Jak na Desktop Security 2010? Prosíím...

Zpráva

panas · #1 Příspěvek od **panas** » 26 dub 2010 18:39

Pomozte, prosím

.... log je:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2010-04-26 19:32:50
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 82 GB (34%) free of 238 GB
Total RAM: 895 MB (39% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:33:06, on 26.4.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Lexmark P910 Series\ezprint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark P910 Series\lxbymon.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\m.2FA.tmp.exe
C:\Documents and Settings\Administrator\Data aplikací\Desktop Security 2010\securitycenter.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\lxbycoms.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Data aplikací\Desktop Security 2010\Desktop Security 2010.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Documents and Settings\Administrator\Plocha\RSIT.exe
C:\Program Files\trend micro\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atlas.cz/?from=icqhp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb126\SearchSettings.dll
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb126\SearchSettings.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark P910 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [lxbymon.exe] "C:\Program Files\Lexmark P910 Series\lxbymon.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SANDRASandra] c:\program files\sisoftware\sisoftware sandra lite xii.sp2c\wnt500ia64\sisoftwaresandra10.11.1.1.exe
O4 - HKLM\..\Run: [LXBYCATS] rundll32 C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\LXBYtime.dll,_RunDLLEntry@16
O4 - HKLM\..\RunServices: [SandraSiSoftware] c:\program files\sisoftware\sisoftware sandra lite xii.sp2c\wnt500ia64\sisoftwaresandra10.11.1.1.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [duhcvpurudo5] C:\Documents and Settings\Administrator\Local Settings\Temp\m.2FA.tmp.exe
O4 - HKCU\..\Run: [SecurityCenter] C:\Documents and Settings\Administrator\Data aplikací\Desktop Security 2010\securitycenter.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lxby_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbycoms.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe

--
End of file - 10882 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class - C:\PROGRA~1\ICQTOO~1\toolbaru.dll [2006-12-25 701952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-02-21 279664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [2010-02-21 812528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
SearchSettings Class - C:\Program Files\Search Settings\kb126\SearchSettings.dll [2008-02-06 1160544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQ Toolbar - C:\PROGRA~1\ICQTOO~1\toolbaru.dll [2006-12-25 701952]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2005-08-04 343112]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-02-21 279664]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-10-30 16269312]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe [2006-09-25 90112]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
""= []
"EzPrint"=C:\Program Files\Lexmark P910 Series\ezprint.exe [2004-09-17 61440]
"FaxCenterServer"=C:\Program Files\Lexmark Fax Solutions\fm3032.exe [2004-11-22 299008]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]
"Lexmark X1100 Series"=C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe [2003-08-19 57344]
"lxbymon.exe"=C:\Program Files\Lexmark P910 Series\lxbymon.exe [2005-01-18 196608]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2010-04-14 2790472]
"SANDRASandra"=c:\program files\sisoftware\sisoftware sandra lite xii.sp2c\wnt500ia64\sisoftwaresandra10.11.1.1.exe []
"LXBYCATS"=rundll32 C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\LXBYtime.dll,_RunDLLEntry@16 []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"AWMON"=C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe []
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-04-01 486856]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe []
"ICQ"=C:\Program Files\ICQ6.5\ICQ.exe [2009-11-16 172792]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-05-03 39408]
"duhcvpurudo5"=C:\Documents and Settings\Administrator\Local Settings\Temp\m.2FA.tmp.exe [2010-04-23 2932224]
"SecurityCenter"=C:\Documents and Settings\Administrator\Data aplikací\Desktop Security 2010\securitycenter.exe [2010-04-22 146432]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
C:\Program Files\Picasa2\PicasaMediaDetector.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]
C:\Program Files\Search Settings\SearchSettings.exe []

C:\Documents and Settings\Administrator\Nabídka Start\Programy\Po spuštění
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-02-02 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"undockwithoutlogon"=1
"ShutdownWithoutLogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoResolveTrack"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"E:\Aplikace\PidginPortable\App\Pidgin\pidgin-portable.exe"="E:\Aplikace\PidginPortable\App\Pidgin\pidgin-portable.exe:*:Enabled:Pidgin"
"C:\Program Files\IncrediMail\bin\ImApp.exe"="C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\WINDOWS\system32\lxbycoms.exe"="C:\WINDOWS\system32\lxbycoms.exe:*:Disabled:P910 Series Server"
"C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe"="C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe:*:Enabled:SiSoftware Deployment Agent Service"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Black Sea Studios\Knights Of Honor\KoH.exe"="C:\Program Files\Black Sea Studios\Knights Of Honor\KoH.exe:*:Disabled:KoH"
"C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\WNt500x86\RpcSandraSrv.exe"="C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.ICD"="C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.ICD:*:Enabled:Age of Empires II"
"C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\age2_x1.icd"="C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\age2_x1.icd:*:Enabled:Age of Empires II Expansion"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-04-26 19:32:51 ----D---- C:\Program Files\trend micro
2010-04-26 19:32:50 ----D---- C:\rsit
2010-04-26 19:07:02 ----D---- C:\WINDOWS\LastGood
2010-04-25 16:50:15 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2010-04-24 11:53:45 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-04-24 11:53:36 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-04-24 11:53:24 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$
2010-04-24 11:52:56 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2010-04-24 11:52:47 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-04-24 11:47:34 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-04-24 11:47:25 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-04-24 11:47:16 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-04-24 11:43:19 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2010-04-24 11:43:06 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-04-24 11:42:57 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$
2010-04-24 11:42:47 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-04-24 11:28:54 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2010-04-24 11:28:43 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2010-04-24 11:28:33 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2010-04-24 07:11:59 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2010-04-24 07:11:42 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2010-04-24 07:11:21 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2010-04-24 07:11:12 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-04-24 07:10:34 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2010-04-24 07:10:25 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-04-24 07:09:33 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$
2010-04-23 18:45:28 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2010-04-23 18:17:29 ----N---- C:\WINDOWS\system32\browserchoice.exe
2010-04-23 18:01:44 ----A---- C:\WINDOWS\system32\muweb.dll
2010-04-23 18:01:44 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2010-04-23 18:01:44 ----A---- C:\WINDOWS\system32\mucltui.dll
2010-04-23 17:57:16 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Desktop Security 2010
2010-04-20 05:17:38 ----D---- C:\Program Files\Microsoft Silverlight
2010-04-15 16:53:55 ----D---- C:\Program Files\Feng Šuej Mahjong

======List of files/folders modified in the last 1 months======

2010-04-26 19:32:58 ----D---- C:\WINDOWS\Prefetch
2010-04-26 19:32:51 ----RD---- C:\Program Files
2010-04-26 19:15:21 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Skype
2010-04-26 19:07:56 ----D---- C:\Documents and Settings\Administrator\Data aplikací\skypePM
2010-04-26 19:07:16 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-04-26 19:07:14 ----D---- C:\WINDOWS\Temp
2010-04-26 19:07:08 ----D---- C:\WINDOWS\system32
2010-04-26 19:07:05 ----D---- C:\WINDOWS\system32\drivers
2010-04-26 19:07:02 ----D---- C:\WINDOWS
2010-04-26 19:05:31 ----HD---- C:\WINDOWS\inf
2010-04-26 19:05:30 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-26 18:56:44 ----D---- C:\Program Files\Mozilla Firefox
2010-04-26 16:50:39 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-04-25 16:51:05 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-25 16:50:57 ----SHD---- C:\WINDOWS\Installer
2010-04-25 16:50:56 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2010-04-25 16:48:27 ----RSD---- C:\WINDOWS\assembly
2010-04-24 20:14:02 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2010-04-24 20:13:56 ----HDC---- C:\WINDOWS\$NtUninstallKB923689$
2010-04-24 20:13:54 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2010-04-24 20:13:52 ----D---- C:\WINDOWS\system32\cs
2010-04-24 20:13:51 ----HDC---- C:\WINDOWS\$NtUninstallKB951748_0$
2010-04-24 20:13:51 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2010-04-24 20:13:51 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2010-04-24 20:13:50 ----HDC---- C:\WINDOWS\$NtUninstallKB925398_WMP64$
2010-04-24 20:13:43 ----HDC---- C:\WINDOWS\$NtUninstallKB911564$
2010-04-24 20:13:41 ----HDC---- C:\WINDOWS\$NtUninstallKB901214$
2010-04-24 20:13:35 ----HDC---- C:\WINDOWS\$NtUninstallKB935840$
2010-04-24 20:13:34 ----HDC---- C:\WINDOWS\$NtUninstallKB936357$
2010-04-24 20:13:34 ----HDC---- C:\WINDOWS\$NtUninstallKB926255$
2010-04-24 20:13:31 ----HDC---- C:\WINDOWS\$NtUninstallKB941693$
2010-04-24 20:13:31 ----HDC---- C:\WINDOWS\$NtUninstallKB927891$
2010-04-24 20:13:27 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2010-04-24 20:13:26 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2010-04-24 20:13:26 ----HDC---- C:\WINDOWS\$NtUninstallKB930916$
2010-04-24 20:13:25 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2010-04-24 20:13:23 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2010-04-24 20:13:17 ----HDC---- C:\WINDOWS\$NtUninstallKB927779$
2010-04-24 20:13:11 ----HDC---- C:\WINDOWS\$NtUninstallKB904706$
2010-04-24 20:13:10 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2010-04-24 20:13:09 ----HDC---- C:\WINDOWS\$NtUninstallKB942615$
2010-04-24 20:13:08 ----HDC---- C:\WINDOWS\$NtUninstallKB887472$
2010-04-24 20:13:07 ----D---- C:\WINDOWS\system32\oobe
2010-04-24 20:13:06 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2010-04-24 20:13:01 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2010-04-24 20:13:00 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2010-04-24 20:12:43 ----HDC---- C:\WINDOWS\$NtUninstallKB946026$
2010-04-24 20:12:40 ----HDC---- C:\WINDOWS\$NtUninstallKB941644$
2010-04-24 20:12:33 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2010-04-24 20:12:30 ----HDC---- C:\WINDOWS\$NtUninstallKB943460$
2010-04-24 20:12:19 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2010-04-24 20:12:17 ----D---- C:\WINDOWS\system32\en-us
2010-04-24 20:12:15 ----HDC---- C:\WINDOWS\$NtUninstallKB929123$
2010-04-24 20:12:13 ----HDC---- C:\WINDOWS\$NtUninstallKB924270$
2010-04-24 20:12:08 ----HDC---- C:\WINDOWS\$MSI30UninstallMSI30-KB884016$
2010-04-24 20:12:07 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2010-04-24 20:12:06 ----HDC---- C:\WINDOWS\$NtUninstallKB941202$
2010-04-24 20:12:06 ----D---- C:\WINDOWS\system32\inetsrv
2010-04-24 20:12:05 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
2010-04-24 20:11:55 ----D---- C:\WINDOWS\srchasst
2010-04-24 20:11:51 ----D---- C:\WINDOWS\system32\1029
2010-04-24 20:11:50 ----HDC---- C:\WINDOWS\$NtUninstallKB954211_0$
2010-04-24 20:11:50 ----HDC---- C:\WINDOWS\$NtUninstallKB950749$
2010-04-24 20:11:46 ----HDC---- C:\WINDOWS\$NtUninstallKB945553$
2010-04-24 20:11:39 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2010-04-24 20:11:37 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2010-04-24 20:11:36 ----HDC---- C:\WINDOWS\$NtUninstallKB901017$
2010-04-24 20:11:34 ----HDC---- C:\WINDOWS\$NtUninstallKB910437$
2010-04-24 20:11:30 ----HDC---- C:\WINDOWS\$NtUninstallKB911562$
2010-04-24 20:11:29 ----D---- C:\WINDOWS\system32\usmt
2010-04-24 20:11:27 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2010-04-24 20:11:26 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$
2010-04-24 20:11:24 ----HDC---- C:\WINDOWS\$NtUninstallKB900485$
2010-04-24 20:11:21 ----HDC---- C:\WINDOWS\$NtUninstallKB938828$
2010-04-24 20:11:19 ----D---- C:\WINDOWS\network diagnostic
2010-04-24 20:11:17 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$
2010-04-24 20:11:16 ----HDC---- C:\WINDOWS\$NtUninstallKB913580$
2010-04-24 20:11:15 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2010-04-24 20:11:14 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2010-04-24 20:11:10 ----HDC---- C:\WINDOWS\$NtUninstallKB923191$
2010-04-24 20:11:10 ----HDC---- C:\WINDOWS\$NtUninstallKB920213$
2010-04-24 20:11:10 ----D---- C:\WINDOWS\peernet
2010-04-24 20:11:09 ----D---- C:\WINDOWS\EHome
2010-04-24 20:11:03 ----D---- C:\WINDOWS\AppPatch
2010-04-24 20:11:02 ----HDC---- C:\WINDOWS\$NtUninstallKB957095_0$
2010-04-24 20:11:02 ----HDC---- C:\WINDOWS\$NtUninstallKB885836$
2010-04-24 20:10:52 ----HDC---- C:\WINDOWS\$NtUninstallKB942763$
2010-04-24 20:10:52 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2010-04-24 20:10:51 ----RSD---- C:\WINDOWS\Fonts
2010-04-24 20:08:48 ----D---- C:\Program Files\ICQ6.5
2010-04-24 20:08:32 ----D---- C:\Program Files\Montezumova pomsta
2010-04-24 20:08:29 ----D---- C:\Program Files\Internet Explorer
2010-04-24 20:08:28 ----D---- C:\Program Files\Lexmark P910 Series
2010-04-24 20:08:05 ----D---- C:\Program Files\Outlook Express
2010-04-24 20:07:44 ----D---- C:\Program Files\Bonjour
2010-04-24 20:07:22 ----D---- C:\Program Files\FaxTools
2010-04-24 20:07:08 ----D---- C:\Program Files\Lexmark X1100 Series
2010-04-24 20:06:56 ----D---- C:\Program Files\Apple Software Update
2010-04-24 20:06:54 ----D---- C:\Program Files\Codec Pack - All In 1
2010-04-24 20:06:33 ----D---- C:\Program Files\Hledači pokladů
2010-04-24 20:06:00 ----D---- C:\Program Files\Diablo
2010-04-24 20:05:54 ----D---- C:\Program Files\Online Services
2010-04-24 20:05:38 ----D---- C:\Program Files\Search Settings
2010-04-24 20:05:07 ----D---- C:\Program Files\Lexmark Fax Solutions
2010-04-24 20:05:02 ----D---- C:\Program Files\Windows NT
2010-04-24 20:04:59 ----D---- C:\Program Files\ABBYY FineReader 5.0 Sprint
2010-04-24 20:04:44 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-04-24 20:04:02 ----D---- C:\Program Files\Common Files\Teleca Shared
2010-04-24 20:03:48 ----D---- C:\Program Files\Common Files\System
2010-04-24 20:03:43 ----D---- C:\Program Files\InfraRecorder
2010-04-24 20:03:41 ----D---- C:\Program Files\Amulet věků - Útěk z Pompejí
2010-04-24 20:03:24 ----D---- C:\Program Files\bfgclient
2010-04-24 20:03:17 ----D---- C:\Program Files\Řečtí hrdinové
2010-04-24 20:02:42 ----D---- C:\Program Files\Common Files\DESIGNER
2010-04-24 20:02:41 ----D---- C:\Program Files\Záhadné město - Zlatá Praha
2010-04-24 20:02:22 ----D---- C:\Program Files\DAEMON Tools Lite
2010-04-24 20:02:10 ----D---- C:\Program Files\IrfanView
2010-04-24 20:01:18 ----D---- C:\Program Files\Microsoft Works
2010-04-24 20:01:12 ----D---- C:\Program Files\iTunes
2010-04-24 20:00:52 ----D---- C:\Program Files\Movie Maker
2010-04-24 20:00:21 ----D---- C:\Program Files\Common Files\Skype
2010-04-24 20:00:18 ----D---- C:\Program Files\Windows Media Connect 2
2010-04-24 19:59:20 ----D---- C:\Program Files\Cesta kolem světa za 80 dní
2010-04-24 19:59:16 ----D---- C:\Program Files\Spawn
2010-04-24 19:59:12 ----D---- C:\Program Files\NetMeeting
2010-04-24 19:58:42 ----D---- C:\Program Files\Windows Media Player
2010-04-24 19:58:38 ----D---- C:\Program Files\Messenger
2010-04-24 19:58:35 ----D---- C:\Program Files\Natalie Brooks - Záhada domu pokladů
2010-04-24 19:58:11 ----D---- C:\Program Files\QuickTime
2010-04-24 19:58:10 ----D---- C:\Program Files\ICQToolbar
2010-04-24 19:57:07 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2010-04-24 19:57:01 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2010-04-24 19:56:43 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2010-04-24 19:56:26 ----HDC---- C:\WINDOWS\$NtUninstallKB923414$
2010-04-24 19:56:07 ----HDC---- C:\WINDOWS\$NtUninstallKB920670$
2010-04-24 19:55:11 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2010-04-24 19:55:04 ----HDC---- C:\WINDOWS\$NtUninstallKB935448$
2010-04-24 19:55:02 ----HDC---- C:\WINDOWS\$NtUninstallKB873339$
2010-04-24 19:54:31 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2010-04-24 19:54:19 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2010-04-24 19:54:09 ----HDC---- C:\WINDOWS\$NtUninstallKB931784$
2010-04-24 19:54:06 ----D---- C:\WINDOWS\system32\Com
2010-04-24 19:54:04 ----HDC---- C:\WINDOWS\$NtUninstallKB904942$
2010-04-24 19:53:32 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2010-04-24 19:53:30 ----HDC---- C:\WINDOWS\$NtUninstallKB908519$
2010-04-24 19:53:29 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2010-04-24 19:53:22 ----HDC---- C:\WINDOWS\$NtUninstallKB943460_0$
2010-04-24 19:53:09 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2010-04-24 19:53:01 ----HDC---- C:\WINDOWS\$NtUninstallKB928255$
2010-04-24 19:53:00 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2010-04-24 19:52:45 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2010-04-24 19:52:25 ----HDC---- C:\WINDOWS\$NtUninstallKB917953$
2010-04-24 19:52:12 ----HDC---- C:\WINDOWS\$NtUninstallKB920872$
2010-04-24 19:52:10 ----HDC---- C:\WINDOWS\$NtUninstallKB927802$
2010-04-24 19:52:06 ----HDC---- C:\WINDOWS\$NtUninstallKB900725$
2010-04-24 19:52:03 ----HDC---- C:\WINDOWS\$NtUninstallKB931261$
2010-04-24 19:51:56 ----D---- C:\544bb45b092662f69445d58064
2010-04-24 19:51:35 ----HDC---- C:\WINDOWS\$NtUninstallKB896423$
2010-04-24 19:50:53 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2010-04-24 19:50:34 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP9$
2010-04-24 19:50:22 ----HDC---- C:\WINDOWS\$NtUninstallKB956841_0$
2010-04-24 19:50:21 ----D---- C:\WINDOWS\system32\bits
2010-04-24 19:50:11 ----D---- C:\WINDOWS\msagent
2010-04-24 19:49:59 ----HDC---- C:\WINDOWS\$NtUninstallKB932168$
2010-04-24 19:49:03 ----HDC---- C:\WINDOWS\$NtUninstallKB920683$
2010-04-24 19:48:34 ----D---- C:\WINDOWS\system32\XPSViewer
2010-04-24 19:48:31 ----HDC---- C:\WINDOWS\$NtUninstallKB911927$
2010-04-24 19:48:30 ----HDC---- C:\WINDOWS\$NtUninstallKB899591$
2010-04-24 19:48:28 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2010-04-24 19:48:24 ----HDC---- C:\WINDOWS\$NtUninstallKB922582$
2010-04-24 19:48:22 ----HDC---- C:\WINDOWS\$NtUninstallKB937894$
2010-04-24 19:48:06 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2010-04-24 19:48:03 ----HDC---- C:\WINDOWS\$NtUninstallKB951698_0$
2010-04-24 19:47:56 ----HDC---- C:\WINDOWS\$NtUninstallKB914389$
2010-04-24 19:47:45 ----D---- C:\WINDOWS\system32\URTTEMP
2010-04-24 19:47:40 ----D---- C:\WINDOWS\twain_32
2010-04-24 19:47:29 ----HDC---- C:\WINDOWS\$NtUninstallKB914388$
2010-04-24 19:47:17 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2010-04-24 19:47:05 ----HDC---- C:\WINDOWS\$NtUninstallKB923980$
2010-04-24 19:46:57 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2_0$
2010-04-24 19:45:19 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2010-04-24 19:45:16 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2010-04-24 19:45:14 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2010-04-24 19:45:10 ----HDC---- C:\WINDOWS\$NtUninstallKB917344$
2010-04-24 19:44:51 ----D---- C:\WINDOWS\Help
2010-04-24 19:44:48 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2010-04-24 19:44:14 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$
2010-04-24 19:42:48 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2010-04-24 19:42:38 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2010-04-24 19:42:28 ----HDC---- C:\WINDOWS\$NtUninstallKB941568$
2010-04-24 19:42:24 ----HDC---- C:\WINDOWS\$NtUninstallKB937143$
2010-04-24 19:42:06 ----HDC---- C:\WINDOWS\$NtUninstallKB916595$
2010-04-24 19:41:59 ----HDC---- C:\WINDOWS\$NtUninstallKB888302$
2010-04-24 19:41:33 ----HDC---- C:\WINDOWS\ie8
2010-04-24 19:41:17 ----HDC---- C:\WINDOWS\$NtUninstallKB899587$
2010-04-24 19:40:03 ----HDC---- C:\WINDOWS\$NtUninstallKB938829$
2010-04-24 19:40:03 ----HDC---- C:\WINDOWS\$NtUninstallKB908531$
2010-04-24 19:40:01 ----HDC---- C:\WINDOWS\$NtUninstallKB926436$
2010-04-24 19:39:57 ----D---- C:\WINDOWS\system32\1033
2010-04-24 19:39:56 ----HDC---- C:\WINDOWS\$NtUninstallKB930178$
2010-04-24 19:39:20 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2010-04-24 19:39:03 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2010-04-24 19:38:50 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2010-04-24 19:38:49 ----HDC---- C:\WINDOWS\$NtUninstallKB902400$
2010-04-24 19:38:48 ----HDC---- C:\WINDOWS\$NtUninstallKB933729$
2010-04-24 19:38:46 ----HDC---- C:\WINDOWS\$NtUninstallKB891781$
2010-04-24 19:38:39 ----D---- C:\WINDOWS\system32\Restore
2010-04-24 19:38:38 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2010-04-24 19:38:14 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2010-04-24 19:37:30 ----HDC---- C:\WINDOWS\$NtUninstallKB932823-v3$
2010-04-24 19:37:25 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2010-04-24 19:37:15 ----HDC---- C:\WINDOWS\$NtUninstallKB894391$
2010-04-24 19:37:08 ----HDC---- C:\WINDOWS\$NtUninstallKB938127$
2010-04-24 19:37:03 ----HDC---- C:\WINDOWS\$NtUninstallKB951376_0$
2010-04-24 19:36:53 ----HDC---- C:\WINDOWS\$NtUninstallKB896358$
2010-04-24 19:36:46 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2010-04-24 19:36:29 ----HDC---- C:\WINDOWS\$NtUninstallKB905749$
2010-04-24 19:36:28 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2010-04-24 19:35:59 ----HDC---- C:\WINDOWS\$NtUninstallKB948590$
2010-04-24 19:35:48 ----HDC---- C:\WINDOWS\$NtUninstallKB919007$
2010-04-24 19:35:39 ----HDC---- C:\WINDOWS\$NtUninstallKB918118$
2010-04-24 19:35:32 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2010-04-24 19:35:24 ----HDC---- C:\WINDOWS\$NtUninstallKB943485$
2010-04-24 19:35:00 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2010-04-24 19:34:55 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2010-04-24 19:34:53 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2010-04-24 19:34:25 ----HDC---- C:\WINDOWS\$NtUninstallKB886185$
2010-04-24 19:33:51 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2010-04-24 19:33:43 ----HDC---- C:\WINDOWS\$NtUninstallKB924667$
2010-04-24 19:33:39 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2010-04-24 19:33:28 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2010-04-24 19:33:17 ----HDC---- C:\WINDOWS\$NtUninstallKB939653$
2010-04-24 19:33:09 ----D---- C:\WINDOWS\system32\RTCOM
2010-04-24 19:32:58 ----D---- C:\WINDOWS\system
2010-04-24 19:32:51 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2010-04-24 19:32:41 ----HDC---- C:\WINDOWS\$NtUninstallKB911280$
2010-04-24 19:32:33 ----HDC---- C:\WINDOWS\$NtUninstallKB925902$
2010-04-24 19:32:00 ----D---- C:\WINDOWS\PAC207
2010-04-24 19:31:59 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2010-04-24 19:31:57 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2010-04-24 19:31:29 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2010-04-24 19:31:15 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2010-04-24 19:31:14 ----HDC---- C:\WINDOWS\$NtUninstallKB922819$
2010-04-24 19:31:10 ----D---- C:\WINDOWS\system32\npp
2010-04-24 19:31:02 ----HDC---- C:\WINDOWS\$NtUninstallKB942840$
2010-04-24 19:30:50 ----HDC---- C:\WINDOWS\ie7
2010-04-24 19:30:35 ----D---- C:\WINDOWS\system32\cs-cz
2010-04-24 19:30:11 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2010-04-24 19:30:05 ----HDC---- C:\WINDOWS\$NtUninstallKB928843$
2010-04-24 19:29:55 ----D---- C:\WINDOWS\ime
2010-04-24 19:29:44 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2010-04-24 19:29:30 ----HDC---- C:\WINDOWS\$NtUninstallKB905414$
2010-04-24 19:29:23 ----HDC---- C:\WINDOWS\$NtUninstallKB918439$
2010-04-24 19:29:21 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2010-04-24 19:29:17 ----HDC---- C:\WINDOWS\$NtUninstallKB893756$
2010-04-24 19:29:07 ----HDC---- C:\WINDOWS\$NtUninstallKB890859$
2010-04-24 19:28:52 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2010-04-24 19:28:39 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2010-04-24 19:28:19 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2010-04-24 19:28:18 ----D---- C:\WINDOWS\system32\wbem
2010-04-24 19:27:52 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2010-04-24 19:27:52 ----HDC---- C:\WINDOWS\$NtUninstallKB896428$
2010-04-24 19:27:51 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2010-04-24 19:27:46 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2010-04-24 19:27:45 ----HDC---- C:\WINDOWS\$NtUninstallKB935839$
2010-04-24 19:27:15 ----D---- C:\WINDOWS\system32\Setup
2010-04-24 19:27:14 ----HDC---- C:\WINDOWS\$NtUninstallKB950762_0$
2010-04-24 19:27:13 ----HDC---- C:\WINDOWS\$NtUninstallKB936021$
2010-04-24 19:27:12 ----HDC---- C:\WINDOWS\$NtUninstallKB920685$
2010-04-24 18:25:02 ----SD---- C:\WINDOWS\Tasks
2010-04-24 11:53:43 ----HD---- C:\WINDOWS\$hf_mig$
2010-04-24 11:53:14 ----D---- C:\WINDOWS\ie8updates
2010-04-24 07:18:03 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-04-24 07:13:35 ----A---- C:\WINDOWS\win.ini
2010-04-24 07:13:32 ----D---- C:\WINDOWS\system32\CatRoot
2010-04-24 07:09:45 ----D---- C:\WINDOWS\WinSxS
2010-04-14 18:47:03 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-04-06 10:52:56 ----A---- C:\WINDOWS\system32\MRT.exe
2010-04-05 10:49:56 ----D---- C:\Documents and Settings\Administrator\Data aplikací\ICQ
2010-04-04 11:18:09 ----D---- C:\Program Files\Lx_cats

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-04-14 28880]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-04-14 162768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-04-14 46672]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2004-05-05 4228]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-04-14 19024]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-04-14 100432]
R2 irda;Protokol IrDA; C:\WINDOWS\System32\DRIVERS\irda.sys [2008-04-13 88192]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-04-14 23376]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-02-02 1975296]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-11-03 4394496]
R3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\System32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\System32\DRIVERS\Rtenicxp.sys [2006-08-14 83200]
R3 SoC PC-Camera Service;CANYON CN-WCAM21 PC-Camera; C:\WINDOWS\system32\DRIVERS\pfc027.sys [2004-09-01 138396]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 a62tp1hm;a62tp1hm; C:\WINDOWS\system32\drivers\a62tp1hm.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 SANDRA;SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\WNt500x86\Sandra.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Ad-Aware 2007 Service; C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [2008-03-19 607576]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-02-02 446464]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-04-14 40384]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2007-01-31 96370]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2003-08-18 303104]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-09-30 935208]
R2 SandraAgentSrv;SiSoftware Deployment Agent Service; C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe [2008-04-22 98488]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-04-14 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-04-14 40384]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
R3 lxby_device;lxby_device; C:\WINDOWS\system32\lxbycoms.exe [2005-01-06 462848]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-03 182768]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

díky!!!

#2 Příspěvek od **Caroprd111** » 26 dub 2010 18:51

Zdravím

Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe

Spusťte, poté do spodního políčka vložte následující skript.

Kód: Vybrat vše

netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys 
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys 
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
tcpip.sys
cryptsvc.dll
Changer.sys
JakNDis.sys
isapnp.sys 
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav 
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
CREATERESTOREPOINT

Označte položku Pro všechny uživatele.
Označte položky Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Klikněte na tlačítko Prohledat
Po dokončení, sem vložte logy OTL.Txt a Extras.txt

panas · #3 Příspěvek od **panas** » 26 dub 2010 19:08

OTL.Txt

OTL logfile created on: 26.4.2010 19:54:05 - Run 1
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Documents and Settings\Administrator\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

895,00 Mb Total Physical Memory | 348,00 Mb Available Physical Memory | 39,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232,89 Gb Total Space | 80,30 Gb Free Space | 34,48% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: COMPRESS
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.04.26 19:52:57 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Plocha\OTL.exe
PRC - [2010.04.23 17:57:03 | 002,932,224 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Temp\m.2FA.tmp.exe
PRC - [2010.04.22 16:17:27 | 001,413,632 | ---- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\Desktop Security 2010\Desktop Security 2010.exe
PRC - [2010.04.22 16:16:41 | 000,146,432 | ---- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\Desktop Security 2010\securitycenter.exe
PRC - [2010.04.14 18:47:08 | 002,790,472 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010.04.14 18:47:05 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010.04.01 15:44:23 | 000,307,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009.11.16 17:36:19 | 000,172,792 | ---- | M] (ICQ, LLC.) -- C:\Program Files\ICQ6.5\ICQ.exe
PRC - [2009.05.03 09:17:46 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008.09.30 13:48:28 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008.04.22 18:23:02 | 000,098,488 | ---- | M] (SiSoftware) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe
PRC - [2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.04.01 11:39:48 | 000,486,856 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe
PRC - [2008.03.19 14:25:43 | 000,607,576 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
PRC - [2007.01.31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2006.09.25 09:12:20 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2005.01.18 11:49:16 | 000,196,608 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark P910 Series\lxbymon.exE
PRC - [2005.01.06 19:41:22 | 000,462,848 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\lxbycoms.exe
PRC - [2004.09.17 15:24:02 | 000,061,440 | ---- | M] () -- C:\Program Files\Lexmark P910 Series\ezprint.exe
PRC - [2003.08.19 17:00:40 | 000,053,248 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
PRC - [2003.08.19 16:36:22 | 000,057,344 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe

========== Modules (SafeList) ==========

MOD - [2010.04.26 19:52:57 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Plocha\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2010.04.14 18:47:05 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010.04.14 18:47:05 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010.04.14 18:47:05 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2008.09.30 13:48:28 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008.07.29 19:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008.04.22 18:23:02 | 000,098,488 | ---- | M] (SiSoftware) [Auto | Running] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe -- (SandraAgentSrv)
SRV - [2008.03.19 14:25:43 | 000,607,576 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe -- (aawservice)
SRV - [2007.01.31 14:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2005.01.06 19:41:22 | 000,462,848 | ---- | M] (Lexmark International, Inc.) [On_Demand | Running] -- C:\WINDOWS\System32\lxbycoms.exe -- (lxby_device)

========== Driver Services (SafeList) ==========

DRV - [2010.04.14 18:35:47 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010.04.14 18:35:25 | 000,162,768 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2010.04.14 18:31:39 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010.04.14 18:31:12 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010.04.14 18:31:01 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010.04.14 18:30:45 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008.05.19 18:31:25 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008.04.13 18:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008.03.10 19:30:36 | 000,021,408 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\WNt500x86\sandra.sys -- (SANDRA)
DRV - [2007.02.02 22:03:26 | 001,975,296 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006.11.03 03:32:30 | 004,394,496 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006.08.14 15:09:48 | 000,083,200 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2004.09.01 11:42:18 | 000,138,396 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Pfc027.sys -- (SoC PC-Camera Service)
DRV - [2004.05.05 22:48:40 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PQNTDRV.sys -- (PQNTDrv)
DRV - [2001.08.17 23:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-606747145-854245398-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.atlas.cz/?from=icqhp
IE - HKU\S-1-5-21-606747145-854245398-725345543-500\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll (IE Toolbar)
IE - HKU\S-1-5-21-606747145-854245398-725345543-500\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb126\SearchSettings.dll (Vendio Services, Inc.)
IE - HKU\S-1-5-21-606747145-854245398-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-606747145-854245398-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.4
FF - prefs.js..extensions.enabledItems: cs@dictionaries.addons.mozilla.org:1.0.1
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=UTF-8 ... =vendio&p="

FF - user.js..browser.search.openintab: false

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.24 20:02:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.24 20:00:40 | 000,000,000 | ---D | M]

[2008.09.07 11:20:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Extensions
[2010.04.26 17:00:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\y1ijpbxa.default\extensions
[2009.09.02 17:41:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\y1ijpbxa.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008.09.07 21:32:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\y1ijpbxa.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2008.12.19 04:55:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\y1ijpbxa.default\extensions\cs@dictionaries.addons.mozilla.org
[2007.09.24 15:24:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\y1ijpbxa.default\extensions\photoeditor@ondrej.novak
[2010.04.24 03:17:13 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\y1ijpbxa.default\searchplugins\icqplugin-1.xml
[2008.07.03 06:24:26 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\y1ijpbxa.default\searchplugins\icqplugin-10.xml
[2008.07.11 19:17:07 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\y1ijpbxa.default\searchplugins\icqplugin-11.xml
[2008.07.16 16:30:10 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\y1ijpbxa.default\searchplugins\icqplugin-12.xml
[2008.09.07 21:32:41 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\y1ijpbxa.default\searchplugins\icqplugin-13.xml
[2008.09.25 19:28:26 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\y1ijpbxa.default\searchplugins\icqplugin-14.xml
[2008.09.28 10:24:06 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\y1ijpbxa.default\searchplugins\icqplugin-15.xml
[2008.11.13 11:31:58 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\y1ijpbxa.default\searchplugins\icqplugin-16.xml
[2008.12.17 23:21:55 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\y1ijpbxa.default\searchplugins\icqplugin-17.xml
[2009.02.04 22:18:41 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\y1ijpbxa.default\searchplugins\icqplugin-18.xml
[2009.03.05 15:48:16 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\y1ijpbxa.default\searchplugins\icqplugin-19.xml
[2007.10.21 06:40:04 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\y1ijpbxa.default\searchplugins\icqplugin-2.xml
[2009.03.29 00:19:01 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\y1ijpbxa.default\searchplugins\icqplugin-20.xml
[2009.04.22 17:57:28 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\y1ijpbxa.default\searchplugins\icqplugin-21.xml
[2009.04.28 20:02:05 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\y1ijpbxa.default\searchplugins\icqplugin-22.xml
[2009.06.12 18:53:45 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\y1ijpbxa.default\searchplugins\icqplugin-23.xml
[2009.07.22 18:32:49 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\y1ijpbxa.default\searchplugins\icqplugin-24.xml
[2009.08.06 09:27:39 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\y1ijpbxa.default\searchplugins\icqplugin-25.xml
[2009.09.10 14:19:52 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\y1ijpbxa.default\searchplugins\icqplugin-26.xml
[2009.10.28 12:43:37 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\y1ijpbxa.default\searchplugins\icqplugin-27.xml
[2009.12.17 20:56:00 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\y1ijpbxa.default\searchplugins\icqplugin-28.xml
[2010.01.07 21:19:01 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\y1ijpbxa.default\searchplugins\icqplugin-29.xml
[2007.10.21 10:49:22 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\y1ijpbxa.default\searchplugins\icqplugin-3.xml
[2010.02.18 09:14:57 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\y1ijpbxa.default\searchplugins\icqplugin-30.xml
[2010.04.01 15:45:02 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\y1ijpbxa.default\searchplugins\icqplugin-31.xml
[2007.11.03 07:59:49 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\y1ijpbxa.default\searchplugins\icqplugin-4.xml
[2007.11.27 13:34:28 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\y1ijpbxa.default\searchplugins\icqplugin-5.xml
[2007.12.01 08:09:57 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\y1ijpbxa.default\searchplugins\icqplugin-6.xml
[2008.02.09 11:32:04 | 000,000,951 | ---- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\y1ijpbxa.default\searchplugins\icqplugin-7.xml
[2008.03.26 16:45:28 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\y1ijpbxa.default\searchplugins\icqplugin-8.xml
[2008.04.17 11:08:14 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\y1ijpbxa.default\searchplugins\icqplugin-9.xml
[2008.02.13 15:21:36 | 000,000,962 | ---- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\y1ijpbxa.default\searchplugins\icqplugin.xml
[2010.04.26 17:00:02 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008.03.18 13:59:11 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com
[2007.04.16 15:28:00 | 000,360,448 | ---- | M] (ParallelGraphics) -- C:\Program Files\Mozilla Firefox\plugins\npCortona.dll
[2007.06.11 13:34:00 | 002,115,816 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll
[2008.09.28 10:23:04 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2008.09.28 10:23:04 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2008.09.28 10:23:04 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2008.09.28 10:23:04 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2008.09.28 10:23:04 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2001.10.25 14:00:00 | 000,000,737 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (XTTBPos00 Class) - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\toolbaru.dll (IE Toolbar)
O2 - BHO: (Podpora odkazu pro Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (SearchSettings Class) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb126\SearchSettings.dll (Vendio Services, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (ICQ Toolbar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll (IE Toolbar)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-606747145-854245398-725345543-500\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-606747145-854245398-725345543-500\..\Toolbar\WebBrowser: (ICQ Toolbar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll (IE Toolbar)
O3 - HKU\S-1-5-21-606747145-854245398-725345543-500\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark P910 Series\ezprint.exe ()
O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Lexmark Fax Solutions\fm3032.exe ()
O4 - HKLM..\Run: [Lexmark X1100 Series] C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [LXBYCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBYtime.DLL ()
O4 - HKLM..\Run: [lxbymon.exe] C:\Program Files\Lexmark P910 Series\lxbymon.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [SANDRASandra] c:\program files\sisoftware\sisoftware sandra lite xii.sp2c\wnt500ia64\sisoftwaresandra10.11.1.1.exe File not found
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKU\S-1-5-21-606747145-854245398-725345543-500..\Run: [AWMON] C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe File not found
O4 - HKU\S-1-5-21-606747145-854245398-725345543-500..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-606747145-854245398-725345543-500..\Run: [duhcvpurudo5] C:\Documents and Settings\Administrator\Local Settings\Temp\m.2FA.tmp.exe File not found
O4 - HKU\S-1-5-21-606747145-854245398-725345543-500..\Run: [ICQ] C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O4 - HKU\S-1-5-21-606747145-854245398-725345543-500..\Run: [SecurityCenter] C:\Documents and Settings\Administrator\Data aplikací\Desktop Security 2010\securitycenter.exe ()
O4 - HKU\S-1-5-21-606747145-854245398-725345543-500..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe File not found
O4 - HKU\S-1-5-21-606747145-854245398-725345543-500..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKLM..\RunServices: [SandraSiSoftware] c:\program files\sisoftware\sisoftware sandra lite xii.sp2c\wnt500ia64\sisoftwaresandra10.11.1.1.exe File not found
O4 - Startup: C:\Documents and Settings\Administrator\Nabídka Start\Programy\Po spuštění\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-606747145-854245398-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-606747145-854245398-725345543-500\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_03)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Prérijní vítr.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Prérijní vítr.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.09.23 16:35:47 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2007.09.23 16:35:29 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (55745656140070912)

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\Documents and Settings\Administrator\Plocha\kde se berou...
File not found -- C:\Documents and Settings\Administrator\Plocha\děláte machry...
[2010.04.26 19:52:56 | 000,563,712 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Plocha\OTL.exe
[2010.04.26 19:32:51 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.04.26 19:32:50 | 000,000,000 | ---D | C] -- C:\rsit
[2010.04.26 19:07:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010.04.24 15:34:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Plocha\praha
[2010.04.23 18:49:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\PCHealth
[2010.04.23 18:19:59 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010.04.23 18:18:50 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010.04.23 18:17:29 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
[2010.04.23 18:01:44 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2010.04.23 18:01:44 | 000,017,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2010.04.23 17:57:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Data aplikací\Desktop Security 2010
[2010.04.20 05:17:38 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010.04.15 16:53:55 | 000,000,000 | ---D | C] -- C:\Program Files\Feng Šuej Mahjong
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

File not found -- C:\Documents and Settings\Administrator\Plocha\kde se berou...
File not found -- C:\Documents and Settings\Administrator\Plocha\děláte machry...
[2010.04.26 19:52:57 | 000,563,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Plocha\OTL.exe
[2010.04.26 19:32:35 | 000,781,909 | ---- | M] () -- C:\Documents and Settings\Administrator\Plocha\RSIT.exe
[2010.04.26 19:07:46 | 000,002,275 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Skype.lnk
[2010.04.26 16:50:39 | 001,054,510 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.04.26 16:50:39 | 000,443,588 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.04.26 16:50:39 | 000,440,316 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2010.04.26 16:50:39 | 000,083,652 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2010.04.26 16:50:39 | 000,071,846 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.04.26 16:49:37 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.04.26 16:49:18 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.04.26 16:49:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.04.26 16:48:57 | 938,790,912 | -HS- | M] () -- C:\hiberfil.sys
[2010.04.25 16:47:40 | 010,747,904 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010.04.25 16:47:40 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010.04.24 20:17:13 | 004,286,744 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\IconCache.db
[2010.04.24 15:36:42 | 001,650,409 | ---- | M] () -- C:\Documents and Settings\Administrator\Plocha\IMG_1829.JPG
[2010.04.24 15:33:09 | 000,131,072 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.24 11:56:18 | 000,271,784 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.04.24 07:21:56 | 000,069,616 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
[2010.04.24 07:13:35 | 000,000,864 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.04.23 05:42:48 | 000,002,563 | ---- | M] () -- C:\Documents and Settings\Administrator\Plocha\ms office word.lnk
[2010.04.17 04:42:32 | 000,002,566 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010.04.15 16:54:00 | 000,000,846 | ---- | M] () -- C:\Documents and Settings\Administrator\Plocha\Feng Šuej Mahjong.lnk
[2010.04.14 18:47:23 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010.04.14 18:47:03 | 000,153,184 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010.04.14 18:35:47 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010.04.14 18:35:25 | 000,162,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010.04.14 18:31:39 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010.04.14 18:31:12 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010.04.14 18:31:09 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010.04.14 18:31:01 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010.04.14 18:30:45 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010.04.12 18:10:14 | 000,001,077 | ---- | M] () -- C:\Documents and Settings\Administrator\Plocha\Zástupce - Taštička s klopou-Uursik.lnk
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.04.26 19:32:34 | 000,781,909 | ---- | C] () -- C:\Documents and Settings\Administrator\Plocha\RSIT.exe
[2010.04.24 15:36:42 | 001,650,409 | ---- | C] () -- C:\Documents and Settings\Administrator\Plocha\IMG_1829.JPG
[2010.04.15 16:54:00 | 000,000,846 | ---- | C] () -- C:\Documents and Settings\Administrator\Plocha\Feng Šuej Mahjong.lnk
[2010.04.12 18:10:14 | 000,001,077 | ---- | C] () -- C:\Documents and Settings\Administrator\Plocha\Zástupce - Taštička s klopou-Uursik.lnk
[2009.08.29 16:40:45 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009.01.24 18:45:57 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008.12.15 13:01:40 | 000,004,767 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2008.10.31 10:13:47 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXPRMON.DLL
[2008.10.31 10:13:47 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\LXPMONUI.DLL
[2008.09.07 14:57:14 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008.08.06 19:59:17 | 000,000,029 | ---- | C] () -- C:\WINDOWS\BSL.INI
[2008.06.02 17:02:18 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008.05.19 18:31:25 | 000,717,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2007.09.25 18:45:33 | 000,000,245 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2007.09.25 18:45:17 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbkvs.dll
[2007.09.25 18:45:15 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBKLCNP.DLL
[2007.09.25 18:44:51 | 000,000,266 | ---- | C] () -- C:\WINDOWS\System32\lxbkcoin.ini
[2007.09.23 16:49:06 | 000,004,632 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2007.09.23 16:49:04 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2005.10.14 12:56:50 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005.10.14 12:56:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005.10.14 12:56:50 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005.10.14 12:56:50 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005.10.14 12:56:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005.10.14 12:56:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005.10.14 12:56:50 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005.10.14 12:56:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2005.01.14 03:22:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\lxbyinsr.dll
[2005.01.14 03:21:26 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\lxbyjswr.dll
[2004.09.01 11:42:18 | 000,138,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\Pfc027.sys
[2004.09.01 11:42:16 | 000,011,170 | ---- | C] () -- C:\WINDOWS\System32\PA207USD.DLL
[2004.02.19 17:45:50 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbyvs.dll
[1997.06.14 04:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

========== LOP Check ==========

[2008.11.11 18:56:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Alawar
[2007.11.06 17:15:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Black Sea Studios
[2008.05.19 18:31:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\DAEMON Tools
[2010.04.26 17:24:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Desktop Security 2010
[2008.11.19 17:10:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\EleFun Games
[2009.10.31 15:03:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Friday's games
[2010.03.10 19:31:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Gold Casual Games
[2008.04.01 17:04:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\gtk-2.0
[2010.04.05 10:49:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\ICQ
[2007.09.24 17:35:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\ICQ Toolbar
[2008.05.30 10:03:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\InfraRecorder
[2008.03.18 14:07:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Search Settings
[2008.12.31 12:26:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Teleca
[2009.11.13 21:43:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\TMInc
[2010.03.10 19:30:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Špidla Data Processing, s.r.o
[2009.08.13 18:40:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Alawar Stargaze
[2009.11.14 15:35:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\AlawarWrapper
[2010.03.13 06:03:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
[2007.09.25 18:47:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\BVRP Software
[2008.11.19 17:10:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\EleFun Games
[2008.04.28 04:58:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\IM
[2008.04.28 04:58:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\IncrediMail
[2009.01.24 19:20:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Meridian93
[2008.12.31 12:24:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Teleca
[2009.04.14 08:35:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2008.10.01 20:49:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TERMINAL Studio
[2008.10.14 12:29:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2010.03.10 19:30:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Špidla Data Processing, s.r.o
[2009.05.03 09:17:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Data aplikací\ICQ Toolbar

========== Purity Check ==========

========== Custom Scans ==========

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"CTFMON.EXE" = C:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 05:22:17 | 000,015,360 | ---- | M] (Microsoft Corporation)
"AWMON" = "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe" -- File not found
"DAEMON Tools Lite" = "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun -- [2008.04.01 11:39:48 | 000,486,856 | ---- | M] (DT Soft Ltd)
"SpybotSD TeaTimer" = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe -- File not found
"ICQ" = "C:\Program Files\ICQ6.5\ICQ.exe" silent -- [2009.11.16 17:36:19 | 000,172,792 | ---- | M] (ICQ, LLC.)
"swg" = "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" -- [2009.05.03 09:17:46 | 000,039,408 | ---- | M] (Google Inc.)
"duhcvpurudo5" = C:\Documents and Settings\Administrator\Local Settings\Temp\m.2FA.tmp.exe -- File not found
"SecurityCenter" = C:\Documents and Settings\Administrator\Data aplikací\Desktop Security 2010\securitycenter.exe -- [2010.04.22 16:16:41 | 000,146,432 | ---- | M] ()

< c:\windows\*.* /U >
[2 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2007.09.24 07:14:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Adobe
[2008.11.11 18:56:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Alawar
[2008.10.14 12:29:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Apple Computer
[2008.06.02 16:55:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\ATI
[2007.11.06 17:15:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Black Sea Studios
[2008.09.04 15:25:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\CameraWindowDC
[2008.09.04 15:12:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\CANON INC
[2008.05.19 18:31:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\DAEMON Tools
[2010.04.26 17:24:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Desktop Security 2010
[2008.11.19 17:10:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\EleFun Games
[2008.07.18 14:02:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\FastStone
[2008.10.31 20:56:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\FaxCtr
[2009.10.31 15:03:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Friday's games
[2010.03.10 19:31:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Gold Casual Games
[2009.06.21 18:49:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Google
[2008.04.01 17:04:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\gtk-2.0
[2008.10.28 19:51:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Help
[2010.04.05 10:49:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\ICQ
[2007.09.24 17:35:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\ICQ Toolbar
[2007.09.23 16:39:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Identities
[2008.05.30 10:03:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\InfraRecorder
[2007.09.24 07:31:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\InstallShield
[2007.09.23 17:44:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Lavasoft
[2007.09.23 18:04:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Macromedia
[2009.08.19 16:35:17 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Administrator\Data aplikací\Microsoft
[2008.09.07 11:20:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Mozilla
[2007.09.24 15:27:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\MSN6
[2008.12.30 16:45:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Nero
[2008.03.18 14:07:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Search Settings
[2010.04.26 19:15:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Skype
[2010.04.26 19:07:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\skypePM
[2007.11.29 23:10:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Sun
[2008.12.31 12:26:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Teleca
[2009.11.13 21:43:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\TMInc
[2007.09.24 14:41:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\WinRAR
[2009.08.08 07:22:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\ZoomBrowser EX
[2010.03.10 19:30:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Špidla Data Processing, s.r.o

< %APPDATA%\*.exe /s >
[2010.04.22 16:17:27 | 001,413,632 | ---- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\Desktop Security 2010\Desktop Security 2010.exe
[2010.04.22 16:16:41 | 000,146,432 | ---- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\Desktop Security 2010\securitycenter.exe
[2010.04.23 17:57:03 | 002,932,224 | ---- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\Desktop Security 2010\securityhelper.exe
[2009.08.18 17:32:08 | 000,001,078 | R--- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\Microsoft\Installer\{17068829-10EE-4581-BDC8-C53C483694A3}\ARPPRODUCTICON.exe
[2009.08.18 17:32:08 | 000,001,078 | R--- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\Microsoft\Installer\{17068829-10EE-4581-BDC8-C53C483694A3}\ButtonMonitor.exe1_1706882910EE4581BDC8C53C483694A3.exe
[2009.08.18 17:32:08 | 000,001,078 | R--- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\Microsoft\Installer\{17068829-10EE-4581-BDC8-C53C483694A3}\ButtonMonitor.exe_1706882910EE4581BDC8C53C483694A3.exe

panas · #4 Příspěvek od **panas** » 26 dub 2010 19:09

...druhá část...

< MD5 for: AGP440.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.11.04 10:29:54 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008.11.04 10:29:54 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004.08.03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.11.04 10:29:54 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008.11.04 10:29:54 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: CRYPTSVC.DLL >
[2004.08.17 15:49:04 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll
[2008.04.14 05:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[2008.04.14 05:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2008.04.14 05:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 05:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll
[2004.08.17 15:49:08 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004.08.17 15:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
[2007.06.13 15:11:59 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=9B32416BD5988C97B6397CE0B02CAF97 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007.06.13 15:23:39 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=ED7B460B142A32097B8A8F6ECC941815 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: HAL.DLL >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2008.11.04 10:29:54 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:hal.dll
[2008.11.04 10:29:54 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll
[2008.04.13 20:31:28 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=4329EE7D502C9113EBA0F9570392F5EE -- C:\WINDOWS\system32\HAL.DLL
[2008.04.13 20:31:32 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll
[2004.08.03 22:59:14 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=DFCE51FD96909D1B97D4A1A72D060D77 -- C:\WINDOWS\$NtServicePackUninstall$\hal.dll

< MD5 for: CHANGER.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2008.11.04 10:29:54 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:Changer.sys
[2008.11.04 10:29:54 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Changer.sys
[2008.04.13 20:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\ServicePackFiles\i386\changer.sys
[2004.08.03 23:00:14 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=DAF1A8193B6CAF0FB858CADCC5C4AF4A -- C:\WINDOWS\$NtServicePackUninstall$\changer.sys

< MD5 for: ISAPNP.SYS >
[2008.11.04 10:29:54 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2008.11.04 10:29:54 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:isapnp.sys
[2001.10.25 14:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\$NtServicePackUninstall$\isapnp.sys
[2008.04.14 04:27:53 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\ServicePackFiles\i386\isapnp.sys
[2008.04.14 04:27:53 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\drivers\isapnp.sys

< MD5 for: LSASS.EXE >
[2004.08.17 15:49:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
[2008.04.14 05:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[2008.04.14 05:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\lsass.exe

< MD5 for: NDIS.SYS >
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2004.08.03 23:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

< MD5 for: NETLOGON.DLL >
[2004.08.17 15:49:14 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008.04.14 05:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 05:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004.08.17 15:49:18 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008.04.14 05:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 05:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SMSS.EXE >
[2004.08.17 15:49:28 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\$NtServicePackUninstall$\smss.exe
[2008.04.14 05:22:47 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\ServicePackFiles\i386\smss.exe
[2008.04.14 05:22:47 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\smss.exe

< MD5 for: SVCHOST.EXE >
[2008.04.14 05:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008.04.14 05:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe
[2004.08.17 15:49:28 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: TCPIP.SYS >
[2006.04.20 13:51:50 | 000,359,808 | ---- | M] (Microsoft Corporation) MD5=1DBF125862891817F374F407626967F4 -- C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
[2008.06.20 12:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2007.10.30 18:53:32 | 000,360,832 | ---- | M] (Microsoft Corporation) MD5=64798ECFA43D78C7178375FCDD16D8C8 -- C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[2008.06.20 12:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[2007.10.30 19:20:55 | 000,360,064 | ---- | M] (Microsoft Corporation) MD5=90CAFF4B094573449A0872A0F919B178 -- C:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys
[2008.04.13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.04.13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2004.08.03 23:14:42 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[2006.04.20 14:18:35 | 000,360,576 | ---- | M] (Microsoft Corporation) MD5=B2220C618B42A2212A59D91EBD6FC4B4 -- C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe
[2004.08.17 15:49:28 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004.08.17 15:49:28 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 05:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 05:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WS2_32.DLL >
[2004.08.17 15:49:22 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
[2008.04.14 05:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008.04.14 05:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2008.05.19 18:31:25 | 000,717,296 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys

< %systemroot%\System32\config\*.sav >
[2007.09.23 18:04:28 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2007.09.23 18:04:27 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2007.09.23 18:04:27 | 000,413,696 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2010.04.24 11:56:18 | 000,271,784 | ---- | M] () -- C:\WINDOWS\system32\FNTCACHE.DAT
[2010.04.26 16:50:39 | 000,083,652 | ---- | M] () -- C:\WINDOWS\system32\perfc005.dat
[2010.04.26 16:50:39 | 000,071,846 | ---- | M] () -- C:\WINDOWS\system32\perfc009.dat
[2010.04.26 16:50:39 | 000,440,316 | ---- | M] () -- C:\WINDOWS\system32\perfh005.dat
[2010.04.26 16:50:39 | 000,443,588 | ---- | M] () -- C:\WINDOWS\system32\perfh009.dat
[2010.04.26 16:50:39 | 001,054,510 | ---- | M] () -- C:\WINDOWS\system32\PerfStringBackup.INI
[2010.04.24 07:09:39 | 000,721,618 | ---- | M] () -- C:\WINDOWS\system32\TZLog.log
[2010.04.26 16:49:37 | 000,002,206 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:8EB0D744
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:BB24555F
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:95B8F7F6
< End of report >

panas · #5 Příspěvek od **panas** » 26 dub 2010 19:09

a Extras.Txt...

OTL Extras logfile created on: 26.4.2010 19:54:05 - Run 1
OTL by OldTimer - Version 3.2.3.0 Folder = C:\Documents and Settings\Administrator\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

895,00 Mb Total Physical Memory | 348,00 Mb Available Physical Memory | 39,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232,89 Gb Total Space | 80,30 Gb Free Space | 34,48% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: COMPRESS
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\ICQ6\ICQ.exe" = C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6 -- File not found
"E:\Aplikace\PidginPortable\App\Pidgin\pidgin-portable.exe" = E:\Aplikace\PidginPortable\App\Pidgin\pidgin-portable.exe:*:Enabled:Pidgin -- File not found
"C:\Program Files\IncrediMail\bin\ImApp.exe" = C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail -- File not found
"C:\Program Files\IncrediMail\bin\IncMail.exe" = C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail -- File not found
"C:\Program Files\IncrediMail\bin\ImpCnt.exe" = C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail -- File not found
"C:\WINDOWS\system32\lxbycoms.exe" = C:\WINDOWS\system32\lxbycoms.exe:*:Disabled:P910 Series Server -- (Lexmark International, Inc.)
"C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe" = C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe:*:Enabled:SiSoftware Deployment Agent Service -- (SiSoftware)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Black Sea Studios\Knights Of Honor\KoH.exe" = C:\Program Files\Black Sea Studios\Knights Of Honor\KoH.exe:*:Disabled:KoH -- File not found
"C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\WNt500x86\RpcSandraSrv.exe" = C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service -- (SiSoftware)
"C:\Program Files\ICQ6.5\ICQ.exe" = C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
"C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.ICD" = C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.ICD:*:Enabled:Age of Empires II -- (Microsoft Corporation)
"C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\age2_x1.icd" = C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\age2_x1.icd:*:Enabled:Age of Empires II Expansion -- (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02627ee5-eaca-4742-a9cc-e687631773e4}" = Nero ShowTime
"{086a7d8c-0a38-4c7f-819a-620275550d5c}" = Nero BurningROM
"{17068829-10EE-4581-BDC8-C53C483694A3}" = Smart Sync
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1c00c7c5-e615-4139-b817-7f4003de68c0}" = Nero PhotoSnap Help
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool
"{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{32AD1A7A-25F1-44B9-A396-EA8A4A6605B0}" = Search Settings 1.1
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{350C97C4-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{359cfc0a-beb1-440d-95ba-cf63a86da34f}" = Nero Recode
"{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent
"{36CDA33B-909B-4719-97D1-C4B99309BDC7}" = ATI Parental Control & Encoder
"{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5d9be3c1-8ba4-4e7e-82fd-9f74fa6815d1}" = Nero Vision
"{5e08ecd1-c98e-4711-bf65-8fd736b3f969}" = Nero RescueAgent Help
"{60c731fb-c951-41ce-ad41-8e54c8594609}" = Nero Disc Copy Gadget Help
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{6130E589-D759-43AC-8265-28EB0A711446}" = MadOnion.com/3DMark2001
"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6EF72FC6-842E-4FE6-BF88-BFBF03C9DA74}" = Windows Workflow Foundation CS Language Pack
"{6FDE37C6-02CD-422E-8857-19ACE7C87D5E}" = ATI Catalyst Control Center
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{764C0C8F-B1B1-49BF-AEDC-4E48E857A667}" = Lexmark Fax Solutions
"{7689CA7A-1270-425A-9959-EB4CB25EA29A}" = Sony Ericsson PC Suite 1.20.224
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{77e33d87-255e-413e-9c8d-eed2a7f9bebf}" = Nero Live Help
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{7F947BFE-C2DF-4779-9909-5BEE746BD0C4}" = Microsoft .NET Framework 2.0 Language Pack - CSY
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8a8270e9-a92e-4924-a7d3-32b82f5d2346}" = Nero 9
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{90120000-0010-0405-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Czech) 12
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0015-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}_ENTERPRISE_{294B4278-CF7B-40B9-86A1-2D3FF0C2C524}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-001F-041B-0000-0000000FF1CE}_ENTERPRISE_{10EC59E5-9BCE-4884-BB1A-E28627220232}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2007
"{90120000-0044-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}_ENTERPRISE_{E12F9D31-4025-4BC6-B1B2-AB262C5580B0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2007
"{90120000-00BA-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90AF0405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}" = Apple Mobile Device Support
"{98a67610-a3b5-4098-a423-3708040026d3}" = "Nero SoundTrax Help
"{9e82b934-9a25-445b-b8df-8012808074ac}" = Nero PhotoSnap
"{a209525b-3377-43f4-b886-32f6b6e7356f}" = Nero WaveEditor
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAB6D0F8-02B3-4E89-B24C-0BB153C21445}" = Windows Presentation Foundation Language Pack (CSY)
"{AC76BA86-7AD7-1029-7B44-A81200000003}" = Adobe Reader 8 - Czech
"{ad6bc5cc-2ef0-49c4-b33d-cdc8b2c4dc80}" = Nero Recode Help
"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2196}_is1" = SiSoftware Sandra Lite XII.SP2c
"{C5A41205-5B61-442F-943F-4A60B376FA8A}_is1" = Cesta kolem světa za 80 dní
"{c5a7cb6c-e76d-408f-ba0e-85605420fe9d}" = SoundTrax
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{ce96f5a5-584d-4f8f-aa3e-9baed413db72}" = Nero CoverDesigner Help
"{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint
"{D8979435-753B-40AE-9318-5E712C160A71}" = Windows Communication Foundation Language Pack - CSY
"{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}" = Nero ShowTime
"{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}" = iTunes
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware 2007
"{df6a95f5-adc1-406a-bdc6-2aa7cc0182aa}" = Nero Live
"{e498385e-1c51-459a-b45f-1721e37aa1a0}" = Movie Templates - Starter Kit
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed
"{e8631efb-6b9a-426c-b1ce-e7173ca26bf8}" = Nero WaveEditor Help
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f1861f30-3419-44db-b2a1-c274825698b3}" = Nero Disc Copy Gadget
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F45298E5-0083-426F-A668-1A2C5F04B8A0}" = FaxTools
"{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights
"{FB09515C-8E3E-4E0F-A1F2-032F38DEC185}" = Microsoft .NET Framework 3.0 Czech Language Pack
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"{Záhadné město - Zlatá Praha}_is1" = Záhadné město - Zlatá Praha 1.0
"Ad-Aware SE Professional" = Ad-Aware SE Professional
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"All ATI Software" = Softarová utilita ATI - Odinstalovat
"Amulet věků - Útěk z Pompejí" = Amulet věků - Útěk z Pompejí
"Ashampoo WinOptimizer 2009_is1" = Ashampoo WinOptimizer 2009
"ATI Display Driver" = ATI Display Driver
"avast5" = avast! Free Antivirus
"BFGC" = Big Fish Games Client
"BSPlayer1" = BSPlayer
"CAL" = Canon Camera Access Library
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CANYON CN-WCAM21 PC-Camera_is1" = CANYON CN-WCAM21 PC-Camera
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0
"CSCLIB" = Canon Camera Support Core Library
"Diablo" = Diablo
"Emilka Holubová - Montezumův poklad" = Emilka Holubová - Montezumův poklad
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EOS Utility" = Canon Utilities EOS Utility
"Feng Šuej Mahjong" = Feng Šuej Mahjong
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InfraRecorder" = InfraRecorder
"InstallShield_{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic 8.0
"InstallShield_{764C0C8F-B1B1-49BF-AEDC-4E48E857A667}" = Faxové funkce Lexmark
"IrfanView" = IrfanView (remove only)
"Lexmark P910 Series" = Lexmark P910 Series
"Lexmark X1100 Series" = Lexmark X1100 Series
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - CSY" = Microsoft .NET Framework 2.0 Language Pack - CSY
"Microsoft .NET Framework 3.0 Czech Language Pack" = Microsoft .NET Framework 3.0 Czech Language Pack
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Montezumova pomsta" = Montezumova pomsta
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"Natalie Brooks - Záhada domu pokladů" = Natalie Brooks - Záhada domu pokladů
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PhotoStitch" = Canon Utilities PhotoStitch
"Picasa 3" = Picasa 3
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureDC" = Canon Utilities RemoteCapture DC
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Řečtí hrdinové" = Řečtí hrdinové
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGTK-2_is1" = GTK+ 2.10.13 runtime environment
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"XTTB00001.XTTB00001Toolbar" = ICQ Toolbar
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-606747145-854245398-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Desktop Security 2010" = Desktop Security 2010
"Diablo" = Diablo

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 30.11.2008 22:57:41 | Computer Name = COMPRESS | Source = avast! | ID = 33554522
Description =

Error - 11.12.2008 11:29:19 | Computer Name = COMPRESS | Source = avast! | ID = 33554522
Description =

Error - 11.1.2009 5:33:57 | Computer Name = COMPRESS | Source = avast! | ID = 33554522
Description =

Error - 12.1.2009 15:20:13 | Computer Name = COMPRESS | Source = avast! | ID = 33554522
Description =

Error - 23.1.2009 15:38:46 | Computer Name = COMPRESS | Source = avast! | ID = 33554522
Description =

Error - 23.1.2009 15:38:46 | Computer Name = COMPRESS | Source = avast! | ID = 33554522
Description =

Error - 5.2.2009 14:01:58 | Computer Name = COMPRESS | Source = avast! | ID = 33554522
Description =

Error - 27.6.2009 1:29:32 | Computer Name = COMPRESS | Source = avast! | ID = 33554522
Description =

Error - 19.7.2009 2:05:00 | Computer Name = COMPRESS | Source = avast! | ID = 33554522
Description =

Error - 29.11.2009 8:40:25 | Computer Name = COMPRESS | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 3.5.2009 3:17:29 | Computer Name = COMPRESS | Source = Application Error | ID = 1000
Description = Chybující aplikace iexplore.exe, verze 7.0.6000.16827, chybující modul
ntdll.dll, verze 5.1.2600.5755, adresa chyby 0x0000100b.

Error - 7.5.2009 9:13:11 | Computer Name = COMPRESS | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace lxbyaiox.exE, verze 1.143.173.0, zablokovaný
modul hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 8.5.2009 14:42:55 | Computer Name = COMPRESS | Source = Application Error | ID = 1000
Description = Chybující aplikace explorer.exe, verze 6.0.2900.5512, chybující modul
shlwapi.dll, verze 6.0.2900.5512, adresa chyby 0x00059297.

Error - 8.5.2009 14:43:02 | Computer Name = COMPRESS | Source = Application Error | ID = 1000
Description = Chybující aplikace drwtsn32.exe, verze 5.1.2600.0, chybující modul
dbghelp.dll, verze 5.1.2600.5512, adresa chyby 0x0001295d.

Error - 17.5.2009 13:30:39 | Computer Name = COMPRESS | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace firefox.exe, verze 1.9.0.3399, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 23.5.2009 3:13:10 | Computer Name = COMPRESS | Source = Application Error | ID = 1000
Description = Chybující aplikace firefox.exe, verze 1.9.0.3399, chybující modul
kernel32.dll, verze 5.1.2600.5781, adresa chyby 0x00012afb.

Error - 23.5.2009 7:43:11 | Computer Name = COMPRESS | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace OUTLOOK.EXE, verze 12.0.4518.1014, zablokovaný
modul hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 26.5.2009 12:56:12 | Computer Name = COMPRESS | Source = Microsoft Office 12 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office Outlook.

Error - 1.6.2009 2:10:53 | Computer Name = COMPRESS | Source = Application Error | ID = 1000
Description = Chybující aplikace firefox.exe, verze 1.9.0.3399, chybující modul
xul.dll, verze 1.9.0.3399, adresa chyby 0x003179ea.

Error - 3.6.2009 9:17:12 | Computer Name = COMPRESS | Source = Application Error | ID = 1000
Description = Chybující aplikace explorer.exe, verze 6.0.2900.5512, chybující modul
ntdll.dll, verze 5.1.2600.5755, adresa chyby 0x0001aa21.

[ OSession Events ]
Error - 3.3.2009 5:01:31 | Computer Name = COMPRESS | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 654
seconds with 180 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 23.4.2010 13:08:04 | Computer Name = COMPRESS | Source = Windows Update Agent | ID = 20
Description = Instalace se nezdařila: Instalace následující aktualizace se nezdařila
z důvodu chyby (0x800706ba): Nástroj k odstranění škodlivého softwaru v systému
Windows – duben 2010 (KB890830).

Error - 23.4.2010 13:08:04 | Computer Name = COMPRESS | Source = Windows Update Agent | ID = 20
Description = Instalace se nezdařila: Instalace následující aktualizace se nezdařila
z důvodu chyby (0x800706ba): Aktualizace systému Windows XP (KB955759).

Error - 23.4.2010 13:08:04 | Computer Name = COMPRESS | Source = Windows Update Agent | ID = 20
Description = Instalace se nezdařila: Instalace následující aktualizace se nezdařila
z důvodu chyby (0x800706ba): Aktualizace zabezpečení systému Windows XP (KB980232).

Error - 23.4.2010 13:08:04 | Computer Name = COMPRESS | Source = Windows Update Agent | ID = 20
Description = Instalace se nezdařila: Instalace následující aktualizace se nezdařila
z důvodu chyby (0x800706ba): Aktualizace systému Windows XP (KB970430).

Error - 23.4.2010 13:08:04 | Computer Name = COMPRESS | Source = Windows Update Agent | ID = 20
Description = Instalace se nezdařila: Instalace následující aktualizace se nezdařila
z důvodu chyby (0x800706ba): Aktualizace zabezpečení systému Microsoft Office 2007
(KB951550).

Error - 23.4.2010 13:08:04 | Computer Name = COMPRESS | Source = Windows Update Agent | ID = 20
Description = Instalace se nezdařila: Instalace následující aktualizace se nezdařila
z důvodu chyby (0x800706ba): Aktualizace systému Windows XP (KB976662).

Error - 23.4.2010 13:08:04 | Computer Name = COMPRESS | Source = Windows Update Agent | ID = 20
Description = Instalace se nezdařila: Instalace následující aktualizace se nezdařila
z důvodu chyby (0x800706ba): Aktualizace zabezpečení systému Windows XP (KB979683).

Error - 23.4.2010 13:08:04 | Computer Name = COMPRESS | Source = Windows Update Agent | ID = 20
Description = Instalace se nezdařila: Instalace následující aktualizace se nezdařila
z důvodu chyby (0x800706ba): Aktualizace zabezpečení systému Windows XP (KB971468).

Error - 23.4.2010 13:08:04 | Computer Name = COMPRESS | Source = Windows Update Agent | ID = 20
Description = Instalace se nezdařila: Instalace následující aktualizace se nezdařila
z důvodu chyby (0x800706ba): Kumulativní aktualizace zabezpečení pro funkci ActiveX
Killbits pro systém Windows XP (KB978262).

Error - 25.4.2010 9:54:09 | Computer Name = COMPRESS | Source = System Error | ID = 1003
Description = Kód chyby 1000000a, parametr1 00000023, parametr2 00000002, parametr3
00000000, parametr4 804fa9ea.

< End of report >

#6 Příspěvek od **Caroprd111** » 26 dub 2010 19:22

Spusťte OTL a do spodního okna vložte následující skript.

Kód: Vybrat vše

:OTL
PRC - [2010.04.23 17:57:03 | 002,932,224 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Temp\m.2FA.tmp.exe
PRC - [2010.04.22 16:17:27 | 001,413,632 | ---- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\Desktop Security 2010\Desktop Security 2010.exe
PRC - [2010.04.22 16:16:41 | 000,146,432 | ---- | M] () -- C:\Documents and Settings\Administrator\Data aplikací\Desktop Security 2010\securitycenter.exe
O4 - HKLM..\Run: [] File not found
O4 - HKU\S-1-5-21-606747145-854245398-725345543-500..\Run: [AWMON] C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe File not found
O4 - HKU\S-1-5-21-606747145-854245398-725345543-500..\Run: [duhcvpurudo5] C:\Documents and Settings\Administrator\Local Settings\Temp\m.2FA.tmp.exe File not found
O4 - HKU\S-1-5-21-606747145-854245398-725345543-500..\Run: [SecurityCenter] C:\Documents and Settings\Administrator\Data aplikací\Desktop Security 2010\securitycenter.exe ()
O4 - HKLM..\RunServices: [SandraSiSoftware] c:\program files\sisoftware\sisoftware sandra lite xii.sp2c\wnt500ia64\sisoftwaresandra10.11.1.1.exe File not found
O15 - HKU\S-1-5-21-606747145-854245398-725345543-500\..Trusted Domains: ([]msn in My Computer)
[2010.04.23 17:57:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Data aplikací\Desktop Security 2010
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:8EB0D744
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:BB24555F
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:95B8F7F6

:Commands
[EMPTYTEMP] 
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[CREATERESTOREPOINT]

Poté klikněte na Opravit, PC se restartuje, log vložte sem.

Obrázek

Doporučuji odinstalovat (pokud nepoužíváte) toolbary (lišty) v Přidat nebo odebrat programy.

Obrázek

Doporučuji odinstalovat Ad-Aware a Spybot - Search & Destroy.

panas · #7 Příspěvek od **panas** » 26 dub 2010 19:32

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2010-04-26 20:30:57
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 82 GB (34%) free of 238 GB
Total RAM: 895 MB (45% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:31:01, on 26.4.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Lexmark P910 Series\ezprint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark P910 Series\lxbymon.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe
C:\Documents and Settings\Administrator\Data aplikací\Desktop Security 2010\securitycenter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\lxbycoms.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Plocha\RSIT.exe
C:\Program Files\trend micro\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atlas.cz/?from=icqhp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb126\SearchSettings.dll
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb126\SearchSettings.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark P910 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [lxbymon.exe] "C:\Program Files\Lexmark P910 Series\lxbymon.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SANDRASandra] c:\program files\sisoftware\sisoftware sandra lite xii.sp2c\wnt500ia64\sisoftwaresandra10.11.1.1.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [LXBYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBYtime.dll,_RunDLLEntry@16
O4 - HKLM\..\RunServices: [SandraSiSoftware] c:\program files\sisoftware\sisoftware sandra lite xii.sp2c\wnt500ia64\sisoftwaresandra10.11.1.1.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [duhcvpurudo5] C:\Documents and Settings\Administrator\Local Settings\Temp\m.2FA.tmp.exe
O4 - HKCU\..\Run: [SecurityCenter] C:\Documents and Settings\Administrator\Data aplikací\Desktop Security 2010\securitycenter.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lxby_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbycoms.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe

--
End of file - 10866 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class - C:\PROGRA~1\ICQTOO~1\toolbaru.dll [2006-12-25 701952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 501136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-02-21 279664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [2010-02-21 812528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
SearchSettings Class - C:\Program Files\Search Settings\kb126\SearchSettings.dll [2008-02-06 1160544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQ Toolbar - C:\PROGRA~1\ICQTOO~1\toolbaru.dll [2006-12-25 701952]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2005-08-04 343112]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-02-21 279664]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-10-30 16269312]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe [2006-09-25 90112]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
""= []
"EzPrint"=C:\Program Files\Lexmark P910 Series\ezprint.exe [2004-09-17 61440]
"FaxCenterServer"=C:\Program Files\Lexmark Fax Solutions\fm3032.exe [2004-11-22 299008]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]
"Lexmark X1100 Series"=C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe [2003-08-19 57344]
"lxbymon.exe"=C:\Program Files\Lexmark P910 Series\lxbymon.exe [2005-01-18 196608]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2010-04-14 2790472]
"SANDRASandra"=c:\program files\sisoftware\sisoftware sandra lite xii.sp2c\wnt500ia64\sisoftwaresandra10.11.1.1.exe []
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"LXBYCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBYtime.dll,_RunDLLEntry@16 []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"AWMON"=C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe []
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-04-01 486856]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe []
"ICQ"=C:\Program Files\ICQ6.5\ICQ.exe [2009-11-16 172792]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-05-03 39408]
"duhcvpurudo5"=C:\Documents and Settings\Administrator\Local Settings\Temp\m.2FA.tmp.exe []
"SecurityCenter"=C:\Documents and Settings\Administrator\Data aplikací\Desktop Security 2010\securitycenter.exe [2010-04-22 146432]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
C:\Program Files\Picasa2\PicasaMediaDetector.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]
C:\Program Files\Search Settings\SearchSettings.exe []

C:\Documents and Settings\Administrator\Nabídka Start\Programy\Po spuštění
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-02-02 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"undockwithoutlogon"=1
"ShutdownWithoutLogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoResolveTrack"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"E:\Aplikace\PidginPortable\App\Pidgin\pidgin-portable.exe"="E:\Aplikace\PidginPortable\App\Pidgin\pidgin-portable.exe:*:Enabled:Pidgin"
"C:\Program Files\IncrediMail\bin\ImApp.exe"="C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\WINDOWS\system32\lxbycoms.exe"="C:\WINDOWS\system32\lxbycoms.exe:*:Disabled:P910 Series Server"
"C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe"="C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe:*:Enabled:SiSoftware Deployment Agent Service"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Black Sea Studios\Knights Of Honor\KoH.exe"="C:\Program Files\Black Sea Studios\Knights Of Honor\KoH.exe:*:Disabled:KoH"
"C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\WNt500x86\RpcSandraSrv.exe"="C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.ICD"="C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.ICD:*:Enabled:Age of Empires II"
"C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\age2_x1.icd"="C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\age2_x1.icd:*:Enabled:Age of Empires II Expansion"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-04-26 20:27:35 ----D---- C:\_OTL
2010-04-26 19:32:51 ----D---- C:\Program Files\trend micro
2010-04-26 19:32:50 ----D---- C:\rsit
2010-04-25 16:50:15 ----HDC---- C:\WINDOWS\$NtUninstallKB970430$
2010-04-24 11:53:45 ----HDC---- C:\WINDOWS\$NtUninstallKB978262$
2010-04-24 11:53:36 ----HDC---- C:\WINDOWS\$NtUninstallKB971468$
2010-04-24 11:53:24 ----HDC---- C:\WINDOWS\$NtUninstallKB979683$
2010-04-24 11:52:56 ----HDC---- C:\WINDOWS\$NtUninstallKB980232$
2010-04-24 11:52:47 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-04-24 11:47:34 ----HDC---- C:\WINDOWS\$NtUninstallKB974318$
2010-04-24 11:47:25 ----HDC---- C:\WINDOWS\$NtUninstallKB978037$
2010-04-24 11:47:16 ----HDC---- C:\WINDOWS\$NtUninstallKB975713$
2010-04-24 11:43:19 ----HDC---- C:\WINDOWS\$NtUninstallKB978338$
2010-04-24 11:43:06 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-04-24 11:42:57 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$
2010-04-24 11:42:47 ----HDC---- C:\WINDOWS\$NtUninstallKB975560$
2010-04-24 11:28:54 ----HDC---- C:\WINDOWS\$NtUninstallKB977816$
2010-04-24 11:28:43 ----HDC---- C:\WINDOWS\$NtUninstallKB973687$
2010-04-24 11:28:33 ----HDC---- C:\WINDOWS\$NtUninstallKB978601$
2010-04-24 07:11:59 ----HDC---- C:\WINDOWS\$NtUninstallKB973904$
2010-04-24 07:11:42 ----HDC---- C:\WINDOWS\$NtUninstallKB974392$
2010-04-24 07:11:21 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2010-04-24 07:11:12 ----HDC---- C:\WINDOWS\$NtUninstallKB977914$
2010-04-24 07:10:34 ----HDC---- C:\WINDOWS\$NtUninstallKB979309$
2010-04-24 07:10:25 ----HDC---- C:\WINDOWS\$NtUninstallKB978706$
2010-04-24 07:09:33 ----HDC---- C:\WINDOWS\$NtUninstallKB979306$
2010-04-23 18:45:28 ----HDC---- C:\WINDOWS\$NtUninstallKB969947$
2010-04-23 18:17:29 ----N---- C:\WINDOWS\system32\browserchoice.exe
2010-04-23 18:01:44 ----A---- C:\WINDOWS\system32\muweb.dll
2010-04-23 18:01:44 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2010-04-23 18:01:44 ----A---- C:\WINDOWS\system32\mucltui.dll
2010-04-23 17:57:16 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Desktop Security 2010
2010-04-20 05:17:38 ----D---- C:\Program Files\Microsoft Silverlight
2010-04-15 16:53:55 ----D---- C:\Program Files\Feng Šuej Mahjong

======List of files/folders modified in the last 1 months======

2010-04-26 20:30:03 ----D---- C:\Program Files\Mozilla Firefox
2010-04-26 20:29:33 ----D---- C:\WINDOWS
2010-04-26 20:29:29 ----D---- C:\WINDOWS\Temp
2010-04-26 20:06:16 ----D---- C:\WINDOWS\Prefetch
2010-04-26 19:32:51 ----RD---- C:\Program Files
2010-04-26 19:15:21 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Skype
2010-04-26 19:07:56 ----D---- C:\Documents and Settings\Administrator\Data aplikací\skypePM
2010-04-26 19:07:16 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-04-26 19:07:08 ----D---- C:\WINDOWS\system32
2010-04-26 19:07:05 ----D---- C:\WINDOWS\system32\drivers
2010-04-26 19:05:31 ----HD---- C:\WINDOWS\inf
2010-04-26 19:05:30 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-26 16:50:39 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-04-25 16:51:05 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-25 16:50:57 ----SHD---- C:\WINDOWS\Installer
2010-04-25 16:50:56 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2010-04-25 16:48:27 ----RSD---- C:\WINDOWS\assembly
2010-04-24 20:14:02 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2010-04-24 20:13:56 ----HDC---- C:\WINDOWS\$NtUninstallKB923689$
2010-04-24 20:13:54 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2010-04-24 20:13:52 ----D---- C:\WINDOWS\system32\cs
2010-04-24 20:13:51 ----HDC---- C:\WINDOWS\$NtUninstallKB951748_0$
2010-04-24 20:13:51 ----HDC---- C:\WINDOWS\$NtUninstallKB951072-v2$
2010-04-24 20:13:51 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2010-04-24 20:13:50 ----HDC---- C:\WINDOWS\$NtUninstallKB925398_WMP64$
2010-04-24 20:13:43 ----HDC---- C:\WINDOWS\$NtUninstallKB911564$
2010-04-24 20:13:41 ----HDC---- C:\WINDOWS\$NtUninstallKB901214$
2010-04-24 20:13:35 ----HDC---- C:\WINDOWS\$NtUninstallKB935840$
2010-04-24 20:13:34 ----HDC---- C:\WINDOWS\$NtUninstallKB936357$
2010-04-24 20:13:34 ----HDC---- C:\WINDOWS\$NtUninstallKB926255$
2010-04-24 20:13:31 ----HDC---- C:\WINDOWS\$NtUninstallKB941693$
2010-04-24 20:13:31 ----HDC---- C:\WINDOWS\$NtUninstallKB927891$
2010-04-24 20:13:27 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2010-04-24 20:13:26 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2010-04-24 20:13:26 ----HDC---- C:\WINDOWS\$NtUninstallKB930916$
2010-04-24 20:13:25 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
2010-04-24 20:13:23 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$
2010-04-24 20:13:17 ----HDC---- C:\WINDOWS\$NtUninstallKB927779$
2010-04-24 20:13:11 ----HDC---- C:\WINDOWS\$NtUninstallKB904706$
2010-04-24 20:13:10 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
2010-04-24 20:13:09 ----HDC---- C:\WINDOWS\$NtUninstallKB942615$
2010-04-24 20:13:08 ----HDC---- C:\WINDOWS\$NtUninstallKB887472$
2010-04-24 20:13:07 ----D---- C:\WINDOWS\system32\oobe
2010-04-24 20:13:06 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$
2010-04-24 20:13:01 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2010-04-24 20:13:00 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2010-04-24 20:12:43 ----HDC---- C:\WINDOWS\$NtUninstallKB946026$
2010-04-24 20:12:40 ----HDC---- C:\WINDOWS\$NtUninstallKB941644$
2010-04-24 20:12:33 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2010-04-24 20:12:30 ----HDC---- C:\WINDOWS\$NtUninstallKB943460$
2010-04-24 20:12:19 ----HDC---- C:\WINDOWS\$NtUninstallKB952287_0$
2010-04-24 20:12:17 ----D---- C:\WINDOWS\system32\en-us
2010-04-24 20:12:15 ----HDC---- C:\WINDOWS\$NtUninstallKB929123$
2010-04-24 20:12:13 ----HDC---- C:\WINDOWS\$NtUninstallKB924270$
2010-04-24 20:12:08 ----HDC---- C:\WINDOWS\$MSI30UninstallMSI30-KB884016$
2010-04-24 20:12:07 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2010-04-24 20:12:06 ----HDC---- C:\WINDOWS\$NtUninstallKB941202$
2010-04-24 20:12:06 ----D---- C:\WINDOWS\system32\inetsrv
2010-04-24 20:12:05 ----HDC---- C:\WINDOWS\$NtUninstallKB956803_0$
2010-04-24 20:11:55 ----D---- C:\WINDOWS\srchasst
2010-04-24 20:11:51 ----D---- C:\WINDOWS\system32\1029
2010-04-24 20:11:50 ----HDC---- C:\WINDOWS\$NtUninstallKB954211_0$
2010-04-24 20:11:50 ----HDC---- C:\WINDOWS\$NtUninstallKB950749$
2010-04-24 20:11:46 ----HDC---- C:\WINDOWS\$NtUninstallKB945553$
2010-04-24 20:11:39 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2010-04-24 20:11:37 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2010-04-24 20:11:36 ----HDC---- C:\WINDOWS\$NtUninstallKB901017$
2010-04-24 20:11:34 ----HDC---- C:\WINDOWS\$NtUninstallKB910437$
2010-04-24 20:11:30 ----HDC---- C:\WINDOWS\$NtUninstallKB911562$
2010-04-24 20:11:29 ----D---- C:\WINDOWS\system32\usmt
2010-04-24 20:11:27 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2010-04-24 20:11:26 ----HDC---- C:\WINDOWS\$NtUninstallKB958644_0$
2010-04-24 20:11:24 ----HDC---- C:\WINDOWS\$NtUninstallKB900485$
2010-04-24 20:11:21 ----HDC---- C:\WINDOWS\$NtUninstallKB938828$
2010-04-24 20:11:19 ----D---- C:\WINDOWS\network diagnostic
2010-04-24 20:11:17 ----HDC---- C:\WINDOWS\$NtUninstallKB970653-v3$
2010-04-24 20:11:16 ----HDC---- C:\WINDOWS\$NtUninstallKB913580$
2010-04-24 20:11:15 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2010-04-24 20:11:14 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2010-04-24 20:11:10 ----HDC---- C:\WINDOWS\$NtUninstallKB923191$
2010-04-24 20:11:10 ----HDC---- C:\WINDOWS\$NtUninstallKB920213$
2010-04-24 20:11:10 ----D---- C:\WINDOWS\peernet
2010-04-24 20:11:09 ----D---- C:\WINDOWS\EHome
2010-04-24 20:11:03 ----D---- C:\WINDOWS\AppPatch
2010-04-24 20:11:02 ----HDC---- C:\WINDOWS\$NtUninstallKB957095_0$
2010-04-24 20:11:02 ----HDC---- C:\WINDOWS\$NtUninstallKB885836$
2010-04-24 20:10:52 ----HDC---- C:\WINDOWS\$NtUninstallKB942763$
2010-04-24 20:10:52 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2010-04-24 20:10:51 ----RSD---- C:\WINDOWS\Fonts
2010-04-24 20:08:48 ----D---- C:\Program Files\ICQ6.5
2010-04-24 20:08:32 ----D---- C:\Program Files\Montezumova pomsta
2010-04-24 20:08:29 ----D---- C:\Program Files\Internet Explorer
2010-04-24 20:08:28 ----D---- C:\Program Files\Lexmark P910 Series
2010-04-24 20:08:05 ----D---- C:\Program Files\Outlook Express
2010-04-24 20:07:44 ----D---- C:\Program Files\Bonjour
2010-04-24 20:07:22 ----D---- C:\Program Files\FaxTools
2010-04-24 20:07:08 ----D---- C:\Program Files\Lexmark X1100 Series
2010-04-24 20:06:56 ----D---- C:\Program Files\Apple Software Update
2010-04-24 20:06:54 ----D---- C:\Program Files\Codec Pack - All In 1
2010-04-24 20:06:33 ----D---- C:\Program Files\Hledači pokladů
2010-04-24 20:06:00 ----D---- C:\Program Files\Diablo
2010-04-24 20:05:54 ----D---- C:\Program Files\Online Services
2010-04-24 20:05:38 ----D---- C:\Program Files\Search Settings
2010-04-24 20:05:07 ----D---- C:\Program Files\Lexmark Fax Solutions
2010-04-24 20:05:02 ----D---- C:\Program Files\Windows NT
2010-04-24 20:04:59 ----D---- C:\Program Files\ABBYY FineReader 5.0 Sprint
2010-04-24 20:04:44 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-04-24 20:04:02 ----D---- C:\Program Files\Common Files\Teleca Shared
2010-04-24 20:03:48 ----D---- C:\Program Files\Common Files\System
2010-04-24 20:03:43 ----D---- C:\Program Files\InfraRecorder
2010-04-24 20:03:41 ----D---- C:\Program Files\Amulet věků - Útěk z Pompejí
2010-04-24 20:03:24 ----D---- C:\Program Files\bfgclient
2010-04-24 20:03:17 ----D---- C:\Program Files\Řečtí hrdinové
2010-04-24 20:02:42 ----D---- C:\Program Files\Common Files\DESIGNER
2010-04-24 20:02:41 ----D---- C:\Program Files\Záhadné město - Zlatá Praha
2010-04-24 20:02:22 ----D---- C:\Program Files\DAEMON Tools Lite
2010-04-24 20:02:10 ----D---- C:\Program Files\IrfanView
2010-04-24 20:01:18 ----D---- C:\Program Files\Microsoft Works
2010-04-24 20:01:12 ----D---- C:\Program Files\iTunes
2010-04-24 20:00:52 ----D---- C:\Program Files\Movie Maker
2010-04-24 20:00:21 ----D---- C:\Program Files\Common Files\Skype
2010-04-24 20:00:18 ----D---- C:\Program Files\Windows Media Connect 2
2010-04-24 19:59:20 ----D---- C:\Program Files\Cesta kolem světa za 80 dní
2010-04-24 19:59:16 ----D---- C:\Program Files\Spawn
2010-04-24 19:59:12 ----D---- C:\Program Files\NetMeeting
2010-04-24 19:58:42 ----D---- C:\Program Files\Windows Media Player
2010-04-24 19:58:38 ----D---- C:\Program Files\Messenger
2010-04-24 19:58:35 ----D---- C:\Program Files\Natalie Brooks - Záhada domu pokladů
2010-04-24 19:58:11 ----D---- C:\Program Files\QuickTime
2010-04-24 19:58:10 ----D---- C:\Program Files\ICQToolbar
2010-04-24 19:57:07 ----HDC---- C:\WINDOWS\$NtUninstallKB961373$
2010-04-24 19:57:01 ----HDC---- C:\WINDOWS\$NtUninstallKB951066_0$
2010-04-24 19:56:43 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2010-04-24 19:56:26 ----HDC---- C:\WINDOWS\$NtUninstallKB923414$
2010-04-24 19:56:07 ----HDC---- C:\WINDOWS\$NtUninstallKB920670$
2010-04-24 19:55:11 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2010-04-24 19:55:04 ----HDC---- C:\WINDOWS\$NtUninstallKB935448$
2010-04-24 19:55:02 ----HDC---- C:\WINDOWS\$NtUninstallKB873339$
2010-04-24 19:54:31 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2010-04-24 19:54:19 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2010-04-24 19:54:09 ----HDC---- C:\WINDOWS\$NtUninstallKB931784$
2010-04-24 19:54:06 ----D---- C:\WINDOWS\system32\Com
2010-04-24 19:54:04 ----HDC---- C:\WINDOWS\$NtUninstallKB904942$
2010-04-24 19:53:32 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
2010-04-24 19:53:30 ----HDC---- C:\WINDOWS\$NtUninstallKB908519$
2010-04-24 19:53:29 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2010-04-24 19:53:22 ----HDC---- C:\WINDOWS\$NtUninstallKB943460_0$
2010-04-24 19:53:09 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2010-04-24 19:53:01 ----HDC---- C:\WINDOWS\$NtUninstallKB928255$
2010-04-24 19:53:00 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2010-04-24 19:52:45 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2010-04-24 19:52:25 ----HDC---- C:\WINDOWS\$NtUninstallKB917953$
2010-04-24 19:52:12 ----HDC---- C:\WINDOWS\$NtUninstallKB920872$
2010-04-24 19:52:10 ----HDC---- C:\WINDOWS\$NtUninstallKB927802$
2010-04-24 19:52:06 ----HDC---- C:\WINDOWS\$NtUninstallKB900725$
2010-04-24 19:52:03 ----HDC---- C:\WINDOWS\$NtUninstallKB931261$
2010-04-24 19:51:56 ----D---- C:\544bb45b092662f69445d58064
2010-04-24 19:51:35 ----HDC---- C:\WINDOWS\$NtUninstallKB896423$
2010-04-24 19:50:53 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2010-04-24 19:50:34 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP9$
2010-04-24 19:50:22 ----HDC---- C:\WINDOWS\$NtUninstallKB956841_0$
2010-04-24 19:50:21 ----D---- C:\WINDOWS\system32\bits
2010-04-24 19:50:11 ----D---- C:\WINDOWS\msagent
2010-04-24 19:49:59 ----HDC---- C:\WINDOWS\$NtUninstallKB932168$
2010-04-24 19:49:03 ----HDC---- C:\WINDOWS\$NtUninstallKB920683$
2010-04-24 19:48:34 ----D---- C:\WINDOWS\system32\XPSViewer
2010-04-24 19:48:31 ----HDC---- C:\WINDOWS\$NtUninstallKB911927$
2010-04-24 19:48:30 ----HDC---- C:\WINDOWS\$NtUninstallKB899591$
2010-04-24 19:48:28 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2010-04-24 19:48:24 ----HDC---- C:\WINDOWS\$NtUninstallKB922582$
2010-04-24 19:48:22 ----HDC---- C:\WINDOWS\$NtUninstallKB937894$
2010-04-24 19:48:06 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2010-04-24 19:48:03 ----HDC---- C:\WINDOWS\$NtUninstallKB951698_0$
2010-04-24 19:47:56 ----HDC---- C:\WINDOWS\$NtUninstallKB914389$
2010-04-24 19:47:45 ----D---- C:\WINDOWS\system32\URTTEMP
2010-04-24 19:47:40 ----D---- C:\WINDOWS\twain_32
2010-04-24 19:47:29 ----HDC---- C:\WINDOWS\$NtUninstallKB914388$
2010-04-24 19:47:17 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2010-04-24 19:47:05 ----HDC---- C:\WINDOWS\$NtUninstallKB923980$
2010-04-24 19:46:57 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2_0$
2010-04-24 19:45:19 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2010-04-24 19:45:16 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2010-04-24 19:45:14 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$
2010-04-24 19:45:10 ----HDC---- C:\WINDOWS\$NtUninstallKB917344$
2010-04-24 19:44:51 ----D---- C:\WINDOWS\Help
2010-04-24 19:44:48 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2010-04-24 19:44:14 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$
2010-04-24 19:42:48 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2010-04-24 19:42:38 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2010-04-24 19:42:28 ----HDC---- C:\WINDOWS\$NtUninstallKB941568$
2010-04-24 19:42:24 ----HDC---- C:\WINDOWS\$NtUninstallKB937143$
2010-04-24 19:42:06 ----HDC---- C:\WINDOWS\$NtUninstallKB916595$
2010-04-24 19:41:59 ----HDC---- C:\WINDOWS\$NtUninstallKB888302$
2010-04-24 19:41:33 ----HDC---- C:\WINDOWS\ie8
2010-04-24 19:41:17 ----HDC---- C:\WINDOWS\$NtUninstallKB899587$
2010-04-24 19:40:03 ----HDC---- C:\WINDOWS\$NtUninstallKB938829$
2010-04-24 19:40:03 ----HDC---- C:\WINDOWS\$NtUninstallKB908531$
2010-04-24 19:40:01 ----HDC---- C:\WINDOWS\$NtUninstallKB926436$
2010-04-24 19:39:57 ----D---- C:\WINDOWS\system32\1033
2010-04-24 19:39:56 ----HDC---- C:\WINDOWS\$NtUninstallKB930178$
2010-04-24 19:39:20 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2010-04-24 19:39:03 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2010-04-24 19:38:50 ----HDC---- C:\WINDOWS\$NtUninstallKB952954_0$
2010-04-24 19:38:49 ----HDC---- C:\WINDOWS\$NtUninstallKB902400$
2010-04-24 19:38:48 ----HDC---- C:\WINDOWS\$NtUninstallKB933729$
2010-04-24 19:38:46 ----HDC---- C:\WINDOWS\$NtUninstallKB891781$
2010-04-24 19:38:39 ----D---- C:\WINDOWS\system32\Restore
2010-04-24 19:38:38 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$
2010-04-24 19:38:14 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2010-04-24 19:37:30 ----HDC---- C:\WINDOWS\$NtUninstallKB932823-v3$
2010-04-24 19:37:25 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2010-04-24 19:37:15 ----HDC---- C:\WINDOWS\$NtUninstallKB894391$
2010-04-24 19:37:08 ----HDC---- C:\WINDOWS\$NtUninstallKB938127$
2010-04-24 19:37:03 ----HDC---- C:\WINDOWS\$NtUninstallKB951376_0$
2010-04-24 19:36:53 ----HDC---- C:\WINDOWS\$NtUninstallKB896358$
2010-04-24 19:36:46 ----HDC---- C:\WINDOWS\$NtUninstallKB968816_WM9$
2010-04-24 19:36:29 ----HDC---- C:\WINDOWS\$NtUninstallKB905749$
2010-04-24 19:36:28 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2010-04-24 19:35:59 ----HDC---- C:\WINDOWS\$NtUninstallKB948590$
2010-04-24 19:35:48 ----HDC---- C:\WINDOWS\$NtUninstallKB919007$
2010-04-24 19:35:39 ----HDC---- C:\WINDOWS\$NtUninstallKB918118$
2010-04-24 19:35:32 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2010-04-24 19:35:24 ----HDC---- C:\WINDOWS\$NtUninstallKB943485$
2010-04-24 19:35:00 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2010-04-24 19:34:55 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2010-04-24 19:34:53 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
2010-04-24 19:34:25 ----HDC---- C:\WINDOWS\$NtUninstallKB886185$
2010-04-24 19:33:51 ----HDC---- C:\WINDOWS\$NtUninstallKB971961$
2010-04-24 19:33:43 ----HDC---- C:\WINDOWS\$NtUninstallKB924667$
2010-04-24 19:33:39 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2010-04-24 19:33:28 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2010-04-24 19:33:17 ----HDC---- C:\WINDOWS\$NtUninstallKB939653$
2010-04-24 19:33:09 ----D---- C:\WINDOWS\system32\RTCOM
2010-04-24 19:32:58 ----D---- C:\WINDOWS\system
2010-04-24 19:32:51 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2010-04-24 19:32:41 ----HDC---- C:\WINDOWS\$NtUninstallKB911280$
2010-04-24 19:32:33 ----HDC---- C:\WINDOWS\$NtUninstallKB925902$
2010-04-24 19:32:00 ----D---- C:\WINDOWS\PAC207
2010-04-24 19:31:59 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2010-04-24 19:31:57 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2010-04-24 19:31:29 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2010-04-24 19:31:15 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2010-04-24 19:31:14 ----HDC---- C:\WINDOWS\$NtUninstallKB922819$
2010-04-24 19:31:10 ----D---- C:\WINDOWS\system32\npp
2010-04-24 19:31:02 ----HDC---- C:\WINDOWS\$NtUninstallKB942840$
2010-04-24 19:30:50 ----HDC---- C:\WINDOWS\ie7
2010-04-24 19:30:35 ----D---- C:\WINDOWS\system32\cs-cz
2010-04-24 19:30:11 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2010-04-24 19:30:05 ----HDC---- C:\WINDOWS\$NtUninstallKB928843$
2010-04-24 19:29:55 ----D---- C:\WINDOWS\ime
2010-04-24 19:29:44 ----HDC---- C:\WINDOWS\$NtUninstallKB956844$
2010-04-24 19:29:30 ----HDC---- C:\WINDOWS\$NtUninstallKB905414$
2010-04-24 19:29:23 ----HDC---- C:\WINDOWS\$NtUninstallKB918439$
2010-04-24 19:29:21 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2010-04-24 19:29:17 ----HDC---- C:\WINDOWS\$NtUninstallKB893756$
2010-04-24 19:29:07 ----HDC---- C:\WINDOWS\$NtUninstallKB890859$
2010-04-24 19:28:52 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2010-04-24 19:28:39 ----HDC---- C:\WINDOWS\$NtUninstallKB946648_0$
2010-04-24 19:28:19 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2010-04-24 19:28:18 ----D---- C:\WINDOWS\system32\wbem
2010-04-24 19:27:52 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2010-04-24 19:27:52 ----HDC---- C:\WINDOWS\$NtUninstallKB896428$
2010-04-24 19:27:51 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2010-04-24 19:27:46 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2010-04-24 19:27:45 ----HDC---- C:\WINDOWS\$NtUninstallKB935839$
2010-04-24 19:27:15 ----D---- C:\WINDOWS\system32\Setup
2010-04-24 19:27:14 ----HDC---- C:\WINDOWS\$NtUninstallKB950762_0$
2010-04-24 19:27:13 ----HDC---- C:\WINDOWS\$NtUninstallKB936021$
2010-04-24 19:27:12 ----HDC---- C:\WINDOWS\$NtUninstallKB920685$
2010-04-24 18:25:02 ----SD---- C:\WINDOWS\Tasks
2010-04-24 11:53:43 ----HD---- C:\WINDOWS\$hf_mig$
2010-04-24 11:53:14 ----D---- C:\WINDOWS\ie8updates
2010-04-24 07:18:03 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-04-24 07:13:35 ----A---- C:\WINDOWS\win.ini
2010-04-24 07:13:32 ----D---- C:\WINDOWS\system32\CatRoot
2010-04-24 07:09:45 ----D---- C:\WINDOWS\WinSxS
2010-04-14 18:47:03 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-04-06 10:52:56 ----A---- C:\WINDOWS\system32\MRT.exe
2010-04-05 10:49:56 ----D---- C:\Documents and Settings\Administrator\Data aplikací\ICQ
2010-04-04 11:18:09 ----D---- C:\Program Files\Lx_cats

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-04-14 28880]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-04-14 162768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-04-14 46672]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2004-05-05 4228]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-04-14 19024]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-04-14 100432]
R2 irda;Protokol IrDA; C:\WINDOWS\System32\DRIVERS\irda.sys [2008-04-13 88192]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-04-14 23376]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-02-02 1975296]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-11-03 4394496]
R3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\System32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\System32\DRIVERS\Rtenicxp.sys [2006-08-14 83200]
R3 SoC PC-Camera Service;CANYON CN-WCAM21 PC-Camera; C:\WINDOWS\system32\DRIVERS\pfc027.sys [2004-09-01 138396]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 axdqepzw;axdqepzw; C:\WINDOWS\system32\drivers\axdqepzw.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SANDRA;SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\WNt500x86\Sandra.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Ad-Aware 2007 Service; C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe [2008-03-19 607576]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-02-02 446464]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-04-14 40384]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2007-01-31 96370]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 LexBceS;LexBce Server; C:\WINDOWS\system32\LEXBCES.EXE [2003-08-18 303104]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-09-30 935208]
R2 SandraAgentSrv;SiSoftware Deployment Agent Service; C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe [2008-04-22 98488]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-04-14 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-04-14 40384]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
R3 lxby_device;lxby_device; C:\WINDOWS\system32\lxbycoms.exe [2005-01-06 462848]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-05-03 182768]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#8 Příspěvek od **Caroprd111** » 26 dub 2010 19:39

Potřebuji ten log z OTL po aplikaci skriptu.

panas · #9 Příspěvek od **panas** » 26 dub 2010 19:43

Jakmile jsem dala OPRAVIT, restartovalo se to, ale žádný nový log nemám

#10 Příspěvek od **Caroprd111** » 26 dub 2010 19:48

Podívejte se do C:\_OTL\MovedFiles

panas · #11 Příspěvek od **panas** » 26 dub 2010 19:51

hmm...prázdné

#12 Příspěvek od **Caroprd111** » 26 dub 2010 19:53

Stáhněte a uložte, nejlépe na plochu http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypněte všechny rezidentní bezpečnostní programy - firewally, antiviry, antispywary
Spusťte aplikaci pod účtem s oprávněním Administrátora (Správce), ihned po startu se zobrazí stránka s licenčními podmínkami, pokračujte stisknutím tlačítka "Ano"
Dále postupujte dle pokynů, během scanu nespouštějte jiné aplikace a neklikejte do zobrazujícího se okna
Scan by měl trvat okolo 5 - 10 minut, po dokončení Combofix zobrazí log C:\ComboFix.txt , který sem vložte.
Během skenování může být počítač restartován.

panas · #13 Příspěvek od **panas** » 26 dub 2010 20:18

log z Combofix

ComboFix 10-04-26.02 - Administrator 26.04.2010 21:05:12.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.895.570 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Data aplikací\Microsoft\Internet Explorer\Quick Launch\Desktop Security 2010.lnk
c:\program files\Internet Explorer\setup.exe
c:\program files\Search Settings
c:\program files\Search Settings\kb126\SearchSettings.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-03-26 do 2010-04-26 )))))))))))))))))))))))))))))))
.

2010-04-26 18:27 . 2010-04-26 18:27 -------- d-----w- C:\_OTL
2010-04-26 17:32 . 2010-04-26 18:30 -------- d-----w- c:\program files\trend micro
2010-04-26 17:32 . 2010-04-26 17:33 -------- d-----w- C:\rsit
2010-04-23 16:19 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-04-23 16:18 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-04-23 16:17 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-04-23 16:01 . 2009-08-06 17:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-04-23 16:01 . 2009-08-06 17:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-04-20 03:17 . 2010-04-24 17:59 -------- d-----w- c:\program files\Microsoft Silverlight
2010-04-15 14:53 . 2010-04-24 18:01 -------- d-----w- c:\program files\Feng Šuej Mahjong

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-26 14:50 . 2001-10-25 12:00 83652 ----a-w- c:\windows\system32\perfc005.dat
2010-04-26 14:50 . 2001-10-25 12:00 440316 ----a-w- c:\windows\system32\perfh005.dat
2010-04-24 18:08 . 2009-07-15 08:03 -------- d-----w- c:\program files\ICQ6.5
2010-04-24 18:08 . 2009-02-05 08:43 -------- d-----w- c:\program files\Montezumova pomsta
2010-04-24 18:08 . 2009-07-16 13:21 -------- d-----w- c:\program files\Lexmark P910 Series
2010-04-24 18:07 . 2008-10-14 10:28 -------- d-----w- c:\program files\Bonjour
2010-04-24 18:07 . 2007-09-25 16:47 -------- d-----w- c:\program files\FaxTools
2010-04-24 18:07 . 2007-09-25 16:44 -------- d-----w- c:\program files\Lexmark X1100 Series
2010-04-24 18:06 . 2008-10-14 10:11 -------- d-----w- c:\program files\Apple Software Update
2010-04-24 18:06 . 2008-03-13 13:38 -------- d-----w- c:\program files\Codec Pack - All In 1
2010-04-24 18:06 . 2009-11-13 19:40 -------- d-----w- c:\program files\Hledači pokladů
2010-04-24 18:06 . 2009-11-05 16:59 -------- d-----w- c:\program files\Diablo
2010-04-24 18:05 . 2008-10-31 08:13 -------- d-----w- c:\program files\Lexmark Fax Solutions
2010-04-24 18:04 . 2007-09-25 16:47 -------- d-----w- c:\program files\ABBYY FineReader 5.0 Sprint
2010-04-24 18:04 . 2008-06-02 14:15 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-04-24 18:04 . 2008-12-31 10:23 -------- d-----w- c:\program files\Common Files\Teleca Shared
2010-04-24 18:03 . 2008-05-30 07:52 -------- d-----w- c:\program files\InfraRecorder
2010-04-24 18:03 . 2009-08-13 16:39 -------- d-----w- c:\program files\Amulet věků - Útěk z Pompejí
2010-04-24 18:03 . 2008-11-11 18:50 -------- d-----w- c:\program files\bfgclient
2010-04-24 18:03 . 2008-11-13 15:53 -------- d-----w- c:\program files\Řečtí hrdinové
2010-04-24 18:02 . 2010-03-10 17:30 -------- d-----w- c:\program files\Záhadné město - Zlatá Praha
2010-04-24 18:02 . 2008-05-19 16:37 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-04-24 18:02 . 2009-04-29 04:52 -------- d-----w- c:\program files\IrfanView
2010-04-24 18:01 . 2008-09-16 08:17 -------- d-----w- c:\program files\Microsoft Works
2010-04-24 18:01 . 2008-10-14 10:28 -------- d-----w- c:\program files\iTunes
2010-04-24 18:00 . 2008-10-09 17:35 -------- d-----w- c:\program files\Common Files\Skype
2010-04-24 18:00 . 2007-12-01 15:35 -------- d-----w- c:\program files\Windows Media Connect 2
2010-04-24 17:59 . 2009-02-23 08:13 -------- d-----w- c:\program files\Cesta kolem světa za 80 dní
2010-04-24 17:59 . 2009-11-05 16:59 -------- d-----w- c:\program files\Spawn
2010-04-24 17:58 . 2009-11-02 16:52 -------- d-----w- c:\program files\Natalie Brooks - Záhada domu pokladů
2010-04-24 17:58 . 2008-10-14 10:20 -------- d-----w- c:\program files\QuickTime
2010-04-24 17:58 . 2008-02-13 13:21 -------- d-----w- c:\program files\ICQToolbar
2010-04-14 16:47 . 2007-09-23 15:44 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-04-14 16:47 . 2007-09-23 15:44 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-04-14 16:35 . 2007-09-23 15:44 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-04-14 16:35 . 2008-04-13 04:22 162768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-04-14 16:31 . 2007-09-23 15:44 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-04-14 16:31 . 2007-09-23 15:44 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-04-14 16:31 . 2007-09-23 15:44 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-04-14 16:31 . 2008-04-13 04:22 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-04-14 16:30 . 2007-09-23 15:44 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-04-04 09:18 . 2008-05-14 15:18 -------- d-----w- c:\program files\Lx_cats
2010-03-13 17:47 . 2007-09-23 15:44 -------- d-----w- c:\program files\Alwil Software
2010-03-10 06:17 . 2001-10-25 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:18 . 2001-10-25 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2001-10-25 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 19:08 . 2001-10-25 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:08 . 2001-10-24 11:46 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:35 . 2001-10-25 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2001-10-25 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2009-11-16 172792]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-03 39408]
"SecurityCenter"="c:\documents and settings\Administrator\Data aplikací\Desktop Security 2010\securitycenter.exe" [2010-04-22 146432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 16269312]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"EzPrint"="c:\program files\Lexmark P910 Series\ezprint.exe" [2004-09-17 61440]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2004-11-22 299008]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"Lexmark X1100 Series"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 57344]
"lxbymon.exe"="c:\program files\Lexmark P910 Series\lxbymon.exe" [2005-01-18 196608]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-04-14 2790472]
"LXBYCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXBYtime.dll" [2004-11-02 69632]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Administrator\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 20:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 03:22 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-09-06 13:09 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\lxbycoms.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2c\\RpcAgentSrv.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2c\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.icd"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [13.4.2008 6:22 162768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [13.4.2008 6:22 19024]
R2 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe [19.5.2008 20:14 98488]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [19.5.2008 18:31 717296]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.atlas.cz/?from=icqhp
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\y1ijpbxa.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=vmn&type=vendio&p=
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCortona.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.prefetch-next - true
FF - user.js: nglayout.initialpaint.delay - 250
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: browser.urlbar.autoFill - false
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
FF - user.js: browser.urlbar.hideGoButton - false
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-AWMON - c:\progra~1\Lavasoft\AD-AWA~1\Ad-Watch.exe
HKCU-Run-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe
HKLM-Run-SANDRASandra - c:\program files\sisoftware\sisoftware sandra lite xii.sp2c\wnt500ia64\sisoftwaresandra10.11.1.1.exe
MSConfigStartUp-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe
MSConfigStartUp-SearchSettings - c:\program files\Search Settings\SearchSettings.exe
AddRemove-Desktop Security 2010 - c:\documents and settings\Administrator\Data aplikací\Desktop Security 2010\securityhelper.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-26 21:09
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXBYCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXBYtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-606747145-854245398-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,94,e1,3e,b0,83,af,0b,43,97,e2,2e,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,94,e1,3e,b0,83,af,0b,43,97,e2,2e,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\ćHőwć*]
"DisplayName"="???\17?\11\09"
"DeviceDesc"="???\17?\11\09"
"ProviderName"="???\11?\17?\11??"
"MFG"="???????"
"ReinstallString"=".10.1000.7"
"DeviceInstanceIds"=multi:"d:\\drivers\\sb\\ati\\xp64_mce_xp_2k(5.10.1000.7)\\smbus\\smbusati.inf\00"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(796)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-04-26 21:10:43
ComboFix-quarantined-files.txt 2010-04-26 19:10

Před spuštěním: Volných bajtů: 86 145 040 384
Po spuštění: Volných bajtů: 86 308 519 936

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - 68DF1D8E7EF16B8433748574459BF9A7

#14 Příspěvek od **Caroprd111** » 26 dub 2010 20:33

Pokud nemáte, přesuňte Combofix na plochu

Otevřete si Poznámkový blok a zkopírujte do něj text z bílého okénka.

Kód: Vybrat vše

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SecurityCenter"=-

Folder::
c:\documents and settings\Administrator\Data aplikací\Desktop Security 2010

RegNull::
[HKEY_USERS\S-1-5-21-606747145-854245398-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\ćHőwć*]

Uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
Po uložení uchopte vámi vytvořený skript levým myšítkem a přesuňte ho nad ikonu Combofixu, kde ho upustíte:
Po aplikaci na Vás vypadne další log,vložte ho sem

Může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

panas · #15 Příspěvek od **panas** » 26 dub 2010 20:47

ComboFix 10-04-26.02 - Administrator 26.04.2010 21:40:13.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.895.388 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Plocha\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Data aplikací\Desktop Security 2010
c:\documents and settings\Administrator\Data aplikací\Desktop Security 2010\Desktop Security 2010.exe
c:\documents and settings\Administrator\Data aplikací\Desktop Security 2010\mfc71.dll
c:\documents and settings\Administrator\Data aplikací\Desktop Security 2010\MFC71ENU.DLL
c:\documents and settings\Administrator\Data aplikací\Desktop Security 2010\msvcp71.dll
c:\documents and settings\Administrator\Data aplikací\Desktop Security 2010\msvcr71.dll
c:\documents and settings\Administrator\Data aplikací\Desktop Security 2010\securitycenter.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-03-26 do 2010-04-26 )))))))))))))))))))))))))))))))
.

2010-04-26 18:27 . 2010-04-26 18:27 -------- d-----w- C:\_OTL
2010-04-26 17:32 . 2010-04-26 18:30 -------- d-----w- c:\program files\trend micro
2010-04-26 17:32 . 2010-04-26 17:33 -------- d-----w- C:\rsit
2010-04-23 16:19 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-04-23 16:18 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-04-23 16:17 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-04-23 16:01 . 2009-08-06 17:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-04-23 16:01 . 2009-08-06 17:23 215920 ----a-w- c:\windows\system32\muweb.dll
2010-04-20 03:17 . 2010-04-24 17:59 -------- d-----w- c:\program files\Microsoft Silverlight
2010-04-15 14:53 . 2010-04-24 18:01 -------- d-----w- c:\program files\Feng Šuej Mahjong

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-26 14:50 . 2001-10-25 12:00 83652 ----a-w- c:\windows\system32\perfc005.dat
2010-04-26 14:50 . 2001-10-25 12:00 440316 ----a-w- c:\windows\system32\perfh005.dat
2010-04-24 18:08 . 2009-07-15 08:03 -------- d-----w- c:\program files\ICQ6.5
2010-04-24 18:08 . 2009-02-05 08:43 -------- d-----w- c:\program files\Montezumova pomsta
2010-04-24 18:08 . 2009-07-16 13:21 -------- d-----w- c:\program files\Lexmark P910 Series
2010-04-24 18:07 . 2008-10-14 10:28 -------- d-----w- c:\program files\Bonjour
2010-04-24 18:07 . 2007-09-25 16:47 -------- d-----w- c:\program files\FaxTools
2010-04-24 18:07 . 2007-09-25 16:44 -------- d-----w- c:\program files\Lexmark X1100 Series
2010-04-24 18:06 . 2008-10-14 10:11 -------- d-----w- c:\program files\Apple Software Update
2010-04-24 18:06 . 2008-03-13 13:38 -------- d-----w- c:\program files\Codec Pack - All In 1
2010-04-24 18:06 . 2009-11-13 19:40 -------- d-----w- c:\program files\Hledači pokladů
2010-04-24 18:06 . 2009-11-05 16:59 -------- d-----w- c:\program files\Diablo
2010-04-24 18:05 . 2008-10-31 08:13 -------- d-----w- c:\program files\Lexmark Fax Solutions
2010-04-24 18:04 . 2007-09-25 16:47 -------- d-----w- c:\program files\ABBYY FineReader 5.0 Sprint
2010-04-24 18:04 . 2008-06-02 14:15 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-04-24 18:04 . 2008-12-31 10:23 -------- d-----w- c:\program files\Common Files\Teleca Shared
2010-04-24 18:03 . 2008-05-30 07:52 -------- d-----w- c:\program files\InfraRecorder
2010-04-24 18:03 . 2009-08-13 16:39 -------- d-----w- c:\program files\Amulet věků - Útěk z Pompejí
2010-04-24 18:03 . 2008-11-11 18:50 -------- d-----w- c:\program files\bfgclient
2010-04-24 18:03 . 2008-11-13 15:53 -------- d-----w- c:\program files\Řečtí hrdinové
2010-04-24 18:02 . 2010-03-10 17:30 -------- d-----w- c:\program files\Záhadné město - Zlatá Praha
2010-04-24 18:02 . 2008-05-19 16:37 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-04-24 18:02 . 2009-04-29 04:52 -------- d-----w- c:\program files\IrfanView
2010-04-24 18:01 . 2008-09-16 08:17 -------- d-----w- c:\program files\Microsoft Works
2010-04-24 18:01 . 2008-10-14 10:28 -------- d-----w- c:\program files\iTunes
2010-04-24 18:00 . 2008-10-09 17:35 -------- d-----w- c:\program files\Common Files\Skype
2010-04-24 18:00 . 2007-12-01 15:35 -------- d-----w- c:\program files\Windows Media Connect 2
2010-04-24 17:59 . 2009-02-23 08:13 -------- d-----w- c:\program files\Cesta kolem světa za 80 dní
2010-04-24 17:59 . 2009-11-05 16:59 -------- d-----w- c:\program files\Spawn
2010-04-24 17:58 . 2009-11-02 16:52 -------- d-----w- c:\program files\Natalie Brooks - Záhada domu pokladů
2010-04-24 17:58 . 2008-10-14 10:20 -------- d-----w- c:\program files\QuickTime
2010-04-24 17:58 . 2008-02-13 13:21 -------- d-----w- c:\program files\ICQToolbar
2010-04-14 16:47 . 2007-09-23 15:44 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-04-14 16:47 . 2007-09-23 15:44 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-04-14 16:35 . 2007-09-23 15:44 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-04-14 16:35 . 2008-04-13 04:22 162768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-04-14 16:31 . 2007-09-23 15:44 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-04-14 16:31 . 2007-09-23 15:44 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-04-14 16:31 . 2007-09-23 15:44 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-04-14 16:31 . 2008-04-13 04:22 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-04-14 16:30 . 2007-09-23 15:44 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-04-04 09:18 . 2008-05-14 15:18 -------- d-----w- c:\program files\Lx_cats
2010-03-13 17:47 . 2007-09-23 15:44 -------- d-----w- c:\program files\Alwil Software
2010-03-10 06:17 . 2001-10-25 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:18 . 2001-10-25 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2001-10-25 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 19:08 . 2001-10-25 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 19:08 . 2001-10-24 11:46 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:35 . 2001-10-25 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2001-10-25 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2009-11-16 172792]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-03 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 16269312]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"EzPrint"="c:\program files\Lexmark P910 Series\ezprint.exe" [2004-09-17 61440]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2004-11-22 299008]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"Lexmark X1100 Series"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 57344]
"lxbymon.exe"="c:\program files\Lexmark P910 Series\lxbymon.exe" [2005-01-18 196608]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-04-14 2790472]
"LXBYCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXBYtime.dll" [2004-11-02 69632]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Administrator\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 20:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 03:22 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-09-06 13:09 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\lxbycoms.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2c\\RpcAgentSrv.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XII.SP2c\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.icd"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [13.4.2008 6:22 162768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [13.4.2008 6:22 19024]
R2 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite XII.SP2c\RpcAgentSrv.exe [19.5.2008 20:14 98488]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [19.5.2008 18:31 717296]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.atlas.cz/?from=icqhp
uInternet Settings,ProxyOverride = *.local
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\y1ijpbxa.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=vmn&type=vendio&p=
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCortona.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
FF - user.js: network.prefetch-next - true
FF - user.js: nglayout.initialpaint.delay - 250
FF - user.js: layout.spellcheckDefault - 1
FF - user.js: browser.urlbar.autoFill - false
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
FF - user.js: browser.urlbar.hideGoButton - false
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************
skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXBYCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXBYtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory:

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-606747145-854245398-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,94,e1,3e,b0,83,af,0b,43,97,e2,2e,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,94,e1,3e,b0,83,af,0b,43,97,e2,2e,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\ćHőwć*]
"DisplayName"="???\17?\11\09"
"DeviceDesc"="???\17?\11\09"
"ProviderName"="???\11?\17?\11??"
"MFG"="???????"
"ReinstallString"=".10.1000.7"
"DeviceInstanceIds"=multi:"d:\\drivers\\sb\\ati\\xp64_mce_xp_2k(5.10.1000.7)\\smbus\\smbusati.inf\00"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(796)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-04-26 21:45:16
ComboFix-quarantined-files.txt 2010-04-26 19:45
ComboFix2.txt 2010-04-26 19:10

Před spuštěním: Volných bajtů: 86 334 922 752
Po spuštění: Volných bajtů: 86 315 868 160

- - End Of File - - B18311D4FC76AE0B2BD6751C22317B92

VIRY.CZ

Jak na Desktop Security 2010? Prosíím...

Jak na Desktop Security 2010? Prosíím...

Re: Jak na Desktop Security 2010? Prosíím...

Re: Jak na Desktop Security 2010? Prosíím...

Re: Jak na Desktop Security 2010? Prosíím...

Re: Jak na Desktop Security 2010? Prosíím...

Re: Jak na Desktop Security 2010? Prosíím...

Re: Jak na Desktop Security 2010? Prosíím...

Re: Jak na Desktop Security 2010? Prosíím...

Re: Jak na Desktop Security 2010? Prosíím...

Re: Jak na Desktop Security 2010? Prosíím...

Re: Jak na Desktop Security 2010? Prosíím...

Re: Jak na Desktop Security 2010? Prosíím...

Re: Jak na Desktop Security 2010? Prosíím...

Re: Jak na Desktop Security 2010? Prosíím...

Re: Jak na Desktop Security 2010? Prosíím...