Nakažený pomalý PC, zkreslený ikonky Win a tapeta. Log HJT

Zpráva

Miroslav Chvatil

Ahoj,

prosím o kontrolu logu HJT. Moje starý PC má asi dost, nechci přeinstalovávat a chtěl bych ho nějak pročistit. Asi před 3 týdny mě postihla nějaká havěť a rozhodila mi obrázek na ploše a jiné drobnosti, jako ikonky na Task baru, když dám right click na schozenou věc na taskbaru, tak jsou z ikonek jen fleky barevných čtverečků, stejný jako mam teď na ploše. PC je hrozně pomalý /víc než jindy

/ a kouše se, nemůžu téměř nic dělat, furt hrabe. Software mi nic nehlásí, čekal jsem, že se to třeba fixne s nějakou aktualizací antiviru, ale nic. Vím, že mám PC zasviněný a chci ho důkladně pročistit, zkusil jsem CCleaner bez valnýho úspěchu. Něco radikálního se sám bojím, už jsem musel obnovovat kdysi dávno, když jsem čistil s Tweakem a jen tak tak jsem to zvlád. Proto prosím o odbornou pomoc. Rád sjedu další jiné skeny, pokud bude třeba, cokoli.
Děkuji za veškerou pomoc, jak s logem, tak s radou na pročištění.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:33:39, on 23.11.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Hamachi\hamachi-2-ui.exe
C:\PROGRA~1\WI9130~1\Datamngr\DATAMN~1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\MSI\BToes Bluetooth Software\bin\btwdins.exe
C:\Program Files\Hamachi\hamachi-2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Opera\opera.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchqu.com/410
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI9130~1\Datamngr\ToolBar\searchqudtx.dll
O2 - BHO: Loader Class - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~1\WI9130~1\Datamngr\BROWSE~1.DLL
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI9130~1\Datamngr\ToolBar\searchqudtx.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "c:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~1\WI9130~1\Datamngr\DATAMN~1.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil11c_Plugin.exe -update plugin
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSIns ... cat_uid=11
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 8599692176
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 8600195864
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0EFA115B-17FD-4958-AA5C-EACA09801575}: Domain = marconi.cx
O17 - HKLM\System\CS1\Services\Tcpip\..\{0EFA115B-17FD-4958-AA5C-EACA09801575}: Domain = marconi.cx
O17 - HKLM\System\CS2\Services\Tcpip\..\{0EFA115B-17FD-4958-AA5C-EACA09801575}: Domain = marconi.cx
O17 - HKLM\System\CS3\Services\Tcpip\..\{0EFA115B-17FD-4958-AA5C-EACA09801575}: Domain = marconi.cx
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O20 - AppInit_DLLs: C:\PROGRA~1\WI9130~1\Datamngr\datamngr.dll C:\PROGRA~1\WI9130~1\Datamngr\IEBHO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\MSI\BToes Bluetooth Software\bin\btwdins.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O24 - Desktop Component 0: (no name) - file:///C:/exploze.jpg
O24 - Desktop Component 1: (no name) - http://www.auto.cz/plakaty/2003/37/6aud ... c0e34a.jpg
O24 - Desktop Component 2: (no name) - http://imgs.idnes.cz/ak_aktual/A040213_ ... SH03_N.JPG

--
End of file - 8546 bytes

#2 Příspěvek od **Mc_Murphy** » 24 lis 2011 07:58

Zdravím.

Dej mi minutku, hnedle se na to mrknu.

#3 Příspěvek od **Mc_Murphy** » 24 lis 2011 08:10

HJT už delší dobu nepoužíváme. Pročti si pravidla fóra a pro příště přikládej log ze RSITu, je podrobnější.

Doporučuji odinstalovat Spybot - Search & Destroy. Program má svá nejlepší léta již dávno za sebou a není schopen čelit aktuálním hrozbám.

Odinstaluj Searchqu Toolbar a další případné toolbary - zdržovadla.

Odeber Skype a LogMeIn Hamachi Ui ze spouštění po startu systému a spouštěj je ručně v případě potřeby - velká zdržovadla.

Prosím Tě, tahle rádoby zkrášlovadla c:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe vyhoď ze systému ven! To je naprosto zbytečné a úplně k ničemu!

ProxyServer = proxy:3128 => Toto máš nastaveno schválně?

Potom fixni v HJT tyto položky:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchqu.com/410
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI9130~1\Datamngr\ToolBar\searchqudtx.dll
O2 - BHO: Loader Class - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~1\WI9130~1\Datamngr\BROWSE~1.DLL
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~1\WI9130~1\Datamngr\ToolBar\searchqudtx.dll
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

"Fixnout" znamená, že spustíš HJT, zvolíš možnost [Do a system scan only] a zaškrtneš čtvereček vlevo od mnou vypsaných položek. Poté klikneš na [Fix checked] a odsouhlasíš [ANO].
HJT najdeš zde: C:\Program Files\HiJackThis\HijackThis.exe

Dále si otevři Poznámkový blok (Start >> Spustit... (nebo Win+R) >> do okénka napiš notepad >> [Enter]) a do něj vlož následující text:

Kód: Vybrat vše

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{03F998B2-0E00-11D3-A498-00104B6EB52E}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""

Soubor ulož jako oprava.reg a uložení nastav podle obrázku.
Zavři Poznámkový blok a dvojklikem vytvořený soubor oprava.reg spusť.
Dotaz na změny registru pochopitelně potvrď.
Budeš-li vyzván, počítač restartuj. Pokud ne, restartuj ho ručně sám.
Soubor po použití smaž.

A ještě Tě poprosím o log z OTL kvůli další prohlídce. Takže stáhni OTL z tohoto odkazu a ulož jej na Plochu.

Pokud používáš Win Vista či Win7, klikni na OTL pravým myšítkem a dej Run As Administrator či Spustit jako správce.
Pokud používáš 64bitový OS, zkontroluj, zda-li je zaškrtnutý čtvereček Pro 64 bitové OS. Pokud ne, zaškrtni jej.
Zaškrtni okénko Pro všechny uživatele.
Zaškrtni okénko Kontrola na havěť "LOP".
Zaškrtni okénko Kontrola na havěť "Purity".
Stáři souborů změň z 30 dnů na 7 dnů.
Do spodního okénka Vlastní skenování/opravy vlož tento script:

Kód: Vybrat vše

safebootminimal 
safebootnetwork
drivers32
savembr:0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
/md5start
scecli.dll
autochk.exe
csrss.exe
explorer.exe
lsass.exe
services.exe
smss.exe
spoolsv.exe
svchost.exe
userinit.exe
winlogon.exe
atapi.sys
cdrom.sys 
ndis.sys
ntfs.sys
tcpip.sys
%SystemDrive%\PhysicalMBR.bin
/md5stop
C:\windows\system32\spool\prtprocs|dll;true;true;true /FP
%systemroot%\system32\drivers\*.sys /5
%systemroot%\system32\drivers\*.sys /X 
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\*.* /5
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\config\*.sav 
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\*.* /U /s
%systemroot%\*. /mp /s
%ALLUSERSPROFILE%\Data Aplikací\*.*
%ALLUSERSPROFILE%\Data Aplikací\*.exe /s
%ALLUSERSPROFILE%\Dáta aplikácií\*.*
%ALLUSERSPROFILE%\Dáta aplikácií\*.exe /s
%APPDATA%\*.
%APPDATA%\*.*
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
*crack* /s
*keygen* /s
*loader* /s
*minodlogin* /s
*tnod* /s
*AutoKMS* /s
*activator* /s
*serial* /s
*w7lxe* /s
*legalizator* /s
*registration* /s
*Office 2010* /s
*AutoRearm* /s
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager" /v BootExecute /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager" /v "PendingFileRenameOperations" /c
type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5

Klikni na tlačítko Prohledat.
Po dokončení skenu se objeví logy OTL.txt a Extras.txt, oba mi sem vlož.
Logy se nevejdou do jednoho, rozděl je tedy prosím do více příspěvků.

Miroslav Chvatil

Ahoj Mc Murphy,

předně díky za detailní popis a ochotu

Odinstalil jsem Spybot, toolbary a zkrášlovadlo BootSkin.

Ze spouštění po startu systému neumím odebrat Skype ani Hamachi, hledal jsem v C:\Documents and Settings\user\Nabídka Start\Programy\Po spuštění, ale nic tam není. Můžeš prosím poradit?

Proč mám ProxyServer na 3128 opravdu netuším

, asi mi to někdo ze známých nastavil, když mi něco nastavoval asi na hry. Vadi to?

V HJT jsem fixnul ty uvedené položky.

Provedl jsem opravu registrů a po restartu zmizely ty rozhozený ikonky a wallpaper je zas OK, díky za to.

A tady jsou logy z OTL, místy prozrazují opravdu dost

, šikovný prográmek.

Ještě jednou dík za pomoc a hezký den.

============================================

OTL Extras logfile created on: 24.11.2011 21:44:20 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\user\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

511.48 Mb Total Physical Memory | 134.98 Mb Available Physical Memory | 26.39% Memory free
1.22 Gb Paging File | 0.69 Gb Available in Paging File | 56.66% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 2.06 Gb Free Space | 2.77% Space Free | Partition Type: NTFS

Computer Name: MIREK | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-823518204-1078081533-1417001333-1004\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Služba Windows Media Player Network Sharing
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Služba Windows Media Player Network Sharing
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Služba Windows Media Player Network Sharing
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Služba Windows Media Player Network Sharing
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Služba Windows Media Player Network Sharing
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Služba Windows Media Player Network Sharing

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Služba Windows Media Player Network Sharing
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Služba Windows Media Player Network Sharing
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Služba Windows Media Player Network Sharing
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Služba Windows Media Player Network Sharing
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Služba Windows Media Player Network Sharing
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Služba Windows Media Player Network Sharing

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\unreal\System\UnrealTournament.exe" = D:\unreal\System\UnrealTournament.exe:*:Disabled:UnrealTournament
"C:\GAMES\Counter-Strike 1.6\hl.exe" = C:\GAMES\Counter-Strike 1.6\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\GAMES\Alien Arena 2009\crx.exe" = C:\GAMES\Alien Arena 2009\crx.exe:*:Enabled:crx -- (COR)
"C:\GAMES\OfficialCnCTiberianSun\EA Games\Command & Conquer The First Decade\Command & Conquer(tm) Tiberian Sun(tm)\SUN\Game.exe" = C:\GAMES\OfficialCnCTiberianSun\EA Games\Command & Conquer The First Decade\Command & Conquer(tm) Tiberian Sun(tm)\SUN\Game.exe:*:Enabled:Main executable for Tiberian Sun
"C:\Program Files\EA Games\Command & Conquer The First Decade\Command & Conquer(tm) Tiberian Sun(tm)\SUN\Game.exe" = C:\Program Files\EA Games\Command & Conquer The First Decade\Command & Conquer(tm) Tiberian Sun(tm)\SUN\Game.exe:*:Enabled:Main executable for Tiberian Sun -- (Westwood Studios)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010405-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator 0.8.0
"{084A9731-D05B-4ADA-B4A0-0ADD25FD7152}" = Splinter Cell Pandora Tomorrow
"{10C1A383-5FB9-4868-859C-E64F6822E9C8}" = Sony Ericsson Mobile Phone Monitor
"{15CEC2E1-16AF-11D9-88E4-0004769F25D1}" = Colin McRae Rally 2005
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2B653229-9854-4989-B780-D978F5F13EAB}" = FEAR
"{2F84AD97-6952-4801-A20B-7C8DD1E9A301}" = CapMan
"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3675CF90-85D3-4DC2-85C9-C169BBCD2B2D}" = Sony Ericsson OCS
"{4718EA71-CED3-498D-8FA9-34CB830AF2D8}" = PCMark04
"{5E65E94D-69F2-4850-9E93-6459C53A0F50}" = Microsoft .NET Framework 1.1 Czech Language Pack
"{5E761524-063C-46E4-822A-0166102F3DA3}" = OLYMPUS Viewer 2
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{66F25699-791B-42AA-8ADF-8F9123EAB99F}_is1" = Winamp controlband
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7CC978FD-AE31-419D-A7AB-2A137689AE1F}" = OLYMPUS Digital Camera Updater
"{8C453F13-6877-4D34-8816-009ABDE306DB}" = Prince of Persia The Sands of Time
"{8C48E464-EB9F-43B8-82C5-245EE6B196DF}" = Doom 3
"{90535871-81B9-4D99-8A13-A7EE97F2D7FE}" = WIDCOMM Bluetooth Software
"{909F8EBC-EC7F-48FF-0085-475D818F0F31}" = Need for Speed Underground 2
"{91B323B5-A79C-4D23-BD6D-046C565F9BCF}" = MadOnion.com/3DMark2001 SE
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A57D86AF-DE8E-4B26-972E-A1A28FFF7742}" = FlatOut
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1029-7B44-A70000000000}" = Adobe Reader 7.0 - Czech
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"{D84E40A2-380A-46E9-A750-6F55D398D973}" = ATI Catalyst Control Center
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{ECF6CB25-95A7-403F-89C2-F72E44EFE0CB}" = PC Suite
"{EEF985E8-8B36-4230-B174-117A2381C17F}" = LogMeIn Hamachi
"{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = Rozšíření HighMAT průvodce zápisem na disk CD systému Microsoft Windows XP
"{FF35F637-72B9-43BE-A281-06EB2854393A}" = 3DMark03
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AirAssault2_is1" = Air Assault 2
"Alien Arena 2009_is1" = Alien Arena 2009 7.30
"Alien Wars_is1" = Alien Wars
"All ATI Software" = ATI - Software Uninstall Utility
"Arkanoid 4000" = Arkanoid 4000
"ATI Display Driver" = ATI Display Driver
"avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"Counter-Strike 1.6" = Counter-Strike 1.6
"Creative Live! Cam Vista IM User's Guide English" = Creative Live! Cam Vista IM User's Guide (English)
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative VF0260" = Creative Live! Cam Vista IM Driver (1.01.03.1104)
"Creative WebCam Center" = Creative WebCam Center
"cw2_demo_ger_is1" = Combat Wings - Battle of Britain Demo
"E77704EF5E71F4F18CADFBFA68595AFE036D5D97" = Balíček ovladače systému Windows - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0)
"Filzip 3.0.4.66_is1" = Filzip 3.04
"Free Fire Screensaver" = Free Fire Screensaver
"Frozen-Bubble_is1" = Frozen-Bubble 1.0
"Google Chrome" = Google Chrome
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platforma Ovladače zařízení
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"InstallShield_{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 1.37
"Lingea Lexicon OEM" = Lingea Lexicon OEM
"LogMeIn Hamachi" = LogMeIn Hamachi
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Mad_Race_is1" = Mad Race
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Motocross Madness 2 Trial" = Microsoft Motocross Madness 2 Trial
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSI Live Update 3" = MSI Live Update 3
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Normal Tanks 1.01d" = Normal Tanks 1.01d
"OpenAL" = OpenAL
"Opera 11.52.1100" = Opera 11.52
"Plane Arcade" = Plane Arcade
"Sorades - Die Befreiung" = Sorades - Die Befreiung
"SuDoKu" = SuDoKu 2.0
"SysInfo" = Creative System Information
"Tanks Territory_is1" = Tanks Territory
"Tetris" = Tetris
"Tetris Revolution" = Tetris Revolution
"The Suffering" = The Suffering (remove only)
"Totalcmd" = Total Commander (Remove or Repair)
"ViewpointMediaPlayer" = Viewpoint Media Player
"VirtualCloneDrive" = VirtualCloneDrive
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast Ethernet Adapter
"Winamp" = Winamp (remove only)
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-823518204-1078081533-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"TC07-PRO7" = Rad Challenge 07

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 14.4.2010 10:17:39 | Computer Name = MIREK | Source = avast! | ID = 33554522
Description =

Error - 14.4.2010 10:18:35 | Computer Name = MIREK | Source = avast! | ID = 33554522
Description =

Error - 14.4.2010 10:24:31 | Computer Name = MIREK | Source = avast! | ID = 33554522
Description =

Error - 14.4.2010 10:34:55 | Computer Name = MIREK | Source = avast! | ID = 33554522
Description =

Error - 14.4.2010 10:36:00 | Computer Name = MIREK | Source = avast! | ID = 33554522
Description =

Error - 13.7.2010 18:09:52 | Computer Name = MIREK | Source = avast! | ID = 33554522
Description =

Error - 13.7.2010 18:19:20 | Computer Name = MIREK | Source = avast! | ID = 33554522
Description =

Error - 13.7.2010 18:26:25 | Computer Name = MIREK | Source = avast! | ID = 33554522
Description =

Error - 28.9.2010 15:31:30 | Computer Name = MIREK | Source = avast! | ID = 33554522
Description =

Error - 13.10.2010 17:50:13 | Computer Name = MIREK | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 9.8.2011 15:14:17 | Computer Name = MIREK | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace WINWORD.EXE, verze 9.0.0.2823, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 9.8.2011 15:17:38 | Computer Name = MIREK | Source = Application Hang | ID = 1001
Description = Chybný blok 02065003

Error - 9.8.2011 15:19:08 | Computer Name = MIREK | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace WINWORD.EXE, verze 9.0.0.2823, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 12.8.2011 13:15:02 | Computer Name = MIREK | Source = Application Error | ID = 1000
Description = Chybující aplikace freefi~1.scr, verze 1.1.0.17, chybující modul kernel32.dll,
verze 5.1.2600.5781, adresa chyby 0x00012afb.

Error - 24.8.2011 14:55:52 | Computer Name = MIREK | Source = Application Error | ID = 1000
Description = Chybující aplikace skype.exe, verze 5.3.0.120, chybující modul mshtml.dll,
verze 8.0.6001.19120, adresa chyby 0x000f490f.

Error - 7.9.2011 14:50:50 | Computer Name = MIREK | Source = Application Error | ID = 1000
Description = Chybující aplikace skype.exe, verze 5.3.0.120, chybující modul mshtml.dll,
verze 8.0.6001.19120, adresa chyby 0x000f490f.

Error - 8.9.2011 15:20:28 | Computer Name = MIREK | Source = Application Error | ID = 1000
Description = Chybující aplikace skype.exe, verze 5.3.0.120, chybující modul mshtml.dll,
verze 8.0.6001.19120, adresa chyby 0x000f490f.

Error - 31.10.2011 17:45:47 | Computer Name = MIREK | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace SpybotSD.exe, verze 1.6.2.46, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 31.10.2011 17:45:50 | Computer Name = MIREK | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace SpybotSD.exe, verze 1.6.2.46, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 23.11.2011 20:15:17 | Computer Name = MIREK | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace rundll32.exe, verze 5.1.2600.5512, zablokovaný
modul hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

[ System Events ]
Error - 23.11.2011 18:51:50 | Computer Name = MIREK | Source = Service Control Manager | ID = 7023
Description = Služba Správa aplikací byla ukončena s následující chybou: %%126

Error - 23.11.2011 18:51:50 | Computer Name = MIREK | Source = Service Control Manager | ID = 7023
Description = Služba Správa aplikací byla ukončena s následující chybou: %%126

Error - 23.11.2011 18:51:51 | Computer Name = MIREK | Source = Service Control Manager | ID = 7023
Description = Služba Správa aplikací byla ukončena s následující chybou: %%126

Error - 23.11.2011 18:51:51 | Computer Name = MIREK | Source = Service Control Manager | ID = 7023
Description = Služba Správa aplikací byla ukončena s následující chybou: %%126

Error - 23.11.2011 18:51:51 | Computer Name = MIREK | Source = Service Control Manager | ID = 7023
Description = Služba Správa aplikací byla ukončena s následující chybou: %%126

Error - 23.11.2011 18:51:51 | Computer Name = MIREK | Source = Service Control Manager | ID = 7023
Description = Služba Správa aplikací byla ukončena s následující chybou: %%126

Error - 23.11.2011 18:51:51 | Computer Name = MIREK | Source = Service Control Manager | ID = 7023
Description = Služba Správa aplikací byla ukončena s následující chybou: %%126

Error - 24.11.2011 16:10:58 | Computer Name = MIREK | Source = Service Control Manager | ID = 7011
Description = Vypršel časový limit (30000 milisekund) čekání na odezvu transakce
služby Dnscache.

Error - 24.11.2011 17:29:27 | Computer Name = MIREK | Source = Service Control Manager | ID = 7009
Description = Vypršel časový limit (30000 milisekund) čekání na připojení služby
Služba Google Update (gupdate).

Error - 24.11.2011 17:29:27 | Computer Name = MIREK | Source = Service Control Manager | ID = 7000
Description = Služba Služba Google Update (gupdate) neuspěla při spuštění v důsledku
následující chyby: %%1053

< End of report >

Miroslav Chvatil

OTL logfile created on: 24.11.2011 21:44:20 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\user\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

511.48 Mb Total Physical Memory | 134.98 Mb Available Physical Memory | 26.39% Memory free
1.22 Gb Paging File | 0.69 Gb Available in Paging File | 56.66% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 2.06 Gb Free Space | 2.77% Space Free | Partition Type: NTFS

Computer Name: MIREK | User Name: user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - [2011.11.24 21:41:22 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Plocha\OTL.exe
PRC - [2011.10.25 18:43:33 | 000,947,056 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2011.09.06 20:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011.09.06 20:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011.05.25 16:29:54 | 001,951,112 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\Hamachi\hamachi-2-ui.exe
PRC - [2011.05.25 16:29:48 | 001,336,712 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\Hamachi\hamachi-2.exe
PRC - [2008.04.14 03:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.01.02 15:41:22 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2004.11.30 12:25:22 | 000,163,840 | ---- | M] (Broadcom Corporation) -- C:\Program Files\MSI\BToes Bluetooth Software\bin\btwdins.exe

========== Modules (No Company Name) ==========

MOD - [2011.11.24 21:30:46 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011.11.24 08:26:53 | 001,618,432 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11112400\algo.dll
MOD - [2011.11.21 19:46:14 | 000,241,528 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11112400\aswRep.dll
MOD - [2011.10.13 23:03:44 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_4338697d\mscorlib.dll
MOD - [2011.10.13 23:03:40 | 000,835,584 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_939fbae6\system.drawing.dll
MOD - [2011.10.13 23:03:28 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_1fc810d9\system.xml.dll
MOD - [2011.10.13 23:03:20 | 003,018,752 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_ae33bc40\system.windows.forms.dll
MOD - [2011.10.13 23:03:05 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_8fffd321\system.dll
MOD - [2011.10.13 23:02:48 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2011.10.13 23:02:47 | 001,265,664 | ---- | M] () -- c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll
MOD - [2008.04.14 03:21:47 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2005.10.06 12:51:04 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2005.10.06 12:51:04 | 000,372,736 | ---- | M] () -- c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll
MOD - [2005.10.06 12:51:04 | 000,323,584 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll
MOD - [2005.10.06 12:51:03 | 000,466,944 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2005.10.06 12:51:02 | 002,052,096 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2005.10.06 12:43:02 | 000,229,376 | ---- | M] () -- c:\windows\assembly\gac\mscorlib.resources\1.0.5000.0_cs_b77a5c561934e089\mscorlib.resources.dll
MOD - [2005.10.06 12:43:02 | 000,180,224 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms.resources\1.0.5000.0_cs_b77a5c561934e089\system.windows.forms.resources.dll
MOD - [2004.09.08 11:45:58 | 000,368,128 | ---- | M] () -- C:\Program Files\Filzip\fzshext.dll
MOD - [2001.10.28 15:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011.09.06 20:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011.05.25 16:29:48 | 001,336,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2004.11.30 12:25:22 | 000,163,840 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\MSI\BToes Bluetooth Software\bin\btwdins.exe -- (btwdins)

========== Driver Services (SafeList) ==========

DRV - [2011.09.06 20:38:05 | 000,442,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011.09.06 20:37:53 | 000,320,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011.09.06 20:36:38 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011.09.06 20:36:36 | 000,052,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011.09.06 20:36:23 | 000,110,552 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011.09.06 20:36:12 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011.09.06 20:33:11 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009.03.18 16:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2006.11.04 06:45:48 | 000,178,913 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\V0260Vid.sys -- (V0260VID)
DRV - [2006.05.03 16:50:42 | 001,540,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005.12.06 16:37:57 | 000,223,128 | ---- | M] (DT Soft Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\dtscsi.sys -- (dtscsi)
DRV - [2005.12.06 16:25:33 | 000,664,064 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2005.11.20 23:08:08 | 000,013,824 | R--- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\screamingbdriver.sys -- (SCREAMINGBDRIVER)
DRV - [2005.07.26 11:39:22 | 000,066,048 | ---- | M] (Kerio Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\kvpndrv.sys -- (kvpndev)
DRV - [2005.04.12 08:41:20 | 000,004,608 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyDelay.sys -- (ElbyDelay)
DRV - [2004.11.30 12:14:28 | 000,017,024 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2004.11.30 12:13:28 | 000,023,271 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btserial.sys -- (BTSERIAL)
DRV - [2004.11.30 12:13:24 | 000,222,876 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btslbcsp.sys -- (BTSLBCSP)
DRV - [2004.11.30 12:13:16 | 000,148,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2004.11.30 12:12:14 | 001,241,818 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2004.11.30 12:10:14 | 000,030,299 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2004.11.30 12:09:50 | 000,055,288 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2004.08.09 11:33:26 | 000,114,016 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prohlp02.sys -- (prohlp02)
DRV - [2004.08.09 11:29:28 | 000,053,920 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\prodrv06.sys -- (prodrv06)
DRV - [2004.07.19 14:49:54 | 000,007,040 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\prosync1.sys -- (prosync1)
DRV - [2004.06.21 08:53:20 | 000,626,204 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004.02.24 03:08:52 | 000,400,384 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2003.12.01 15:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp01.sys -- (sfhlp01)
DRV - [2003.07.02 02:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys -- (viaagp1)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-823518204-1078081533-1417001333-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\S-1-5-21-823518204-1078081533-1417001333-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-823518204-1078081533-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-823518204-1078081533-1417001333-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy:3128

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2105: C:\Program Files\K-Lite Codec Pack\real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1212: C:\Program Files\K-Lite Codec Pack\real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll File not found

========== Chrome ==========

CHR - default_search_provider: Web Search (Enabled)
CHR - default_search_provider: search_url = http://www.searchqu.com//web?src=crb&ap ... earchTerms}
CHR - default_search_provider: suggest_url =
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\14.0.835.202\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\K-Lite Codec Pack\real\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\K-Lite Codec Pack\real\browser\plugins\nprpjplug.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\14.0.835.202\pdf.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: avast! WebRep = C:\Documents and Settings\user\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1289_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\user\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8312_0\

O1 HOSTS File: ([2011.10.31 22:39:12 | 000,437,838 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15061 more lines...
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-823518204-1078081533-1417001333-1004\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-823518204-1078081533-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-823518204-1078081533-1417001333-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\NPJPI150_04.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\BToes Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupda ... 8599692176 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftup ... 8600195864 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_04)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0EFA115B-17FD-4958-AA5C-EACA09801575}: DhcpNameServer = 81.31.3.134 0.0.0.0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0EFA115B-17FD-4958-AA5C-EACA09801575}: Domain = marconi.cx
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\widimg {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\BTXPPanel.dll (Broadcom Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 () - file:///C:/exploze.jpg
O24 - Desktop Components:1 () - http://www.auto.cz/plakaty/2003/37/6aud ... c0e34a.jpg
O24 - Desktop Components:2 () - http://imgs.idnes.cz/ak_aktual/A040213_ ... SH03_N.JPG
O24 - Desktop Components:3 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\user\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\user\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.10.06 10:40:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{68fa6b22-8576-11df-890b-00110992516b}\Shell - "" = AutoRun
O33 - MountPoints2\{68fa6b22-8576-11df-890b-00110992516b}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{68fa6b25-8576-11df-890b-00110992516b}\Shell - "" = AutoRun
O33 - MountPoints2\{68fa6b25-8576-11df-890b-00110992516b}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{d174b110-627a-11da-828f-00110992516b}\Shell - "" = AutoRun
O33 - MountPoints2\{d174b110-627a-11da-828f-00110992516b}\Shell\AutoRun\command - "" = E:\Launch.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Hamachi2Svc - C:\Program Files\Hamachi\hamachi-2.exe (LogMeIn Inc.)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.3iv2 - C:\WINDOWS\System32\3ivxVfWCodec.dll (3ivx.com)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\divx.dll (DivXNetworks, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.VP31 - C:\WINDOWS\System32\vp31vfw.dll (On2.com)
Drivers32: VIDC.VP60 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP61 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP62 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP70 - C:\WINDOWS\System32\vp7vfw.dll (On2.com)
Drivers32: VIDC.wmv3 - C:\WINDOWS\System32\WMV9VCM.dll (Microsoft Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 7 Days ==========

File not found -- C:\Documents and Settings\user\Plocha\CADG4NX9.
[2011.11.24 21:41:22 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\user\Plocha\OTL.exe
[2008.11.08 03:56:47 | 000,040,448 | ---- | C] (ProPro Group, Inc) -- C:\Program Files\screensaver spirale.scr
[2008.02.24 14:10:49 | 001,491,592 | ---- | C] (Adobe Systems Incorporated) -- C:\Program Files\install_flash_player.exe
[1999.04.07 21:39:18 | 000,099,840 | ---- | C] (Symantec Corp.) -- C:\Program Files\Common Files\IRAABOUT.DLL
[1998.12.09 06:53:54 | 000,186,368 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAREG.DLL
[1998.12.09 06:53:54 | 000,070,144 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAMDMTR.DLL
[1998.12.09 06:53:54 | 000,048,640 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRALPTTR.DLL
[1998.12.09 06:53:54 | 000,031,744 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAWEBTR.DLL
[1998.12.09 06:53:54 | 000,017,920 | ---- | C] (Symantec Corp.) -- C:\Program Files\Common Files\IRASRIAL.DLL
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\Documents and Settings\user\Plocha\*.tmp files -> C:\Documents and Settings\user\Plocha\*.tmp -> ]
[14 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 7 Days ==========

File not found -- C:\Documents and Settings\user\Plocha\CADG4NX9.
[2011.11.24 21:47:46 | 000,000,464 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{2B0AD0AB-7C79-4F6A-A35F-C0775BC71E06}.job
[2011.11.24 21:47:08 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2011.11.24 21:41:22 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\user\Plocha\OTL.exe
[2011.11.24 21:34:52 | 000,000,041 | ---- | M] () -- C:\WINDOWS\Filzip.ini
[2011.11.24 21:30:48 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011.11.24 21:30:07 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.11.24 21:28:13 | 000,000,932 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011.11.24 21:27:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.11.24 21:27:19 | 536,399,872 | -HS- | M] () -- C:\hiberfil.sys
[2011.11.24 21:21:01 | 000,000,936 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011.11.24 20:32:56 | 000,001,943 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011.11.23 22:41:41 | 000,232,448 | ---- | M] () -- C:\Documents and Settings\user\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.11.23 22:41:41 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\Documents and Settings\user\Plocha\*.tmp files -> C:\Documents and Settings\user\Plocha\*.tmp -> ]
[14 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.11.24 21:47:08 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2011.08.24 19:37:24 | 000,000,040 | ---- | C] () -- C:\Documents and Settings\user\Data aplikací\cdr.ini
[2011.08.24 19:25:31 | 000,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2010.02.07 23:13:31 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2009.01.25 23:55:29 | 000,151,653 | ---- | C] () -- C:\Program Files\geiss_423 vizualizace.exe
[2008.07.13 13:40:37 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008.02.24 13:40:38 | 006,668,456 | ---- | C] () -- C:\Program Files\Opera_9.26_International_Setup.exe
[2007.11.05 13:33:27 | 000,000,736 | ---- | C] () -- C:\WINDOWS\Irodio.INI
[2007.08.24 13:09:13 | 000,089,503 | ---- | C] () -- C:\Program Files\killbox.zip
[2007.08.23 12:14:18 | 000,318,369 | ---- | C] () -- C:\Program Files\HiJackThis.zip
[2007.08.18 18:13:47 | 019,727,416 | ---- | C] () -- C:\Program Files\setupczeAVAST.exe
[2007.05.13 22:56:30 | 000,000,231 | ---- | C] () -- C:\WINDOWS\cncscore.ini
[2007.03.13 14:53:26 | 000,379,294 | ---- | C] () -- C:\WINDOWS\System32\prfh0405.dat
[2007.03.13 14:53:26 | 000,061,958 | ---- | C] () -- C:\WINDOWS\System32\prfc0405.dat
[2007.01.28 01:15:17 | 001,424,077 | ---- | C] () -- C:\Program Files\screensaver-freefire.exe
[2006.10.30 00:21:13 | 000,000,092 | ---- | C] () -- C:\WINDOWS\galaxy.ini
[2006.10.14 14:38:30 | 000,232,448 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006.10.12 21:44:40 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2006.10.12 21:29:35 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006.04.28 20:05:14 | 000,127,614 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006.02.06 16:12:30 | 000,000,287 | ---- | C] () -- C:\WINDOWS\game.ini
[2006.02.06 14:49:09 | 000,001,187 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2006.02.01 00:12:30 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2006.01.31 23:54:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\LiveBilliardsDemo.INI
[2006.01.31 23:17:03 | 000,000,515 | ---- | C] () -- C:\Documents and Settings\user\Data aplikací\enigmarc.lua
[2006.01.31 22:48:29 | 000,087,040 | ---- | C] () -- C:\WINDOWS\UnGins.exe
[2006.01.31 22:40:47 | 000,000,050 | ---- | C] () -- C:\WINDOWS\mscpt.dat
[2006.01.28 23:34:22 | 000,252,928 | ---- | C] () -- C:\WINDOWS\System32\astrolib32.dll
[2005.12.26 16:06:12 | 000,000,400 | ---- | C] () -- C:\WINDOWS\T602.INI
[2005.12.26 11:11:29 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005.12.06 16:25:33 | 000,096,384 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd5917.sys
[2005.12.01 16:00:20 | 000,000,315 | ---- | C] () -- C:\WINDOWS\doom3.ini
[2005.11.17 19:56:28 | 000,000,041 | ---- | C] () -- C:\WINDOWS\System32\Filzip.ini
[2005.11.16 15:36:20 | 000,000,301 | ---- | C] () -- C:\WINDOWS\LEXICON.INI
[2005.11.16 15:22:52 | 000,000,122 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2005.11.16 15:22:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2005.11.15 21:55:20 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\imon1.dat
[2005.11.15 21:26:21 | 000,000,390 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005.10.23 20:50:44 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.user.ini
[2005.10.17 18:02:19 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2005.10.17 18:02:19 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2005.10.11 12:05:31 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2005.10.11 08:04:17 | 000,006,702 | ---- | C] () -- C:\WINDOWS\System32\drivers\FlashSys.sys
[2005.10.07 14:41:28 | 000,001,624 | ---- | C] () -- C:\WINDOWS\WINCMD.INI
[2005.10.07 12:54:59 | 000,000,041 | ---- | C] () -- C:\WINDOWS\Filzip.ini
[2005.10.06 12:50:17 | 000,000,124 | ---- | C] () -- C:\Documents and Settings\user\Local Settings\Data aplikací\fusioncache.dat
[2005.10.06 12:30:19 | 000,004,249 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005.10.06 12:29:12 | 000,122,136 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005.10.06 11:17:56 | 000,000,264 | ---- | C] () -- C:\WINDOWS\System32\winsusrm.dll
[2005.10.06 11:12:37 | 000,001,065 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2005.10.06 11:08:45 | 000,225,280 | ---- | C] () -- C:\WINDOWS\System32\qtmlClient.dll
[2005.10.06 11:08:39 | 000,421,888 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2005.10.06 11:08:38 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005.10.06 11:08:38 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005.10.06 11:08:38 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2005.10.06 11:08:37 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2005.10.06 10:56:44 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2005.10.06 10:42:49 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005.10.06 10:37:30 | 000,021,812 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005.06.17 09:41:14 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2005.02.05 20:46:00 | 000,004,608 | ---- | C] () -- C:\WINDOWS\fgexec.dll
[2004.11.30 12:21:14 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2004.08.18 12:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004.08.18 12:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004.08.18 12:00:00 | 000,380,350 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004.08.18 12:00:00 | 000,379,622 | ---- | C] () -- C:\WINDOWS\System32\perfh005.dat
[2004.08.18 12:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004.08.18 12:00:00 | 000,269,162 | ---- | C] () -- C:\WINDOWS\System32\perfi005.dat
[2004.08.18 12:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004.08.18 12:00:00 | 000,062,070 | ---- | C] () -- C:\WINDOWS\System32\perfc005.dat
[2004.08.18 12:00:00 | 000,052,764 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004.08.18 12:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004.08.18 12:00:00 | 000,032,072 | ---- | C] () -- C:\WINDOWS\System32\perfd005.dat
[2004.08.18 12:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004.08.18 12:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004.08.18 12:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004.08.18 12:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004.08.18 12:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004.04.02 07:26:22 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\PDFSpooler.exe
[2002.11.06 17:42:06 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\SDL_gfx.dll
[2002.10.13 12:25:14 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\MesaGlut.dll
[2002.10.13 12:23:36 | 000,363,008 | ---- | C] () -- C:\WINDOWS\System32\MesaGLU.dll
[2002.10.13 12:21:50 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\osmesa.dll
[2002.10.13 12:21:44 | 001,417,216 | ---- | C] () -- C:\WINDOWS\System32\MesaGL.dll
[2002.10.07 04:49:26 | 000,225,280 | ---- | C] () -- C:\WINDOWS\System32\SDL.dll
[2002.05.20 07:12:50 | 000,258,048 | ---- | C] () -- C:\WINDOWS\System32\SDL_mixer.dll
[2002.04.13 12:01:10 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\SDL_ttf.dll
[2002.04.13 12:01:02 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\SDL_net.dll
[2002.04.13 12:00:48 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\SDL_image.dll
[2002.02.07 12:43:38 | 000,319,488 | ---- | C] () -- C:\WINDOWS\System32\sdl_sound.dll
[2001.12.03 20:59:00 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\in_flac.dll
[2001.11.14 11:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2001.10.28 15:42:30 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2001.08.13 01:00:54 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\vorbisfile.dll
[2001.08.13 01:00:36 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2001.08.13 00:59:58 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2001.04.05 14:24:14 | 000,169,443 | ---- | C] () -- C:\WINDOWS\System32\jpeg.dll
[2001.04.05 14:24:14 | 000,094,720 | ---- | C] () -- C:\WINDOWS\System32\libpng1.dll
[2001.04.05 14:24:14 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2001.04.04 20:33:50 | 000,209,920 | ---- | C] () -- C:\WINDOWS\System32\smpeg.dll
[1999.01.22 22:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== LOP Check ==========

[2011.04.02 20:17:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\AVAST Software
[2011.09.07 18:46:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\boost_interprocess
[2007.01.28 01:16:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Laconic Software
[2009.05.09 23:27:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Normal_Tanks1.01
[2010.10.08 20:16:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Soluto
[2007.06.03 15:26:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Viewpoint
[2011.08.25 21:37:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Data aplikací\FreeAudioPack
[2011.05.17 19:26:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Data aplikací\IrfanView
[2006.02.06 15:24:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Data aplikací\Kerio
[2006.08.28 20:45:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Data aplikací\MyTraveler
[2007.01.27 13:34:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Data aplikací\OpenArena
[2008.02.24 14:03:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Data aplikací\Opera
[2005.10.06 11:09:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Data aplikací\PDFCreator
[2007.12.25 03:33:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Data aplikací\RegistrySmart
[2006.01.28 16:08:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Data aplikací\Sachy
[2008.08.04 00:39:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Data aplikací\Sahmon Games
[2005.12.18 16:26:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Data aplikací\Screaming Bee
[2011.09.18 21:16:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Data aplikací\searchquband
[2006.08.28 20:43:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Data aplikací\TravelerSafe+
[2007.06.03 15:27:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Data aplikací\Viewpoint
[2011.11.24 21:47:46 | 000,000,464 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{2B0AD0AB-7C79-4F6A-A35F-C0775BC71E06}.job
[2005.11.29 16:31:18 | 000,000,298 | ---- | M] () -- C:\WINDOWS\Tasks\XoftSpy.job

========== Purity Check ==========

========== Custom Scans ==========

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"CTFMON.EXE" = C:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 03:22:17 | 000,015,360 | ---- | M] (Microsoft Corporation)
"Skype" = "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized -- [2011.10.13 09:27:14 | 017,351,304 | R--- | M] (Skype Technologies S.A.)

< MD5 for: ATAPI.SYS >
[2004.08.18 12:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.09.18 15:16:21 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.09.18 15:16:21 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 18:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 18:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.18 12:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2008.04.14 03:22:10 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\ServicePackFiles\i386\autochk.exe
[2008.04.14 03:22:10 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\system32\autochk.exe
[2004.08.18 12:00:00 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=CEA8636EC12F062C1ED8A7CB4E75324F -- C:\WINDOWS\$NtServicePackUninstall$\autochk.exe

< MD5 for: CDROM.SYS >
[2004.08.18 12:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2008.09.18 15:16:21 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008.09.18 15:16:21 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008.04.13 18:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008.04.13 18:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2004.08.18 12:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys

< MD5 for: CSRSS.EXE >
[2004.08.18 12:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=490E6E57E54FAF5F23F658EA188405A1 -- C:\WINDOWS\$NtServicePackUninstall$\csrss.exe
[2008.04.14 03:22:17 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=628CE66E3FD35BFC7969DBAC245DC069 -- C:\WINDOWS\ServicePackFiles\i386\csrss.exe
[2008.04.14 03:22:17 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=628CE66E3FD35BFC7969DBAC245DC069 -- C:\WINDOWS\system32\csrss.exe

< MD5 for: EXPLORER.EXE >
[2008.04.14 03:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 03:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004.08.18 12:00:00 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[2007.06.13 13:11:59 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=9B32416BD5988C97B6397CE0B02CAF97 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007.06.13 13:23:39 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=ED7B460B142A32097B8A8F6ECC941815 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: LSASS.EXE >
[2004.08.18 12:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
[2008.04.14 03:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[2008.04.14 03:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\lsass.exe

< MD5 for: NDIS.SYS >
[2008.04.13 19:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008.04.13 19:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2004.08.18 12:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

< MD5 for: NTFS.SYS >
[2007.02.09 11:23:36 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=05AB81909514BFD69CBB1F2C147CF6B9 -- C:\WINDOWS\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[2007.02.09 11:10:35 | 000,574,464 | ---- | M] (Microsoft Corporation) MD5=19A811EF5F1ED5C926A028CE107FF1AF -- C:\WINDOWS\$NtServicePackUninstall$\ntfs.sys
[2008.04.13 19:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\ServicePackFiles\i386\ntfs.sys
[2008.04.13 19:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\system32\drivers\ntfs.sys
[2004.08.18 12:00:00 | 000,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\WINDOWS\$NtUninstallKB930916$\ntfs.sys

< MD5 for: SCECLI.DLL >
[2004.08.18 12:00:00 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008.04.14 03:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 03:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SERVICES.EXE >
[2009.02.09 11:18:56 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=3D107D45CCFDB266E91D84B52CD7F430 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2004.08.18 12:00:00 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=6E401E61F952FBBF708AFBECEFAFAE81 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe
[2009.02.09 11:25:57 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=9EF697AF07BB8DD82C3B02CA953A95B7 -- C:\WINDOWS\system32\dllcache\services.exe
[2009.02.09 11:25:57 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=9EF697AF07BB8DD82C3B02CA953A95B7 -- C:\WINDOWS\system32\services.exe
[2008.04.14 03:22:45 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=F0D2AE69035092BF22DAD6B50FAB85C2 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2008.04.14 03:22:45 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=F0D2AE69035092BF22DAD6B50FAB85C2 -- C:\WINDOWS\ServicePackFiles\i386\services.exe

< MD5 for: SMSS.EXE >
[2004.08.18 12:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\$NtServicePackUninstall$\smss.exe
[2008.04.14 03:22:47 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\ServicePackFiles\i386\smss.exe
[2008.04.14 03:22:47 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\smss.exe

< MD5 for: SPOOLSV.EXE >
[2004.08.18 12:00:00 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=21B6FAA88044A41640E03EBB68BE93E8 -- C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
[2010.08.17 13:19:36 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=258DD5D4283FD9F9A7166BE9AE45CE73 -- C:\WINDOWS\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[2010.08.17 13:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\system32\dllcache\spoolsv.exe
[2010.08.17 13:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\system32\spoolsv.exe
[2005.06.11 00:17:13 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=AD3D9D191AEA7B5445FE1D82FFBB4788 -- C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[2008.04.14 03:22:48 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=CB1090BCA0E7B40D0B5B4E4D66531809 -- C:\WINDOWS\$NtUninstallKB2347290$\spoolsv.exe
[2008.04.14 03:22:48 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=CB1090BCA0E7B40D0B5B4E4D66531809 -- C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
[2005.06.10 23:53:32 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=DA81EC57ACD4CDC3D4C51CF3D409AF9F -- C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe

< MD5 for: SVCHOST.EXE >
[2008.04.14 03:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008.04.14 03:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe
[2004.08.18 12:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: TCPIP.SYS >
[2006.04.20 11:51:50 | 000,359,808 | ---- | M] (Microsoft Corporation) MD5=1DBF125862891817F374F407626967F4 -- C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
[2008.06.20 10:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2005.05.25 19:07:12 | 000,359,936 | ---- | M] (Microsoft Corporation) MD5=63FDFEA54EB53DE2D863EE454937CE1E -- C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[2007.10.30 16:53:32 | 000,360,832 | ---- | M] (Microsoft Corporation) MD5=64798ECFA43D78C7178375FCDD16D8C8 -- C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[2008.06.20 10:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[2005.05.25 19:04:02 | 000,359,808 | ---- | M] (Microsoft Corporation) MD5=88763A98A4C26C409741B4AA162720C9 -- C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
[2007.10.30 17:20:55 | 000,360,064 | ---- | M] (Microsoft Corporation) MD5=90CAFF4B094573449A0872A0F919B178 -- C:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys
[2008.04.13 19:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.04.13 19:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008.06.20 11:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[2008.06.20 11:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 11:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2004.08.18 12:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtUninstallKB893066$\tcpip.sys
[2008.06.20 11:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[2008.06.20 11:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[2006.04.20 12:18:35 | 000,360,576 | ---- | M] (Microsoft Corporation) MD5=B2220C618B42A2212A59D91EBD6FC4B4 -- C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.04.14 03:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 03:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe
[2004.08.18 12:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004.08.18 12:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 03:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 03:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe

< C:\windows\system32\spool\prtprocs|dll;true;true;true /FP >
[1998.12.12 04:29:52 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\OLFPNT40.DLL

< %systemroot%\system32\drivers\*.sys /5 >

< %systemroot%\system32\drivers\*.sys /X >
[2008.04.14 03:21:36 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll
[2008.04.14 03:21:36 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll
[2008.04.14 03:21:36 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll
[2008.04.14 03:21:36 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll
[2008.04.14 03:21:36 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll
[2008.04.14 03:21:36 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll
[2008.04.14 03:21:36 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll
[2006.05.03 16:10:35 | 000,040,960 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2erec.dll
[2006.02.08 20:44:05 | 001,114,674 | ---- | M] () -- C:\WINDOWS\system32\drivers\ativcaxx.cpa
[2006.02.08 20:44:05 | 000,000,929 | ---- | M] () -- C:\WINDOWS\system32\drivers\ativcaxx.vp
[2005.10.14 14:10:12 | 000,058,560 | ---- | M] () -- C:\WINDOWS\system32\drivers\ativckxx.vp
[2004.07.17 10:36:24 | 000,064,352 | ---- | M] () -- C:\WINDOWS\system32\drivers\ativmc20.cod
[2006.05.03 17:09:33 | 000,028,080 | ---- | M] () -- C:\WINDOWS\system32\drivers\ativvpxx.vp
[2008.04.14 03:21:37 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll
[2008.04.14 03:21:37 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll
[2008.04.14 03:21:37 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll
[2008.04.14 03:21:37 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll
[2008.04.14 03:21:37 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll
[2008.04.14 03:21:38 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2004.07.17 21:55:24 | 000,129,045 | ---- | M] () -- C:\WINDOWS\system32\drivers\cxthsfs2.cty
[2004.08.30 10:55:26 | 000,000,434 | R--- | M] () -- C:\WINDOWS\system32\drivers\DriverLanguageMap.xml
[2004.08.18 12:00:00 | 003,440,660 | ---- | M] () -- C:\WINDOWS\system32\drivers\gm.dls
[2004.08.18 12:00:00 | 000,000,646 | ---- | M] () -- C:\WINDOWS\system32\drivers\gmreadme.txt
[2004.07.17 10:35:00 | 000,067,866 | ---- | M] () -- C:\WINDOWS\system32\drivers\netwlan5.img
[2008.04.14 03:21:55 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll
[2004.08.30 10:55:28 | 000,009,712 | R--- | M] () -- C:\WINDOWS\system32\drivers\v800bus.cat
[2004.08.30 10:55:28 | 000,007,178 | R--- | M] () -- C:\WINDOWS\system32\drivers\v800bus.inf
[2004.08.30 10:55:30 | 000,023,915 | R--- | M] () -- C:\WINDOWS\system32\drivers\v800comm.vxd
[2004.08.30 10:55:32 | 000,013,082 | R--- | M] () -- C:\WINDOWS\system32\drivers\v800mdm.cat
[2004.08.30 10:55:32 | 000,013,592 | R--- | M] () -- C:\WINDOWS\system32\drivers\v800mdm2.inf
[2004.08.30 10:55:32 | 000,018,787 | R--- | M] () -- C:\WINDOWS\system32\drivers\v800mdmv.inf
[2004.08.30 10:55:32 | 000,004,992 | R--- | M] () -- C:\WINDOWS\system32\drivers\v800mdmw.inf
[2004.08.30 10:55:34 | 000,012,657 | R--- | M] () -- C:\WINDOWS\system32\drivers\v800mgmt.cat
[2004.08.30 10:55:34 | 000,012,657 | R--- | M] () -- C:\WINDOWS\system32\drivers\v800obex.cat
[2004.08.30 10:55:36 | 000,004,869 | R--- | M] () -- C:\WINDOWS\system32\drivers\v800obx2.inf
[2004.08.30 10:55:36 | 000,011,074 | R--- | M] () -- C:\WINDOWS\system32\drivers\v800obxv.inf
[2004.08.30 10:55:36 | 000,004,805 | R--- | M] () -- C:\WINDOWS\system32\drivers\v800obxw.inf
[2004.08.30 10:55:36 | 000,004,970 | R--- | M] () -- C:\WINDOWS\system32\drivers\v800sdm2.inf
[2004.08.30 10:55:38 | 000,011,088 | R--- | M] () -- C:\WINDOWS\system32\drivers\v800sdmv.inf
[2004.08.30 10:55:38 | 000,004,870 | R--- | M] () -- C:\WINDOWS\system32\drivers\v800sdmw.inf
[2004.08.30 10:55:38 | 000,013,280 | R--- | M] () -- C:\WINDOWS\system32\drivers\v800vcd.vxd
[2004.08.30 10:55:38 | 000,030,634 | R--- | M] () -- C:\WINDOWS\system32\drivers\v800vcr.vxd
[2008.04.14 03:22:04 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2005.12.06 16:25:33 | 000,664,064 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys
[2008.09.19 01:41:29 | 000,096,384 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd5917.sys

< %systemroot%\system32\*.* /5 >
[2011.11.24 21:30:48 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
[2011.11.24 21:30:07 | 000,013,646 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
[7 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.dll /lockedfiles >
[7 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\config\*.sav >
[2005.10.06 12:27:59 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005.10.06 12:27:59 | 000,638,976 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005.10.06 12:27:58 | 000,450,560 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\*.* /U /s >
[14 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\5f2e4a582e1005e1c41168befca21fcc\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\5f2e4a582e1005e1c41168befca21fcc\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\dc5785e9c8b3c9af476ade166b57dd6e\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\dc5785e9c8b3c9af476ade166b57dd6e\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\f1172ec065789780f3e853c2a63ff94c\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\f1172ec065789780f3e853c2a63ff94c\*.tmp -> ]
[7 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
[1 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\*.tmp files -> C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\*.tmp -> ]
[4 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\PDFCreator\user\*.tmp files -> C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\PDFCreator\user\*.tmp -> ]
[7 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> ]

< %systemroot%\*. /mp /s >

< %ALLUSERSPROFILE%\Data Aplikací\*.* >
[2005.10.06 12:29:52 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Data Aplikací\desktop.ini

< %ALLUSERSPROFILE%\Data Aplikací\*.exe /s >
[2006.10.29 09:31:26 | 000,086,016 | ---- | M] () -- C:\Documents and Settings\All Users\Data Aplikací\Kodak\AvailableUpdates\1948-2007-1-14-19-54-49-484\KSUBR.exe
[2006.10.29 09:31:27 | 001,150,976 | ---- | M] (Eastman Kodak Company) -- C:\Documents and Settings\All Users\Data Aplikací\Kodak\AvailableUpdates\1948-2007-1-14-19-54-49-484\setup.exe
[2007.01.14 18:07:13 | 000,077,824 | ---- | M] (Eastman Kodak Company) -- C:\Documents and Settings\All Users\Data Aplikací\Kodak\AvailableUpdates\1948-2007-1-14-19-54-49-484\ess\bindbins\bindbins.exe
[2010.10.08 20:12:56 | 000,928,816 | ---- | M] (Soluto Inc) -- C:\Documents and Settings\All Users\Data Aplikací\Soluto\Installer\SolutoInstaller.exe
[2010.10.08 20:18:43 | 002,959,376 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Data Aplikací\Soluto\Installer\Prerequisites\dotNetFx35setup.exe

< %ALLUSERSPROFILE%\Dáta aplikácií\*.* >

< %ALLUSERSPROFILE%\Dáta aplikácií\*.exe /s >

< %APPDATA%\*. >
[2008.03.17 00:41:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Data aplikací\Adobe
[2005.11.13 15:44:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Data aplikací\AdobeUM
[2006.01.16 19:48:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Data aplikací\Ahead
[2006.10.12 21:47:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Data aplikací\ATI
[2007.01.14 15:46:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Data aplikací\Creative
[2005.12.01 15:05:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Data aplikací\CyberLink
[2011.08.25 21:37:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Data aplikací\FreeAudioPack
[2006.10.29 16:47:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Data aplikací\Google
[2006.01.20 17:25:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Data aplikací\Help
[2005.10.06 10:45:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Data aplikací\Identities
[2011.05.17 19:26:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Data aplikací\IrfanView
[2006.02.06 15:24:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Data aplikací\Kerio
[2005.10.06 11:15:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Data aplikací\Lavasoft
[2005.11.09 21:05:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Data aplikací\Macromedia
[2005.11.01 20:51:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Data aplikací\Media Player Classic
[2007.02.26 00:23:20 | 000,000,000 | --SD | M] -- C:\Documents and Settings\user\Data aplikací\Microsoft
[2005.11.16 15:19:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Data aplikací\Microsoft Web Folders
[2006.08.28 20:45:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Data aplikací\MyTraveler
[2007.01.27 13:34:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Data aplikací\OpenArena
[2008.02.24 14:03:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Data aplikací\Opera
[2005.10.06 11:09:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Data aplikací\PDFCreator
[2005.10.11 07:44:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Data aplikací\Real
[2007.12.25 03:33:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Data aplikací\RegistrySmart
[2006.01.28 16:08:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Data aplikací\Sachy
[2008.08.04 00:39:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Data aplikací\Sahmon Games
[2005.12.18 16:26:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Data aplikací\Screaming Bee
[2011.09.18 21:16:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Data aplikací\searchquband
[2011.11.24 21:55:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Data aplikací\Skype
[2011.07.11 20:43:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Data aplikací\skypePM
[2005.11.03 18:46:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Data aplikací\Sun
[2006.08.28 20:43:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Data aplikací\TravelerSafe+
[2007.06.03 15:27:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\user\Data aplikací\Viewpoint

< %APPDATA%\*.* >
[2011.08.24 19:37:24 | 000,000,040 | ---- | M] () -- C:\Documents and Settings\user\Data aplikací\cdr.ini
[2005.10.06 12:29:52 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\user\Data aplikací\desktop.ini
[2006.01.31 23:17:48 | 000,000,515 | ---- | M] () -- C:\Documents and Settings\user\Data aplikací\enigmarc.lua

< %APPDATA%\*.exe /s >
[2005.12.06 16:03:05 | 000,061,440 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\user\Data aplikací\Microsoft\Installer\{A57D86AF-DE8E-4B26-972E-A1A28FFF7742}\ARPPRODUCTICON.exe
[2005.12.06 16:03:05 | 000,061,440 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\user\Data aplikací\Microsoft\Installer\{A57D86AF-DE8E-4B26-972E-A1A28FFF7742}\flatout.exe1_853599CE1B5C4FEFB643B8F48F508EDC.exe
[2005.12.06 16:03:05 | 000,061,440 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\user\Data aplikací\Microsoft\Installer\{A57D86AF-DE8E-4B26-972E-A1A28FFF7742}\flatout.exe_853599CE1B5C4FEFB643B8F48F508EDC.exe
[2005.12.06 16:03:05 | 000,015,086 | R--- | M] () -- C:\Documents and Settings\user\Data aplikací\Microsoft\Installer\{A57D86AF-DE8E-4B26-972E-A1A28FFF7742}\NewShortcut4_3BC0D3BA5555412880F7D5DC0C3956DC.exe
[2005.12.06 16:03:05 | 000,008,854 | R--- | M] () -- C:\Documents and Settings\user\Data aplikací\Microsoft\Installer\{A57D86AF-DE8E-4B26-972E-A1A28FFF7742}\Uninstall_FlatOut_3BC0D3BA5555412880F7D5DC0C3956DC.exe
[2005.02.14 23:49:54 | 002,338,816 | ---- | M] (Kingston) -- C:\Documents and Settings\user\Data aplikací\MyTraveler\MyTraveler.exe
[2005.02.14 23:49:54 | 001,069,056 | ---- | M] (Kingston) -- C:\Documents and Settings\user\Data aplikací\TravelerSafe+\TravelerSafe+.exe

< %SYSTEMDRIVE%\*.exe >

< *crack* /s >
[2011.10.06 19:08:05 | 000,000,319 | ---- | M] () -- \Documents and Settings\user\Local Settings\Data aplikací\Opera\Opera\icons\http%3A%2F%2Fi.crackedcdn.com%2Ffavicon.png
[2011.07.14 20:27:43 | 000,000,068 | ---- | M] () -- \Documents and Settings\user\Local Settings\Data aplikací\Opera\Opera\icons\www.cracked.com.idx
[2008.11.28 21:54:46 | 000,210,483 | ---- | M] () -- \GAMES\Alien Arena 2009\data1\textures\arena8\crackedrock1.tga
[2008.11.28 21:54:06 | 000,210,483 | ---- | M] () -- \GAMES\Alien Arena 2009\data1\textures\arena8\crackedrock1_hm.tga
[2008.11.28 21:54:24 | 000,210,483 | ---- | M] () -- \GAMES\Alien Arena 2009\data1\textures\arena8\crackedrock1_nm.tga
[2008.12.09 22:35:28 | 000,210,483 | ---- | M] () -- \GAMES\Alien Arena 2009\data1\textures\arena8\crackedrock2.tga
[2008.12.09 22:35:58 | 000,210,483 | ---- | M] () -- \GAMES\Alien Arena 2009\data1\textures\arena8\crackedrock2_hm.tga
[2008.12.09 22:35:44 | 000,210,483 | ---- | M] () -- \GAMES\Alien Arena 2009\data1\textures\arena8\crackedrock2_nm.tga
[2009.04.14 23:10:12 | 000,210,483 | ---- | M] () -- \GAMES\Alien Arena 2009\data1\textures\arena8\crackedrock3.tga
[2009.02.22 22:41:34 | 000,210,483 | ---- | M] () -- \GAMES\Alien Arena 2009\data1\textures\arena8\crackedrock4.tga
[2005.01.06 19:58:44 | 000,000,579 | ---- | M] () -- \GAMES\Colin McRae Rally 2005\instal crack.txt
[2005.03.24 09:31:44 | 003,351,224 | ---- | M] () -- \GAMES\Flatout\FlatOut v1.1 Crack.rar
[2005.03.24 09:37:35 | 003,861,319 | ---- | M] () -- \GAMES\Flatout\FlatOut.NOCD.CRACK-RELOADED.rar
[2010.01.19 18:17:50 | 005,024,195 | ---- | M] () -- \MP3\Old Grandad - the.-last-.upper-1999\[1999] the last upper\11 Daly City Crackhouse.mp3

< *keygen* /s >

< *loader* /s >
[2007.12.30 19:13:08 | 000,000,740 | ---- | M] () -- \Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy\Recovery\ZlobDownloadervcd.zip
[2007.12.30 19:13:09 | 000,000,773 | ---- | M] () -- \Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy\Recovery\ZlobDownloadervcd1.zip
[2010.12.16 23:08:43 | 000,015,808 | ---- | M] () -- \Documents and Settings\user\Local Settings\Data aplikací\Opera\Opera\widgets\fastesttube-youtube-video-downloader-1.1-1.oex
[2011.07.05 14:06:28 | 000,004,178 | ---- | M] () -- \Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\CSR4CFXR\ajax-loader[1].gif
[2011.07.15 09:31:41 | 000,000,336 | ---- | M] () -- \Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\CSR4CFXR\startupLoginLoader[1].htm
[2003.09.15 13:02:00 | 000,169,384 | ---- | M] () -- \GAMES\Counter-Strike 1.6\cstrike\models\qloader.mdl
[2003.09.15 12:55:50 | 000,352,548 | ---- | M] () -- \GAMES\Counter-Strike 1.6\valve\models\loader.mdl
[2003.09.15 12:56:04 | 000,012,764 | ---- | M] () -- \GAMES\Counter-Strike 1.6\valve\sound\ambience\loader_hydra1.wav
[2003.09.15 12:56:04 | 000,012,164 | ---- | M] () -- \GAMES\Counter-Strike 1.6\valve\sound\ambience\loader_step1.wav
[2008.02.05 14:28:54 | 000,017,815 | ---- | M] () -- \GAMES\The Suffering\html\TheSuffering_RuntimeLoader.gif
[2004.08.18 12:00:00 | 000,035,840 | ---- | M] () -- \WINDOWS\$NtServicePackUninstall$\dmloader.dll
[2008.04.14 03:21:39 | 000,035,840 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\dmloader.dll
[2008.04.13 18:31:47 | 000,230,912 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\osloader.exe
[2008.04.13 18:31:48 | 000,278,528 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\osloader.ntd
[2008.04.14 03:21:39 | 000,035,840 | ---- | M] () -- \WINDOWS\system32\dmloader.dll
[7 \WINDOWS\system32\*.tmp files -> \WINDOWS\system32\*.tmp -> ]
[2004.09.08 21:35:18 | 000,009,622 | ---- | M] () -- \WINDOWS\system32\Macromed\Shockwave 10\shockwave_Projector_Loader.dcr

< *minodlogin* /s >

< *tnod* /s >

< *AutoKMS* /s >

< *activator* /s >

< *serial* /s >
[2005.02.16 22:54:14 | 000,024,501 | ---- | M] () -- \GAMES\jagdgeschwader_final\serializebg.jpg
[2008.01.26 22:08:55 | 005,743,444 | ---- | M] () -- \GAMES\jagdgeschwader_final\data\scenarios\darkdesert\serialization.dat
[2008.01.26 22:09:04 | 004,845,032 | ---- | M] () -- \GAMES\jagdgeschwader_final\data\scenarios\lushvalley\serialization.dat
[2008.01.26 22:09:12 | 004,938,636 | ---- | M] () -- \GAMES\jagdgeschwader_final\data\scenarios\pgd\serialization.dat
[2008.01.26 22:09:21 | 004,928,472 | ---- | M] () -- \GAMES\jagdgeschwader_final\data\scenarios\winter\serialization.dat
[2004.08.18 12:00:00 | 000,064,640 | ---- | M] () -- \WINDOWS\$NtServicePackUninstall$\serial.sys
[2005.10.06 12:43:02 | 000,011,776 | ---- | M] () -- \WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap.resources\1.0.5000.0_cs_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2005.10.06 12:51:02 | 000,131,072 | ---- | M] () -- \WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2004.07.15 12:31:54 | 000,131,072 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Serialization.Formatters.Soap.dll
[2003.04.07 17:24:52 | 000,011,776 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v1.1.4322\cs\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2008.04.14 02:17:25 | 000,028,416 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\grserial.sys
[2008.04.14 02:21:08 | 000,064,256 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\serial.sys
[2004.08.18 12:00:00 | 000,053,520 | ---- | M] () -- \WINDOWS\system32\dpserial.dll
[2004.08.18 12:00:00 | 000,014,336 | ---- | M] () -- \WINDOWS\system32\serialui.dll
[7 \WINDOWS\system32\*.tmp files -> \WINDOWS\system32\*.tmp -> ]
[2004.08.18 12:00:00 | 000,053,520 | ---- | M] () -- \WINDOWS\system32\dllcache\dpserial.dll
[2004.08.18 12:00:00 | 000,014,336 | ---- | M] () -- \WINDOWS\system32\dllcache\serialui.dll
[2004.11.30 12:13:28 | 000,023,271 | ---- | M] () -- \WINDOWS\system32\drivers\btserial.sys
[2008.04.14 02:21:08 | 000,064,256 | ---- | M] () -- \WINDOWS\system32\drivers\serial.sys

< *w7lxe* /s >

< *legalizator* /s >

< *registration* /s >
[2007.01.14 15:29:58 | 000,000,893 | ---- | M] () -- \Documents and Settings\All Users\Nabídka Start\Programy\Creative\Product Registration\Product Registration Details.lnk
[2005.12.01 15:28:25 | 000,000,733 | ---- | M] () -- \Documents and Settings\All Users\Nabídka Start\Programy\EA GAMES\Need for Speed Underground 2\Electronic Registration.lnk
[2005.09.23 18:37:42 | 000,006,918 | ---- | M] () -- \Program Files\Activision\Call of Duty 2\Docs\TechHelp\Tech Help\Information\Electronic_Registration.htm
[2002.07.18 16:27:08 | 000,024,632 | ---- | M] () -- \Program Files\Creative\Product Registration\English\App_Registration.bmp
[2002.07.18 16:29:38 | 000,055,352 | ---- | M] () -- \Program Files\Creative\Product Registration\English\App_Registration48.bmp
[14 \WINDOWS\*.tmp files -> \WINDOWS\*.tmp -> ]

< *Office 2010* /s >

< *AutoRearm* /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-11-14 00:10:41

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager" /v BootExecute /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\SESSION MANAGER
BOOTEXECUTE REG_MULTI_SZ autocheck autochk *\0\0

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager" /v "PendingFileRenameOperations" /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\SESSION MANAGER

< type c:\boot.ini >> test.txt /c >
[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2011.11.24 21:47:08 | 000,000,512 | ---- | M] () MD5=65DF2E3D447BCADB13E5534C1301D797 -- C:\PhysicalMBR.bin

========== Alternate Data Streams ==========

@Alternate Data Stream - 36 bytes -> \GAMES\Flatout\FlatOut.NOCD.CRACK-RELOADED.rar:KAVICHS
@Alternate Data Stream - 36 bytes -> \GAMES\Flatout\FlatOut v1.1 Crack.rar:KAVICHS

< End of report >

Díky

#6 Příspěvek od **Mc_Murphy** » 25 lis 2011 07:48

Děkovat zatím není vůbec za co, ještě nemáme hotovo.

Skype i Hamachi by mělo jít odebrat někde v samotných nastaveních. U Skype to je, když si otevřeš Nastavení >> Obecné nastavení >> odškrtni fajfku u Spustit Skype při startu Windows. U Hamachi by to mělo být tak nějak podobně. Vyzkoušej a dej mi vědět, jak jsi dopadl.

Proxy by vadit neměla, ale standardně nastavena nebývá, takže proto se pro jistotu ptám. Je celkem možné, že to někdo zapnul kvůli herním serverům nebo tak.

Jinak jsem rád, že ikonky jsou v pořádku a tapeta také.

Ano, OTL patří mezi mé oblíbené prográmky, zjistí toho opravdu hodně, což potřebuji, abych takhle na dálku dokázal uživateli opravdu účinně pomoci.

Jinak na cracky a podobné si dávej pozor, protože jsou skoro vždy nositely všemožné havěti a to se samozřejmě nebavíme o porušování autorských práv a zákonů ČR!

Tak jdeme na dočištění.

Znovu spusť OTL.

Pokud používáš Win Vista či Win7, klikni na OTL pravým myšítkem a dej Run As Administrator či Spustit jako správce.
Pokud používáš 64bitový OS, zkontroluj, zda-li je zaškrtnutý čtvereček Pro 64 bitové OS. Pokud ne, zaškrtni jej.
Do spodního okénka Vlastní skenování/opravy vlož tento skript:

Kód: Vybrat vše

:OTL
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
CHR - default_search_provider: search_url = http://www.searchqu.com//web?src=crb&ap ... 10&sr=0&q={searchTerms}
CHR - default_search_provider: suggest_url =
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-823518204-1078081533-1417001333-1004\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
File not found -- C:\Documents and Settings\user\Plocha\CADG4NX9.
[14 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\5f2e4a582e1005e1c41168befca21fcc\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\5f2e4a582e1005e1c41168befca21fcc\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\dc5785e9c8b3c9af476ade166b57dd6e\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\dc5785e9c8b3c9af476ade166b57dd6e\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\f1172ec065789780f3e853c2a63ff94c\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\f1172ec065789780f3e853c2a63ff94c\*.tmp -> ]
[7 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
[1 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\*.tmp files -> C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\*.tmp -> ]
[4 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\PDFCreator\user\*.tmp files -> C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\PDFCreator\user\*.tmp -> ]
[7 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> ]
@Alternate Data Stream - 36 bytes -> \GAMES\Flatout\FlatOut.NOCD.CRACK-RELOADED.rar:KAVICHS
@Alternate Data Stream - 36 bytes -> \GAMES\Flatout\FlatOut v1.1 Crack.rar:KAVICHS

:Services
gupdate
gupdatem

:Files
C:\WINDOWS\tasks\User_Feed_Synchronization-{2B0AD0AB-7C79-4F6A-A35F-C0775BC71E06}.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\Tasks\XoftSpy.job
C:\Documents and Settings\user\Data aplikací\searchquband
C:\Documents and Settings\user\Local Settings\Data aplikací\Opera\Opera\icons\http%3A%2F%2Fi.crackedcdn.com%2Ffavicon.png /d
C:\Documents and Settings\user\Local Settings\Data aplikací\Opera\Opera\icons\www.cracked.com.idx /d
C:\GAMES\Colin McRae Rally 2005\instal crack.txt /d
C:\GAMES\Flatout\FlatOut v1.1 Crack.rar /d
C:\GAMES\Flatout\FlatOut.NOCD.CRACK-RELOADED.rar /d
C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp /s

:Commands
[emptytemp]
[emptyflash]
[resethosts]
[purity]
[clearallrestorepoints]

Klikni na tlačítko [Opravit].
Po dokončení skenu se objeví log, ten mi sem vlož.
Pokud se log nevejde do jednoho příspěvku, rozděl jej na více částí.

A až provedeš OTL, proveď pro jistotu preventivní scan s MBAM.

Stáhni a nainstaluj Malwarebytes' Anti-Malware (zkráceně MBAM) podle návodu z tohoto topicu.

Proveď aktualizaci virové databáze.
V záložce Kontrolor zvol Úplná kontrola a zaškrtni všechny pevné disky, které máš na počítači.
Předem nic nemaž!!
MBAM mívá občas falešné detekce, proto vlož jeho log do příspěvku a počkej na posouzení!

Miroslav Chvatil

Ahoj,

omlouvám se, na víkend jsem byl pryč.

Tak k věci: Skype je out, snad si zvyknu ho nahazovat, i Hamachi snad odstaveno.

Log po opravě v OTL:

All processes killed
========== OTL ==========
Service AppMgmt stopped successfully!
Service AppMgmt deleted successfully!
Unable to fix default_search_provider items.
Unable to fix default_search_provider items.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-823518204-1078081533-1417001333-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
C:\WINDOWS\002770_.tmp deleted successfully.
C:\WINDOWS\msdownld.tmp folder deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
C:\WINDOWS\_ds10.tmp deleted successfully.
C:\WINDOWS\_ds11.tmp deleted successfully.
C:\WINDOWS\_ds2.tmp deleted successfully.
C:\WINDOWS\_ds3.tmp deleted successfully.
C:\WINDOWS\_ds3D3.tmp deleted successfully.
C:\WINDOWS\_ds4.tmp deleted successfully.
C:\WINDOWS\_ds5.tmp deleted successfully.
C:\WINDOWS\_ds6.tmp deleted successfully.
C:\WINDOWS\_ds7.tmp deleted successfully.
C:\WINDOWS\SoftwareDistribution\Download\5f2e4a582e1005e1c41168befca21fcc\BIT9.tmp deleted successfully.
C:\WINDOWS\SoftwareDistribution\Download\dc5785e9c8b3c9af476ade166b57dd6e\BIT1.tmp deleted successfully.
C:\WINDOWS\SoftwareDistribution\Download\f1172ec065789780f3e853c2a63ff94c\BIT2.tmp deleted successfully.
C:\WINDOWS\system32\CONFIG.TMP deleted successfully.
C:\WINDOWS\system32\SETA09.tmp deleted successfully.
C:\WINDOWS\system32\SETA15.tmp deleted successfully.
C:\WINDOWS\system32\SETA1E.tmp deleted successfully.
C:\WINDOWS\system32\SETA1F.tmp deleted successfully.
C:\WINDOWS\system32\SETA20.tmp deleted successfully.
C:\WINDOWS\system32\SETA23.tmp deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\CR_48028.tmp\setup.exe deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\CR_48028.tmp\SETUP_PATCH.PACKED.7Z deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\CR_48028.tmp folder deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\PDFCreator\user\~PS19.tmp deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\PDFCreator\user\~PS1908.tmp deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\PDFCreator\user\~PS2.tmp deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\PDFCreator\user\~PS48.tmp deleted successfully.
C:\WINDOWS\Temp\CR_59634.tmp\SETUP_PATCH.PACKED.7Z deleted successfully.
C:\WINDOWS\Temp\CR_59634.tmp folder deleted successfully.
C:\WINDOWS\Temp\scsDC3.tmp deleted successfully.
C:\WINDOWS\Temp\sig2.tmp deleted successfully.
C:\WINDOWS\Temp\sig3.tmp deleted successfully.
C:\WINDOWS\Temp\sig5.tmp deleted successfully.
C:\WINDOWS\Temp\sigA.tmp deleted successfully.
C:\WINDOWS\Temp\sigB.tmp deleted successfully.
C:\WINDOWS\Temp\sigBF30.tmp deleted successfully.
ADS \GAMES\Flatout\FlatOut.NOCD.CRACK-RELOADED.rar:KAVICHS deleted successfully.
ADS \GAMES\Flatout\FlatOut v1.1 Crack.rar:KAVICHS deleted successfully.
========== SERVICES/DRIVERS ==========
Service gupdate stopped successfully!
Service gupdate deleted successfully!
Service gupdatem stopped successfully!
Service gupdatem deleted successfully!
========== FILES ==========
C:\WINDOWS\tasks\User_Feed_Synchronization-{2B0AD0AB-7C79-4F6A-A35F-C0775BC71E06}.job moved successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\WINDOWS\Tasks\XoftSpy.job moved successfully.
C:\Documents and Settings\user\Data aplikací\searchquband folder moved successfully.
C:\Documents and Settings\user\Local Settings\Data aplikací\Opera\Opera\icons\http%3A%2F%2Fi.crackedcdn.com%2Ffavicon.png deleted successfully.
C:\Documents and Settings\user\Local Settings\Data aplikací\Opera\Opera\icons\www.cracked.com.idx deleted successfully.
C:\GAMES\Colin McRae Rally 2005\instal crack.txt deleted successfully.
C:\GAMES\Flatout\FlatOut v1.1 Crack.rar deleted successfully.
C:\GAMES\Flatout\FlatOut.NOCD.CRACK-RELOADED.rar deleted successfully.
C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy\Snapshots2 folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy\Recovery folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy\Logs folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy folder moved successfully.
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
File/Folder C:\WINDOWS\*.tmp not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: user
->Temp folder emptied: 140893245 bytes
->Temporary Internet Files folder emptied: 31341168 bytes
->Java cache emptied: 927301 bytes
->Google Chrome cache emptied: 94757394 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 5698 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4681559 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 269 bytes

Total Files Cleaned = 260.00 mb

[EMPTYFLASH]

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: user
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.31.0 log created on 11272011_215642

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\_avast_\Webshlock.txt not found!

Registry entries deleted on Reboot...

==================================================================

a tady ještě MBAM:

Malwarebytes' Anti-Malware
www.malwarebytes.org

Verze databáze:

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

27.11.2011 23:37:10
mbam-log-2011-11-27 (23-36-24).txt

Typ: Úplná kontrola (C:\|)
Kontrolované objekty: 273924
Uplynulý čas: 57 minut, 31 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 4
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 3
Infikované soubory: 8

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{FAAD2038-C371-473D-86F1-5B11D39C3775} (Rogue.Multiple) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\RegistrySmart (Rogue.RegistrySmart) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\RegistrySmart (Rogue.RegistrySmart) -> No action taken.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_FMTR (Rogue.Multiple) -> No action taken.

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
c:\documents and settings\user\data aplikací\registrysmart (Rogue.RegistrySmart) -> No action taken.
c:\documents and settings\user\data aplikací\registrysmart\Log (Rogue.RegistrySmart) -> No action taken.
c:\documents and settings\user\data aplikací\registrysmart\registry backups (Rogue.RegistrySmart) -> No action taken.

Infikované soubory:
c:\documents and settings\user\data aplikací\registrysmart\Errors.stg (Rogue.RegistrySmart) -> No action taken.
c:\documents and settings\user\data aplikací\registrysmart\Results.stg (Rogue.RegistrySmart) -> No action taken.
c:\documents and settings\user\data aplikací\registrysmart\registry backups\2007-05-03_13-36-43.reg (Rogue.RegistrySmart) -> No action taken.
c:\documents and settings\user\data aplikací\registrysmart\registry backups\2007-05-03_13-37-29.reg (Rogue.RegistrySmart) -> No action taken.
c:\documents and settings\user\data aplikací\registrysmart\registry backups\2007-05-03_13-41-15.reg (Rogue.RegistrySmart) -> No action taken.
c:\documents and settings\user\data aplikací\registrysmart\registry backups\2007-11-03_03-31-08.reg (Rogue.RegistrySmart) -> No action taken.
c:\documents and settings\user\data aplikací\registrysmart\registry backups\2007-11-17_03-30-55.reg (Rogue.RegistrySmart) -> No action taken.
c:\documents and settings\user\data aplikací\registrysmart\registry backups\2007-12-25_03-33-09.reg (Rogue.RegistrySmart) -> No action taken.

===============

Děkuji za ochotu.

#8 Příspěvek od **Mc_Murphy** » 28 lis 2011 06:51

Vůbec nevadí, každý máme přece i svůj osobní život.

Super, OTL nám provedlo, co mělo.

Co se týče Skype, tak pokud Tě to bude vyloženě zdržovat, nebo budeš zapomínat, tak si ho zase zaškrtni pro spouštění po startu systému. Když tam bude jen jeden, tak to zas tak moc nevadí. Já toho nejsem příznivec, raději si potřebné prográmky spouštím sám.

No, MBAM nám našel nějaký bordýlek a všechno vypadá, že je z prográmku RegistrySmart. Vidím ho zde: C:\Documents and Settings\user\Data aplikací\RegistrySmart
Takže všechny nálezy MBAMu dej smazat/opravit a tento prográmek bych - pokud to jde - odinstaloval, případně smaž celou jeho složku. Když Ti to nepůjde, napiš a já to odpálím.
Každopádně na čištění a údržbu registrů používej pouze program CCleaner, který Ti ještě doporučím až budeme na konci.

Po dalších provedených krocích se zeptám: A jak je na tom náš pacient?

Miroslav Chvatil

Ahoj,

jo ten Skype si asi nahodím zpátky, jsem na to zvyklej a to se blbě odvyká...

RegistrySmart jsem nechal úspěšně opravit-smáznout a MBAM odinstalil. No problem. Ještě odinstalim HJT a Killbox.

CCleaner mám, ale jak jsem psal dřív, předtím mi moc nepomoh. Asi toho bylo moc nebo jsem to blbě nastavil, nevím.

Náš pacient je na tom teď mnohem líp, cítím, že se mu líp dejchá a mnohem rychlejc se probouzí

Můžeš prosím ještě poradit s tím CCleanerem?

#10 Příspěvek od **Mc_Murphy** » 29 lis 2011 06:44

Super, skvělá spolupráce!

Takhle, CCleaner je nejen podle mě nejlepší produkt na čištění a údržbu windowsovských registrů. A ještě je zdarma. On neumí PC odvirovat, či rozpoznat, co je špatné například v oblasti toolbarů. Ale na údržbu registrů, které jsou v pořádku, je bezkonkurenční. Sám ho používám na obou svých starších počítačích a nemohu si ho vynachválit. Jen ho nekombinuj s jinými, to by nemuselo dobře dopadnout. CCleaner je pro běžnou potřebu naprosto dostačující.

Skype si tedy klidně nahoď zpět, zase v tom nastavení. Když to bude jen tohle, tak to zas toliko nevadí.

HJT i KillBox Ti uklidím já, pomocí našich utilit, takže pohoda.

Ano, MBAM odinstalovat, správná volba.

Takže se asi vrhneme na to dočištění, co?

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

Stáhni a spusť.
Pro potvrzení volby mačkej A, Enter.
Po použití utilitu smaž.
Antiviry mohou tuto utilitu chybně označit jako vir - jedná se o falešný poplach - takže v pohodě stáhni (případně vypni při stahování antivir).

OTC http://oldtimer.geekstogo.com/OTC.exe

Stáhni a spusť.
Klikni na CleanUp a potvrď YES.
Program uklidí a může (nemusí) restartovat PC.

TFC http://oldtimer.geekstogo.com/TFC.exe

Stáhni a spusť.
Klikni na Start a potvrď OK.
Program uklidí a může (nemusí) restartovat PC.
Po použití utilitu smaž.

Pokud nemáš, stáhni CCleaner z tohoto odkazu.

Panel čistič
Vše nech jak je, jen dej Analyzovat a poté Spustit CCleaner.

Panel registry
Klikni na Hledej problémy.
Následně na Opravit problémy - zálohu registrů doporučuji udělat, oprav všechny problémy.
Postup opakuj, dokud nebude bez problémů - většinou cca 3x.

Panel nástroje
Zde můžeš odinstalovat nepotřebné programy.

CCleaner doporučuji používat cca jednou za týden.

... a pokud nejsou žádné dotazy, bylo by to z mé strany vše.

Miroslav Chvatil

Mc Murphy, za skvělou spolupráci děkuju já.

Vše proběhlo, jak mělo

Taky dík za doporučení na použití CC, budu ho používat.

Když se něco v budoucnu vyskytne, s důvěrou se opět obrátím na fórum profíků

Posílám příspěvek na podporu fóra.

Good luck,
M.

#12 Příspěvek od **Mc_Murphy** » 30 lis 2011 07:09

Super, to jsem moc rád, že vše šlape.

Klidně se na nás kdykoliv obrať, jsme tu od toho.

Za finanční podporu našeho fóra jménem celého týmu upřímně děkuji!

Jinak tedy není vůbec zač a rádo se stalo.

Přeji pěkný den.

VIRY.CZ

Nakažený pomalý PC, zkreslený ikonky Win a tapeta. Log HJT

Nakažený pomalý PC, zkreslený ikonky Win a tapeta. Log HJT

Re: Nakažený pomalý PC, zkreslený ikonky Win a tapeta. Log H

Re: Nakažený pomalý PC, zkreslený ikonky Win a tapeta. Log H

Re: Nakažený pomalý PC, zkreslený ikonky Win a tapeta. Log H

Re: Nakažený pomalý PC, zkreslený ikonky Win a tapeta. Log H

Re: Nakažený pomalý PC, zkreslený ikonky Win a tapeta. Log H

Re: Nakažený pomalý PC, zkreslený ikonky Win a tapeta. Log H

Re: Nakažený pomalý PC, zkreslený ikonky Win a tapeta. Log H

Re: Nakažený pomalý PC, zkreslený ikonky Win a tapeta. Log H

Re: Nakažený pomalý PC, zkreslený ikonky Win a tapeta. Log H

Re: Nakažený pomalý PC, zkreslený ikonky Win a tapeta. Log H

Re: Nakažený pomalý PC, zkreslený ikonky Win a tapeta. Log H