Poprosim o kontrolu logu RSIT

Zpráva

Hornet · #1 Příspěvek od **Hornet** » 19 kvě 2012 03:37

Logfile of random's system information tool 1.09 (written by random/random)
Run by Doma at 2012-05-19 04:30:44
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 70 GB (70%) free of 100 GB
Total RAM: 3071 MB (83% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:30:45, on 19. 5. 2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
D:\hamachi-2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\WINDOWS\system32\svchost.exe
E:\Media Server\MediaServer.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
E:\servis\RSIT.exe
C:\Program Files\trend micro\Doma.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eu.ask.com/?l=dis&o=15768
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedi ... &gc=1&q=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
R3 - URLSearchHook: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\prxtbTog2.dll
R3 - URLSearchHook: TO-Engine Toolbar - {3b419ee1-1fa8-47b9-9aec-6b60ac2e3fca} - C:\Program Files\Torrents-Search-Engine\tbTor2.dll
R3 - URLSearchHook: ToggleEN Toolbar - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files\PHPNukeEN\prxtbPHP2.dll
R3 - URLSearchHook: MovieBario Toolbar - {58beca16-cae6-4b7a-a0e8-153d0cbba63a} - C:\Program Files\Utubebario\prxtbUtu0.dll
R3 - URLSearchHook: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll (file missing)
R3 - URLSearchHook: Musicbario Toolbar - {4924fded-cb88-443f-9d2d-75bf1043dccc} - C:\Program Files\Musicbario\prxtbMus0.dll (file missing)
R3 - URLSearchHook: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
R3 - URLSearchHook: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\prxtbXfi0.dll
R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz2.dll
R3 - URLSearchHook: TVersitybar Toolbar - {66bd2442-241b-44cd-8c7a-b51037053cdb} - C:\Program Files\TVersitybar\prxtbTVe0.dll
O2 - BHO: ToggleEN - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\prxtbTog2.dll
O2 - BHO: Podpora odkazu pre aplikáciu Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: TO-Engine Toolbar - {3b419ee1-1fa8-47b9-9aec-6b60ac2e3fca} - C:\Program Files\Torrents-Search-Engine\tbTor2.dll
O2 - BHO: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll (file missing)
O2 - BHO: Musicbario - {4924fded-cb88-443f-9d2d-75bf1043dccc} - C:\Program Files\Musicbario\prxtbMus0.dll (file missing)
O2 - BHO: MovieBario - {58beca16-cae6-4b7a-a0e8-153d0cbba63a} - C:\Program Files\Utubebario\prxtbUtu0.dll
O2 - BHO: RewardsArcade - {597A9974-8CB0-4f41-B61F-ED065738A397} - C:\Program Files\RewardsArcade\RewardsArcade.dll
O2 - BHO: XfireXO - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\prxtbXfi0.dll
O2 - BHO: TVersitybar - {66bd2442-241b-44cd-8c7a-b51037053cdb} - C:\Program Files\TVersitybar\prxtbTVe0.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Vuze Remote - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz2.dll
O2 - BHO: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll
O2 - BHO: ToggleEN - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files\PHPNukeEN\prxtbPHP2.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\prxtbTog2.dll
O3 - Toolbar: TO-Engine Toolbar - {3b419ee1-1fa8-47b9-9aec-6b60ac2e3fca} - C:\Program Files\Torrents-Search-Engine\tbTor2.dll
O3 - Toolbar: ToggleEN Toolbar - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files\PHPNukeEN\prxtbPHP2.dll
O3 - Toolbar: MovieBario Toolbar - {58beca16-cae6-4b7a-a0e8-153d0cbba63a} - C:\Program Files\Utubebario\prxtbUtu0.dll
O3 - Toolbar: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll (file missing)
O3 - Toolbar: Musicbario Toolbar - {4924fded-cb88-443f-9d2d-75bf1043dccc} - C:\Program Files\Musicbario\prxtbMus0.dll (file missing)
O3 - Toolbar: uTorrentBar Toolbar - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll
O3 - Toolbar: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files\XfireXO\prxtbXfi0.dll
O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz2.dll
O3 - Toolbar: TVersitybar Toolbar - {66bd2442-241b-44cd-8c7a-b51037053cdb} - C:\Program Files\TVersitybar\prxtbTVe0.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\Doma\Data aplikací\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\Doma\Data aplikací\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (file missing)
O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (file missing)
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - D:\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: TVersity Media Server (TVersityMediaServer) - Unknown owner - E:\Media Server\MediaServer.exe

--
End of file - 11587 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Norton Security Scan for Doma.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Doma\Data aplikací\Mozilla\Firefox\Profiles\k1plvtzz.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://eu.ask.com/?l=dis&o=15768"
prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23, {20a82645-c095-46ed-80e3-08825760534b}:1.1, {dd02a4eb-4afd-4d60-99d8-e67f964ca813}:2.5.6.0, {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778, {A79D8B60-1FF0-47F0-8E79-8CDE1FECB0FD}:1.0.0, foxyproxy-basic@eric.h.jung:1.8.5, {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.11.0.9874, {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26, {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.6, crossriderapp498@crossrider.com:0.76.37, jqs@sun.com:1.0, {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31, bkmrksync@nokia.com:1.0.0.746, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.15"
prefs.js - "keyword.URL" - "http://websearch.ask.com/redirect?clien ... YYYYSK&&q="

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"crossriderapp498@crossrider.com"=C:\Documents and Settings\Doma\Local Settings\Data aplikací\RewardsArcade\498\Firefox
"fe_3.6@nokia.com"=C:\Program Files\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_3.6
"bkmrksync@nokia.com"=C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\WINDOWS\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=E:\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.3.1]
"Description"=
"Path"=C:\WINDOWS\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.3.1]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3]
"Description"=Office Live Update v1.3
"Path"=C:\Program Files\Microsoft\Office Live\npOLW.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@virtools.com/3DviaPlayer]
"Description"=3Dvia Player For Mozilla Based Broswer
"Path"=C:\Program Files\Virtools\3D Life Player\npvirtools.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1]
"Description"=Yahoo! activeX Plug-in Bridge
"Path"=C:\Program Files\Yahoo!\Common\npyaxmpb.dll

C:\Program Files\Mozilla Firefox\extensions\
adapter@babylontc.com
ocr@babylon.com
{038cb5c7-48ea-4af9-94e0-a1646542e62b}
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{AB2CE124-6272-4b12-94A9-7303C7397BD1}
{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
{dd02a4eb-4afd-4d60-99d8-e67f964ca813}

C:\Program Files\Mozilla Firefox\components\
AskSearch.js
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
components.list
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsINIProcessor.js
nsIQTScriptablePlugin.xpt
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js

C:\Program Files\Mozilla Firefox\plugins\
npnul32.dll
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
QuickTimePlugin.class

C:\Program Files\Mozilla Firefox\searchplugins\
atlas-sk.xml
azet-sk.xml
babylon.xml
dunaj-sk.xml
eBay.xml
google.xml
slovnik-sk.xml
wikipedia-sk.xml
zoznam-sk.xml

C:\Documents and Settings\Doma\Data aplikací\Mozilla\Firefox\Profiles\k1plvtzz.default\extensions\
battlefieldheroespatcher@ea.com
engine@conduit.com
ffxtlbr@babylon.com
foxyproxy-basic@eric.h.jung
toolbar@ask.com
{20a82645-c095-46ed-80e3-08825760534b}
{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}
{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
{66bd2442-241b-44cd-8c7a-b51037053cdb}
{A79D8B60-1FF0-47F0-8E79-8CDE1FECB0FD}
{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
{ba14329e-9550-4989-b3f2-9732e92d17cc}
{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}

C:\Documents and Settings\Doma\Data aplikací\Mozilla\Firefox\Profiles\k1plvtzz.default\searchplugins\
askcom.xml
conduit.xml
metacrawler.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
ToggleEN Toolbar - C:\Program Files\ToggleEN\prxtbTog2.dll [2011-01-17 175912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pre aplikáciu Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3b419ee1-1fa8-47b9-9aec-6b60ac2e3fca}]
TO-Engine Toolbar - C:\Program Files\Torrents-Search-Engine\tbTor2.dll [2010-10-18 3908192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
Softonic-Eng7 Toolbar - C:\Program Files\Softonic-Eng7\tbSoft.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4924fded-cb88-443f-9d2d-75bf1043dccc}]
Musicbario Toolbar - C:\Program Files\Musicbario\prxtbMus0.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{58beca16-cae6-4b7a-a0e8-153d0cbba63a}]
MovieBario Toolbar - C:\Program Files\Utubebario\prxtbUtu0.dll [2011-05-09 176936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{597A9974-8CB0-4f41-B61F-ED065738A397}]
RewardsArcade - C:\Program Files\RewardsArcade\RewardsArcade.dll [2011-11-03 528216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}]
XfireXO Toolbar - C:\Program Files\XfireXO\prxtbXfi0.dll [2011-05-09 176936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{66bd2442-241b-44cd-8c7a-b51037053cdb}]
TVersitybar Toolbar - C:\Program Files\TVersitybar\prxtbTVe0.dll [2011-05-09 176936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-04-09 3991200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
Vuze Remote Toolbar - C:\Program Files\Vuze_Remote\prxtbVuz2.dll [2011-05-09 176936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
uTorrentBar Toolbar - C:\Program Files\uTorrentBar\tbuTor.dll [2010-12-09 3911776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2011-11-17 1515688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll [2012-01-10 59272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}]
ToggleEN Toolbar - C:\Program Files\PHPNukeEN\prxtbPHP2.dll [2011-01-17 175912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2012-03-09 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{038cb5c7-48ea-4af9-94e0-a1646542e62b} - ToggleEN Toolbar - C:\Program Files\ToggleEN\prxtbTog2.dll [2011-01-17 175912]
{3b419ee1-1fa8-47b9-9aec-6b60ac2e3fca} - TO-Engine Toolbar - C:\Program Files\Torrents-Search-Engine\tbTor2.dll [2010-10-18 3908192]
{dd02a4eb-4afd-4d60-99d8-e67f964ca813} - ToggleEN Toolbar - C:\Program Files\PHPNukeEN\prxtbPHP2.dll [2011-01-17 175912]
{58beca16-cae6-4b7a-a0e8-153d0cbba63a} - MovieBario Toolbar - C:\Program Files\Utubebario\prxtbUtu0.dll [2011-05-09 176936]
{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - Softonic-Eng7 Toolbar - C:\Program Files\Softonic-Eng7\tbSoft.dll []
{4924fded-cb88-443f-9d2d-75bf1043dccc} - Musicbario Toolbar - C:\Program Files\Musicbario\prxtbMus0.dll []
{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - uTorrentBar Toolbar - C:\Program Files\uTorrentBar\tbuTor.dll [2010-12-09 3911776]
{5e5ab302-7f65-44cd-8211-c1d4caaccea3} - XfireXO Toolbar - C:\Program Files\XfireXO\prxtbXfi0.dll [2011-05-09 176936]
{ba14329e-9550-4989-b3f2-9732e92d17cc} - Vuze Remote Toolbar - C:\Program Files\Vuze_Remote\prxtbVuz2.dll [2011-05-09 176936]
{66bd2442-241b-44cd-8c7a-b51037053cdb} - TVersitybar Toolbar - C:\Program Files\TVersitybar\prxtbTVe0.dll [2011-05-09 176936]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2011-11-17 1515688]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-07-26 13570048]
"nwiz"=nwiz.exe /install []
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2009-02-28 949376]
"APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2012-02-20 59240]
""= []
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-01-17 252296]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
""= []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater]
C:\Program Files\Ask.com\Updater\Updater.exe [2011-11-17 901800]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [2012-02-23 59240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Greenshot]
C:\Program Files\Greenshot\Greenshot.exe [2010-07-12 548864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
E:\iTunesHelper.exe [2012-03-27 421736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
D:\hamachi-2-ui.exe [2012-02-28 1987976]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaSuite.exe]
C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe [2012-01-10 1083264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\system32\NvMcTray.dll [2008-07-26 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
C:\Program Files\Pando Networks\Media Booster\PMB.exe [2011-07-27 3077528]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2011-12-16 1508408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2011-10-24 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Raptr]
C:\PROGRA~1\Raptr\raptrstub.exe [2012-02-07 53160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
C:\WINDOWS\RTHDCPL.EXE [2007-04-10 16126464]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files\Steam\steam.exe [2011-11-05 1242448]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateReminder]
C:\Program Files\Eset\UpdateReminder.exe [2012-03-13 451704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Doma^Nabídka Start^Programy^Po spuštění^Dropbox.lnk]
C:\DOCUME~1\Doma\DATAAP~1\Dropbox\bin\Dropbox.exe [2012-02-15 24246216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Doma^Nabídka Start^Programy^Po spuštění^KooBits 4.lnk]
E:\KooBits 4.0\KooBits 4.0.exe []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-06 267304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe"="C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Disabled:Nokia Service Layer Host Process "
"C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe"="C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe:*:Disabled:Nokia Ovi Suite 2"
"C:\Program Files\EA GAMES\Need for Speed Most Wanted\speed.exe"="C:\Program Files\EA GAMES\Need for Speed Most Wanted\speed.exe:*:Enabled:speed"
"E:\EFLC\EFLC.exe"="E:\EFLC\EFLC.exe:*:Enabled:Grand Theft Auto : Episodes from Liberty City"
"C:\Program Files\Kyodai Mahjongg 2006\kmj.exe"="C:\Program Files\Kyodai Mahjongg 2006\kmj.exe:*:Enabled:Kyodai Mahjongg"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Documents and Settings\Doma\Data aplikací\WinPump\pumpa.exe"="C:\Documents and Settings\Doma\Data aplikací\WinPump\pumpa.exe:*:Disabled:pumpa"
"C:\Program Files\Microsoft Research\Microsoft WorldWide Telescope\WWTExplorer.exe"="C:\Program Files\Microsoft Research\Microsoft WorldWide Telescope\WWTExplorer.exe:*:Enabled:WorldWide Telescope"
"D:\CrossFire\CF_G4box.exe"="D:\CrossFire\CF_G4box.exe:*:Enabled:PT2Downloader"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
"C:\Program Files\Google\Google Earth\client\googleearth.exe"="C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Disabled:Google Earth"
"C:\WINDOWS\system32\java.exe"="C:\WINDOWS\system32\java.exe:*:Disabled:Java(TM) Platform SE binary"
"D:\Rockstar Games Social Club\RGSCLauncher.exe"="D:\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club"
"D:\Grand Theft Auto IV\LaunchGTAIV.exe"="D:\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV"
"C:\Program Files\Steam\SteamApps\common\just cause 2\JustCause2.exe"="C:\Program Files\Steam\SteamApps\common\just cause 2\JustCause2.exe:*:Enabled:Just Cause 2"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"D:\MC SERVER\Java\bin\java.exe"="D:\MC SERVER\Java\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"D:\SeRvEr\Java\bin\java.exe"="D:\SeRvEr\Java\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"D:\MinecraftServer\Java\bin\java.exe"="D:\MinecraftServer\Java\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Vuze\Azureus.exe"="C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze"
"C:\Program Files\ASUS\RT-N12B1 Wireless Router Utilities\Discovery.exe"="C:\Program Files\ASUS\RT-N12B1 Wireless Router Utilities\Discovery.exe:*:Enabled:ASUS Device Discovery Application"
"C:\Program Files\ASUS\RT-N12B1 Wireless Router Utilities\Rescue.exe"="C:\Program Files\ASUS\RT-N12B1 Wireless Router Utilities\Rescue.exe:*:Enabled:ASUS Firmware Restoration Application"
"C:\Program Files\ASUS\RT-N12B1 Wireless Router Utilities\LiveUpdate.exe"="C:\Program Files\ASUS\RT-N12B1 Wireless Router Utilities\LiveUpdate.exe:*:Enabled:ASUS LiveUpdate Application"
"E:\Media Server\MediaServer.exe"="E:\Media Server\MediaServer.exe:*:Enabled:TVersity Media Server"
"C:\Documents and Settings\Doma\Data aplikací\Dropbox\bin\Dropbox.exe"="C:\Documents and Settings\Doma\Data aplikací\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox"
"E:\Saints Row The Third\saintsrowthethird.exe"="E:\Saints Row The Third\saintsrowthethird.exe:*:Enabled:Saints Row: the Third"
"C:\Program Files\Steam\SteamApps\x_tomino_x\team fortress 2\hl2.exe"="C:\Program Files\Steam\SteamApps\x_tomino_x\team fortress 2\hl2.exe:*:Enabled:hl2"
"C:\Program Files\Raptr\raptr.exe"="C:\Program Files\Raptr\raptr.exe:*:Enabled:Raptr Client"
"C:\Program Files\Raptr\raptr_im.exe"="C:\Program Files\Raptr\raptr_im.exe:*:Enabled:Raptr IM"
"C:\Program Files\TeamViewer\Version7\TeamViewer.exe"="C:\Program Files\TeamViewer\Version7\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe"="C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service"
"D:\DV Messenger\DV Messenger.exe"="D:\DV Messenger\DV Messenger.exe:*:Enabled:DV Messenger"
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe"="C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"E:\iTunes.exe"="E:\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.DIVX"=DivX.dll
"vidc.yv12"=DivX.dll
"VIDC.MPG4"=mpg4c32.dll
"VIDC.MP42"=mpg4c32.dll
"MSVideo8"=VfWWDM32.dll
"VIDC.XFR1"=xfcodec.dll
"VIDC.FPS1"=frapsvid.dll
"vidc.tscc"=C:\WINDOWS\system32\tsccvid.dll
"VIDC.FFDS"=ff_vfw.dll

======List of files/folders created in the last 1 month======

2012-05-19 04:29:42 ----D---- C:\rsit
2012-05-19 04:29:42 ----D---- C:\Program Files\trend micro
2012-05-18 20:55:44 ----D---- C:\WINDOWS\system32\NtmsData
2012-05-18 19:33:30 ----D---- C:\Documents and Settings\All Users\Data aplikací\boost_interprocess
2012-05-18 19:31:34 ----D---- C:\WINDOWS\pss
2012-05-10 22:42:52 ----HDC---- C:\WINDOWS\$NtUninstallKB2659262$
2012-05-10 22:26:20 ----HDC---- C:\WINDOWS\$NtUninstallKB2686509$
2012-05-10 22:26:05 ----HDC---- C:\WINDOWS\$NtUninstallKB2695962$
2012-05-10 22:18:36 ----HDC---- C:\WINDOWS\$NtUninstallKB2676562$
2012-04-20 12:31:47 ----D---- C:\Program Files\Oracle
2012-04-20 12:31:42 ----D---- C:\Documents and Settings\Doma\Data aplikací\Oracle
2012-04-20 12:31:19 ----D---- C:\Program Files\Common Files\Java
2012-04-20 12:30:46 ----A---- C:\WINDOWS\system32\npdeployJava1.dll
2012-04-20 12:30:46 ----A---- C:\WINDOWS\system32\javaws.exe
2012-04-20 12:30:46 ----A---- C:\WINDOWS\system32\javaw.exe
2012-04-20 12:30:46 ----A---- C:\WINDOWS\system32\java.exe
2012-04-20 12:23:41 ----D---- C:\Documents and Settings\Doma\Data aplikací\.techniclauncher

======List of files/folders modified in the last 1 month======

2012-05-19 04:29:42 ----RD---- C:\Program Files
2012-05-19 04:27:27 ----D---- C:\WINDOWS\Temp
2012-05-19 04:17:39 ----D---- C:\WINDOWS\system32\CatRoot2
2012-05-18 21:09:38 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-05-18 21:09:27 ----SHD---- C:\WINDOWS\Installer
2012-05-18 21:06:07 ----D---- C:\Documents and Settings\Doma\Data aplikací\PriceGong
2012-05-18 21:00:16 ----D---- C:\WINDOWS
2012-05-18 20:55:44 ----D---- C:\WINDOWS\system32
2012-05-18 19:34:14 ----D---- C:\Documents and Settings\Doma\Data aplikací\Apple Computer
2012-05-18 19:33:34 ----D---- C:\Config.Msi
2012-05-18 19:33:23 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2012-05-18 19:32:24 ----D---- C:\WINDOWS\Prefetch
2012-05-18 19:27:10 ----D---- C:\Program Files\Steam
2012-05-18 19:26:46 ----D---- C:\Documents and Settings\Doma\Data aplikací\uTorrent
2012-05-18 19:26:46 ----D---- C:\Documents and Settings\Doma\Data aplikací\Skype
2012-05-18 19:26:46 ----D---- C:\Documents and Settings\Doma\Data aplikací\Azureus
2012-05-18 19:24:52 ----D---- C:\WINDOWS\Minidump
2012-05-18 19:24:52 ----D---- C:\WINDOWS\Logs
2012-05-18 19:24:52 ----D---- C:\WINDOWS\Debug
2012-05-18 19:17:33 ----D---- C:\Documents and Settings\Doma\Data aplikací\Raptr
2012-05-18 19:16:27 ----D---- C:\Documents and Settings\Doma\Data aplikací\Dropbox
2012-05-12 15:29:16 ----D---- C:\WINDOWS\system32\drivers
2012-05-12 15:29:14 ----HD---- C:\WINDOWS\inf
2012-05-11 13:57:03 ----D---- C:\WINDOWS\Microsoft.NET
2012-05-11 13:50:53 ----D---- C:\Program Files\Microsoft Silverlight
2012-05-10 22:42:52 ----D---- C:\WINDOWS\WinSxS
2012-05-10 22:42:46 ----D---- C:\WINDOWS\system32\XPSViewer
2012-05-10 22:42:37 ----RSD---- C:\WINDOWS\assembly
2012-05-10 22:33:14 ----A---- C:\WINDOWS\system32\MRT.exe
2012-05-10 22:32:47 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-05-10 22:26:19 ----HD---- C:\WINDOWS\$hf_mig$
2012-05-10 22:18:40 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-05-08 12:46:05 ----D---- C:\Documents and Settings\Doma\Data aplikací\.minecraft
2012-04-24 15:25:36 ----D---- C:\Program Files\Common Files
2012-04-24 15:25:34 ----D---- C:\Documents and Settings\Doma\Data aplikací\Solveig Multimedia
2012-04-20 12:30:28 ----D---- C:\Program Files\Java

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\WINDOWS\System32\drivers\sfdrv01.sys [2005-08-10 50688]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2005-05-16 6656]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x); C:\WINDOWS\System32\drivers\sfsync03.sys [2005-10-13 35328]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-07-13 91904]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 nod32drv;nod32drv; C:\WINDOWS\system32\drivers\nod32drv.sys [2009-02-28 15424]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2008-04-14 12032]
R2 AMON;AMON; C:\WINDOWS\system32\drivers\amon.sys [2009-02-28 512096]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller; C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2006-10-31 35840]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-03-18 26176]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-04-10 4397568]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2008-04-14 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-07-26 6097536]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-07-09 16384]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 gtermddo;gtermddo; C:\WINDOWS\system32\drivers\gtermddo.sys []
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2009-09-10 102528]
S3 hwusbdev;Huawei DataCard USB PNP Device; C:\WINDOWS\system32\DRIVERS\ewusbdev.sys [2009-07-24 100736]
S3 mbr;mbr; \??\C:\DOCUME~1\Doma\LOCALS~1\Temp\mbr.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2002-12-12 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-07-09 83968]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-07-09 10112]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\WINDOWS\system32\drivers\ccdcmb.sys [2011-11-01 18176]
S3 nmwcdc;Nokia USB Communication Driver; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2011-11-01 23168]
S3 PcaSp50;Rawether NDIS 5.X SPR Protocol Driver; C:\WINDOWS\system32\DRIVERS\PcaSp50.sys [2010-09-07 28160]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 PRODIGY;PRODIGY; C:\WINDOWS\System32\Drivers\PRODIGY.SYS [2006-08-29 32377]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-07-09 10880]
S3 SoC PC-Camera Service;CANYON CN-WCAM21 PC-Camera; C:\WINDOWS\system32\DRIVERS\pfc027.sys [2004-09-01 138396]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-07-09 14976]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2011-11-01 8192]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2012-02-15 43520]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-14 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2011-11-01 8192]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2009-07-14 444136]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-07-09 18688]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-07-13 132224]
S3 XDva386;XDva386; C:\WINDOWS\system32\drivers\XDva386.sys []
S3 XDva387;XDva387; C:\WINDOWS\system32\drivers\XDva387.sys []
S3 XDva388;XDva388; C:\WINDOWS\system32\drivers\XDva388.sys []
S3 XDva389;XDva389; C:\WINDOWS\system32\drivers\XDva389.sys []
S3 XDva390;XDva390; C:\WINDOWS\system32\drivers\XDva390.sys []
S3 XDva391;XDva391; \??\C:\WINDOWS\system32\XDva391.sys []
S3 XDva392;XDva392; \??\C:\WINDOWS\system32\XDva392.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2012-02-27 55144]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-31 390504]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; D:\hamachi-2.exe [2012-02-28 1373576]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2012-03-09 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2009-02-28 552064]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-07-26 159812]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2011-04-24 75136]
R2 Skype C2C Service;Skype C2C Service; C:\Documents and Settings\All Users\Data aplikací\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-04-09 3063968]
R2 TVersityMediaServer;TVersity Media Server; E:\Media Server\MediaServer.exe [2011-07-29 1249064]
R2 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-08-21 136176]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-02-29 158856]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-08-21 136176]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2012-03-27 821608]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2012-01-04 718888]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#2 Příspěvek od **Mc_Murphy** » 19 kvě 2012 06:54

Zdravím.

Vydž minutku, na logu se intenzivně pracuje. Obrázek

#3 Příspěvek od **Mc_Murphy** » 19 kvě 2012 07:04

No kamaráde, moc Tě nepochválím, protože takovou sbírku toolbarů jsem už dlooouho neviděl.

Takže, pokud je tam najdeš, tak v nabídce Přidat nebo odebrat programy odinstaluj všechny tyto toolbary:
ToggleEN Toolbar, TO-Engine Toolbar, ToggleEN Toolbar, MovieBario Toolbar, Softonic-Eng7 Toolbar, Musicbario Toolbar, uTorrentBar Toolbar, XfireXO Toolbar, Vuze Remote Toolbar, TVersitybar Toolbar a Ask Toolbar.
Obrázek

Jsou to veliká "zdržovadla" systému a v případě například Ask.com Toolbar, Conduit Engine a dalších se dá hovořit už i o havěti. A Ty jich tam máš opravdu dost nechutnou sbírku!

PROSÍM, ČTI NÁVOD DŮKLADNĚ - TATO UTILITA MÁ VELKOU SCHOPNOST MAZAT A JE NUTNÉ JI APLIKOVAT JEN NA DOPORUČENÍ, JINAK TI MŮŽE JÍT SYSTÉM DO KYTEK

Stáhni a ulož na Plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypni všechny rezidentní bezpečnostní programy - firewally, antiviry, antispywary apod.
Vypni všechny běžící aplikace - ICQ, Skype, browsery, prostě všechny programy, ať běží pouze ComboFix.
Pokud máš Win XP, spusť pod účtem Správce/Administrator.
Pokud máš Win Vista či Win 7, klikni na ComboFix pravým myšítkem a dej Run As Administrator či Spustit jako správce.
Ihned po startu se zobrazí stránka s licenčním ujednáním - pokračuj kliknutím na [Ano].
Pokud Ti ComboFix nabídne instalaci Konzoly pro zotavení, tak souhlas.
Dále postupuj dle pokynů. Během scanu nech PC naprosto v klidu - nespouštěj žádné aplikace a neklikej do zobrazujícího se okna!
Scan by měl trvat cca 10 min, ale pokud bude PC hodne zaneseno, může se čas samozřejmě prodloužit.
Po dokončení scanu a případném restartu ComboFix zobrazí log, který případně najdeš v C:\ComboFix.txt. Jeho obsah mi sem vlož.
Detailní postup včetně obrázků najdeš zde: http://www.bleepingcomputer.com/combofi ... t-combofix

Hornet · #4 Příspěvek od **Hornet** » 19 kvě 2012 08:47

ComboFix 12-05-19.01 - Doma . 05. 2012 9:37.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.3071.2603 [GMT 2:00]
Running from: c:\documents and settings\Doma\Plocha\ComboFix.exe
AV: Eset NOD32 Antivirus 2.70 *Enabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\5.exe
C:\CFLog
c:\cflog\CrashLog_20110623.txt
c:\cflog\CrashLog_20110624.txt
c:\cflog\CrashLog_20110628.txt
c:\cflog\CrashLog_20110809.txt
c:\documents and settings\Doma\WINDOWS
C:\F.exe
c:\program files\AskSearch\bin\DefaultSearch.dll
c:\windows\iun6002.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\ST6UNST.000
c:\windows\system32\SET2AF.tmp
c:\windows\system32\SET2B3.tmp
c:\windows\system32\SET2BB.tmp
c:\windows\system32\SETD6C0.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-04-19 to 2012-05-19 )))))))))))))))))))))))))))))))
.
.
2012-05-19 06:50 . 1996-09-16 02:00 202240 ----a-w- C:\setup95.exe
2012-05-19 06:44 . 2012-05-19 06:44 -------- d-----w- c:\documents and settings\Doma\Data aplikací\InstallShield
2012-05-19 02:29 . 2012-05-19 02:30 -------- d-----w- c:\program files\trend micro
2012-05-18 18:55 . 2012-05-18 18:55 -------- d-----w- c:\windows\system32\NtmsData
2012-05-18 17:33 . 2012-05-19 06:43 -------- d-----w- c:\documents and settings\All Users\Data aplikací\boost_interprocess
2012-04-26 17:53 . 2012-04-26 17:53 -------- d-----w- c:\documents and settings\Doma\Local Settings\Data aplikací\Sun
2012-04-20 10:31 . 2012-04-20 10:32 -------- d-----w- c:\program files\Oracle
2012-04-20 10:31 . 2012-04-20 10:31 -------- d-----w- c:\documents and settings\Doma\Data aplikací\Oracle
2012-04-20 10:31 . 2012-04-20 10:31 -------- d-----w- c:\program files\Common Files\Java
2012-04-20 10:30 . 2012-01-10 11:57 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-04-20 10:23 . 2012-04-20 10:23 -------- d-----w- c:\documents and settings\Doma\Data aplikací\.techniclauncher
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-19 07:10 . 2010-06-30 09:31 1164 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2012-04-11 13:55 . 2008-04-14 08:06 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-11 13:55 . 2008-04-14 12:00 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 13:55 . 2008-04-14 12:00 2150400 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-01 10:59 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 10:59 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 10:59 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2008-04-14 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2008-04-14 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . D9F19E78F98834CB411D6AD3C68D181A . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-04-14 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-26 13570048]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Doma^Nabídka Start^Programy^Po spuštění^Dropbox.lnk]
path=c:\documents and settings\Doma\Nabídka Start\Programy\Po spuštění\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Doma^Nabídka Start^Programy^Po spuštění^KooBits 4.lnk]
path=c:\documents and settings\Doma\Nabídka Start\Programy\Po spuštění\KooBits 4.lnk
backup=c:\windows\pss\KooBits 4.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 21:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 18:43 69632 ------r- c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-27 03:09 421736 ----a-w- E:\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2012-02-28 16:38 1987976 ----a-w- D:\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 07:52 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui]
2009-02-28 10:16 949376 ----a-w- c:\program files\ESET\nod32kui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaSuite.exe]
2012-01-10 17:36 1083264 ----a-w- c:\program files\Nokia\Nokia Suite\NokiaSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-07-26 17:18 86016 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2011-12-16 10:04 1508408 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 12:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2007-04-10 15:28 16126464 ------r- c:\windows\RTHDCPL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-17 09:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateReminder]
2012-03-13 14:29 451704 ----a-w- c:\program files\ESET\UpdateReminder.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Kyodai Mahjongg 2006\\kmj.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Documents and Settings\\Doma\\Data aplikací\\WinPump\\pumpa.exe"=
"c:\\Program Files\\Microsoft Research\\Microsoft WorldWide Telescope\\WWTExplorer.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"e:\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57715:TCP"= 57715:TCP:Pando Media Booster
"57715:UDP"= 57715:UDP:Pando Media Booster
.
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [13. 10. 2005 15:46 35328]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [28. 2. 2009 12:16 15424]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [22. 12. 2008 12:44 35840]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18. 3. 2010 13:16 130384]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [21. 8. 2011 15:06 136176]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;d:\hamachi-2.exe -s --> d:\hamachi-2.exe -s [?]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [29. 2. 2012 8:50 158856]
S3 gtermddo;gtermddo; [x]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [21. 8. 2011 15:06 136176]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys --> c:\windows\system32\DRIVERS\ewusbdev.sys [?]
S3 PRODIGY;PRODIGY;c:\windows\system32\drivers\prodigy.sys [30. 1. 2012 21:43 32377]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18. 3. 2010 13:16 753504]
S3 XDva386;XDva386; [x]
S3 XDva387;XDva387; [x]
S3 XDva388;XDva388; [x]
S3 XDva389;XDva389; [x]
S3 XDva390;XDva390; [x]
S3 XDva391;XDva391;\??\c:\windows\system32\XDva391.sys --> c:\windows\system32\XDva391.sys [?]
S3 XDva392;XDva392;\??\c:\windows\system32\XDva392.sys --> c:\windows\system32\XDva392.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-21 13:05]
.
2012-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-21 13:05]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://eu.ask.com/?l=dis&o=15768
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=%s
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Translate this web page with Babylon
IE: Translate with Babylon
LSP: c:\windows\system32\imon.dll
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
FF - ProfilePath - c:\documents and settings\Doma\Data aplikací\Mozilla\Firefox\Profiles\k1plvtzz.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2548838&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - TVersitybar Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.zoznam.sk/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?qbabsrc=adbartrp&AF=100581&=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - c:\program files\Softonic-Eng7\tbSoft.dll
URLSearchHooks-{4924fded-cb88-443f-9d2d-75bf1043dccc} - c:\program files\Musicbario\prxtbMus0.dll
BHO-{4924fded-cb88-443f-9d2d-75bf1043dccc} - c:\program files\Musicbario\prxtbMus0.dll
Toolbar-{4924fded-cb88-443f-9d2d-75bf1043dccc} - c:\program files\Musicbario\prxtbMus0.dll
WebBrowser-{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - c:\program files\Softonic-Eng7\tbSoft.dll
WebBrowser-{4924FDED-CB88-443F-9D2D-75BF1043DCCC} - c:\program files\Musicbario\prxtbMus0.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
MSConfigStartUp-ApnUpdater - c:\program files\Ask.com\Updater\Updater.exe
MSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSConfigStartUp-Greenshot - c:\program files\Greenshot\Greenshot.exe
MSConfigStartUp-Pando Media Booster - c:\program files\Pando Networks\Media Booster\PMB.exe
MSConfigStartUp-Raptr - c:\progra~1\Raptr\raptrstub.exe
MSConfigStartUp-Steam - c:\program files\Steam\steam.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-19 09:41
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1614895754-1708537768-1801674531-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:09,78,06,d5,2a,b2,19,e3,85,b2,d5,9f,2b,66,fa,83,41,b7,4d,18,9e,0c,5d,
e2,b8,de,ac,5f,29,c9,4b,1d,f9,12,84,25,9d,34,5d,d8,f1,03,bf,24,bc,23,d4,c9,\
"??"=hex:06,05,f3,9c,b7,d3,25,70,3d,78,d4,ca,3d,93,70,67
.
[HKEY_USERS\S-1-5-21-1614895754-1708537768-1801674531-1006\Software\SecuROM\License information*]
"datasecu"=hex:57,f6,b1,9b,53,f4,ef,a7,1f,8e,b1,61,7d,84,d5,69,d4,a5,f5,fb,2d,
b0,42,a5,a2,35,18,da,69,b1,33,05,9f,b1,7f,87,ac,a3,dc,d2,c4,01,9e,da,bf,57,\
"rkeysecu"=hex:96,3e,57,ca,67,1d,09,12,bc,d9,e3,8e,62,db,46,75
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(828)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
.
Completion time: 2012-05-19 09:43:09
ComboFix-quarantined-files.txt 2012-05-19 07:43
.
Pre-Run: Volných bajtů: 84 860 489 728
Post-Run: Volných bajtů: 85 453 230 080
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 8DA3547AA010D5092DD0276AB3B58F36
zatim diky za spolupraci

#5 Příspěvek od **Mc_Murphy** » 19 kvě 2012 11:35

Odinstaluj Pando Media Booster.

Máš neaktualizovaný Eset NOD32 Antivirus, proč? Je legálně zakoupený?

Následující soubory otestuj na stránkách VirusTotal.

C:\setup95.exe
Klikni na [Choose File].
Soubor nehledej, jen vlož cestu souboru, který chci otestovat.
Klikni na [Scan it!].
Pokud na Tebe vyskočí obrazovka podobná té, co je níže, klikni na [Reanalyse]!
Výsledek analýzy mi sem vlož (jako odkaz).

Hornet · #6 Příspěvek od **Hornet** » 19 kvě 2012 19:58

https://www.virustotal.com/file/8111f94 ... 337453714/

Hornet · #7 Příspěvek od **Hornet** » 19 kvě 2012 20:26

Zmizela ikonka na prepinani jazyku klavesnice, neukaze se ani po zapnuti panelu jazyku

#8 Příspěvek od **Mc_Murphy** » 20 kvě 2012 07:40

S tou ikonkou je to divné, protože do toho jsem nevrtal. Uvidíme, ještě toho máme dost na práci, tak na konec na to mrkneme.

Mc_Murphy píše: Máš neaktualizovaný Eset NOD32 Antivirus, proč? Je legálně zakoupený?

Pokud jsi tak ještě neučinil, přesuň ComboFix na Plochu.

Otevři si Poznámkový blok (Start >> Spustit... (nebo Win+R) >> do okénka napiš notepad >> [Enter]).
Zkopíruj do něj tento script:

Kód: Vybrat vše

KillAll::

Driver::
gupdate
SkypeUpdate
gtermddo
gupdatem
XDva386
XDva387
XDva388
XDva389
XDva390
XDva391
XDva392
JavaQuickStarterService
Skype C2C Service
TVersityMediaServer

File::
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Norton Security Scan for Doma.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

Folder::
C:\Program Files\Ask.com
C:\Program Files\AskSearch
C:\Program Files\ToggleEN
C:\Program Files\Torrents-Search-Engine
C:\Program Files\PHPNukeEN
C:\Program Files\Utubebario
C:\Program Files\Softonic-Eng7
C:\Program Files\Musicbario
C:\Program Files\uTorrentBar
C:\Program Files\XfireXO
C:\Program Files\Vuze_Remote
C:\Program Files\TVersitybar

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=-
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=-
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=-
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"nwiz"=-
"SunJavaUpdateSched"=-
""=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
""=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Greenshot]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaSuite.exe]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Raptr]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateReminder]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Doma^Nabídka Start^Programy^Po spuštění^Dropbox.lnk]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Doma^Nabídka Start^Programy^Po spuštění^KooBits 4.lnk]

DDS::
uStart Page = hxxp://eu.ask.com/?l=dis&o=15768
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=%s
IE: Translate this web page with Babylon
IE: Translate with Babylon

Firefox::
FF - ProfilePath - c:\documents and settings\Doma\Data aplikací\Mozilla\Firefox\Profiles\k1plvtzz.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - TVersitybar Customized Web Search
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?qbabsrc=adbartrp&AF=100581&=

RegNull::
[HKEY_USERS\S-1-5-21-1614895754-1708537768-1801674531-1006\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
[HKEY_USERS\S-1-5-21-1614895754-1708537768-1801674531-1006\Software\SecuROM\License information*]

ClearJavaCache::

AtJob::

Reboot::

Ulož vytvořený TXT jako CFScript.txt
Přetáhni vytvořený CFScript.txt nad ComboFix a pusť (viz obrázek).
Po aplikaci scriptu (a případném restartu PC) na Tebe vyskočí log. Jeho obsah mi sem vlož.

Může se stát, že po aplikaci scriptu nenaběhnou Windows. V tom případě restartuj PC, hned při náběhu mačkej klávesu F8 a zvol Poslední známou konfiguraci.

Hornet · #9 Příspěvek od **Hornet** » 20 kvě 2012 16:56

ComboFix 12-05-20.04 - Doma 2012/05/20 17:39:44.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.3071.2674 [GMT 2:00]
Running from: c:\documents and settings\Doma\Plocha\ComboFix.exe
Command switches used :: c:\documents and settings\Doma\Plocha\CFScript.txt
.
FILE ::
"c:\windows\tasks\AppleSoftwareUpdate.job"
"c:\windows\tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\tasks\Norton Security Scan for Doma.job"
"c:\windows\tasks\Scheduled Update for Ask Toolbar.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\AskSearch
c:\windows\tasks\GoogleUpdateTaskMachineCore.job
c:\windows\tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_GTERMDDO
-------\Legacy_GUPDATE
-------\Legacy_JAVAQUICKSTARTERSERVICE
-------\Legacy_SKYPEUPDATE
-------\Legacy_TVERSITYMEDIASERVER
-------\Legacy_XDVA386
-------\Legacy_XDVA387
-------\Legacy_XDVA388
-------\Legacy_XDVA389
-------\Legacy_XDVA390
-------\Legacy_XDVA391
-------\Legacy_XDVA392
-------\Service_gtermddo
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_JavaQuickStarterService
-------\Service_SkypeUpdate
-------\Service_XDva386
-------\Service_XDva387
-------\Service_XDva388
-------\Service_XDva389
-------\Service_XDva390
-------\Service_XDva391
-------\Service_XDva392
.
.
((((((((((((((((((((((((( Files Created from 2012-04-20 to 2012-05-20 )))))))))))))))))))))))))))))))
.
.
2012-05-19 19:35 . 2012-05-19 19:35 -------- d-sh--w- c:\documents and settings\Internet\IETldCache
2012-05-19 06:50 . 1996-09-16 02:00 202240 ----a-w- C:\setup95.exe
2012-05-19 06:44 . 2012-05-19 06:44 -------- d-----w- c:\documents and settings\Doma\Data aplikací\InstallShield
2012-05-19 02:29 . 2012-05-19 02:30 -------- d-----w- c:\program files\trend micro
2012-05-18 18:55 . 2012-05-18 18:55 -------- d-----w- c:\windows\system32\NtmsData
2012-05-18 17:33 . 2012-05-19 06:43 -------- d-----w- c:\documents and settings\All Users\Data aplikací\boost_interprocess
2012-04-26 17:53 . 2012-04-26 17:53 -------- d-----w- c:\documents and settings\Doma\Local Settings\Data aplikací\Sun
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-19 23:31 . 2010-06-30 09:31 1164 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2012-04-11 13:55 . 2008-04-14 08:06 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-11 13:55 . 2008-04-14 12:00 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 13:55 . 2008-04-14 12:00 2150400 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-01 10:59 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 10:59 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 10:59 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2008-04-14 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2008-04-14 12:00 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . D9F19E78F98834CB411D6AD3C68D181A . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-04-14 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-26 13570048]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Doma^Nabídka Start^Programy^Po spuštění^Dropbox.lnk]
path=c:\documents and settings\Doma\Nabídka Start\Programy\Po spuštění\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Doma^Nabídka Start^Programy^Po spuštění^KooBits 4.lnk]
path=c:\documents and settings\Doma\Nabídka Start\Programy\Po spuštění\KooBits 4.lnk
backup=c:\windows\pss\KooBits 4.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-17 09:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Kyodai Mahjongg 2006\\kmj.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Documents and Settings\\Doma\\Data aplikací\\WinPump\\pumpa.exe"=
"c:\\Program Files\\Microsoft Research\\Microsoft WorldWide Telescope\\WWTExplorer.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"e:\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57715:TCP"= 57715:TCP:Pando Media Booster
"57715:UDP"= 57715:UDP:Pando Media Booster
.
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [2005/10/13 03:46 PM 35328]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [2008/12/22 12:44 PM 35840]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010/03/18 01:16 PM 130384]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys --> c:\windows\system32\DRIVERS\ewusbdev.sys [?]
S3 PRODIGY;PRODIGY;c:\windows\system32\drivers\prodigy.sys [2012/01/30 09:43 PM 32377]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010/03/18 01:16 PM 753504]
.
.
------- Supplementary Scan -------
.
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13925&gct=&gc=1&q=%s
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Translate this web page with Babylon
IE: Translate with Babylon
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
FF - ProfilePath - c:\documents and settings\Doma\Data aplikací\Mozilla\Firefox\Profiles\k1plvtzz.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.zoznam.sk/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-nod32kui - c:\program files\Eset\nod32kui.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-20 17:46
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2792)
E:\iTunesMiniPlayer.dll
e:\itunesminiplayer.resources\cs.lproj\iTunesMiniPlayerLocalized.dll
e:\itunesminiplayer.resources\iTunesMiniPlayer.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2012-05-20 17:50:59 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-20 15:50
ComboFix2.txt 2012-05-19 07:43
.
Pre-Run: Volných bajtů: 85,405,298,688
Post-Run: Volných bajtů: 85,288,693,760
.
- - End Of File - - DE931F8E8FFA19717B850989C0219D43

Klavesnici jeste stale nevidim a kalendar ukazuje nejake divoke mesice (Mosegamanye mel by to byt kveten) neda se to nastavit, je to pocitac spratka meho sefa ,takhle rozdrbanou masinu jsem v ruce jeste nedrzel

#10 Příspěvek od **Mc_Murphy** » 20 kvě 2012 17:34

To nahodíme nakonec, je to otázka dvou tří kliknutí.
Děláš to šéfovi soukromně nebo pracovně? A odpovíš mi už konečně na mou otázku nebo?!

Hornet · #11 Příspěvek od **Hornet** » 20 kvě 2012 18:23

hodil mi to do auta a delej takze bez financniho interesu

, ten eset byl legalni ,jen to byla 2.7 takze jeji podpora skoncila myslim zacatkem kvetna, nezabyvam se profesionalne vypocetni technikou sem tam neco zbaslim ale vice mene amatersky

Hornet · #12 Příspěvek od **Hornet** » 20 kvě 2012 20:53

Tak datum a ikona klavesnice vyresena, pro Mc Murphy je tam jeste neco co potrebuje reseni ? Zatim dik

#13 Příspěvek od **Mc_Murphy** » 21 kvě 2012 05:53

OK, super. Každopádně by potom bylo dobré, mít v noťasu aktuální a aktualizovaný antivir. Mít tam starý a neaktualizovaný je skoro jako nemít tam nic.
S klávesnicí dobrá práce. Nakonec bychom to spravili, je to jen drobnost.

ComboFix toho spoustu pomazal, ale ještě tam jsou nějaké nedodělky, takže budeme pokračovat. Potřebuji log z OTL, protože tam se dobře čistí zbytky po toolbarech, kterých bylo v notesu neúrekom.

Takže stáhni OTL z tohoto odkazu a ulož jej na Plochu.

Pokud používáš Win Vista či Win7, klikni na OTL pravým myšítkem a dej Run As Administrator či Spustit jako správce.
Pokud používáš 64bitový OS, zkontroluj, zda-li je zaškrtnutý čtvereček Pro 64 bitové OS. Pokud ne, zaškrtni jej.
Zaškrtni okénko Pro všechny uživatele.
Zaškrtni okénko Kontrola na havěť "LOP".
Zaškrtni okénko Kontrola na havěť "Purity".
Stáři souborů změň z 30 dnů na 7 dnů!!
Do spodního okénka Vlastní skenování/opravy vlož tento script (pouze zelená písmenka v bílém poli!):

Kód: Vybrat vše

CREATERESTOREPOINT

netsvc
drivers32
savembr:0

/md5start
atapi.sys
autochk.exe
cdrom.sys
explorer.exe
hal.dll
scecli.dll
svchost.exe
tcpip.sys
userinit.exe
winlogon.exe
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe
%userprofile%\Plocha\*.*
%userprofile%\Desktop\*.*
%ALLUSERSPROFILE%\Plocha\*.*
%ALLUSERSPROFILE%\Desktop\*.*
*crack* /s
*keygen* /s
*loader* /s
*RemoveWAT* /s
*minodlogin* /s
*tnod* /s
*TemDono* /s
*AutoKMS* /s
*KMSEmulator* /s
*activator* /s
*serial* /s
*w7lxe* /s
*AutoRearm* /s

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run /s
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run /s

%SystemDrive%\PhysicalMBR.bin /md5

Klikni na tlačítko [Prohledat].
Po dokončení skenu se objeví logy OTL.txt a Extras.txt, oba mi sem vlož.
Logy se nevejdou do jednoho, rozděl je tedy prosím do více příspěvků.

Hornet · #14 Příspěvek od **Hornet** » 21 kvě 2012 07:07

OTL Extras logfile created on: 21.5.2012 7:56:38 - Run 1
OTL by OldTimer - Version 3.2.43.1 Folder = C:\Documents and Settings\Doma\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000041B | Country: Slovensko | Language: SKY | Date Format: d.M.yyyy

3,00 Gb Total Physical Memory | 2,56 Gb Available Physical Memory | 85,39% Memory free
4,84 Gb Paging File | 4,60 Gb Available in Paging File | 94,99% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97,65 Gb Total Space | 79,52 Gb Free Space | 81,43% Space Free | Partition Type: NTFS
Drive D: | 97,65 Gb Total Space | 50,10 Gb Free Space | 51,30% Space Free | Partition Type: NTFS
Drive E: | 177,29 Gb Total Space | 33,14 Gb Free Space | 18,69% Space Free | Partition Type: NTFS
Drive G: | 980,72 Mb Total Space | 102,92 Mb Free Space | 10,49% Space Free | Partition Type: FAT

Computer Name: HOME-BC4E4D088A | User Name: Doma | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1614895754-1708537768-1801674531-1006\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"57715:TCP" = 57715:TCP:*:Enabled:Pando Media Booster
"57715:UDP" = 57715:UDP:*:Enabled:Pando Media Booster
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Služba Windows Media Player Network Sharing
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Služba Windows Media Player Network Sharing
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Služba Windows Media Player Network Sharing
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Služba Windows Media Player Network Sharing
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Služba Windows Media Player Network Sharing
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Služba Windows Media Player Network Sharing

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"57715:TCP" = 57715:TCP:*:Enabled:Pando Media Booster
"57715:UDP" = 57715:UDP:*:Enabled:Pando Media Booster
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Služba Windows Media Player Network Sharing
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Služba Windows Media Player Network Sharing
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Služba Windows Media Player Network Sharing
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Služba Windows Media Player Network Sharing
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Služba Windows Media Player Network Sharing
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Služba Windows Media Player Network Sharing

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Kyodai Mahjongg 2006\kmj.exe" = C:\Program Files\Kyodai Mahjongg 2006\kmj.exe:*:Enabled:Kyodai Mahjongg -- (Rene-Gilles Deberdt)
"C:\Documents and Settings\Doma\Data aplikací\WinPump\pumpa.exe" = C:\Documents and Settings\Doma\Data aplikací\WinPump\pumpa.exe:*:Disabled:pumpa -- ()
"C:\Program Files\Microsoft Research\Microsoft WorldWide Telescope\WWTExplorer.exe" = C:\Program Files\Microsoft Research\Microsoft WorldWide Telescope\WWTExplorer.exe:*:Enabled:WorldWide Telescope -- (Microsoft Research)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Disabled:Google Earth -- (Google)
"C:\WINDOWS\system32\java.exe" = C:\WINDOWS\system32\java.exe:*:Disabled:Java(TM) Platform SE binary -- (Oracle Corporation)
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\TeamViewer\Version7\TeamViewer.exe" = C:\Program Files\TeamViewer\Version7\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe" = C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
"E:\iTunes.exe" = E:\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A013EA1-A1D3-11E0-8DCF-005056C00008}" = Sound Forge Audio Studio 10.0
"{1111706F-666A-4037-7777-203328764D10}" = JavaFX 2.0.3
"{155FBB0D-0EE9-42D1-9E41-15E08F691033}" = Microsoft Producer for Microsoft Office PowerPoint 2003
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F698102-5739-441E-96F0-74F4EA540F06}" = Attansic Giga Ethernet Utility
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{2222706F-666A-4037-7777-203328764D10}" = JavaFX 2.0.3 SDK
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217003FF}" = Java(TM) 7 Update 3
"{32A3A4F4-B792-11D6-A78A-00B0D0170030}" = Java(TM) SE Development Kit 7 Update 3
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35A81F0A-A1CA-458D-8FCD-7D838E3D95FF}" = Microsoft WorldWide Telescope
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{41313863-5170-4D7E-AD60-3CDF4DEBA81F}" = Nokia PC Suite
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA68A73-DB9C-439D-9481-981C82BD008B}" = Nokia Connectivity Cable Driver
"{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA player 5.0
"{5454083B-1308-4485-BF17-111000028701}" = Grand Theft Auto: Episodes from Liberty City
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Zem
"{67711EE7-BC7C-4FF1-BBC1-733C38D93F7E}_is1" = Windows Movie Maker 6.0.6000.16386
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9011041B-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{92D1CEBC-7C72-4ECF-BFC6-C131EF3FE6A7}" = Nokia Suite
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1051-7B44-A81200000003}" = Adobe Reader 8 - Slovak
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3159144-B4F4-420F-9266-9CAF4498D88A}_is1" = Wildlife Park Gold Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2F5287E-5F0E-447B-9157-B08AA4E2AC76}" = Opera 9.60
"{DC19B3B0-F5E6-11E0-9273-005056C00008}" = MSVCRT Redists
"{E1845F1C-068C-F8F4-D31D-D3540D47C453}" = Adobe Download Assistant
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{ED8BB1CA-535A-408D-85C9-ED1986D2B85E}" = Palm Reader
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"µTorrent 1.8.4" = µTorrent 1.8.4
"72A50F48CC5601190B9C4E74D81161693133E7F7" = Balíček ovladače systému Windows - Nokia Modem (02/25/2011 7.01.0.9)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AtcL1" = Attansic L1 Gigabit Ethernet Driver
"Babylon" = Babylon
"CANYON CN-WCAM21 PC-Camera_is1" = CANYON CN-WCAM21 PC-Camera
"CBF192A85B624E32B8D19ADEEF2DCFC5BC3AA73A" = Balíček ovladače systému Windows - Nokia Modem (03/05/2008 3.7)
"CCleaner" = CCleaner
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0
"E092B2EBF2FFE83E896F8F7F829A7B5D7D1B2F9D" = Balíček ovladače systému Windows - Nokia Modem (03/13/2008 6.86.0.1)
"E0AC723A3DE3A04256288CADBBB011B112AED454" = Balíček ovladače systému Windows - Nokia Modem (02/25/2011 4.7)
"ffdshow_is1" = ffdshow [rev 3154] [2009-12-09]
"HijackThis" = HijackThis 1.99.1
"Charles_XK72" = Charles
"ie8" = Windows Internet Explorer 8
"InstallShield_{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"Kyodai Mahjongg 2006_is1" = Kyodai Mahjongg 2006 v1.42
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Musicbario Toolbar" = Musicbario Toolbar
"Nokia PC Suite" = Nokia PC Suite
"Nokia Suite" = Nokia Suite
"NVIDIA Drivers" = NVIDIA Drivers
"Open Codecs" = Xiph.Org Open Codecs 0.85.17777
"Paintball2" = Paintball2 Alpha build 016
"Softonic-Eng7 Toolbar" = Softonic-Eng7 Toolbar
"TeamViewer 7" = TeamViewer 7
"Totalcmd" = Total Commander (Remove or Repair)
"uTorrent" = µTorrent
"VLC media player" = VideoLAN VLC media player 0.8.6d
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9
"Yahoo! Toolbar" = Yahoo! Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1614895754-1708537768-1801674531-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"WinPump" = WinPump

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 18.5.2012 22:42:39 | Computer Name = HOME-BC4E4D088A | Source = MsiInstaller | ID = 1024
Description = Aktualizaci Update for Outlook 2003: Junk E-mail Filter (KB2598343):
OUTLFLTR produktu Microsoft Office Professional Edition 2003 nebylo možné nainstalovat.
Kód chyby: 1603. Instalační služba systému Windows může vytvořit soubor protokolu
s informacemi, které usnadní řešení potíží při instalaci softwaru. Další informace
naleznete na webu na adrese http://go.microsoft.com/fwlink/?LinkId=23127

Error - 18.5.2012 22:43:14 | Computer Name = HOME-BC4E4D088A | Source = MsiInstaller | ID = 1024
Description = Aktualizaci Aktualizácia Office 2003 Service Pack 3 (SP3): MAINSP3
produktu Microsoft Office Professional Edition 2003 nebylo možné nainstalovat.
Kód chyby: 1603. Instalační služba systému Windows může vytvořit soubor protokolu
s informacemi, které usnadní řešení potíží při instalaci softwaru. Další informace
naleznete na webu na adrese http://go.microsoft.com/fwlink/?LinkId=23127

Error - 19.5.2012 2:54:00 | Computer Name = HOME-BC4E4D088A | Source = Application Error | ID = 1000
Description = Chybující aplikace chrome.exe, verze 0.0.0.0, chybující modul chrome.dll,
verze 5.0.396.0, adresa chyby 0x000138d2.

Error - 19.5.2012 3:00:35 | Computer Name = HOME-BC4E4D088A | Source = MsiInstaller | ID = 11316
Description = Product: Sound Forge Audio Studio 10.0 -- Error 1316. A network error
occurred while attempting to read from the file: C:\WINDOWS\Installer\audiostudio100.msi

Error - 19.5.2012 3:07:40 | Computer Name = HOME-BC4E4D088A | Source = MsiInstaller | ID = 11316
Description = Product: EA Download Manager -- Error 1316.A network error occurred
while attempting to read from the file C:\WINDOWS\Installer\EA Core.msi

Error - 19.5.2012 3:10:35 | Computer Name = HOME-BC4E4D088A | Source = MsiInstaller | ID = 11316
Description = Product: EA Download Manager -- Error 1316.A network error occurred
while attempting to read from the file C:\WINDOWS\Installer\EA Core.msi

Error - 19.5.2012 3:12:27 | Computer Name = HOME-BC4E4D088A | Source = MsiInstaller | ID = 11316
Description = Product: Sound Forge Audio Studio 10.0 -- Error 1316. A network error
occurred while attempting to read from the file: C:\WINDOWS\Installer\audiostudio100.msi

Error - 19.5.2012 3:23:42 | Computer Name = HOME-BC4E4D088A | Source = MsiInstaller | ID = 1024
Description = Aktualizaci Update for Outlook 2003: Junk E-mail Filter (KB2598343):
OUTLFLTR produktu Microsoft Office Professional Edition 2003 nebylo možné nainstalovat.
Kód chyby: 1603. Instalační služba systému Windows může vytvořit soubor protokolu
s informacemi, které usnadní řešení potíží při instalaci softwaru. Další informace
naleznete na webu na adrese http://go.microsoft.com/fwlink/?LinkId=23127

Error - 19.5.2012 3:24:23 | Computer Name = HOME-BC4E4D088A | Source = MsiInstaller | ID = 1024
Description = Aktualizaci Aktualizácia Office 2003 Service Pack 3 (SP3): MAINSP3
produktu Microsoft Office Professional Edition 2003 nebylo možné nainstalovat.
Kód chyby: 1603. Instalační služba systému Windows může vytvořit soubor protokolu
s informacemi, které usnadní řešení potíží při instalaci softwaru. Další informace
naleznete na webu na adrese http://go.microsoft.com/fwlink/?LinkId=23127

Error - 19.5.2012 19:31:44 | Computer Name = HOME-BC4E4D088A | Source = MsiInstaller | ID = 11316
Description = Product: EA Download Manager -- Error 1316.A network error occurred
while attempting to read from the file C:\WINDOWS\Installer\EA Core.msi

[ System Events ]
Error - 20.5.2012 11:39:40 | Computer Name = HOME-BC4E4D088A | Source = Service Control Manager | ID = 7034
Description = Služba Java Quick Starter byla neočekávaně ukončena. Tento stav nastal
již 1krát.

Error - 20.5.2012 11:39:40 | Computer Name = HOME-BC4E4D088A | Source = Service Control Manager | ID = 7034
Description = Služba Adaptér výkonu služby WMI byla neočekávaně ukončena. Tento
stav nastal již 1krát.

Error - 20.5.2012 11:43:52 | Computer Name = HOME-BC4E4D088A | Source = Service Control Manager | ID = 7031
Description = Služba Služba Windows Media Player Network Sharing byla nečekaně ukončena.
Stalo se to 1 krát. Následující opravná akce bude spuštěna za 30000 milisekund:
Restartovat službu.

Error - 20.5.2012 11:45:23 | Computer Name = HOME-BC4E4D088A | Source = PlugPlayManager | ID = 11
Description = Zařízení Root\LEGACY_XDVA386\0000 se již v systému nenachází, přestože
nebylo nejdříve připraveno k odebrání.

Error - 20.5.2012 11:45:23 | Computer Name = HOME-BC4E4D088A | Source = PlugPlayManager | ID = 11
Description = Zařízení Root\LEGACY_XDVA387\0000 se již v systému nenachází, přestože
nebylo nejdříve připraveno k odebrání.

Error - 20.5.2012 11:45:23 | Computer Name = HOME-BC4E4D088A | Source = PlugPlayManager | ID = 11
Description = Zařízení Root\LEGACY_XDVA388\0000 se již v systému nenachází, přestože
nebylo nejdříve připraveno k odebrání.

Error - 20.5.2012 11:45:23 | Computer Name = HOME-BC4E4D088A | Source = PlugPlayManager | ID = 11
Description = Zařízení Root\LEGACY_XDVA389\0000 se již v systému nenachází, přestože
nebylo nejdříve připraveno k odebrání.

Error - 20.5.2012 11:45:23 | Computer Name = HOME-BC4E4D088A | Source = PlugPlayManager | ID = 11
Description = Zařízení Root\LEGACY_XDVA390\0000 se již v systému nenachází, přestože
nebylo nejdříve připraveno k odebrání.

Error - 20.5.2012 11:45:23 | Computer Name = HOME-BC4E4D088A | Source = PlugPlayManager | ID = 11
Description = Zařízení Root\LEGACY_XDVA391\0000 se již v systému nenachází, přestože
nebylo nejdříve připraveno k odebrání.

Error - 20.5.2012 11:45:23 | Computer Name = HOME-BC4E4D088A | Source = PlugPlayManager | ID = 11
Description = Zařízení Root\LEGACY_XDVA392\0000 se již v systému nenachází, přestože
nebylo nejdříve připraveno k odebrání.

< End of report >

Hornet · #15 Příspěvek od **Hornet** » 21 kvě 2012 07:09

OTL logfile created on: 21.5.2012 7:56:38 - Run 1
OTL by OldTimer - Version 3.2.43.1 Folder = C:\Documents and Settings\Doma\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000041B | Country: Slovensko | Language: SKY | Date Format: d.M.yyyy

3,00 Gb Total Physical Memory | 2,56 Gb Available Physical Memory | 85,39% Memory free
4,84 Gb Paging File | 4,60 Gb Available in Paging File | 94,99% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97,65 Gb Total Space | 79,52 Gb Free Space | 81,43% Space Free | Partition Type: NTFS
Drive D: | 97,65 Gb Total Space | 50,10 Gb Free Space | 51,30% Space Free | Partition Type: NTFS
Drive E: | 177,29 Gb Total Space | 33,14 Gb Free Space | 18,69% Space Free | Partition Type: NTFS
Drive G: | 980,72 Mb Total Space | 102,92 Mb Free Space | 10,49% Space Free | Partition Type: FAT

Computer Name: HOME-BC4E4D088A | User Name: Doma | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - [2012.05.21 07:10:38 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Doma\Plocha\OTL.exe
PRC - [2011.03.03 20:48:28 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2008.04.14 14:00:00 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2011.03.03 20:48:28 | 001,016,280 | ---- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll
MOD - [2010.03.15 12:28:22 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009.02.03 04:15:28 | 003,771,296 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2008.07.26 19:18:00 | 000,466,944 | ---- | M] () -- C:\WINDOWS\system32\nvshell.dll

========== Win32 Services (SafeList) ==========

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\usbaapl.sys -- (USBAAPL)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\pccsmcfd.sys -- (pccsmcfd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\PcaSp50.sys -- (PcaSp50)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbdev.sys -- (hwusbdev)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2011.11.01 11:07:26 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2011.11.01 11:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2011.11.01 11:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011.11.01 11:07:24 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009.03.18 18:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2007.04.10 21:04:40 | 004,397,568 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006.10.31 05:10:06 | 000,035,840 | R--- | M] (Attansic Technology corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\atl01_xp.sys -- (AtcL001)
DRV - [2006.08.29 16:56:20 | 000,032,377 | ---- | M] (B-phreaks) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\prodigy.sys -- (PRODIGY)
DRV - [2005.10.13 15:46:08 | 000,035,328 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfsync03.sys -- (sfsync03) StarForce Protection Synchronization Driver (version 3.x)
DRV - [2005.08.10 14:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005.05.16 15:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2004.09.01 10:42:18 | 000,138,396 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Pfc027.sys -- (SoC PC-Camera Service)
DRV - [2004.08.13 04:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={ ... rer:source?}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1614895754-1708537768-1801674531-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BC 0F CA F0 F0 36 CD 01 [binary data]
IE - HKU\S-1-5-21-1614895754-1708537768-1801674531-1006\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKU\S-1-5-21-1614895754-1708537768-1801674531-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={ ... orm=IE8SRC
IE - HKU\S-1-5-21-1614895754-1708537768-1801674531-1006\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.as ... =CT2548838
IE - HKU\S-1-5-21-1614895754-1708537768-1801674531-1006\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = http://websearch.ask.com/redirect?clien ... 5C6A62D061&
IE - HKU\S-1-5-21-1614895754-1708537768-1801674531-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "TVersitybar Customized Web Search"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.zoznam.sk/"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: E:\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.3.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.3.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@virtools.com/3DviaPlayer: C:\Program Files\Virtools\3D Life Player\npvirtools.dll (Dassault Systèmes)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fe_3.6@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_3.6 [2012.02.07 18:24:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2012.02.07 18:26:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.16 21:54:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.20 12:30:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012.02.07 18:24:19 | 000,000,000 | ---D | M]

[2009.02.28 15:55:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Doma\Data aplikací\Mozilla\Extensions
[2012.05.20 17:08:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Doma\Data aplikací\Mozilla\Firefox\Profiles\k1plvtzz.default\extensions
[2011.05.25 17:55:23 | 000,000,000 | ---D | M] (XfireXO) -- C:\Documents and Settings\Doma\Data aplikací\Mozilla\Firefox\Profiles\k1plvtzz.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
[2011.11.12 19:44:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Doma\Data aplikací\Mozilla\Firefox\Profiles\k1plvtzz.default\extensions\ffxtlbr@babylon.com
[2012.05.18 19:33:19 | 000,002,400 | ---- | M] () -- C:\Documents and Settings\Doma\Data aplikací\Mozilla\Firefox\Profiles\k1plvtzz.default\searchplugins\askcom.xml
[2011.12.15 12:40:20 | 000,000,925 | ---- | M] () -- C:\Documents and Settings\Doma\Data aplikací\Mozilla\Firefox\Profiles\k1plvtzz.default\searchplugins\conduit.xml
[2011.03.18 14:05:04 | 000,001,908 | ---- | M] () -- C:\Documents and Settings\Doma\Data aplikací\Mozilla\Firefox\Profiles\k1plvtzz.default\searchplugins\metacrawler.xml
[2012.05.19 09:30:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.08.25 21:20:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011.03.03 19:05:42 | 000,001,583 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\atlas-sk.xml
[2011.03.03 19:05:42 | 000,001,380 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\azet-sk.xml
[2011.11.12 19:44:23 | 000,002,227 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011.03.03 19:05:42 | 000,001,479 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\dunaj-sk.xml
[2011.03.03 19:05:42 | 000,001,473 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slovnik-sk.xml
[2011.03.03 19:05:42 | 000,001,104 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-sk.xml
[2011.03.03 19:05:42 | 000,000,830 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\zoznam-sk.xml

========== Chrome ==========

CHR - default_search_provider: Google ()
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - Extension: Babylon Translator = C:\Documents and Settings\Doma\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.4\
CHR - Extension: SmileyCentral = C:\Documents and Settings\Doma\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\dmfgkaackkkmmomgmjcjcclniekkgjcd\1.0.0.3\
CHR - Extension: Battlefield Heroes = C:\Documents and Settings\Doma\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\gpdfjahpadlpfnfheehpddpcllihfkmm\5.0.122.0\
CHR - Extension: AT_DJTiesto = C:\Documents and Settings\Doma\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\okmcbgkkeagngnijeiighgblfljbekip\2\

O1 HOSTS File: ([2012.05.20 17:46:51 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Podpora odkazu pre aplikáciu Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1614895754-1708537768-1801674531-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1614895754-1708537768-1801674531-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1614895754-1708537768-1801674531-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1614895754-1708537768-1801674531-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Translate this web page with Babylon - Reg Error: Value error. File not found
O8 - Extra context menu item: Translate with Babylon - Reg Error: Value error. File not found
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/sh ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0000F2A2-B91D-4C80-842E-B8B722271012}: DhcpNameServer = 192.168.2.1 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Doma\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Doma\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.12.22 12:27:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\WINDOWS\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.tscc - C:\WINDOWS\system32\tsccvid.dll (TechSmith Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 7 Days ==========

[2012.05.21 07:52:58 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Doma\Plocha\OTL.exe
[2012.05.20 21:55:31 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Doma\Recent
[2012.05.20 18:11:52 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012.05.20 17:51:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012.05.19 09:36:31 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012.05.19 09:34:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012.05.19 09:34:24 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012.05.19 09:34:24 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012.05.19 09:34:24 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012.05.19 09:34:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012.05.19 09:33:54 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.05.19 08:50:13 | 000,202,240 | ---- | C] (DreamWorks Interactive) -- C:\setup95.exe
[2012.05.19 08:44:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Doma\Data aplikací\InstallShield
[2012.05.19 04:29:42 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2012.05.19 04:27:27 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Doma\Nabídka Start\Programy\Nástroje pro správu
[2012.05.18 20:55:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2012.05.18 19:33:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\boost_interprocess
[2012.05.18 19:31:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2012.05.16 21:22:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Doma\Plocha\C4D template
[2012.01.08 00:06:47 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Doma\Data aplikací\pcouffin.sys
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 7 Days ==========

[2012.05.21 07:57:47 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2012.05.21 07:52:30 | 000,195,011 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012.05.21 07:52:30 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.05.21 07:50:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.05.21 07:10:38 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Doma\Plocha\OTL.exe
[2012.05.21 03:26:53 | 000,002,581 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Word.lnk
[2012.05.21 03:26:36 | 000,002,539 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Microsoft Office Excel 2003 (2).lnk
[2012.05.20 17:46:51 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012.05.20 01:31:36 | 000,001,164 | ---- | M] () -- C:\WINDOWS\System32\ealregsnapshot1.reg
[2012.05.19 09:36:36 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012.05.19 08:50:15 | 000,000,030 | ---- | M] () -- C:\WINDOWS\Wininit.ini
[2012.05.18 10:09:00 | 000,000,012 | ---- | M] () -- C:\Documents and Settings\All Users\Data aplikací\ReminderNextRun
[2012.05.17 17:09:13 | 000,166,912 | ---- | M] () -- C:\Documents and Settings\Doma\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.05.15 17:01:27 | 000,002,283 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Skype.lnk
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.05.21 07:57:47 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2012.05.19 09:36:35 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012.05.19 09:36:34 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012.05.19 09:34:26 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012.05.19 09:34:24 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012.05.19 09:34:24 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012.05.19 09:34:24 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012.05.19 09:34:24 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012.05.19 08:45:38 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Wininit.ini
[2012.04.10 12:49:47 | 000,004,998 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\mtbjfghn.xbe
[2012.03.13 16:29:24 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\ReminderNextRun
[2012.02.16 18:47:23 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.01.09 23:47:12 | 000,524,623 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\WPFFontCache_v0400-S-1-5-21-1614895754-1708537768-1801674531-1006-0.dat
[2012.01.09 23:47:11 | 000,260,786 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\WPFFontCache_v0400-System.dat
[2012.01.08 00:06:47 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Doma\Data aplikací\inst.exe
[2012.01.08 00:06:47 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Doma\Data aplikací\pcouffin.cat
[2012.01.08 00:06:47 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Doma\Data aplikací\pcouffin.inf
[2012.01.07 18:46:15 | 000,001,057 | ---- | C] () -- C:\Documents and Settings\Doma\Data aplikací\vso_ts_preview.xml
[2012.01.03 19:34:19 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2011.12.15 21:58:58 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011.03.24 20:17:58 | 000,139,080 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2011.03.24 20:17:58 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\Doma\Data aplikací\PnkBstrK.sys
[2011.03.24 20:17:34 | 000,270,240 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2011.03.24 20:17:33 | 000,075,136 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2010.12.12 21:12:04 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010.06.22 21:30:25 | 000,000,171 | ---- | C] () -- C:\WINDOWS\System32\imon1.dat
[2010.06.18 15:24:21 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\H@tKeysH@@k.DLL

========== LOP Check ==========

[2011.05.08 11:29:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\3DVIA
[2011.11.16 19:23:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Babylon
[2012.05.19 08:43:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\boost_interprocess
[2012.05.19 08:45:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ConMet
[2012.02.07 18:22:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Installations
[2010.07.24 11:18:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Nokia
[2012.03.12 19:31:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\NokiaInstallerCache
[2010.07.26 21:24:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\PC Suite
[2012.01.20 17:44:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2012.02.05 22:05:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\xml_param
[2011.11.11 19:29:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012.05.08 12:46:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Doma\Data aplikací\.minecraft
[2012.04.20 12:23:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Doma\Data aplikací\.techniclauncher
[2012.01.09 17:16:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Doma\Data aplikací\avidemux
[2012.05.18 19:26:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Doma\Data aplikací\Azureus
[2011.11.14 21:15:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Doma\Data aplikací\Babylon
[2002.06.22 09:58:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Doma\Data aplikací\Buena Vista Games
[2011.11.26 21:17:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Doma\Data aplikací\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.05.19 08:45:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Doma\Data aplikací\ConMet
[2012.05.19 08:59:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Doma\Data aplikací\Dropbox
[2012.05.19 09:08:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Doma\Data aplikací\DVDVideoSoft
[2012.05.19 09:08:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Doma\Data aplikací\DVDVideoSoftIEHelpers
[2010.04.20 16:14:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Doma\Data aplikací\GHISLER
[2011.05.16 15:05:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Doma\Data aplikací\Greenshot
[2010.06.30 11:31:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Doma\Data aplikací\Leadertech
[2011.07.27 14:00:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Doma\Data aplikací\LolClient
[2012.03.04 21:40:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Doma\Data aplikací\MAXON
[2011.12.31 00:22:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Doma\Data aplikací\Minas Tirith Save
[2012.02.07 18:24:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Doma\Data aplikací\Nokia
[2010.11.03 18:53:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Doma\Data aplikací\Nokia Ovi Suite
[2010.12.23 18:31:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Doma\Data aplikací\Opera
[2012.04.20 12:31:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Doma\Data aplikací\Oracle
[2010.07.28 22:01:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Doma\Data aplikací\PC Suite
[2011.09.19 21:25:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Doma\Data aplikací\PDM
[2012.05.19 08:38:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Doma\Data aplikací\PriceGong
[2012.04.24 15:25:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Doma\Data aplikací\Solveig Multimedia
[2011.11.06 18:50:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Doma\Data aplikací\Sony
[2012.03.23 19:46:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Doma\Data aplikací\TeamViewer
[2011.06.20 16:58:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Doma\Data aplikací\TS3Client
[2011.05.04 17:40:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Doma\Data aplikací\Unity
[2012.05.18 19:26:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Doma\Data aplikací\uTorrent
[2012.01.08 00:06:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Doma\Data aplikací\Vso
[2011.04.12 12:05:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Doma\Data aplikací\WinPump
[2012.02.05 21:58:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Doma\Data aplikací\Wondershare Video Converter Platinum
[2010.08.24 22:55:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Internet\Data aplikací\PC Suite

========== Purity Check ==========

========== Custom Scans ==========

< >

< netsvc >

< >

< MD5 for: ATAPI.SYS >
[2008.04.14 14:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008.04.14 14:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\system32\DRIVERS\atapi.sys
[2008.04.14 14:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2008.04.14 14:00:00 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\cmdcons\autochk.exe
[2008.04.14 14:00:00 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\system32\autochk.exe
[2008.04.14 14:00:00 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\system32\dllcache\autochk.exe

< MD5 for: CDROM.SYS >
[2008.04.14 14:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008.04.14 14:00:00 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2007.04.25 06:20:30 | 000,062,592 | ---- | M] (Microsoft Corporation) MD5=7B53584D94E9D8716B2DE91D5F1CB42D -- C:\WINDOWS\system32\dllcache\cdrom.sys

< MD5 for: EXPLORER.EXE >
[2008.04.14 14:00:00 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008.04.14 14:00:00 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 14:00:00 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: HAL.DLL >
[2008.04.14 14:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2008.04.14 14:00:00 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=4329EE7D502C9113EBA0F9570392F5EE -- C:\WINDOWS\system32\hal.dll

< MD5 for: SCECLI.DLL >
[2008.04.14 14:00:00 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008.04.14 14:00:00 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008.04.14 14:00:00 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SVCHOST.EXE >
[2008.04.14 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008.04.14 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008.04.14 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: TCPIP.SYS >
[2008.04.14 14:00:00 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=D9F19E78F98834CB411D6AD3C68D181A -- C:\WINDOWS\system32\drivers\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.04.14 14:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008.04.14 14:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008.04.14 14:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008.04.14 14:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008.04.14 14:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008.04.14 14:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe

< >

< %systemroot%*.* /U /s >
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[15 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[1 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\AuthCabs\7971f918-a847-4430-9279-4a52d1efe18d\*.tmp files -> C:\WINDOWS\SoftwareDistribution\AuthCabs\7971f918-a847-4430-9279-4a52d1efe18d\*.tmp -> ]
[1 C:\WINDOWS\SoftwareDistribution\Download\b25a6f5145cb11af9dd5be9e353db6ab\*.tmp files -> C:\WINDOWS\SoftwareDistribution\Download\b25a6f5145cb11af9dd5be9e353db6ab\*.tmp -> ]
[5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >
[2011.01.11 20:42:08 | 000,000,286 | ---- | M] () -- C:\flv.exe
[1996.09.16 04:00:00 | 000,202,240 | ---- | M] (DreamWorks Interactive) -- C:\setup95.exe

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2012.05.08 12:46:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Doma\Data aplikací\.minecraft
[2012.04.20 12:23:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Doma\Data aplikací\.techniclauncher
[2011.09.19 21:36:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Doma\Data aplikací\Adobe
[2012.05.18 19:34:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Doma\Data aplikací\Apple Computer
[2012.01.09 17:16:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Doma\Data aplikací\avidemux
[2012.05.18 19:26:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Doma\Data aplikací\Azureus
[2011.11.14 21:15:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Doma\Data aplikací\Babylon
[2002.06.22 09:58:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Doma\Data aplikací\Buena Vista Games
[2011.11.26 21:17:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Doma\Data aplikací\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.05.19 08:45:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Doma\Data aplikací\ConMet
[2009.03.17 21:11:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Doma\Data aplikací\DivX
[2012.05.19 08:59:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Doma\Data aplikací\Dropbox
[2011.07.18 20:30:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Doma\Data aplikací\dvdcss
[2012.05.19 09:08:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Doma\Data aplikací\DVDVideoSoft
[2012.05.19 09:08:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Doma\Data aplikací\DVDVideoSoftIEHelpers
[2010.04.20 16:14:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Doma\Data aplikací\GHISLER
[2011.08.21 15:07:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Doma\Data aplikací\Google
[2011.05.16 15:05:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Doma\Data aplikací\Greenshot
[2009.02.28 15:45:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Doma\Data aplikací\Identities
[2012.05.19 08:44:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Doma\Data aplikací\InstallShield
[2010.06.30 11:31:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Doma\Data aplikací\Leadertech
[2011.07.27 14:00:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Doma\Data aplikací\LolClient
[2011.01.18 17:16:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Doma\Data aplikací\Macromedia
[2012.03.04 21:40:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Doma\Data aplikací\MAXON
[2011.11.25 17:51:16 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Doma\Data aplikací\Microsoft
[2011.12.31 00:22:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Doma\Data aplikací\Minas Tirith Save
[2009.02.28 15:55:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Doma\Data aplikací\Mozilla
[2012.02.07 18:24:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Doma\Data aplikací\Nokia
[2010.11.03 18:53:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Doma\Data aplikací\Nokia Ovi Suite
[2010.12.23 18:31:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Doma\Data aplikací\Opera
[2012.04.20 12:31:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Doma\Data aplikací\Oracle
[2010.07.28 22:01:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Doma\Data aplikací\PC Suite
[2011.09.19 21:25:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Doma\Data aplikací\PDM
[2012.05.19 08:38:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Doma\Data aplikací\PriceGong
[2010.06.30 11:34:29 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Doma\Data aplikací\SecuROM
[2012.05.18 19:26:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Doma\Data aplikací\Skype
[2011.07.08 16:20:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Doma\Data aplikací\skypePM
[2012.04.24 15:25:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Doma\Data aplikací\Solveig Multimedia
[2011.11.06 18:50:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Doma\Data aplikací\Sony
[2011.01.11 20:37:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Doma\Data aplikací\Sun
[2012.03.23 19:46:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Doma\Data aplikací\TeamViewer
[2011.06.20 16:58:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Doma\Data aplikací\TS3Client
[2011.05.04 17:40:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Doma\Data aplikací\Unity
[2012.05.18 19:26:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Doma\Data aplikací\uTorrent
[2010.01.22 15:37:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Doma\Data aplikací\vlc
[2012.01.08 00:06:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Doma\Data aplikací\Vso
[2011.04.12 12:05:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Doma\Data aplikací\WinPump
[2010.11.29 18:02:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Doma\Data aplikací\WinRAR
[2012.02.05 21:58:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Doma\Data aplikací\Wondershare Video Converter Platinum

< %APPDATA%\*.exe /s >
[2012.01.08 00:06:47 | 000,087,608 | ---- | M] () -- C:\Documents and Settings\Doma\Data aplikací\inst.exe
[2012.01.23 20:15:23 | 004,177,856 | ---- | M] () -- C:\Documents and Settings\Doma\Data aplikací\Azureus\plugins\azemp\vuzeplayer.exe
[2011.11.20 20:56:36 | 000,310,208 | ---- | M] (Georgia Institute of Technology) -- C:\Documents and Settings\Doma\Data aplikací\Azureus\plugins\mlab\ShaperProbeC.exe
[2012.01.09 22:38:01 | 007,288,256 | ---- | M] () -- C:\Documents and Settings\Doma\Data aplikací\Azureus\plugins\vuzexcode\ffmpeg.exe
[2012.01.09 22:38:02 | 004,146,688 | ---- | M] () -- C:\Documents and Settings\Doma\Data aplikací\Azureus\plugins\vuzexcode\mediainfo.exe
[2011.09.19 21:36:50 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Documents and Settings\Doma\Data aplikací\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2011.07.24 15:49:24 | 001,221,632 | ---- | M] (Microsoft) -- C:\Documents and Settings\Doma\Data aplikací\Microsoft\Microsoft\1.0.0.0\kNdK.exe
[2011.04.12 12:07:01 | 000,331,064 | ---- | M] (Collabo Interactive Solutions) -- C:\Documents and Settings\Doma\Data aplikací\WinPump\installmanager.exe
[2011.04.11 10:02:54 | 001,654,784 | ---- | M] () -- C:\Documents and Settings\Doma\Data aplikací\WinPump\pumpa.exe
[2011.04.12 12:06:50 | 000,032,482 | ---- | M] () -- C:\Documents and Settings\Doma\Data aplikací\WinPump\uninstall.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008.12.22 13:07:56 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2008.12.22 13:07:56 | 001,093,632 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2008.12.22 13:07:56 | 000,507,904 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >
[5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2012.05.20 01:31:36 | 000,001,164 | ---- | M] () -- C:\WINDOWS\system32\ealregsnapshot1.reg
[2012.05.21 07:52:30 | 000,195,011 | ---- | M] () -- C:\WINDOWS\system32\nvapps.xml
[2012.05.19 09:24:32 | 000,393,584 | ---- | M] () -- C:\WINDOWS\system32\TVersityMediaServer.log
[2012.05.21 07:52:30 | 000,013,646 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
[5 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >
[2011.01.11 20:42:08 | 000,000,286 | ---- | M] () -- C:\flv.exe
[1996.09.16 04:00:00 | 000,202,240 | ---- | M] (DreamWorks Interactive) -- C:\setup95.exe

< %userprofile%\Plocha\*.* >
[2010.06.18 15:00:25 | 000,002,250 | ---- | M] () -- C:\Documents and Settings\Doma\Plocha\Google Chrome.lnk
[2010.11.13 19:04:22 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\Doma\Plocha\Kyodai Mahjongg 2006.lnk
[2010.11.09 18:33:17 | 000,047,477 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Doma\Plocha\Microsoft Excel 2007.exe
[2012.03.09 21:42:02 | 000,002,493 | ---- | M] () -- C:\Documents and Settings\Doma\Plocha\Microsoft Office PowerPoint 2003.lnk
[2010.11.09 18:34:02 | 228,264,615 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Doma\Plocha\Microsoft Word 2007.exe
[2012.05.13 13:13:24 | 000,379,392 | ---- | M] () -- C:\Documents and Settings\Doma\Plocha\Muzikály.doc
[2012.05.21 07:10:38 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Doma\Plocha\OTL.exe
[2011.11.21 19:27:55 | 000,008,192 | -HS- | M] () -- C:\Documents and Settings\Doma\Plocha\Thumbs.db

< %userprofile%\Desktop\*.* >

< %ALLUSERSPROFILE%\Plocha\*.* >
[2010.01.11 20:01:53 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Adobe Reader 8.lnk
[2011.12.19 18:29:57 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\CCleaner.lnk
[2011.11.18 19:04:06 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Google Zem.lnk
[2012.05.12 17:09:13 | 000,001,302 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\iTunes.lnk
[2011.11.04 19:00:28 | 000,000,572 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\mail.upcmail.sk.lnk
[2012.05.21 03:26:36 | 000,002,539 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Microsoft Office Excel 2003 (2).lnk
[2011.03.16 21:54:55 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Mozilla Firefox.lnk
[2010.12.23 18:31:18 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Opera.lnk
[2012.04.09 13:59:10 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\QuickTime Player.lnk
[2012.05.15 17:01:27 | 000,002,283 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Skype.lnk
[2012.03.23 18:09:38 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\TeamViewer 7.lnk
[2012.05.21 03:26:53 | 000,002,581 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Word.lnk
[2011.10.12 13:52:50 | 000,002,537 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\WorldWide Telescope.lnk
[2011.04.12 19:54:39 | 000,001,978 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\WWT ¦ Mars.lnk

< %ALLUSERSPROFILE%\Desktop\*.* >

< *crack* /s >
[2011.11.26 21:14:29 | 000,000,608 | ---- | M] () -- \Documents and Settings\Doma\Data aplikací\Azureus\torrents\Adobe_Photoshop_CS5_Extended_(Crack___Instructions).5570840.TPB.torrent
[2012.01.26 19:03:52 | 000,006,560 | ---- | M] () -- \Documents and Settings\Doma\Data aplikací\Azureus\torrents\[kat.ph]audio4fun.av.voice.changer.diamond.7.0.29.crack.rh.torrent
[7 \Documents and Settings\Doma\Data aplikací\Azureus\torrents\*.tmp files -> \Documents and Settings\Doma\Data aplikací\Azureus\torrents\*.tmp -> ]
[2010.12.03 17:12:12 | 000,000,000 | ---- | M] () -- \Documents and Settings\Doma\Data aplikací\Mozilla\Firefox\Profiles\k1plvtzz.default\CT2405280\feed\http___crackle_com_rss_media_sxsw_featured_rss_history.xml
[2010.12.03 17:12:12 | 000,000,000 | ---- | M] () -- \Documents and Settings\Doma\Data aplikací\Mozilla\Firefox\Profiles\k1plvtzz.default\CT2405280\feed\http___crackle_com_rss_media_sxsw_featured_rss_structured.xml
[2010.06.19 20:09:30 | 000,017,940 | ---- | M] () -- \Documents and Settings\Doma\Data aplikací\uTorrent\GTAIV Patch 1030 + Razor Crack.rar.torrent
[2011.01.08 21:59:07 | 000,001,150 | ---- | M] () -- \Documents and Settings\Doma\Local Settings\Data aplikací\Opera\Opera\profile\images\http%3A%2F%2Fwww.crackfulldownload.com%2Ffavicon.ico
[2011.01.08 21:22:34 | 000,001,150 | ---- | M] () -- \Documents and Settings\Doma\Local Settings\Data aplikací\Opera\Opera\profile\images\http%3A%2F%2Fwww.cracks.cx%2Ffavicon.ico
[2011.01.08 21:57:30 | 000,001,150 | ---- | M] () -- \Documents and Settings\Doma\Local Settings\Data aplikací\Opera\Opera\profile\images\http%3A%2F%2Fwww.crackserialcodes.com%2Ffavicon.ico
[2011.01.08 21:59:07 | 000,000,151 | ---- | M] () -- \Documents and Settings\Doma\Local Settings\Data aplikací\Opera\Opera\profile\images\www.crackfulldownload.com.idx
[2011.01.08 21:22:34 | 000,000,115 | ---- | M] () -- \Documents and Settings\Doma\Local Settings\Data aplikací\Opera\Opera\profile\images\www.cracks.cx.idx
[2011.01.08 21:58:09 | 000,000,253 | ---- | M] () -- \Documents and Settings\Doma\Local Settings\Data aplikací\Opera\Opera\profile\images\www.crackserialcodes.com.idx
[2010.11.10 21:13:15 | 000,001,047 | ---- | M] () -- \Documents and Settings\Doma\Local Settings\Data aplikací\Softonic-Eng7\Rss\http___crackle_com_rss_media_sxsw_featured_rss.xml

< *keygen* /s >
[2011.11.06 19:27:07 | 000,014,158 | ---- | M] () -- \Documents and Settings\Doma\Data aplikací\uTorrent\Camtasia Studio 7.0.0 + Serials & Keygen - DivXNL-team.torrent
[2011.11.06 19:08:15 | 000,035,299 | ---- | M] () -- \Documents and Settings\Doma\Data aplikací\uTorrent\Sony.Vegas.Pro.v11.Build.371.x64.Incl.Keygen.and.Patch.torrent

< *loader* /s >
[2011.04.05 13:30:42 | 000,002,602 | ---- | M] () -- \Documents and Settings\All Users\Data aplikací\Babylon\LocalUI\img\controls\b9_preloader.gif
[2011.04.05 13:30:42 | 000,002,602 | ---- | M] () -- \Documents and Settings\All Users\Data aplikací\Babylon\LocalUI\img-ie6\controls\b9_preloader.gif
[2012.02.29 08:49:32 | 000,072,638 | ---- | M] () -- \Documents and Settings\All Users\Data aplikací\Skype\Apps\login\images\loader.gif
[2012.02.29 08:49:32 | 000,003,032 | ---- | M] () -- \Documents and Settings\All Users\Data aplikací\Skype\Apps\login\images\loader.png
[2012.03.03 20:56:08 | 000,000,564 | ---- | M] () -- \Documents and Settings\Doma\Data aplikací\.minecraft\ModLoader.txt
[2012.03.03 20:49:35 | 000,000,085 | ---- | M] () -- \Documents and Settings\Doma\Data aplikací\.minecraft\config\ModLoader.cfg
[2011.11.20 17:44:06 | 000,010,144 | ---- | M] () -- \Documents and Settings\Doma\Data aplikací\Mozilla\Firefox\Profiles\k1plvtzz.default\conduitCommon\modules\3.8.1.0\ExternalLibraryLoader.jsm
[2011.10.26 19:47:29 | 000,000,669 | ---- | M] () -- \Documents and Settings\Doma\Data aplikací\Solveig Multimedia\.minecraft\ModLoader.txt
[2011.10.26 17:21:06 | 000,000,669 | ---- | M] () -- \Documents and Settings\Doma\Data aplikací\Solveig Multimedia\.minecraft\ModLoader.txt.1
[2011.10.25 18:56:32 | 000,000,669 | ---- | M] () -- \Documents and Settings\Doma\Data aplikací\Solveig Multimedia\.minecraft\ModLoader.txt.2
[2011.12.25 23:55:44 | 000,000,673 | ---- | M] () -- \Documents and Settings\Doma\Local Settings\Data aplikací\Google\Chrome\User Data\Temp\scoped_dir_11335\CRX_INSTALL\Media\ajax-loader.gif
[2012.01.08 00:06:49 | 000,000,673 | ---- | M] () -- \Documents and Settings\Doma\Local Settings\Data aplikací\Google\Chrome\User Data\Temp\scoped_dir_11386\CRX_INSTALL\Media\ajax-loader.gif
[2011.12.15 21:40:50 | 000,000,673 | ---- | M] () -- \Documents and Settings\Doma\Local Settings\Data aplikací\Google\Chrome\User Data\Temp\scoped_dir_14259\CRX_INSTALL\Media\ajax-loader.gif
[2012.01.04 18:23:09 | 000,000,673 | ---- | M] () -- \Documents and Settings\Doma\Local Settings\Data aplikací\Google\Chrome\User Data\Temp\scoped_dir_15115\CRX_INSTALL\Media\ajax-loader.gif
[2012.02.13 20:09:47 | 000,000,673 | ---- | M] () -- \Documents and Settings\Doma\Local Settings\Data aplikací\Google\Chrome\User Data\Temp\scoped_dir_16894\CRX_INSTALL\Media\ajax-loader.gif
[2012.03.10 13:31:37 | 000,000,673 | ---- | M] () -- \Documents and Settings\Doma\Local Settings\Data aplikací\Google\Chrome\User Data\Temp\scoped_dir_177\CRX_INSTALL\Media\ajax-loader.gif
[2012.03.23 18:04:30 | 000,000,673 | ---- | M] () -- \Documents and Settings\Doma\Local Settings\Data aplikací\Google\Chrome\User Data\Temp\scoped_dir_18648\CRX_INSTALL\Media\ajax-loader.gif
[2012.03.24 13:44:26 | 000,000,673 | ---- | M] () -- \Documents and Settings\Doma\Local Settings\Data aplikací\Google\Chrome\User Data\Temp\scoped_dir_20576\CRX_INSTALL\Media\ajax-loader.gif
[2012.01.04 18:52:13 | 000,000,673 | ---- | M] () -- \Documents and Settings\Doma\Local Settings\Data aplikací\Google\Chrome\User Data\Temp\scoped_dir_20811\CRX_INSTALL\Media\ajax-loader.gif
[2012.04.07 12:19:01 | 000,000,673 | ---- | M] () -- \Documents and Settings\Doma\Local Settings\Data aplikací\Google\Chrome\User Data\Temp\scoped_dir_21718\CRX_INSTALL\Media\ajax-loader.gif
[2011.12.27 16:00:34 | 000,000,673 | ---- | M] () -- \Documents and Settings\Doma\Local Settings\Data aplikací\Google\Chrome\User Data\Temp\scoped_dir_23770\CRX_INSTALL\Media\ajax-loader.gif
[2012.03.24 22:31:11 | 000,000,673 | ---- | M] () -- \Documents and Settings\Doma\Local Settings\Data aplikací\Google\Chrome\User Data\Temp\scoped_dir_25481\CRX_INSTALL\Media\ajax-loader.gif
[2012.01.27 14:25:43 | 000,000,673 | ---- | M] () -- \Documents and Settings\Doma\Local Settings\Data aplikací\Google\Chrome\User Data\Temp\scoped_dir_2660\CRX_INSTALL\Media\ajax-loader.gif
[2012.03.24 22:39:17 | 000,000,673 | ---- | M] () -- \Documents and Settings\Doma\Local Settings\Data aplikací\Google\Chrome\User Data\Temp\scoped_dir_27068\CRX_INSTALL\Media\ajax-loader.gif
[2012.01.19 19:06:33 | 000,000,673 | ---- | M] () -- \Documents and Settings\Doma\Local Settings\Data aplikací\Google\Chrome\User Data\Temp\scoped_dir_28738\CRX_INSTALL\Media\ajax-loader.gif
[2012.04.06 17:29:19 | 000,000,673 | ---- | M] () -- \Documents and Settings\Doma\Local Settings\Data aplikací\Google\Chrome\User Data\Temp\scoped_dir_29750\CRX_INSTALL\Media\ajax-loader.gif
[2012.03.26 13:58:51 | 000,000,673 | ---- | M] () -- \Documents and Settings\Doma\Local Settings\Data aplikací\Google\Chrome\User Data\Temp\scoped_dir_30624\CRX_INSTALL\Media\ajax-loader.gif
[2012.02.20 20:37:40 | 000,000,673 | ---- | M] () -- \Documents and Settings\Doma\Local Settings\Data aplikací\Google\Chrome\User Data\Temp\scoped_dir_31296\CRX_INSTALL\Media\ajax-loader.gif
[2012.02.06 22:09:49 | 000,000,673 | ---- | M] () -- \Documents and Settings\Doma\Local Settings\Data aplikací\Google\Chrome\User Data\Temp\scoped_dir_31467\CRX_INSTALL\Media\ajax-loader.gif
[2012.01.01 19:56:30 | 000,000,673 | ---- | M] () -- \Documents and Settings\Doma\Local Settings\Data aplikací\Google\Chrome\User Data\Temp\scoped_dir_6168\CRX_INSTALL\Media\ajax-loader.gif
[2012.01.07 23:40:45 | 000,000,673 | ---- | M] () -- \Documents and Settings\Doma\Local Settings\Data aplikací\Google\Chrome\User Data\Temp\scoped_dir_6275\CRX_INSTALL\Media\ajax-loader.gif
[2012.05.17 15:29:03 | 000,000,673 | ---- | M] () -- \Documents and Settings\Doma\Local Settings\Data aplikací\Google\Chrome\User Data\Temp\scoped_dir_7069\CRX_INSTALL\Media\ajax-loader.gif
[2012.02.02 15:47:02 | 000,000,673 | ---- | M] () -- \Documents and Settings\Doma\Local Settings\Data aplikací\Google\Chrome\User Data\Temp\scoped_dir_7383\CRX_INSTALL\Media\ajax-loader.gif
[2012.01.19 17:25:06 | 000,000,673 | ---- | M] () -- \Documents and Settings\Doma\Local Settings\Data aplikací\Google\Chrome\User Data\Temp\scoped_dir_8863\CRX_INSTALL\Media\ajax-loader.gif
[2012.04.06 18:32:02 | 000,000,673 | ---- | M] () -- \Documents and Settings\Doma\Local Settings\Data aplikací\Google\Chrome\User Data\Temp\scoped_dir_9270\CRX_INSTALL\Media\ajax-loader.gif
[2012.05.18 19:34:36 | 000,000,673 | ---- | M] () -- \Documents and Settings\Doma\Local Settings\Data aplikací\Google\Chrome\User Data\Temp\scoped_dir_9627\CRX_INSTALL\Media\ajax-loader.gif
[2001.01.16 07:55:36 | 000,053,248 | ---- | M] () -- \Program Files\Common Files\Microsoft Shared\VS7DEBUG\COLOADER.DLL
[2001.01.16 05:22:34 | 000,002,560 | ---- | M] () -- \Program Files\Common Files\Microsoft Shared\VS7DEBUG\COLOADER.TLB
[2011.09.01 13:13:30 | 000,112,128 | ---- | M] () -- \Program Files\Common Files\Nokia\Tss\ProductApiLoader\ta_productapiloader.dll
[2006.07.20 07:37:56 | 000,006,808 | ---- | M] () -- \Program Files\EA GAMES\Need for Speed Most Wanted\modloader-readme.txt
[2006.07.17 05:25:17 | 000,000,179 | ---- | M] () -- \Program Files\EA GAMES\Need for Speed Most Wanted\modloader.ini
[2010.06.23 19:39:30 | 000,059,600 | ---- | M] () -- \Program Files\EA GAMES\Need for Speed Most Wanted\UninstallModLoader.exe
[2012.04.20 12:30:00 | 000,002,941 | ---- | M] () -- \Program Files\Java\jdk1.7.0_03\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-loaders.xml
[2012.04.20 12:30:00 | 000,000,411 | ---- | M] () -- \Program Files\Java\jdk1.7.0_03\lib\visualvm\platform\config\Modules\org-openide-loaders.xml
[2012.04.20 12:30:00 | 001,138,236 | ---- | M] () -- \Program Files\Java\jdk1.7.0_03\lib\visualvm\platform\modules\org-openide-loaders.jar
[2012.04.20 12:30:00 | 000,007,002 | ---- | M] () -- \Program Files\Java\jdk1.7.0_03\lib\visualvm\platform\modules\locale\org-openide-loaders_ja.jar
[2012.04.20 12:30:00 | 000,006,658 | ---- | M] () -- \Program Files\Java\jdk1.7.0_03\lib\visualvm\platform\modules\locale\org-openide-loaders_zh_CN.jar
[2012.04.20 12:30:01 | 000,000,457 | ---- | M] () -- \Program Files\Java\jdk1.7.0_03\lib\visualvm\platform\update_tracking\org-openide-loaders.xml
[2011.12.16 11:34:00 | 000,002,560 | ---- | M] () -- \Program Files\Nokia\Nokia PC Suite 7\Lang\MapLoader_cze.NLR
[2009.05.31 04:21:00 | 000,071,008 | ---- | M] () -- \Program Files\NVIDIA Corporation\PhysX\Common\PhysXLoader.dll
[2012.01.10 14:04:24 | 000,013,211 | ---- | M] () -- \Program Files\Oracle\JavaFX 2.0 SDK\docs\api\javafx\application\Preloader.ErrorNotification.html
[2012.01.10 14:04:30 | 000,020,432 | ---- | M] () -- \Program Files\Oracle\JavaFX 2.0 SDK\docs\api\javafx\application\Preloader.html
[2012.01.10 14:04:06 | 000,006,597 | ---- | M] () -- \Program Files\Oracle\JavaFX 2.0 SDK\docs\api\javafx\application\Preloader.PreloaderNotification.html
[2012.01.10 14:04:04 | 000,010,567 | ---- | M] () -- \Program Files\Oracle\JavaFX 2.0 SDK\docs\api\javafx\application\Preloader.ProgressNotification.html
[2012.01.10 14:04:30 | 000,015,082 | ---- | M] () -- \Program Files\Oracle\JavaFX 2.0 SDK\docs\api\javafx\application\Preloader.StateChangeNotification.html
[2012.01.10 14:04:34 | 000,014,414 | ---- | M] () -- \Program Files\Oracle\JavaFX 2.0 SDK\docs\api\javafx\application\Preloader.StateChangeNotification.Type.html
[2012.01.10 14:04:12 | 000,006,842 | ---- | M] () -- \Program Files\Oracle\JavaFX 2.0 SDK\docs\api\javafx\application\class-use\Preloader.ErrorNotification.html
[2012.01.10 14:04:12 | 000,004,449 | ---- | M] () -- \Program Files\Oracle\JavaFX 2.0 SDK\docs\api\javafx\application\class-use\Preloader.html
[2012.01.10 14:04:32 | 000,009,261 | ---- | M] () -- \Program Files\Oracle\JavaFX 2.0 SDK\docs\api\javafx\application\class-use\Preloader.PreloaderNotification.html
[2012.01.10 14:04:26 | 000,006,893 | ---- | M] () -- \Program Files\Oracle\JavaFX 2.0 SDK\docs\api\javafx\application\class-use\Preloader.ProgressNotification.html
[2012.01.10 14:03:58 | 000,006,977 | ---- | M] () -- \Program Files\Oracle\JavaFX 2.0 SDK\docs\api\javafx\application\class-use\Preloader.StateChangeNotification.html
[2012.01.10 14:04:06 | 000,011,165 | ---- | M] () -- \Program Files\Oracle\JavaFX 2.0 SDK\docs\api\javafx\application\class-use\Preloader.StateChangeNotification.Type.html
[2012.01.10 14:04:02 | 000,010,377 | ---- | M] () -- \Program Files\Oracle\JavaFX 2.0 SDK\docs\api\javafx\fxml\FXMLLoader.Attribute.html
[2012.01.10 14:04:24 | 000,012,768 | ---- | M] () -- \Program Files\Oracle\JavaFX 2.0 SDK\docs\api\javafx\fxml\FXMLLoader.ControllerMethodEventHandler.html
[2012.01.10 14:04:24 | 000,014,222 | ---- | M] () -- \Program Files\Oracle\JavaFX 2.0 SDK\docs\api\javafx\fxml\FXMLLoader.CopyElement.html
[2012.01.10 14:04:32 | 000,011,488 | ---- | M] () -- \Program Files\Oracle\JavaFX 2.0 SDK\docs\api\javafx\fxml\FXMLLoader.DefineElement.html
[2012.01.10 14:04:20 | 000,020,205 | ---- | M] () -- \Program Files\Oracle\JavaFX 2.0 SDK\docs\api\javafx\fxml\FXMLLoader.Element.html
[2012.01.10 14:04:26 | 000,014,212 | ---- | M] () -- \Program Files\Oracle\JavaFX 2.0 SDK\docs\api\javafx\fxml\FXMLLoader.ExpressionTargetMapping.html
[2012.01.10 14:04:10 | 000,044,046 | ---- | M] () -- \Program Files\Oracle\JavaFX 2.0 SDK\docs\api\javafx\fxml\FXMLLoader.html
[2012.01.10 14:04:36 | 000,014,967 | ---- | M] () -- \Program Files\Oracle\JavaFX 2.0 SDK\docs\api\javafx\fxml\FXMLLoader.IncludeElement.html
[2012.01.10 14:04:20 | 000,016,588 | ---- | M] () -- \Program Files\Oracle\JavaFX 2.0 SDK\docs\api\javafx\fxml\FXMLLoader.InstanceDeclarationElement.html
[2012.01.10 14:04:34 | 000,013,878 | ---- | M] () -- \Program Files\Oracle\JavaFX 2.0 SDK\docs\api\javafx\fxml\FXMLLoader.PropertyChangeListener.html
[2012.01.10 14:04:36 | 000,015,658 | ---- | M] () -- \Program Files\Oracle\JavaFX 2.0 SDK\docs\api\javafx\fxml\FXMLLoader.PropertyElement.html
[2012.01.10 14:04:24 | 000,014,271 | ---- | M] () -- \Program Files\Oracle\JavaFX 2.0 SDK\docs\api\javafx\fxml\FXMLLoader.ReferenceElement.html
[2012.01.10 14:04:02 | 000,015,319 | ---- | M] () -- \Program Files\Oracle\JavaFX 2.0 SDK\docs\api\javafx\fxml\FXMLLoader.ScriptElement.html
[2012.01.10 14:04:00 | 000,012,568 | ---- | M] () -- \Program Files\Oracle\JavaFX 2.0 SDK\docs\api\javafx\fxml\FXMLLoader.ScriptEventHandler.html
[2012.01.10 14:04:26 | 000,015,451 | ---- | M] () -- \Program Files\Oracle\JavaFX 2.0 SDK\docs\api\javafx\fxml\FXMLLoader.ValueElement.html
[2012.01.10 14:04:08 | 000,008,341 | ---- | M] () -- \Program Files\Oracle\JavaFX 2.0 SDK\docs\api\javafx\fxml\class-use\FXMLLoader.Attribute.html
[2012.01.10 14:04:12 | 000,004,702 | ---- | M] () -- \Program Files\Oracle\JavaFX 2.0 SDK\docs\api\javafx\fxml\class-use\FXMLLoader.ControllerMethodEventHandler.html
[2012.01.10 14:04:12 | 000,004,515 | ---- | M] () -- \Program Files\Oracle\JavaFX 2.0 SDK\docs\api\javafx\fxml\class-use\FXMLLoader.CopyElement.html
[2012.01.10 14:04:30 | 000,004,537 | ---- | M] () -- \Program Files\Oracle\JavaFX 2.0 SDK\docs\api\javafx\fxml\class-use\FXMLLoader.DefineElement.html
[2012.01.10 14:04:12 | 000,006,719 | ---- | M] () -- \Program Files\Oracle\JavaFX 2.0 SDK\docs\api\javafx\fxml\class-use\FXMLLoader.Element.html
[2012.01.10 14:04:30 | 000,004,647 | ---- | M] () -- \Program Files\Oracle\JavaFX 2.0 SDK\docs\api\javafx\fxml\class-use\FXMLLoader.ExpressionTargetMapping.html
[2012.01.10 14:04:12 | 000,007,272 | ---- | M] () -- \Program Files\Oracle\JavaFX 2.0 SDK\docs\api\javafx\fxml\class-use\FXMLLoader.html
[2012.01.10 14:04:12 | 000,004,548 | ---- | M] () -- \Program Files\Oracle\JavaFX 2.0 SDK\docs\api\javafx\fxml\class-use\FXMLLoader.IncludeElement.html
[2012.01.10 14:04:14 | 000,004,680 | ---- | M] () -- \Program Files\Oracle\JavaFX 2.0 SDK\docs\api\javafx\fxml\class-use\FXMLLoader.InstanceDeclarationElement.html
[2012.01.10 14:04:12 | 000,004,636 | ---- | M] () -- \Program Files\Oracle\JavaFX 2.0 SDK\docs\api\javafx\fxml\class-use\FXMLLoader.PropertyChangeListener.html
[2012.01.10 14:04:04 | 000,006,587 | ---- | M] () -- \Program Files\Oracle\JavaFX 2.0 SDK\docs\api\javafx\fxml\class-use\FXMLLoader.PropertyElement.html
[2012.01.10 14:04:00 | 000,004,570 | ---- | M] () -- \Program Files\Oracle\JavaFX 2.0 SDK\docs\api\javafx\fxml\class-use\FXMLLoader.ReferenceElement.html
[2012.01.10 14:04:12 | 000,004,537 | ---- | M] () -- \Program Files\Oracle\JavaFX 2.0 SDK\docs\api\javafx\fxml\class-use\FXMLLoader.ScriptElement.html
[2012.01.10 14:04:12 | 000,004,592 | ---- | M] () -- \Program Files\Oracle\JavaFX 2.0 SDK\docs\api\javafx\fxml\class-use\FXMLLoader.ScriptEventHandler.html
[2012.01.10 14:04:00 | 000,004,526 | ---- | M] () -- \Program Files\Oracle\JavaFX 2.0 SDK\docs\api\javafx\fxml\class-use\FXMLLoader.ValueElement.html
[2009.11.14 00:21:10 | 000,028,160 | ---- | M] () -- \Program Files\Virtools\3D Life Player\BuildingBlocks\CryptedLoader.dll
[2009.11.13 22:55:58 | 000,046,080 | ---- | M] () -- \Program Files\Virtools\3D Life Player\Plugins\3dsLoader.dll
[2009.11.13 22:56:38 | 000,026,624 | ---- | M] () -- \Program Files\Virtools\3D Life Player\Plugins\AscLoader.dll
[2009.11.13 23:01:52 | 000,118,784 | ---- | M] () -- \Program Files\Virtools\3D Life Player\Plugins\JpgLoader.dll
[2009.11.13 23:02:30 | 000,094,208 | ---- | M] () -- \Program Files\Virtools\3D Life Player\Plugins\PngLoader.dll
[2009.11.13 23:03:50 | 000,090,112 | ---- | M] () -- \Program Files\Virtools\3D Life Player\Plugins\VirtoolsLoader.dll
[2009.11.13 23:08:16 | 000,110,592 | ---- | M] () -- \Program Files\Virtools\3D Life Player\Plugins\XLoader.dll
[2010.03.15 12:28:23 | 000,045,056 | ---- | M] () -- \Program Files\WinRAR\RarExtLoader.exe
[2002.12.12 00:14:32 | 000,033,280 | ---- | M] () -- \WINDOWS\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dmloader.dll
[2008.04.14 14:00:00 | 000,035,840 | ---- | M] () -- \WINDOWS\system32\dmloader.dll
[5 \WINDOWS\system32\*.tmp files -> \WINDOWS\system32\*.tmp -> ]
[2010.10.22 13:43:22 | 000,012,532 | ---- | M] () -- \WINDOWS\system32\Adobe\Shockwave 11\shockwave_Projector_Loader.dcr
[2008.04.14 14:00:00 | 000,035,840 | ---- | M] () -- \WINDOWS\system32\dllcache\dmloader.dll
[2010.10.22 13:46:42 | 000,009,622 | ---- | M] () -- \WINDOWS\system32\Macromed\Shockwave 10\shockwave_Projector_Loader.dcr

< *RemoveWAT* /s >

< *minodlogin* /s >

< *tnod* /s >

< *TemDono* /s >

< *AutoKMS* /s >

< *KMSEmulator* /s >

< *activator* /s >

< *serial* /s >
[2004.08.03 23:15:54 | 000,030,067 | ---- | M] () -- \cmdcons\SERIAL.SY_
[2011.11.06 19:27:07 | 000,014,158 | ---- | M] () -- \Documents and Settings\Doma\Data aplikací\uTorrent\Camtasia Studio 7.0.0 + Serials & Keygen - DivXNL-team.torrent
[2011.01.08 21:57:30 | 000,001,150 | ---- | M] () -- \Documents and Settings\Doma\Local Settings\Data aplikací\Opera\Opera\profile\images\http%3A%2F%2Fwww.crackserialcodes.com%2Ffavicon.ico
[2011.01.08 22:26:50 | 000,001,150 | ---- | M] () -- \Documents and Settings\Doma\Local Settings\Data aplikací\Opera\Opera\profile\images\http%3A%2F%2Fwww.unlimitedserials.com%2Ffavicon.ico
[2011.01.08 21:58:09 | 000,000,253 | ---- | M] () -- \Documents and Settings\Doma\Local Settings\Data aplikací\Opera\Opera\profile\images\www.crackserialcodes.com.idx
[2011.01.08 22:26:50 | 000,000,131 | ---- | M] () -- \Documents and Settings\Doma\Local Settings\Data aplikací\Opera\Opera\profile\images\www.unlimitedserials.com.idx
[2010.08.25 13:23:00 | 000,000,170 | ---- | M] () -- \Documents and Settings\Doma\Local Settings\Data aplikací\Rockstar Games\GTA IV\Settings\serial.dat
[2012.04.20 12:29:53 | 000,014,736 | ---- | M] () -- \Program Files\Java\jdk1.7.0_03\bin\serialver.exe
[2012.03.29 06:01:00 | 000,413,696 | ---- | M] () -- \Program Files\Microsoft Silverlight\4.1.10329.0\System.Runtime.Serialization.dll
[2012.05.10 22:17:35 | 001,186,816 | ---- | M] () -- \Program Files\Microsoft Silverlight\4.1.10329.0\System.Runtime.Serialization.ni.dll
[2012.01.10 14:04:18 | 000,029,631 | ---- | M] () -- \Program Files\Oracle\JavaFX 2.0 SDK\docs\api\serialized-form.html
[2010.04.07 23:48:30 | 000,970,752 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
[2012.05.10 22:32:31 | 000,131,072 | ---- | M] () -- \WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2010.08.25 21:19:06 | 000,970,752 | ---- | M] () -- \WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2012.05.10 22:36:01 | 002,345,472 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\505e12638acd6fdb22e1fd2d4c6fc232\System.Runtime.Serialization.ni.dll
[2012.05.10 22:37:08 | 000,311,296 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\a644ec04e18202b60f9d828bc207972b\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2012.05.10 22:30:47 | 000,311,296 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\1ea68db6df26604de2e14af08dde4adb\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2012.05.10 22:25:39 | 002,637,312 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\d0b065445b421ccf5e2beb5eecc45a48\System.Runtime.Serialization.ni.dll
[2012.05.10 22:28:11 | 000,122,264 | ---- | M] () -- \WINDOWS\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2012.05.10 22:28:10 | 001,026,936 | ---- | M] () -- \WINDOWS\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2008.07.25 11:17:00 | 000,131,072 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
[2010.04.07 23:48:30 | 000,970,752 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
[2010.03.18 13:16:28 | 001,026,936 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.dll
[2010.03.18 13:16:28 | 000,122,264 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v4.0.30319\System.Runtime.Serialization.Formatters.Soap.dll
[2008.04.14 14:00:00 | 000,053,520 | ---- | M] () -- \WINDOWS\system32\dpserial.dll
[2008.04.14 14:00:00 | 000,014,336 | ---- | M] () -- \WINDOWS\system32\serialui.dll
[5 \WINDOWS\system32\*.tmp files -> \WINDOWS\system32\*.tmp -> ]
[2008.04.14 14:00:00 | 000,053,520 | ---- | M] () -- \WINDOWS\system32\dllcache\dpserial.dll
[2008.04.14 14:00:00 | 000,014,336 | ---- | M] () -- \WINDOWS\system32\dllcache\serialui.dll
[2008.04.14 14:00:00 | 000,064,256 | ---- | M] () -- \WINDOWS\system32\drivers\serial.sys

< *w7lxe* /s >

< *AutoRearm* /s >

< >

< HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run /s >
"NvCplDaemon" = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup -- [2008.04.14 14:00:00 | 000,033,280 | ---- | M] (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
"" =
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed" = 1
"" =
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed" = 1
"NoChange" = 1
"" =
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed" = 1
"" =

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"ctfmon.exe" = C:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 14:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation)

< HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run /s >

< >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2012.05.21 07:57:47 | 000,000,512 | ---- | M] () MD5=8D49B9EBB03E9A9FDAD77B95274C0016 -- C:\PhysicalMBR.bin

========== Files - Unicode (All) ==========
[2010.07.24 11:18:58 | 000,000,000 | ---D | M](C:\Documents and Settings\Doma\Data aplikac?) -- C:\Documents and Settings\Doma\Data aplikac�
(C:\Documents and Settings\Doma\Data aplikac?) -- C:\Documents and Settings\Doma\Data aplikac�

========== Alternate Data Streams ==========

@Alternate Data Stream - 500 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:05EE1EEF

< End of report >

VIRY.CZ

Poprosim o kontrolu logu RSIT

Poprosim o kontrolu logu RSIT

Re: Poprosim o kontrolu logu RSIT

Re: Poprosim o kontrolu logu RSIT

Re: Poprosim o kontrolu logu RSIT

Re: Poprosim o kontrolu logu RSIT

Re: Poprosim o kontrolu logu RSIT

Re: Poprosim o kontrolu logu RSIT

Re: Poprosim o kontrolu logu RSIT

Re: Poprosim o kontrolu logu RSIT

Re: Poprosim o kontrolu logu RSIT

Re: Poprosim o kontrolu logu RSIT

Re: Poprosim o kontrolu logu RSIT

Re: Poprosim o kontrolu logu RSIT

Re: Poprosim o kontrolu logu RSIT

Re: Poprosim o kontrolu logu RSIT