH.PACKED.7Z deleted successfully.
C:\WINDOWS\Temp\CR_12.tmp folder deleted successfully.
C:\WINDOWS\Temp\CR_20.tmp\SETUP_PATCH.PACKED.7Z deleted successfully.
C:\WINDOWS\Temp\CR_20.tmp folder deleted successfully.
C:\WINDOWS\Temp\fepo0290.TMP deleted successfully.
C:\WINDOWS\Temp\GUR1.tmp deleted successfully.
C:\WINDOWS\Temp\GUR2.tmp deleted successfully.
C:\WINDOWS\Temp\GUR3.tmp deleted successfully.
C:\WINDOWS\Temp\GUR4.tmp deleted successfully.
C:\WINDOWS\Temp\GUR5.tmp deleted successfully.
C:\WINDOWS\Temp\GUR6.tmp deleted successfully.
C:\WINDOWS\Temp\is2D.tmp deleted successfully.
C:\WINDOWS\Temp\is2F.tmp deleted successfully.
C:\WINDOWS\twain_32\hpqgends.tmp deleted successfully.
========== SERVICES/DRIVERS ==========
Service gupdate stopped successfully!
Service gupdate deleted successfully!
Service gupdatem stopped successfully!
Service gupdatem deleted successfully!
Service JavaQuickStarterService stopped successfully!
Service JavaQuickStarterService deleted successfully!
Service NMSAccess stopped successfully!
Service NMSAccess deleted successfully!
========== FILES ==========
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1259081737.job moved successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Program Files\totalcmd\KeyGen.exe deleted successfully.
C:\WINDOWS\tasks\PCConfidential.job moved successfully.
C:\WINDOWS\tasks\RPCReminder.job moved successfully.
File/Folder C:\WINDOWS\*.tmp not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Eda
->Temp folder emptied: 202057244 bytes
->Temporary Internet Files folder emptied: 338687002 bytes
->Java cache emptied: 4042737 bytes
->FireFox cache emptied: 902589229 bytes
->Google Chrome cache emptied: 370741220 bytes
->Flash cache emptied: 40661 bytes

User: LocalService
->Temp folder emptied: 1059128 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 1985384 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3572399 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 108813113 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 852 bytes

Total Files Cleaned = 1 844,00 mb

[EMPTYFLASH]

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: Eda
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0,00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.31.0 log created on 11192011_155030

Files\Folders moved on Reboot...
C:\Documents and Settings\Eda\Local Settings\Temporary Internet Files\Content.IE5\IVCWAE7D\list-item-disc[1].png moved successfully.
C:\Documents and Settings\Eda\Local Settings\Temporary Internet Files\Content.IE5\GW3Z11U6\api[3].htm moved successfully.
C:\Documents and Settings\Eda\Local Settings\Temporary Internet Files\Content.IE5\GW3Z11U6\api[4].htm moved successfully.
C:\Documents and Settings\Eda\Local Settings\Temporary Internet Files\Content.IE5\8PTX8UZD\background_banner[1].png moved successfully.
C:\Documents and Settings\Eda\Local Settings\Temporary Internet Files\Content.IE5\8PTX8UZD\background_button_green_full[2].png moved successfully.

Registry entries deleted on Reboot...

#8 Příspěvek od **Mc_Murphy** » 19 lis 2011 16:05

OK, OTL provedlo, co mělo, takže můžeme dočistit.

OTC http://oldtimer.geekstogo.com/OTC.exe

Stáhni a spusť.
Klikni na CleanUp a potvrď YES.
Program uklidí a může (nemusí) restartovat PC.

TFC http://oldtimer.geekstogo.com/TFC.exe

Stáhni a spusť.
Klikni na Start a potvrď OK.
Program uklidí a může (nemusí) restartovat PC.
Po použití utilitu smaž.

Pokud nemáš, stáhni CCleaner z tohoto odkazu.

Panel čistič
Vše nech jak je, jen dej Analyzovat a poté Spustit CCleaner.

Panel registry
Klikni na Hledej problémy.
Následně na Opravit problémy - zálohu registrů doporučuji udělat, oprav všechny problémy.
Postup opakuj, dokud nebude bez problémů - většinou cca 3x.

Panel nástroje
Zde můžeš odinstalovat nepotřebné programy.

CCleaner doporučuji používat cca jednou za týden.

... a pokud nejsou žádné dotazy, bylo by to z mé strany vše.

paja86 · #9 Příspěvek od **paja86** » 19 lis 2011 16:23

Ok děkuji za pomoc. Jen můžeš mi prosím ještě poradit jaký antivirus a případně další prvky ochrany stáhnout a nainstalovat?? Hrabalo se na do PC za poslední dobu dost lidí a nevím zda tam vůbec něco takového v tuto chvíli nainstalováno je... Díky

#10 Příspěvek od **Mc_Murphy** » 19 lis 2011 17:04

Jako antivirus máš v počítači nainstalovaný Avast!, to je v současné době nejlepší free varianta - nechal bych to být.

Na občasné scany počítače na malware a spyware bych doporučil prográmek SUPERAntiSpyware FREE Edition. Stáhneš, nainstaluješ a pak jen zrušíš spuštění programu po startu systému a jednou za čas pustíš scan. Když si nebudeš jistý/á výsledkem, hodíš nám sem log a někdo se na to podívá a poradí Ti.

Pak se dá také sem tam použít MBAM. Lidem dávám tento postup, tak se na to jen mrkni, nemusíš stahovat, instalovat ani scanovat.

Stáhni a nainstaluj Malwarebytes' Anti-Malware (zkráceně MBAM) podle návodu z tohoto topicu.

Proveď aktualizaci virové databáze.
V záložce Kontrolor zvol Úplná kontrola a zaškrtni všechny pevné disky, které máš na počítači.
Předem nic nemaž!!
MBAM mívá občas falešné detekce, proto vlož jeho log do příspěvku a počkej na posouzení!

Dále se dá používat firewall, ale v tom Ti neporadím, protože sám ho nepoužívám a nejsem příliš jeho příznivcem. Zastávám názor, že když člověk používá rozum, neleze na stránky, na kterých nemá co dělat, nekliká na každou pitomost, kterou vidí, nestahuje cracky a podobné nositele virů, tak bude mít klid i bez firewallu. Každopádně tu máme na fóru o této problematice dost pokecu, takže si to můžeš projít a pročíst si to.

A co se týče údržby počítače - na milion procent Ti nedoporučuji, aby se v tom hrabalo více lidí! To bude vždycky něco blbě. Tomuhle se líbí todle, ten zase uznává jen todle a pak zjistíš, že počítač je zaliskaný jako hrom. Dělej si údržbu sám/sama a od nikoho si do toho nenech vrtat! Bude-li problém, požádej odborníky, ne kamarády. Věř mi, dobrá rada.

Stačí to takhle?

paja86 · #11 Příspěvek od **paja86** » 19 lis 2011 17:14

Ok super a děkuji

#12 Příspěvek od **Mc_Murphy** » 19 lis 2011 17:20

Není vůbec zač a rádo se stalo.

Přeji pěkný den.

VIRY.CZ

prosím o kontrolu logu

prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu

Re: prosím o kontrolu logu