Ahojte.
Slo by juknout preventivne na pc od nasich.
Dostali nejaky starsi pc a mamca rika ze ji to jede pomalu
Hhlavne v Opere nektere aplikace jsou az moc pomale.
Take tu vnucky obcas uraduji takze kdo vi co se tu na tom pc deje.
diky za kontrolu.
Logfile of random's system information tool 1.09 (written by random/random)
Run by mata at 2012-06-30 08:51:42
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 63 GB (82%) free of 76 GB
Total RAM: 1023 MB (57% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:51:51, on 30.6.2012
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
C:\Program Files\AVG\AVG2012\avgidsagent.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Opera\opera.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe
C:\Documents and Settings\mata\Local Settings\Data aplikací\Opera\Opera\temporary_downloads\RSIT.exe
C:\Program Files\trend micro\mata.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.myheritage.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: vToolbarUpdater11.1.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
--
End of file - 4549 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-10-22 7700480]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-10-22 86016]
"Monitor"=C:\WINDOWS\PixArt\PAC207\Monitor.exe [2006-11-03 319488]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG_TRAY]
C:\Program Files\AVG\AVG2012\avgtray.exe [2012-04-05 2587008]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor]
C:\WINDOWS\PixArt\PAC207\Monitor.exe [2006-11-03 319488]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt]
C:\Program Files\AVG Secure Search\vprot.exe [2012-06-12 1104440]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\AVG\AVG10\avgmfapx.exe"="C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:Instalátor AVG"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\QIP 2010\qip.exe"="C:\Program Files\QIP 2010\qip.exe:*:Enabled:QIP 2010"
"C:\Program Files\AVG\AVG2012\avgmfapx.exe"="C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:Instalátor AVG"
"C:\Program Files\AVG\AVG2012\avgnsx.exe"="C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Webový štít"
"C:\Program Files\AVG\AVG2012\avgdiagex.exe"="C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostika 2012"
"C:\Program Files\AVG\AVG2012\avgemcx.exe"="C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:Obecná kontrola pošty"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe"="C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe:*:Enabled:Opera Internet Browser - Plugin wrapper"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"midi"=wdmaud.drv
"wave"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"VIDC.DVSD"=pdvcodec.dll
"VIDC.MPG4"=mpg4c32.dll
"VIDC.MP42"=mpg4c32.dll
======List of files/folders created in the last 1 month======
2012-06-30 08:51:43 ----D---- C:\Program Files\trend micro
2012-06-30 08:51:42 ----D---- C:\rsit
2012-06-29 21:15:38 ----D---- C:\WINDOWS\Minidump
2012-06-12 19:37:19 ----D---- C:\WINDOWS\system32\cache
2012-06-09 12:09:24 ----D---- C:\Documents and Settings\mata\Data aplikací\AVG Secure Search
2012-06-09 12:09:23 ----D---- C:\Documents and Settings\All Users\Data aplikací\AVG Secure Search
2012-06-09 12:09:19 ----D---- C:\Program Files\Common Files\AVG Secure Search
2012-06-09 12:09:16 ----D---- C:\Program Files\AVG Secure Search
2012-06-09 12:06:24 ----D---- C:\Documents and Settings\mata\Data aplikací\AVG2012
2012-06-09 12:04:40 ----D---- C:\Documents and Settings\All Users\Data aplikací\AVG2012
======List of files/folders modified in the last 1 month======
2012-06-30 08:51:43 ----RD---- C:\Program Files
2012-06-30 08:51:41 ----D---- C:\WINDOWS\Prefetch
2012-06-30 08:48:17 ----D---- C:\WINDOWS\system32\CatRoot2
2012-06-30 08:47:40 ----D---- C:\WINDOWS\Temp
2012-06-29 22:51:35 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-06-29 21:15:38 ----D---- C:\WINDOWS
2012-06-29 20:47:09 ----D---- C:\WINDOWS\system32\drivers\AVG
2012-06-29 20:45:04 ----D---- C:\Documents and Settings\All Users\Data aplikací\MFAData
2012-06-28 20:27:40 ----D---- C:\Documents and Settings\mata\Data aplikací\Skype
2012-06-28 20:24:54 ----D---- C:\Program Files\QIP 2010
2012-06-24 13:32:42 ----SD---- C:\WINDOWS\Tasks
2012-06-24 11:31:39 ----HD---- C:\Program Files\InstallShield Installation Information
2012-06-24 11:30:36 ----D---- C:\Program Files\Filipova dobrodružství - Na stopě rodinným pokladům
2012-06-24 11:30:18 ----D---- C:\Program Files\Egyptský míč
2012-06-24 11:13:29 ----A---- C:\WINDOWS\MyHeritage.INI
2012-06-24 11:10:49 ----SD---- C:\WINDOWS\Downloaded Program Files
2012-06-24 11:05:48 ----D---- C:\Program Files\CCleaner
2012-06-19 13:36:05 ----SHD---- C:\WINDOWS\Installer
2012-06-19 13:35:56 ----HD---- C:\Config.Msi
2012-06-17 15:12:49 ----D---- C:\Program Files\Opera
2012-06-14 19:10:06 ----D---- C:\Documents and Settings\All Users\Data aplikací\Skype
2012-06-12 19:37:19 ----D---- C:\WINDOWS\system32
2012-06-12 18:44:13 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-06-09 12:09:19 ----D---- C:\Program Files\Common Files
2012-06-09 12:08:15 ----HD---- C:\WINDOWS\inf
2012-06-09 12:08:15 ----D---- C:\WINDOWS\system32\drivers
2012-06-09 12:06:36 ----HD---- C:\$AVG
2012-06-09 12:02:38 ----D---- C:\Program Files\AVG
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 AVGIDSHX;AVGIDSHX; C:\WINDOWS\system32\DRIVERS\avgidshx.sys [2012-04-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver; C:\WINDOWS\system32\DRIVERS\avgrkx86.sys [2012-01-31 31952]
R0 nv_agp;NVIDIA nForce AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\nv_agp.sys [2002-09-06 13568]
R1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2004-08-17 41216]
R1 Avgldx86;AVG AVI Loader Driver; C:\WINDOWS\system32\DRIVERS\avgldx86.sys [2012-02-22 235216]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield; C:\WINDOWS\system32\DRIVERS\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver; C:\WINDOWS\system32\DRIVERS\avgtdix.sys [2012-03-19 301248]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2005-02-23 11776]
R3 AVGIDSDriver;AVGIDSDriver; C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter; C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim; C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys [2011-12-23 17232]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-18 2944]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-10-22 3994624]
R3 nvax;Service for NVIDIA(R) nForce(TM) Audio Enumerator; C:\WINDOWS\system32\drivers\nvax.sys [2002-12-05 13056]
R3 NVENET;NVIDIA nForce MCP Networking Adapter Driver; C:\WINDOWS\system32\DRIVERS\NVENET.sys [2002-09-23 80896]
R3 nvnforce;Service for NVIDIA(R) nForce(TM) Audio; C:\WINDOWS\system32\drivers\nvapu.sys [2002-12-05 241664]
R3 PAC207;Hama WEBCAM E120; C:\WINDOWS\system32\DRIVERS\PFC027.SYS [2007-03-01 507264]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-10-25 5888]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-13 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-13 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-13 21568]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2005-06-14 104576]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files\AVG\AVG2012\avgidsagent.exe [2012-04-30 5106744]
R2 avgwd;AVG WatchDog; C:\Program Files\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-10-22 159810]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2007-08-09 73728]
R2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [2012-06-12 935480]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-10-07 136176]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-06-05 160944]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-10-07 136176]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
preventivka - prosim
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: preventivka - prosim
Zdravim 
Na logu se pracuje, bude to nejakou dobu trvat.
Na logu se pracuje, bude to nejakou dobu trvat.
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: preventivka - prosim
v klidu.
Dneska jsem u nasich,takze casu dost.
diky
Dneska jsem u nasich,takze casu dost.
diky
Re: preventivka - prosim
Stahnete OTM http://oldtimer.geekstogo.com/OTM.exe , ulozte nejlepe na plochu a spustte.Do leveho okna zkopirujte tento skript (vcetne te dvojtecky pred slovem commands)
Kód: Vybrat vše
:commands
[EMPTYTEMP]
[EMPTYFLASH]
[RESETHOSTS]
[Purity]
:services
gupdate
SkypeUpdate
gupdatem
:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp
:reg
[HKCU\Software\Microsoft\Internet Explorer\Main]
"Start Page"=""
[HKLM\Software\Microsoft\Internet Explorer\Main]
"Start Page"=""
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"=-
"KernelFaultCheck"=-
Po restartu sem dejte log, ktery na vas vyskoci, nebo bude zde C:\_OTM\MovedFiles\xxxxxxxx_xxxxxx (misto tech x budou cisla, predstavujici datum a cas spusteni)
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: preventivka - prosim
All processes killed
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: mata
->Temp folder emptied: 77250294 bytes
->Temporary Internet Files folder emptied: 11469513 bytes
->Google Chrome cache emptied: 20973780 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 3097479 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2114584 bytes
%systemroot%\System32 .tmp files removed: 2504 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 26507330 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 134220073 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 117258038 bytes
Total Files Cleaned = 375,00 mb
[EMPTYFLASH]
User: All Users
User: Default User
User: LocalService
User: mata
->Flash cache emptied: 0 bytes
User: NetworkService
Total Flash Files Cleaned = 0,00 mb
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
========== SERVICES/DRIVERS ==========
Service gupdate stopped successfully!
Service gupdate deleted successfully!
Service SkypeUpdate stopped successfully!
Service SkypeUpdate deleted successfully!
Service gupdatem stopped successfully!
Service gupdatem deleted successfully!
========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
File/Folder C:\WINDOWS\*.tmp not found.
========== REGISTRY ==========
HKCU\Software\Microsoft\Internet Explorer\Main\\"Start Page"|"" /E : value set successfully!
HKLM\Software\Microsoft\Internet Explorer\Main\\"Start Page"|"" /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NvMediaCenter deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
OTM by OldTimer - Version 3.1.21.0 log created on 06302012_094612
Files moved on Reboot...
Registry entries deleted on Reboot...
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: mata
->Temp folder emptied: 77250294 bytes
->Temporary Internet Files folder emptied: 11469513 bytes
->Google Chrome cache emptied: 20973780 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 3097479 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2114584 bytes
%systemroot%\System32 .tmp files removed: 2504 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 26507330 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 134220073 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 117258038 bytes
Total Files Cleaned = 375,00 mb
[EMPTYFLASH]
User: All Users
User: Default User
User: LocalService
User: mata
->Flash cache emptied: 0 bytes
User: NetworkService
Total Flash Files Cleaned = 0,00 mb
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
========== SERVICES/DRIVERS ==========
Service gupdate stopped successfully!
Service gupdate deleted successfully!
Service SkypeUpdate stopped successfully!
Service SkypeUpdate deleted successfully!
Service gupdatem stopped successfully!
Service gupdatem deleted successfully!
========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
File/Folder C:\WINDOWS\*.tmp not found.
========== REGISTRY ==========
HKCU\Software\Microsoft\Internet Explorer\Main\\"Start Page"|"" /E : value set successfully!
HKLM\Software\Microsoft\Internet Explorer\Main\\"Start Page"|"" /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NvMediaCenter deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
OTM by OldTimer - Version 3.1.21.0 log created on 06302012_094612
Files moved on Reboot...
Registry entries deleted on Reboot...
Re: preventivka - prosim
OTM provedlo co melo, jinak vypada log v poradku. Nastala nejaka zmena? Nebo budeme patrat dale?
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: preventivka - prosim
jsem zkusil hru u ktere se to mamce seka.
Je to lepsi ale oproti Chrome v Opere porad je to des.
Takze v logu nic extra nebezpecneho nebo co by to brzdilo neni ?
Je to lepsi ale oproti Chrome v Opere porad je to des.
Takze v logu nic extra nebezpecneho nebo co by to brzdilo neni ?
Re: preventivka - prosim
Neni, ale log neukaze vsechno. A konkretne Operu vubec.
Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe , ulozte na plochu a spustte.
Oznacte polozky (dejte tam zatrzitka) Pro všechny uživatele, Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Do spodniho okna vlozte nasledujici text
Kliknete na Prohledat
Po skenu se vytvori dva logy (OTL.Txt a Extras.txt), oba sem vlozte (kdyz budou dlouhe, rozdelte je do vice prispevku).
Udelejte uplnou kontrolu s MBAM http://forum.viry.cz/viewtopic.php?f=29&t=115222 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce
Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe , ulozte na plochu a spustte.Oznacte polozky (dejte tam zatrzitka) Pro všechny uživatele, Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Do spodniho okna vlozte nasledujici text
Kód: Vybrat vše
CREATERESTOREPOINT
netsvcs
drivers32
savembr:0
/md5start
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
autochk.exe
cdrom.sys
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
explorer.exe
hal.dll
Changer.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys
JakNDis.sys
KR10N.sys
logevent.dll
lsass.exe
mv61xx.sys
ndis.sys
netlogon.dll
ntelogon.dll
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys
nvrd32.sys
nvstor.sys
nvstor32.sys
scecli.dll
sceclt.dll
smss.exe
svchost.exe
symmpi.sys
tcpip.sys
userinit.exe
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
winlogon.exe
ws2_32.dll
/md5stop
%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5
*crack* /s
*keygen* /s
*loader* /s
*minodlogin* /s
*tnod* /s
*AutoKMS* /s
*activator* /s
*serial* /s
*w7lxe* /s
Po skenu se vytvori dva logy (OTL.Txt a Extras.txt), oba sem vlozte (kdyz budou dlouhe, rozdelte je do vice prispevku).
Udelejte uplnou kontrolu s MBAM http://forum.viry.cz/viewtopic.php?f=29&t=115222 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekcePokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: preventivka - prosim
OTL logfile created on: 30.6.2012 10:19:51 - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Documents and Settings\mata\Plocha
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
1023,48 Mb Total Physical Memory | 648,32 Mb Available Physical Memory | 63,34% Memory free
2,40 Gb Paging File | 1,94 Gb Available in Paging File | 80,52% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 61,44 Gb Free Space | 82,44% Space Free | Partition Type: NTFS
Computer Name: MATA-27A6025F58 | User Name: mata | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.06.30 10:18:12 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mata\Plocha\OTL.exe
PRC - [2012.06.17 15:12:21 | 000,800,656 | ---- | M] (Opera Software) -- C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe
PRC - [2012.06.17 15:12:20 | 000,874,384 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2012.06.12 19:36:29 | 000,935,480 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
PRC - [2012.04.30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe
PRC - [2012.04.19 04:51:54 | 001,254,992 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2012.03.19 05:18:12 | 000,979,840 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2012.02.14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2012.02.14 04:53:14 | 000,758,112 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2012.02.14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2007.08.09 09:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2006.11.03 12:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\WINDOWS\PixArt\Pac207\Monitor.exe
PRC - [2004.08.17 15:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (No Company Name) ==========
MOD - [2012.06.12 19:36:29 | 000,935,480 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
MOD - [2011.12.22 20:00:54 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2006.10.22 12:22:00 | 000,212,992 | ---- | M] () -- C:\WINDOWS\system32\nvapi.dll
MOD - [2004.08.17 15:49:12 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012.06.12 19:36:29 | 000,935,480 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe -- (vToolbarUpdater11.1.0)
SRV - [2012.04.30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012.02.14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2007.08.09 09:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012.04.19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012.03.19 05:17:28 | 000,301,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012.02.22 05:25:32 | 000,235,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012.01.31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011.12.23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011.12.23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011.12.23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011.12.23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2007.03.01 10:23:42 | 000,507,264 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PFC027.SYS -- (PAC207)
DRV - [2005.02.23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004.08.04 01:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2002.12.05 06:01:00 | 000,241,664 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvapu.sys -- (nvnforce) Service for NVIDIA(R) nForce(TM)
DRV - [2002.12.05 06:01:00 | 000,013,056 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvax.sys -- (nvax) Service for NVIDIA(R) nForce(TM)
DRV - [2002.09.23 04:37:00 | 000,080,896 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENET.sys -- (NVENET)
DRV - [2002.09.06 05:24:00 | 000,013,568 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nv_agp.SYS -- (nv_agp)
DRV - [2001.08.18 00:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1960408961-1364589140-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-1960408961-1364589140-1177238915-1003\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-1960408961-1364589140-1177238915-1003\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={08A6 ... 2012-06-09 12:09:24&v=11.0.0.9&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1960408961-1364589140-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012.06.12 18:42:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012.06.09 12:06:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Documents and Settings\All Users\Data aplikací\AVG Secure Search\11.1.0.7\ [2012.06.12 19:41:55 | 000,000,000 | ---D | M]
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\mata\Local Settings\Data aplikac\u00ED\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Documents and Settings\mata\Local Settings\Data aplikac\u00ED\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\PFiles\Plugins\np-mswmp.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: AVG Safe Search = C:\Documents and Settings\mata\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\mata\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: AVG Do Not Track = C:\Documents and Settings\mata\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
O1 HOSTS File: ([2012.06.30 09:46:32 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O3 - HKU\S-1-5-21-1960408961-1364589140-1177238915-1003\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [Monitor] C:\WINDOWS\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1960408961-1364589140-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {32505657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... mvadvd.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/sh ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{55EE7ABD-93B7-4EB1-8E21-3D112D8EE2EF}: DhcpNameServer = 192.168.10.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Nebe.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Nebe.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.10.23 01:52:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{de70d470-b9ee-11e0-9280-00112faace38}\Shell\AutoRun\command - "" = H:\PMBP_Win.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
NetSvcs: 6to4 - File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DVSD - pdvcodec.dll File not found
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin
========== Files/Folders - Created Within 30 Days ==========
[2012.06.30 10:18:12 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\mata\Plocha\OTL.exe
[2012.06.30 09:46:12 | 000,000,000 | ---D | C] -- C:\_OTM
[2012.06.30 09:44:56 | 000,522,240 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\mata\Plocha\OTM.exe
[2012.06.30 09:00:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\NVIDIA
[2012.06.30 08:51:43 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2012.06.30 08:51:42 | 000,000,000 | ---D | C] -- C:\rsit
[2012.06.29 21:15:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2012.06.24 22:13:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mata\Plocha\Nová složka
[2012.06.24 11:56:15 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\mata\Recent
[2012.06.24 11:05:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\CCleaner
[2012.06.12 19:37:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\cache
[2012.06.12 18:42:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\AVG
[2012.06.09 12:09:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mata\Local Settings\Data aplikací\AVG Secure Search
[2012.06.09 12:09:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mata\Data aplikací\AVG Secure Search
[2012.06.09 12:09:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\AVG Secure Search
[2012.06.09 12:09:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2012.06.09 12:09:16 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012.06.09 12:06:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mata\Data aplikací\AVG2012
[2012.06.09 12:04:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\AVG2012
========== Files - Modified Within 30 Days ==========
[2012.06.30 10:22:13 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2012.06.30 10:18:12 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mata\Plocha\OTL.exe
[2012.06.30 09:47:34 | 000,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012.06.30 09:47:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.06.30 09:47:23 | 1073,270,784 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.30 09:46:32 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012.06.30 09:44:56 | 000,522,240 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mata\Plocha\OTM.exe
[2012.06.30 09:44:29 | 100,823,052 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012.06.28 20:25:11 | 000,002,283 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Skype.lnk
[2012.06.24 13:33:10 | 000,000,632 | ---- | M] () -- C:\Documents and Settings\mata\Plocha\cc_20120624_133306.reg
[2012.06.24 11:56:42 | 000,002,552 | ---- | M] () -- C:\Documents and Settings\mata\Plocha\cc_20120624_115636.reg
[2012.06.24 11:32:26 | 000,001,208 | ---- | M] () -- C:\Documents and Settings\mata\Plocha\cc_20120624_113220.reg
[2012.06.24 11:19:28 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\mata\Plocha\cc_20120624_111921.reg
[2012.06.24 11:13:29 | 000,000,480 | ---- | M] () -- C:\WINDOWS\MyHeritage.INI
[2012.06.24 10:59:34 | 000,004,120 | ---- | M] () -- C:\Documents and Settings\mata\Plocha\cc_20120624_105917.reg
[2012.06.23 16:46:13 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.06.20 17:22:49 | 000,168,485 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012.06.13 11:10:22 | 000,103,182 | ---- | M] () -- C:\Documents and Settings\mata\Plocha\The.Intouchables.2011.720p.Bluray.x264.anoXmous.srt
[2012.06.13 10:28:02 | 733,736,213 | ---- | M] () -- C:\Documents and Settings\mata\Plocha\The.Intouchables.2011.720p.Bluray.x264.anoXmous.mp4
[2012.06.12 18:42:06 | 000,000,714 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\AVG 2012.lnk
========== Files Created - No Company Name ==========
[2012.06.30 10:22:13 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2012.06.24 13:33:08 | 000,000,632 | ---- | C] () -- C:\Documents and Settings\mata\Plocha\cc_20120624_133306.reg
[2012.06.24 11:56:37 | 000,002,552 | ---- | C] () -- C:\Documents and Settings\mata\Plocha\cc_20120624_115636.reg
[2012.06.24 11:32:22 | 000,001,208 | ---- | C] () -- C:\Documents and Settings\mata\Plocha\cc_20120624_113220.reg
[2012.06.24 11:19:25 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\mata\Plocha\cc_20120624_111921.reg
[2012.06.24 10:59:20 | 000,004,120 | ---- | C] () -- C:\Documents and Settings\mata\Plocha\cc_20120624_105917.reg
[2012.06.14 12:53:12 | 000,103,182 | ---- | C] () -- C:\Documents and Settings\mata\Plocha\The.Intouchables.2011.720p.Bluray.x264.anoXmous.srt
[2012.06.14 12:52:11 | 733,736,213 | ---- | C] () -- C:\Documents and Settings\mata\Plocha\The.Intouchables.2011.720p.Bluray.x264.anoXmous.mp4
[2012.06.09 12:09:41 | 000,000,714 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\AVG 2012.lnk
[2011.07.10 20:41:24 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\mata\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.06.30 16:05:01 | 000,000,480 | ---- | C] () -- C:\WINDOWS\MyHeritage.INI
[2011.06.30 16:00:23 | 000,454,656 | ---- | C] () -- C:\WINDOWS\System32\PaintX.dll
[2011.05.08 19:44:01 | 000,000,028 | ---- | C] () -- C:\WINDOWS\MotionDVSTUDIO.INI
[2011.03.14 13:47:48 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD-Start.INI
[2010.12.24 16:38:07 | 000,000,518 | ---- | C] () -- C:\WINDOWS\System32\SP207.INI
[2010.10.23 16:55:59 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat
[2010.10.23 15:26:36 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010.10.23 14:32:30 | 000,126,958 | ---- | C] () -- C:\WINDOWS\hpoins11.dat.temp
[2010.10.23 14:32:30 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat.temp
[2010.10.23 13:36:15 | 000,000,124 | ---- | C] () -- C:\Documents and Settings\mata\Local Settings\Data aplikací\fusioncache.dat
[2010.10.23 13:15:36 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2010.10.23 10:59:15 | 000,001,024 | R--- | C] () -- C:\WINDOWS\System32\drivers\jedih2rx.bin
[2010.10.23 10:59:15 | 000,000,122 | R--- | C] () -- C:\WINDOWS\System32\drivers\ramsed.bin
[2010.10.23 10:56:05 | 000,003,260 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2010.10.23 10:56:03 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2010.10.23 03:41:49 | 000,004,249 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010.10.23 03:40:23 | 000,138,848 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.10.23 01:56:06 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010.10.23 01:48:14 | 000,021,812 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
========== LOP Check ==========
[2011.03.14 14:03:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Aliasworlds
[2012.06.24 11:02:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\AVG Secure Search
[2012.06.09 12:31:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\AVG2012
[2011.06.14 14:41:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\Common Files
[2011.10.18 19:10:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Easybits GO
[2012.06.30 09:25:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\MFAData
[2010.10.23 14:17:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\MSScanAppDataDir
[2011.06.30 18:48:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\MyHeritage
[2011.05.08 19:42:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Panasonic
[2012.03.07 18:54:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\tmp
[2012.06.09 12:09:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mata\Data aplikací\AVG Secure Search
[2012.06.09 12:06:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mata\Data aplikací\AVG2012
[2012.03.04 16:58:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mata\Data aplikací\EleFun Games
[2011.10.18 19:10:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mata\Data aplikací\go
[2010.10.23 17:27:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mata\Data aplikací\Image Zone Express
[2011.06.30 16:02:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mata\Data aplikací\MyHeritage
[2011.05.19 13:10:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mata\Data aplikací\Opera
[2010.10.23 11:33:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mata\Data aplikací\QIP
[2010.10.23 14:14:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mata\Data aplikací\Scan2PDF
[2010.10.23 14:06:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mata\Data aplikací\Serif
[2011.06.30 16:00:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mata\Data aplikací\The Complete Genealogy Reporter - FTB
========== Purity Check ==========
========== Custom Scans ==========
< >
< >
< MD5 for: AGP440.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\agp440.sys
< MD5 for: ATAPI.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2008.04.14 05:22:10 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\autochk.exe
[2004.08.17 15:49:22 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=CEA8636EC12F062C1ED8A7CB4E75324F -- C:\WINDOWS\system32\autochk.exe
[2004.08.17 15:49:22 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=CEA8636EC12F062C1ED8A7CB4E75324F -- C:\WINDOWS\system32\dllcache\autochk.exe
< MD5 for: CDROM.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\cdrom.sys
[2004.08.03 22:59:54 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\system32\drivers\cdrom.sys
< MD5 for: CRYPTSVC.DLL >
[2004.08.17 15:49:04 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\system32\cryptsvc.dll
[2004.08.17 15:49:04 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\system32\dllcache\cryptsvc.dll
[2008.04.14 05:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\cryptsvc.dll
< MD5 for: EVENTLOG.DLL >
[2008.04.14 05:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\eventlog.dll
[2004.08.17 15:49:08 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004.08.17 15:49:08 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\system32\eventlog.dll
< MD5 for: EXPLORER.EXE >
[2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\explorer.exe
[2004.08.17 15:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\explorer.exe
[2004.08.17 15:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\system32\dllcache\explorer.exe
< MD5 for: HAL.DLL >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2008.04.13 20:31:32 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\hal.dll
[2004.08.03 22:59:10 | 000,131,968 | ---- | M] (Microsoft Corporation) MD5=F9A0F579FC18036FFDD9E26E0D268CCD -- C:\WINDOWS\system32\hal.dll
< MD5 for: CHANGER.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2008.04.13 20:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\changer.sys
< MD5 for: ISAPNP.SYS >
[2001.10.25 13:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\system32\drivers\isapnp.sys
[2008.04.14 04:27:53 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\isapnp.sys
< MD5 for: LSASS.EXE >
[2004.08.17 15:49:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\system32\dllcache\lsass.exe
[2004.08.17 15:49:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\system32\lsass.exe
[2008.04.14 05:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\lsass.exe
< MD5 for: NDIS.SYS >
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\ndis.sys
[2004.08.03 23:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\dllcache\ndis.sys
[2004.08.03 23:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\drivers\ndis.sys
< MD5 for: NETLOGON.DLL >
[2009.02.06 20:47:20 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=1F43B8C0F4C767FBED89711C30E704D9 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009.02.06 20:47:20 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=1F43B8C0F4C767FBED89711C30E704D9 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004.08.17 15:49:14 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2004.08.17 15:49:14 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\system32\netlogon.dll
[2008.04.14 05:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\netlogon.dll
< MD5 for: SCECLI.DLL >
[2004.08.17 15:49:18 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004.08.17 15:49:18 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\system32\scecli.dll
[2008.04.14 05:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\scecli.dll
< MD5 for: SMSS.EXE >
[2004.08.17 15:49:28 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\system32\dllcache\smss.exe
[2004.08.17 15:49:28 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\system32\smss.exe
[2008.04.14 05:22:47 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\smss.exe
< MD5 for: SVCHOST.EXE >
[2008.04.14 05:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\svchost.exe
[2004.08.17 15:49:28 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\system32\dllcache\svchost.exe
[2004.08.17 15:49:28 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\system32\svchost.exe
< MD5 for: TCPIP.SYS >
[2008.06.20 12:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 12:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\system32\drivers\tcpip.sys
[2008.06.20 12:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[2008.04.13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[2004.08.03 23:14:42 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
< MD5 for: USERINIT.EXE >
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\userinit.exe
[2004.08.17 15:49:28 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\system32\dllcache\userinit.exe
[2004.08.17 15:49:28 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\system32\userinit.exe
< MD5 for: WINLOGON.EXE >
[2004.08.17 15:49:28 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2004.08.17 15:49:28 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\system32\winlogon.exe
[2008.04.14 05:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\winlogon.exe
< MD5 for: WS2_32.DLL >
[2004.08.17 15:49:22 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\system32\dllcache\ws2_32.dll
[2004.08.17 15:49:22 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\system32\ws2_32.dll
[2008.04.14 05:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\ws2_32.dll
< >
< %systemroot%*.* /U /s >
[3 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]
[1 C:\WINDOWS\twain_32\*.tmp files -> C:\WINDOWS\twain_32\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
[2007.11.07 09:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2011.04.04 09:27:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mata\Data aplikací\Adobe
[2010.12.24 16:48:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mata\Data aplikací\ArcSoft
[2012.06.09 12:09:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mata\Data aplikací\AVG Secure Search
[2012.06.09 12:06:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mata\Data aplikací\AVG2012
[2012.03.04 16:58:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mata\Data aplikací\EleFun Games
[2011.10.18 19:10:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mata\Data aplikací\go
[2010.10.23 13:37:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mata\Data aplikací\HP
[2010.10.23 02:01:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mata\Data aplikací\Identities
[2010.10.23 17:27:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mata\Data aplikací\Image Zone Express
[2010.12.24 16:37:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mata\Data aplikací\InstallShield
[2010.10.23 11:05:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mata\Data aplikací\Macromedia
[2011.02.03 16:46:55 | 000,000,000 | --SD | M] -- C:\Documents and Settings\mata\Data aplikací\Microsoft
[2011.06.30 16:02:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mata\Data aplikací\MyHeritage
[2011.05.19 13:10:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mata\Data aplikací\Opera
[2010.10.23 11:33:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mata\Data aplikací\QIP
[2010.10.23 14:14:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mata\Data aplikací\Scan2PDF
[2010.10.23 14:06:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mata\Data aplikací\Serif
[2012.06.28 20:27:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mata\Data aplikací\Skype
[2011.06.21 21:38:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mata\Data aplikací\skypePM
[2011.06.30 16:00:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mata\Data aplikací\The Complete Genealogy Reporter - FTB
[2010.11.25 19:07:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mata\Data aplikací\WinRAR
< %APPDATA%\*.exe /s >
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2010.10.23 03:39:33 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2010.10.23 03:39:33 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2010.10.23 03:39:33 | 000,466,944 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\system32\drivers\*.sys /3 >
< %systemroot%\system32\*.* /3 >
[2012.06.30 09:47:34 | 000,088,566 | ---- | M] () -- C:\WINDOWS\system32\nvapps.xml
< %SYSTEMDRIVE%\*.exe >
[2007.11.07 09:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
< >
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"CTFMON.EXE" = C:\WINDOWS\system32\ctfmon.exe -- [2004.08.17 15:49:24 | 000,015,360 | ---- | M] (Microsoft Corporation)
< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs
< >
< type c:\boot.ini >> test.txt /c >
[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
< %SystemDrive%\PhysicalMBR.bin /md5 >
[2012.06.30 10:22:13 | 000,000,512 | ---- | M] () MD5=65ED6378FCE80DC67DB9DB53B0D6FDFF -- C:\PhysicalMBR.bin
< >
< *crack* /s >
< *keygen* /s >
< *loader* /s >
[2012.06.09 12:09:33 | 000,006,494 | ---- | M] () -- \Documents and Settings\All Users\Data aplikací\AVG Secure Search\11.0.0.9\modules\skin\ajax-loader.gif
[2012.06.09 12:09:33 | 000,000,729 | ---- | M] () -- \Documents and Settings\All Users\Data aplikací\AVG Secure Search\11.0.0.9\modules\skin\loader.gif
[2012.06.12 19:41:52 | 000,006,494 | ---- | M] () -- \Documents and Settings\All Users\Data aplikací\AVG Secure Search\11.1.0.7\modules\skin\ajax-loader.gif
[2012.06.12 19:41:53 | 000,000,729 | ---- | M] () -- \Documents and Settings\All Users\Data aplikací\AVG Secure Search\11.1.0.7\modules\skin\loader.gif
[2012.02.29 08:49:32 | 000,072,638 | ---- | M] () -- \Documents and Settings\All Users\Data aplikací\Skype\Apps\login\images\loader.gif
[2012.02.29 08:49:32 | 000,003,032 | ---- | M] () -- \Documents and Settings\All Users\Data aplikací\Skype\Apps\login\images\loader.png
[2010.12.14 11:54:22 | 000,166,400 | ---- | M] () -- \Program Files\Fotolab\Fotolab Fotosvet 4\CWImageLoader0.dll
[2005.07.22 18:48:48 | 000,069,632 | ---- | M] () -- \Program Files\Hama\Hama Webcam Suite\Photo Greeting Card\uACM_Loader.dll
[2008.02.25 08:05:22 | 000,856,064 | ---- | M] () -- \Program Files\The KMPlayer\ImLoader.dll
[2010.03.15 12:28:24 | 000,045,056 | ---- | M] () -- \Program Files\WinRAR\RarExtLoader.exe
[2008.04.14 05:21:39 | 000,035,840 | ---- | M] () -- \WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\dmloader.dll
[2008.04.13 20:31:47 | 000,230,912 | ---- | M] () -- \WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\osloader.exe
[2008.04.13 20:31:48 | 000,278,528 | ---- | M] () -- \WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\osloader.ntd
[2004.08.17 15:49:06 | 000,035,840 | ---- | M] () -- \WINDOWS\system32\dmloader.dll
[2004.08.17 15:49:06 | 000,035,840 | ---- | M] () -- \WINDOWS\system32\dllcache\dmloader.dll
< *minodlogin* /s >
< *tnod* /s >
< *AutoKMS* /s >
< *activator* /s >
< *serial* /s >
[2010.10.23 12:31:20 | 000,011,776 | ---- | M] () -- \WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap.resources\1.0.5000.0_cs_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2010.11.03 15:32:30 | 000,131,072 | ---- | M] () -- \WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2004.07.15 15:31:54 | 000,131,072 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Serialization.Formatters.Soap.dll
[2003.04.07 19:24:52 | 000,011,776 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v1.1.4322\cs\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2008.04.14 04:17:25 | 000,028,416 | ---- | M] () -- \WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\grserial.sys
[2008.04.14 04:21:08 | 000,064,256 | ---- | M] () -- \WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\serial.sys
[2007.06.27 14:59:02 | 000,131,072 | ---- | M] () -- \WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\system.runtime.serialization.formatters.soap.dll
[2001.10.25 13:00:00 | 000,053,520 | ---- | M] () -- \WINDOWS\system32\dpserial.dll
[2001.10.25 13:00:00 | 000,014,336 | ---- | M] () -- \WINDOWS\system32\serialui.dll
[2001.10.25 13:00:00 | 000,053,520 | ---- | M] () -- \WINDOWS\system32\dllcache\dpserial.dll
[2001.10.25 13:00:00 | 000,014,336 | ---- | M] () -- \WINDOWS\system32\dllcache\serialui.dll
[2004.08.17 15:44:16 | 000,064,640 | ---- | M] () -- \WINDOWS\system32\drivers\serial.sys
< *w7lxe* /s >
========== Files - Unicode (All) ==========
[2010.10.23 12:11:17 | 000,000,000 | ---D | M](C:\Documents and Settings\mata\Data aplikac?) -- C:\Documents and Settings\mata\Data aplikac�
[2010.10.23 12:11:17 | 000,000,000 | ---D | M](C:\Documents and Settings\mata\Data aplikac?) -- C:\Documents and Settings\mata\Data aplikac�
(C:\Documents and Settings\mata\Data aplikac?) -- C:\Documents and Settings\mata\Data aplikac�
< End of report >
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Documents and Settings\mata\Plocha
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
1023,48 Mb Total Physical Memory | 648,32 Mb Available Physical Memory | 63,34% Memory free
2,40 Gb Paging File | 1,94 Gb Available in Paging File | 80,52% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 61,44 Gb Free Space | 82,44% Space Free | Partition Type: NTFS
Computer Name: MATA-27A6025F58 | User Name: mata | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.06.30 10:18:12 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mata\Plocha\OTL.exe
PRC - [2012.06.17 15:12:21 | 000,800,656 | ---- | M] (Opera Software) -- C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe
PRC - [2012.06.17 15:12:20 | 000,874,384 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2012.06.12 19:36:29 | 000,935,480 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
PRC - [2012.04.30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe
PRC - [2012.04.19 04:51:54 | 001,254,992 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2012.03.19 05:18:12 | 000,979,840 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2012.02.14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2012.02.14 04:53:14 | 000,758,112 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2012.02.14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2007.08.09 09:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2006.11.03 12:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\WINDOWS\PixArt\Pac207\Monitor.exe
PRC - [2004.08.17 15:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (No Company Name) ==========
MOD - [2012.06.12 19:36:29 | 000,935,480 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
MOD - [2011.12.22 20:00:54 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2006.10.22 12:22:00 | 000,212,992 | ---- | M] () -- C:\WINDOWS\system32\nvapi.dll
MOD - [2004.08.17 15:49:12 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012.06.12 19:36:29 | 000,935,480 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe -- (vToolbarUpdater11.1.0)
SRV - [2012.04.30 09:44:38 | 005,106,744 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012.02.14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2007.08.09 09:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012.04.19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012.03.19 05:17:28 | 000,301,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012.02.22 05:25:32 | 000,235,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012.01.31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011.12.23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011.12.23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011.12.23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011.12.23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2007.03.01 10:23:42 | 000,507,264 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PFC027.SYS -- (PAC207)
DRV - [2005.02.23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004.08.04 01:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2002.12.05 06:01:00 | 000,241,664 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvapu.sys -- (nvnforce) Service for NVIDIA(R) nForce(TM)
DRV - [2002.12.05 06:01:00 | 000,013,056 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvax.sys -- (nvax) Service for NVIDIA(R) nForce(TM)
DRV - [2002.09.23 04:37:00 | 000,080,896 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENET.sys -- (NVENET)
DRV - [2002.09.06 05:24:00 | 000,013,568 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nv_agp.SYS -- (nv_agp)
DRV - [2001.08.18 00:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1960408961-1364589140-1177238915-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKU\S-1-5-21-1960408961-1364589140-1177238915-1003\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-1960408961-1364589140-1177238915-1003\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={08A6 ... 2012-06-09 12:09:24&v=11.0.0.9&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1960408961-1364589140-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012.06.12 18:42:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012.06.09 12:06:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Documents and Settings\All Users\Data aplikací\AVG Secure Search\11.1.0.7\ [2012.06.12 19:41:55 | 000,000,000 | ---D | M]
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Documents and Settings\mata\Local Settings\Data aplikac\u00ED\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Documents and Settings\mata\Local Settings\Data aplikac\u00ED\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\PFiles\Plugins\np-mswmp.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: AVG Safe Search = C:\Documents and Settings\mata\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\
CHR - Extension: Skype Click to Call = C:\Documents and Settings\mata\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: AVG Do Not Track = C:\Documents and Settings\mata\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
O1 HOSTS File: ([2012.06.30 09:46:32 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O3 - HKU\S-1-5-21-1960408961-1364589140-1177238915-1003\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [Monitor] C:\WINDOWS\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1960408961-1364589140-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {32505657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... mvadvd.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/sh ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{55EE7ABD-93B7-4EB1-8E21-3D112D8EE2EF}: DhcpNameServer = 192.168.10.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Nebe.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Nebe.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.10.23 01:52:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{de70d470-b9ee-11e0-9280-00112faace38}\Shell\AutoRun\command - "" = H:\PMBP_Win.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
NetSvcs: 6to4 - File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DVSD - pdvcodec.dll File not found
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin
========== Files/Folders - Created Within 30 Days ==========
[2012.06.30 10:18:12 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\mata\Plocha\OTL.exe
[2012.06.30 09:46:12 | 000,000,000 | ---D | C] -- C:\_OTM
[2012.06.30 09:44:56 | 000,522,240 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\mata\Plocha\OTM.exe
[2012.06.30 09:00:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\NVIDIA
[2012.06.30 08:51:43 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2012.06.30 08:51:42 | 000,000,000 | ---D | C] -- C:\rsit
[2012.06.29 21:15:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2012.06.24 22:13:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mata\Plocha\Nová složka
[2012.06.24 11:56:15 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\mata\Recent
[2012.06.24 11:05:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\CCleaner
[2012.06.12 19:37:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\cache
[2012.06.12 18:42:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\AVG
[2012.06.09 12:09:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mata\Local Settings\Data aplikací\AVG Secure Search
[2012.06.09 12:09:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mata\Data aplikací\AVG Secure Search
[2012.06.09 12:09:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\AVG Secure Search
[2012.06.09 12:09:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2012.06.09 12:09:16 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012.06.09 12:06:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mata\Data aplikací\AVG2012
[2012.06.09 12:04:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\AVG2012
========== Files - Modified Within 30 Days ==========
[2012.06.30 10:22:13 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2012.06.30 10:18:12 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mata\Plocha\OTL.exe
[2012.06.30 09:47:34 | 000,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012.06.30 09:47:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.06.30 09:47:23 | 1073,270,784 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.30 09:46:32 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2012.06.30 09:44:56 | 000,522,240 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mata\Plocha\OTM.exe
[2012.06.30 09:44:29 | 100,823,052 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012.06.28 20:25:11 | 000,002,283 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Skype.lnk
[2012.06.24 13:33:10 | 000,000,632 | ---- | M] () -- C:\Documents and Settings\mata\Plocha\cc_20120624_133306.reg
[2012.06.24 11:56:42 | 000,002,552 | ---- | M] () -- C:\Documents and Settings\mata\Plocha\cc_20120624_115636.reg
[2012.06.24 11:32:26 | 000,001,208 | ---- | M] () -- C:\Documents and Settings\mata\Plocha\cc_20120624_113220.reg
[2012.06.24 11:19:28 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\mata\Plocha\cc_20120624_111921.reg
[2012.06.24 11:13:29 | 000,000,480 | ---- | M] () -- C:\WINDOWS\MyHeritage.INI
[2012.06.24 10:59:34 | 000,004,120 | ---- | M] () -- C:\Documents and Settings\mata\Plocha\cc_20120624_105917.reg
[2012.06.23 16:46:13 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.06.20 17:22:49 | 000,168,485 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012.06.13 11:10:22 | 000,103,182 | ---- | M] () -- C:\Documents and Settings\mata\Plocha\The.Intouchables.2011.720p.Bluray.x264.anoXmous.srt
[2012.06.13 10:28:02 | 733,736,213 | ---- | M] () -- C:\Documents and Settings\mata\Plocha\The.Intouchables.2011.720p.Bluray.x264.anoXmous.mp4
[2012.06.12 18:42:06 | 000,000,714 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\AVG 2012.lnk
========== Files Created - No Company Name ==========
[2012.06.30 10:22:13 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2012.06.24 13:33:08 | 000,000,632 | ---- | C] () -- C:\Documents and Settings\mata\Plocha\cc_20120624_133306.reg
[2012.06.24 11:56:37 | 000,002,552 | ---- | C] () -- C:\Documents and Settings\mata\Plocha\cc_20120624_115636.reg
[2012.06.24 11:32:22 | 000,001,208 | ---- | C] () -- C:\Documents and Settings\mata\Plocha\cc_20120624_113220.reg
[2012.06.24 11:19:25 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\mata\Plocha\cc_20120624_111921.reg
[2012.06.24 10:59:20 | 000,004,120 | ---- | C] () -- C:\Documents and Settings\mata\Plocha\cc_20120624_105917.reg
[2012.06.14 12:53:12 | 000,103,182 | ---- | C] () -- C:\Documents and Settings\mata\Plocha\The.Intouchables.2011.720p.Bluray.x264.anoXmous.srt
[2012.06.14 12:52:11 | 733,736,213 | ---- | C] () -- C:\Documents and Settings\mata\Plocha\The.Intouchables.2011.720p.Bluray.x264.anoXmous.mp4
[2012.06.09 12:09:41 | 000,000,714 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\AVG 2012.lnk
[2011.07.10 20:41:24 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\mata\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.06.30 16:05:01 | 000,000,480 | ---- | C] () -- C:\WINDOWS\MyHeritage.INI
[2011.06.30 16:00:23 | 000,454,656 | ---- | C] () -- C:\WINDOWS\System32\PaintX.dll
[2011.05.08 19:44:01 | 000,000,028 | ---- | C] () -- C:\WINDOWS\MotionDVSTUDIO.INI
[2011.03.14 13:47:48 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD-Start.INI
[2010.12.24 16:38:07 | 000,000,518 | ---- | C] () -- C:\WINDOWS\System32\SP207.INI
[2010.10.23 16:55:59 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat
[2010.10.23 15:26:36 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010.10.23 14:32:30 | 000,126,958 | ---- | C] () -- C:\WINDOWS\hpoins11.dat.temp
[2010.10.23 14:32:30 | 000,011,634 | ---- | C] () -- C:\WINDOWS\hpomdl11.dat.temp
[2010.10.23 13:36:15 | 000,000,124 | ---- | C] () -- C:\Documents and Settings\mata\Local Settings\Data aplikací\fusioncache.dat
[2010.10.23 13:15:36 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2010.10.23 10:59:15 | 000,001,024 | R--- | C] () -- C:\WINDOWS\System32\drivers\jedih2rx.bin
[2010.10.23 10:59:15 | 000,000,122 | R--- | C] () -- C:\WINDOWS\System32\drivers\ramsed.bin
[2010.10.23 10:56:05 | 000,003,260 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2010.10.23 10:56:03 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2010.10.23 03:41:49 | 000,004,249 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010.10.23 03:40:23 | 000,138,848 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.10.23 01:56:06 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010.10.23 01:48:14 | 000,021,812 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
========== LOP Check ==========
[2011.03.14 14:03:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Aliasworlds
[2012.06.24 11:02:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\AVG Secure Search
[2012.06.09 12:31:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\AVG2012
[2011.06.14 14:41:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\Common Files
[2011.10.18 19:10:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Easybits GO
[2012.06.30 09:25:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\MFAData
[2010.10.23 14:17:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\MSScanAppDataDir
[2011.06.30 18:48:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\MyHeritage
[2011.05.08 19:42:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Panasonic
[2012.03.07 18:54:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\tmp
[2012.06.09 12:09:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mata\Data aplikací\AVG Secure Search
[2012.06.09 12:06:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mata\Data aplikací\AVG2012
[2012.03.04 16:58:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mata\Data aplikací\EleFun Games
[2011.10.18 19:10:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mata\Data aplikací\go
[2010.10.23 17:27:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mata\Data aplikací\Image Zone Express
[2011.06.30 16:02:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mata\Data aplikací\MyHeritage
[2011.05.19 13:10:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mata\Data aplikací\Opera
[2010.10.23 11:33:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mata\Data aplikací\QIP
[2010.10.23 14:14:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mata\Data aplikací\Scan2PDF
[2010.10.23 14:06:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mata\Data aplikací\Serif
[2011.06.30 16:00:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mata\Data aplikací\The Complete Genealogy Reporter - FTB
========== Purity Check ==========
========== Custom Scans ==========
< >
< >
< MD5 for: AGP440.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\agp440.sys
< MD5 for: ATAPI.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\atapi.sys
< MD5 for: AUTOCHK.EXE >
[2008.04.14 05:22:10 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\autochk.exe
[2004.08.17 15:49:22 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=CEA8636EC12F062C1ED8A7CB4E75324F -- C:\WINDOWS\system32\autochk.exe
[2004.08.17 15:49:22 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=CEA8636EC12F062C1ED8A7CB4E75324F -- C:\WINDOWS\system32\dllcache\autochk.exe
< MD5 for: CDROM.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\cdrom.sys
[2004.08.03 22:59:54 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\system32\drivers\cdrom.sys
< MD5 for: CRYPTSVC.DLL >
[2004.08.17 15:49:04 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\system32\cryptsvc.dll
[2004.08.17 15:49:04 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\system32\dllcache\cryptsvc.dll
[2008.04.14 05:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\cryptsvc.dll
< MD5 for: EVENTLOG.DLL >
[2008.04.14 05:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\eventlog.dll
[2004.08.17 15:49:08 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004.08.17 15:49:08 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\system32\eventlog.dll
< MD5 for: EXPLORER.EXE >
[2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\explorer.exe
[2004.08.17 15:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\explorer.exe
[2004.08.17 15:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\system32\dllcache\explorer.exe
< MD5 for: HAL.DLL >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2008.04.13 20:31:32 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\hal.dll
[2004.08.03 22:59:10 | 000,131,968 | ---- | M] (Microsoft Corporation) MD5=F9A0F579FC18036FFDD9E26E0D268CCD -- C:\WINDOWS\system32\hal.dll
< MD5 for: CHANGER.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2008.04.13 20:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\changer.sys
< MD5 for: ISAPNP.SYS >
[2001.10.25 13:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\system32\drivers\isapnp.sys
[2008.04.14 04:27:53 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\isapnp.sys
< MD5 for: LSASS.EXE >
[2004.08.17 15:49:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\system32\dllcache\lsass.exe
[2004.08.17 15:49:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\system32\lsass.exe
[2008.04.14 05:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\lsass.exe
< MD5 for: NDIS.SYS >
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\ndis.sys
[2004.08.03 23:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\dllcache\ndis.sys
[2004.08.03 23:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\system32\drivers\ndis.sys
< MD5 for: NETLOGON.DLL >
[2009.02.06 20:47:20 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=1F43B8C0F4C767FBED89711C30E704D9 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009.02.06 20:47:20 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=1F43B8C0F4C767FBED89711C30E704D9 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004.08.17 15:49:14 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2004.08.17 15:49:14 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\system32\netlogon.dll
[2008.04.14 05:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\netlogon.dll
< MD5 for: SCECLI.DLL >
[2004.08.17 15:49:18 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004.08.17 15:49:18 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\system32\scecli.dll
[2008.04.14 05:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\scecli.dll
< MD5 for: SMSS.EXE >
[2004.08.17 15:49:28 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\system32\dllcache\smss.exe
[2004.08.17 15:49:28 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\system32\smss.exe
[2008.04.14 05:22:47 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\smss.exe
< MD5 for: SVCHOST.EXE >
[2008.04.14 05:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\svchost.exe
[2004.08.17 15:49:28 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\system32\dllcache\svchost.exe
[2004.08.17 15:49:28 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\system32\svchost.exe
< MD5 for: TCPIP.SYS >
[2008.06.20 12:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 12:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\system32\drivers\tcpip.sys
[2008.06.20 12:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[2008.04.13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[2004.08.03 23:14:42 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
< MD5 for: USERINIT.EXE >
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\userinit.exe
[2004.08.17 15:49:28 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\system32\dllcache\userinit.exe
[2004.08.17 15:49:28 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\system32\userinit.exe
< MD5 for: WINLOGON.EXE >
[2004.08.17 15:49:28 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2004.08.17 15:49:28 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\system32\winlogon.exe
[2008.04.14 05:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\winlogon.exe
< MD5 for: WS2_32.DLL >
[2004.08.17 15:49:22 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\system32\dllcache\ws2_32.dll
[2004.08.17 15:49:22 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\system32\ws2_32.dll
[2008.04.14 05:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\ws2_32.dll
< >
< %systemroot%*.* /U /s >
[3 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]
[1 C:\WINDOWS\twain_32\*.tmp files -> C:\WINDOWS\twain_32\*.tmp -> ]
< %SYSTEMDRIVE%\*.exe >
[2007.11.07 09:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2011.04.04 09:27:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mata\Data aplikací\Adobe
[2010.12.24 16:48:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mata\Data aplikací\ArcSoft
[2012.06.09 12:09:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mata\Data aplikací\AVG Secure Search
[2012.06.09 12:06:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mata\Data aplikací\AVG2012
[2012.03.04 16:58:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mata\Data aplikací\EleFun Games
[2011.10.18 19:10:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mata\Data aplikací\go
[2010.10.23 13:37:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mata\Data aplikací\HP
[2010.10.23 02:01:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mata\Data aplikací\Identities
[2010.10.23 17:27:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mata\Data aplikací\Image Zone Express
[2010.12.24 16:37:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mata\Data aplikací\InstallShield
[2010.10.23 11:05:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mata\Data aplikací\Macromedia
[2011.02.03 16:46:55 | 000,000,000 | --SD | M] -- C:\Documents and Settings\mata\Data aplikací\Microsoft
[2011.06.30 16:02:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mata\Data aplikací\MyHeritage
[2011.05.19 13:10:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mata\Data aplikací\Opera
[2010.10.23 11:33:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mata\Data aplikací\QIP
[2010.10.23 14:14:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mata\Data aplikací\Scan2PDF
[2010.10.23 14:06:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mata\Data aplikací\Serif
[2012.06.28 20:27:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mata\Data aplikací\Skype
[2011.06.21 21:38:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mata\Data aplikací\skypePM
[2011.06.30 16:00:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mata\Data aplikací\The Complete Genealogy Reporter - FTB
[2010.11.25 19:07:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mata\Data aplikací\WinRAR
< %APPDATA%\*.exe /s >
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2010.10.23 03:39:33 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2010.10.23 03:39:33 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2010.10.23 03:39:33 | 000,466,944 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\system32\drivers\*.sys /3 >
< %systemroot%\system32\*.* /3 >
[2012.06.30 09:47:34 | 000,088,566 | ---- | M] () -- C:\WINDOWS\system32\nvapps.xml
< %SYSTEMDRIVE%\*.exe >
[2007.11.07 09:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
< >
< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"CTFMON.EXE" = C:\WINDOWS\system32\ctfmon.exe -- [2004.08.17 15:49:24 | 000,015,360 | ---- | M] (Microsoft Corporation)
< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs
< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs
< >
< type c:\boot.ini >> test.txt /c >
[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
< %SystemDrive%\PhysicalMBR.bin /md5 >
[2012.06.30 10:22:13 | 000,000,512 | ---- | M] () MD5=65ED6378FCE80DC67DB9DB53B0D6FDFF -- C:\PhysicalMBR.bin
< >
< *crack* /s >
< *keygen* /s >
< *loader* /s >
[2012.06.09 12:09:33 | 000,006,494 | ---- | M] () -- \Documents and Settings\All Users\Data aplikací\AVG Secure Search\11.0.0.9\modules\skin\ajax-loader.gif
[2012.06.09 12:09:33 | 000,000,729 | ---- | M] () -- \Documents and Settings\All Users\Data aplikací\AVG Secure Search\11.0.0.9\modules\skin\loader.gif
[2012.06.12 19:41:52 | 000,006,494 | ---- | M] () -- \Documents and Settings\All Users\Data aplikací\AVG Secure Search\11.1.0.7\modules\skin\ajax-loader.gif
[2012.06.12 19:41:53 | 000,000,729 | ---- | M] () -- \Documents and Settings\All Users\Data aplikací\AVG Secure Search\11.1.0.7\modules\skin\loader.gif
[2012.02.29 08:49:32 | 000,072,638 | ---- | M] () -- \Documents and Settings\All Users\Data aplikací\Skype\Apps\login\images\loader.gif
[2012.02.29 08:49:32 | 000,003,032 | ---- | M] () -- \Documents and Settings\All Users\Data aplikací\Skype\Apps\login\images\loader.png
[2010.12.14 11:54:22 | 000,166,400 | ---- | M] () -- \Program Files\Fotolab\Fotolab Fotosvet 4\CWImageLoader0.dll
[2005.07.22 18:48:48 | 000,069,632 | ---- | M] () -- \Program Files\Hama\Hama Webcam Suite\Photo Greeting Card\uACM_Loader.dll
[2008.02.25 08:05:22 | 000,856,064 | ---- | M] () -- \Program Files\The KMPlayer\ImLoader.dll
[2010.03.15 12:28:24 | 000,045,056 | ---- | M] () -- \Program Files\WinRAR\RarExtLoader.exe
[2008.04.14 05:21:39 | 000,035,840 | ---- | M] () -- \WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\dmloader.dll
[2008.04.13 20:31:47 | 000,230,912 | ---- | M] () -- \WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\osloader.exe
[2008.04.13 20:31:48 | 000,278,528 | ---- | M] () -- \WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\osloader.ntd
[2004.08.17 15:49:06 | 000,035,840 | ---- | M] () -- \WINDOWS\system32\dmloader.dll
[2004.08.17 15:49:06 | 000,035,840 | ---- | M] () -- \WINDOWS\system32\dllcache\dmloader.dll
< *minodlogin* /s >
< *tnod* /s >
< *AutoKMS* /s >
< *activator* /s >
< *serial* /s >
[2010.10.23 12:31:20 | 000,011,776 | ---- | M] () -- \WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap.resources\1.0.5000.0_cs_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2010.11.03 15:32:30 | 000,131,072 | ---- | M] () -- \WINDOWS\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2004.07.15 15:31:54 | 000,131,072 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Serialization.Formatters.Soap.dll
[2003.04.07 19:24:52 | 000,011,776 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v1.1.4322\cs\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2008.04.14 04:17:25 | 000,028,416 | ---- | M] () -- \WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\grserial.sys
[2008.04.14 04:21:08 | 000,064,256 | ---- | M] () -- \WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\serial.sys
[2007.06.27 14:59:02 | 000,131,072 | ---- | M] () -- \WINDOWS\SoftwareDistribution\Download\44c8256673ca0542cb198384f8131b68\system.runtime.serialization.formatters.soap.dll
[2001.10.25 13:00:00 | 000,053,520 | ---- | M] () -- \WINDOWS\system32\dpserial.dll
[2001.10.25 13:00:00 | 000,014,336 | ---- | M] () -- \WINDOWS\system32\serialui.dll
[2001.10.25 13:00:00 | 000,053,520 | ---- | M] () -- \WINDOWS\system32\dllcache\dpserial.dll
[2001.10.25 13:00:00 | 000,014,336 | ---- | M] () -- \WINDOWS\system32\dllcache\serialui.dll
[2004.08.17 15:44:16 | 000,064,640 | ---- | M] () -- \WINDOWS\system32\drivers\serial.sys
< *w7lxe* /s >
========== Files - Unicode (All) ==========
[2010.10.23 12:11:17 | 000,000,000 | ---D | M](C:\Documents and Settings\mata\Data aplikac?) -- C:\Documents and Settings\mata\Data aplikac�
[2010.10.23 12:11:17 | 000,000,000 | ---D | M](C:\Documents and Settings\mata\Data aplikac?) -- C:\Documents and Settings\mata\Data aplikac�
(C:\Documents and Settings\mata\Data aplikac?) -- C:\Documents and Settings\mata\Data aplikac�
< End of report >
Re: preventivka - prosim
OTL Extras logfile created on: 30.6.2012 10:19:51 - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Documents and Settings\mata\Plocha
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
1023,48 Mb Total Physical Memory | 648,32 Mb Available Physical Memory | 63,34% Memory free
2,40 Gb Paging File | 1,94 Gb Available in Paging File | 80,52% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 61,44 Gb Free Space | 82,44% Space Free | Partition Type: NTFS
Computer Name: MATA-27A6025F58 | User Name: mata | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Opera\opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\opera.exe" "%1" (Opera Software)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE prezentace fotografií] -- "C:\Program Files\Fotolab\Fotolab Fotosvet 4\CEWE prezentace fotografií.exe" -d "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Fotolab Fotosvet 4] -- "C:\Program Files\Fotolab\Fotolab Fotosvet 4\Fotolab Fotosvet 4.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:Instalátor AVG
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\QIP 2010\qip.exe" = C:\Program Files\QIP 2010\qip.exe:*:Enabled:QIP 2010 -- (QIP)
"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:Instalátor AVG -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgnsx.exe" = C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Webový štít -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgdiagex.exe" = C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostika 2012 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgemcx.exe" = C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:Obecná kontrola pošty -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe" = C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe:*:Enabled:Opera Internet Browser - Plugin wrapper -- (Opera Software)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{32D4851C-399A-4C02-A961-6A56178004B9}" = Hama Webcam Suite
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{5E65E94D-69F2-4850-9E93-6459C53A0F50}" = Microsoft .NET Framework 1.1 Czech Language Pack
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D12EC75-E7D3-4EAD-AB10-E1F3AFF94AA6}" = AVG 2012
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{803164CE-4F0E-4D29-9FB7-4C30299A9296}" = Hama WEBCAM E120
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{90120000-0010-0405-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Czech) 12
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{9FC8D8F8-AF3A-4488-98AF-51C6DEC732F2}" = c3100_Help
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1029-7B44-A95000000001}" = Adobe Reader 9.5.0 - Czech
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{C6A09671-93A6-4548-9FAE-3BF21EB9C921}" = AVG 2012
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
"{EB8C9964-09AC-48bf-8B98-027609C78251}" = C3100
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVG" = AVG 2012
"CCleaner" = CCleaner
"Color Lines 3D" = Color Lines 3D by IstraSoft
"Family Tree Builder" = MyHeritage Family Tree Builder
"Fotolab Fotosvet 4" = Fotolab Fotosvet 4
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPExtendedCapabilities" = HP Customer Participation Program 7.0
"HPOCR" = OCR Software by I.R.I.S 7.0
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAnForce" = NVIDIA Ovladače nForce pro Windows 2000/XP
"Opera 12.00.1467" = Opera 12.00
"rajče.net_is1" = rajče průvodce verze 1.59.25.240
"The KMPlayer" = The KMPlayer (remove only)
"WinRAR archiver" = WinRAR
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1960408961-1364589140-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Game Organizer" = EasyBits GO
"QIP 2010" = QIP 2010 11.2.1.4738
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 27.2.2012 14:19:45 | Computer Name = MATA-27A6025F58 | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace rajce.exe, verze 1.59.38.253, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.
Error - 7.3.2012 13:12:01 | Computer Name = MATA-27A6025F58 | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace CEWE prezentace fotografií.exe, verze 0.0.0.0,
zablokovaný modul hungapp, verze 0.0.0.0, adresa bloku 0x00000000.
Error - 7.3.2012 13:27:07 | Computer Name = MATA-27A6025F58 | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace Fotolab Fotosvet 4.exe, verze 0.0.0.0, zablokovaný
modul hungapp, verze 0.0.0.0, adresa bloku 0x00000000.
Error - 5.4.2012 5:36:10 | Computer Name = MATA-27A6025F58 | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace 126.exe, verze 10.0.32.18, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.
Error - 6.4.2012 5:42:59 | Computer Name = MATA-27A6025F58 | Source = Application Error | ID = 1000
Description = Chybující aplikace leonardo.exe, verze 0.0.0.0, chybující modul leonardo.exe,
verze 0.0.0.0, adresa chyby 0x001d751b.
Error - 26.6.2012 8:05:36 | Computer Name = MATA-27A6025F58 | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace chrome.exe, verze 19.0.1084.56, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.
Error - 29.6.2012 6:59:45 | Computer Name = MATA-27A6025F58 | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace chrome.exe, verze 19.0.1084.56, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.
[ System Events ]
Error - 13.6.2012 5:49:24 | Computer Name = MATA-27A6025F58 | Source = sr | ID = 1
Description = Filtr nástroje Obnovení systému zjistil neočekávanou chybu 0xC0000001
při zpracování souboru na svazku HarddiskVolume1. Sledování svazku bylo ukončeno.
Error - 19.6.2012 7:27:13 | Computer Name = MATA-27A6025F58 | Source = DCOM | ID = 10010
Description = Server {4EB61BAC-A3B6-4760-9581-655041EF4D69} se v daném časovém limitu
neregistroval u služby DCOM.
Error - 20.6.2012 5:21:54 | Computer Name = MATA-27A6025F58 | Source = sr | ID = 1
Description = Filtr nástroje Obnovení systému zjistil neočekávanou chybu 0xC0000001
při zpracování souboru na svazku HarddiskVolume1. Sledování svazku bylo ukončeno.
Error - 26.6.2012 12:50:23 | Computer Name = MATA-27A6025F58 | Source = DCOM | ID = 10010
Description = Server {4EB61BAC-A3B6-4760-9581-655041EF4D69} se v daném časovém limitu
neregistroval u služby DCOM.
Error - 30.6.2012 3:46:13 | Computer Name = MATA-27A6025F58 | Source = Service Control Manager | ID = 7034
Description = Služba NVIDIA Display Driver Service byla neočekávaně ukončena. Tento
stav nastal již 1krát.
Error - 30.6.2012 3:46:13 | Computer Name = MATA-27A6025F58 | Source = Service Control Manager | ID = 7034
Description = Služba Pml Driver HPZ12 byla neočekávaně ukončena. Tento stav nastal
již 1krát.
Error - 30.6.2012 3:46:13 | Computer Name = MATA-27A6025F58 | Source = Service Control Manager | ID = 7034
Description = Služba vToolbarUpdater11.1.0 byla neočekávaně ukončena. Tento stav
nastal již 1krát.
< End of report >
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Documents and Settings\mata\Plocha
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy
1023,48 Mb Total Physical Memory | 648,32 Mb Available Physical Memory | 63,34% Memory free
2,40 Gb Paging File | 1,94 Gb Available in Paging File | 80,52% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 61,44 Gb Free Space | 82,44% Space Free | Partition Type: NTFS
Computer Name: MATA-27A6025F58 | User Name: mata | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Opera\opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\opera.exe" "%1" (Opera Software)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE prezentace fotografií] -- "C:\Program Files\Fotolab\Fotolab Fotosvet 4\CEWE prezentace fotografií.exe" -d "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Fotolab Fotosvet 4] -- "C:\Program Files\Fotolab\Fotolab Fotosvet 4\Fotolab Fotosvet 4.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:Instalátor AVG
"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\QIP 2010\qip.exe" = C:\Program Files\QIP 2010\qip.exe:*:Enabled:QIP 2010 -- (QIP)
"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:Instalátor AVG -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgnsx.exe" = C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Webový štít -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgdiagex.exe" = C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostika 2012 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgemcx.exe" = C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:Obecná kontrola pošty -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe" = C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe:*:Enabled:Opera Internet Browser - Plugin wrapper -- (Opera Software)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{32D4851C-399A-4C02-A961-6A56178004B9}" = Hama Webcam Suite
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{5E65E94D-69F2-4850-9E93-6459C53A0F50}" = Microsoft .NET Framework 1.1 Czech Language Pack
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D12EC75-E7D3-4EAD-AB10-E1F3AFF94AA6}" = AVG 2012
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{803164CE-4F0E-4D29-9FB7-4C30299A9296}" = Hama WEBCAM E120
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{90120000-0010-0405-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Czech) 12
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{9FC8D8F8-AF3A-4488-98AF-51C6DEC732F2}" = c3100_Help
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1029-7B44-A95000000001}" = Adobe Reader 9.5.0 - Czech
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{C6A09671-93A6-4548-9FAE-3BF21EB9C921}" = AVG 2012
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
"{EB8C9964-09AC-48bf-8B98-027609C78251}" = C3100
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVG" = AVG 2012
"CCleaner" = CCleaner
"Color Lines 3D" = Color Lines 3D by IstraSoft
"Family Tree Builder" = MyHeritage Family Tree Builder
"Fotolab Fotosvet 4" = Fotolab Fotosvet 4
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPExtendedCapabilities" = HP Customer Participation Program 7.0
"HPOCR" = OCR Software by I.R.I.S 7.0
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAnForce" = NVIDIA Ovladače nForce pro Windows 2000/XP
"Opera 12.00.1467" = Opera 12.00
"rajče.net_is1" = rajče průvodce verze 1.59.25.240
"The KMPlayer" = The KMPlayer (remove only)
"WinRAR archiver" = WinRAR
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1960408961-1364589140-1177238915-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Game Organizer" = EasyBits GO
"QIP 2010" = QIP 2010 11.2.1.4738
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 27.2.2012 14:19:45 | Computer Name = MATA-27A6025F58 | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace rajce.exe, verze 1.59.38.253, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.
Error - 7.3.2012 13:12:01 | Computer Name = MATA-27A6025F58 | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace CEWE prezentace fotografií.exe, verze 0.0.0.0,
zablokovaný modul hungapp, verze 0.0.0.0, adresa bloku 0x00000000.
Error - 7.3.2012 13:27:07 | Computer Name = MATA-27A6025F58 | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace Fotolab Fotosvet 4.exe, verze 0.0.0.0, zablokovaný
modul hungapp, verze 0.0.0.0, adresa bloku 0x00000000.
Error - 5.4.2012 5:36:10 | Computer Name = MATA-27A6025F58 | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace 126.exe, verze 10.0.32.18, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.
Error - 6.4.2012 5:42:59 | Computer Name = MATA-27A6025F58 | Source = Application Error | ID = 1000
Description = Chybující aplikace leonardo.exe, verze 0.0.0.0, chybující modul leonardo.exe,
verze 0.0.0.0, adresa chyby 0x001d751b.
Error - 26.6.2012 8:05:36 | Computer Name = MATA-27A6025F58 | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace chrome.exe, verze 19.0.1084.56, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.
Error - 29.6.2012 6:59:45 | Computer Name = MATA-27A6025F58 | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace chrome.exe, verze 19.0.1084.56, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.
[ System Events ]
Error - 13.6.2012 5:49:24 | Computer Name = MATA-27A6025F58 | Source = sr | ID = 1
Description = Filtr nástroje Obnovení systému zjistil neočekávanou chybu 0xC0000001
při zpracování souboru na svazku HarddiskVolume1. Sledování svazku bylo ukončeno.
Error - 19.6.2012 7:27:13 | Computer Name = MATA-27A6025F58 | Source = DCOM | ID = 10010
Description = Server {4EB61BAC-A3B6-4760-9581-655041EF4D69} se v daném časovém limitu
neregistroval u služby DCOM.
Error - 20.6.2012 5:21:54 | Computer Name = MATA-27A6025F58 | Source = sr | ID = 1
Description = Filtr nástroje Obnovení systému zjistil neočekávanou chybu 0xC0000001
při zpracování souboru na svazku HarddiskVolume1. Sledování svazku bylo ukončeno.
Error - 26.6.2012 12:50:23 | Computer Name = MATA-27A6025F58 | Source = DCOM | ID = 10010
Description = Server {4EB61BAC-A3B6-4760-9581-655041EF4D69} se v daném časovém limitu
neregistroval u služby DCOM.
Error - 30.6.2012 3:46:13 | Computer Name = MATA-27A6025F58 | Source = Service Control Manager | ID = 7034
Description = Služba NVIDIA Display Driver Service byla neočekávaně ukončena. Tento
stav nastal již 1krát.
Error - 30.6.2012 3:46:13 | Computer Name = MATA-27A6025F58 | Source = Service Control Manager | ID = 7034
Description = Služba Pml Driver HPZ12 byla neočekávaně ukončena. Tento stav nastal
již 1krát.
Error - 30.6.2012 3:46:13 | Computer Name = MATA-27A6025F58 | Source = Service Control Manager | ID = 7034
Description = Služba vToolbarUpdater11.1.0 byla neočekávaně ukončena. Tento stav
nastal již 1krát.
< End of report >
Re: preventivka - prosim
Fajn, jeste pockam na ten MBAM
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: preventivka - prosim
Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware) 1.61.0.1400
www.malwarebytes.org
Verze databáze: v2012.06.30.03
Windows XP Service Pack 2 x86 NTFS
Internet Explorer 6.0.2900.2180
mata :: MATA-27A6025F58 [administrátor]
Ochrana: Povolena
30.6.2012 11:01:24
mbam-log-2012-06-30 (11-01-24).txt
Typ: Úplná kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 223483
Uplynulý čas: 58 minut, 43 sekund
Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)
(konec)
www.malwarebytes.org
Verze databáze: v2012.06.30.03
Windows XP Service Pack 2 x86 NTFS
Internet Explorer 6.0.2900.2180
mata :: MATA-27A6025F58 [administrátor]
Ochrana: Povolena
30.6.2012 11:01:24
mbam-log-2012-06-30 (11-01-24).txt
Typ: Úplná kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 223483
Uplynulý čas: 58 minut, 43 sekund
Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)
Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)
(konec)
Re: preventivka - prosim
Odinstalujte zase MBAM, at se tam neplete. Znovu spustte OTLDo spodniho okna vlozte nasledujici text (vcetne te dvojtecky pred slovem commands)
Kód: Vybrat vše
:commands
[EMPTYTEMP]
[EMPTYFLASH]
[Purity]
:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp
:otl
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
[3 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]
[1 C:\WINDOWS\twain_32\*.tmp files -> C:\WINDOWS\twain_32\*.tmp -> ]
Po restartu se objevi novy log, ten sem dejte.
Nainstalujte Service Pack 3 Aktualizujte Internet Explorer, i kdyz jej treba nepouzivate. Stahnete OTC http://oldtimer.geekstogo.com/OTC.exe , ulozte a spustte.Kliknete na napis CleanUp a pote OK - Po uklidu dojde k restartu pc.
Stahnete TFC http://oldtimer.geekstogo.com/TFC.exe , ulozte a spustteKliknete na START a pote OK - Po uklidu dojde k restartu pc.
Po pouziti muzete programek smazat
Stahnete Ccleaner http://www.stahuj.centrum.cz/utility_a_ ... /ccleaner/ a spustte.Pri instalaci pozor na toolbar, jestli vam nabidne jeho instalaci, tak zruste zatrzitko.
Po spusteni se ocitnete ve funkci Cistic. Vlevo je spousta zatrzitek. Pozor dejte hlavne na kos, pokud nechate zatrzene, vzdy ho vysype.
Dale, podle toho jak je nastaven, smaze vsechna hesla ulozena na netu!!! Takze jestli mate nastavene, at si pocitac hesla pamatuje (coz neni pro bezpecnost dobre), budete je muset pak napsat znova rucne (napr mail, facebook, ruzna fora atd.)
Kliknete na Analyzovat a az dokonci analyzu, kliknete na Spustit Cleaner.
Potom kliknete vlevo na funkci Registry
Kliknete na Hledej problemy, kdyz najde, kliknete na Opravit problemy. Nabidne Vam zalohu, tu udelejte a ulozte ji tak, at ji v pripade potreby najdete
Funkce Nastroje umoznuje odinstalovani programu. Je dukladnejsi nez samotny windows!
Defragmentujte diskStahnete napriklad program Defraggler http://www.stahuj.centrum.cz/utility_a_ ... efraggler/
Pri instalaci opet pozor na toolbar
Po nainstalovani program spustte a kliknete na Analyzovat, po analyze kliknete na Defragmentovat a programek odvede svou praci
Az vse provedete, napiste, jak to vypada.
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: preventivka - prosim
Vse provedeno az na aktualizaci IE,to nevim jak udelat -asi jsem lama.
Pocitac je zda se sviznejsi a chroupe min ale proste ta hra pres Operu jede porad opozdene.
Asi problem v te Opere a odezvou na hru,neb ta Opera je moc narocna na ten PC
Uz jsem rikal mamce at to hraje pres Chrome,tam to jede svizneji.
Zatim dikec za rady a pomoc s cistenim.
Pocitac je zda se sviznejsi a chroupe min ale proste ta hra pres Operu jede porad opozdene.
Asi problem v te Opere a odezvou na hru,neb ta Opera je moc narocna na ten PC
Uz jsem rikal mamce at to hraje pres Chrome,tam to jede svizneji.
Zatim dikec za rady a pomoc s cistenim.
Re: preventivka - prosim
Teoreticky by tu aktualizaci IE mel nabidnout sam system, ale da se stahnout i rucne, napriklad http://www.stahuj.centrum.cz/internet_a ... xplorer-8/
Jak pisete, problem bude nejspis v Opere, pc je jinak cisty. Muzete ji zkusit preinstalovat, muze to delat i nejaky doplnek. S Operou nemam zkusenosti. Ale kdyz to v jinem prohlizeci jede normalne, neni co resit
Nemate zac
Jak pisete, problem bude nejspis v Opere, pc je jinak cisty. Muzete ji zkusit preinstalovat, muze to delat i nejaky doplnek. S Operou nemam zkusenosti. Ale kdyz to v jinem prohlizeci jede normalne, neni co resit
Nemate zac
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Přispějete na provoz fóra?