Prosím o preventivku

Zpráva

kazi21 · #31 Příspěvek od **kazi21** » 04 čer 2010 08:13

Dobry den jsem zde o co jde?
Mam poslat znovu log mam jen 15 minut pak du do prace

#32 Příspěvek od **vyosek** » 04 čer 2010 08:15

Zdravim,

nene log neni zatim treba

Stahnete SytemLook (viz muj podpis) a ulozte jej na plochu

Do okna vlozte skript nize
Kód: Vybrat vše
```
:filefind
autochk.exe
```
Kliknete na Look
Na plose se Vam vytvori log s nazvem SystemLook, jeho obsah mi sem vlozte

kazi21 · #33 Příspěvek od **kazi21** » 04 čer 2010 08:18

Tak zde je log ale o co jde jesli se muzu zeptat.Tak trochu mě to zajima?

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 09:17 on 04/06/2010 by vista (Administrator - Elevation successful)

========== filefind ==========

Searching for "autochk.exe"

#34 Příspěvek od **vyosek** » 04 čer 2010 08:26

Naughty píše:O34 - HKLM BootExecute: (autocheck autochk *) - File not found - muze chybet, legitimni soucast win, bych ho asi doplnil

Bohuzel SystemLook nam ho nenasel

Zkuste jeste jednou SystemLook s timto skriptem

Kód: Vybrat vše

:filefind
autochk*

Log opet sem, pokud ho nenajde, budu se muset poohlidnout po nejake nahrade na netu...
Nemusite spechat, budu tu v prubehu celeho dne a vecera

EDIT: log by na Vas mel vyskocit - dokud je v SystemLooku stale Scanning misto Look, tak SL stale hleda...

kazi21 · #35 Příspěvek od **kazi21** » 04 čer 2010 08:28

Uz musim jit!

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 09:28 on 04/06/2010 by vista (Administrator - Elevation successful)

========== filefind ==========

Searching for "autochk*"

#36 Příspěvek od **vyosek** » 04 čer 2010 08:34

OK, dokoncime to v klidu vecer...

Nenechal jste dokoncit praci SL - kliknete na LOOK a dokud misto nej bude Scanning a bude sede tak SL hleda - log vytvori sice hned ale do nej da poznamku ze jen hleda - to co jste dal neni vysledek hledani - je to i ma chyba...

Takze rekapitulace:

Spustit SystemLook
vlozit skrip
Kód: Vybrat vše
```
:filefind
autochk*
```
Klik na Look
Look se zmeni na Scanning
pockat az se Scanning opet zmeni na Look - je mozne ze bude hledat dlouho pac se musi pekne prohrabat vsemi soubory
Log z hledani by na Vas mel vyskocit -vlozte sem

kazi21 · #37 Příspěvek od **kazi21** » 04 čer 2010 10:36

Tak tady to je.PS:taky moje chybka měl jsem počkat

y SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 11:34 on 04/06/2010 by vista (Administrator - Elevation successful)

========== filefind ==========

Searching for "autochk*"
C:\Windows\System32\autochk.exe --a--- 643072 bytes [19:05 14/08/2009] [06:27 11/04/2009] 10761177A6EBE45843F443E99509F5E7
C:\Windows\System32\cs-CZ\autochk.exe.mui --a--- 258048 bytes [23:35 19/12/2008] [23:35 19/12/2008] 1CE8ADD8B3F8134F61892D54BF0D1286
C:\Windows\System32\en-US\autochk.exe.mui --a--- 233472 bytes [16:19 21/12/2008] [07:47 19/01/2008] 44ECE111DA2C47212B60EFFD0957FB96
C:\Windows\SysWOW64\autochk.exe --a--- 643072 bytes [19:05 14/08/2009] [06:27 11/04/2009] 10761177A6EBE45843F443E99509F5E7
C:\Windows\SysWOW64\cs-CZ\autochk.exe.mui --a--- 258048 bytes [23:35 19/12/2008] [23:35 19/12/2008] 1CE8ADD8B3F8134F61892D54BF0D1286
C:\Windows\SysWOW64\en-US\autochk.exe.mui --a--- 233472 bytes [16:19 21/12/2008] [07:47 19/01/2008] 44ECE111DA2C47212B60EFFD0957FB96
C:\Windows\winsxs\amd64_microsoft-windows-autochk.resources_31bf3856ad364e35_6.0.6000.16386_cs-cz_601f95cac606b9ac\autochk.exe.mui --a--- 247808 bytes [23:34 19/12/2008] [23:34 19/12/2008] 871D480A2746335B351BE0BDD2EDF17F
C:\Windows\winsxs\amd64_microsoft-windows-autochk.resources_31bf3856ad364e35_6.0.6000.16386_en-us_a375e126ad01160a\autochk.exe.mui --a--- 223744 bytes [15:13 02/11/2006] [15:13 02/11/2006] 625C876B691527641328CFB240F27B57
C:\Windows\winsxs\amd64_microsoft-windows-autochk.resources_31bf3856ad364e35_6.0.6001.18000_cs-cz_625657c6c2f1ca80\autochk.exe.mui --a--- 248320 bytes [23:35 19/12/2008] [23:35 19/12/2008] 729010AD24D1424910DC6C50F0A18C09
C:\Windows\winsxs\amd64_microsoft-windows-autochk.resources_31bf3856ad364e35_6.0.6001.18000_en-us_a5aca322a9ec26de\autochk.exe.mui --a--- 224256 bytes [16:19 21/12/2008] [08:12 19/01/2008] F1A635FCA85AE9DDF2D65EB953200B83
C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.0.6000.16386_none_3bdbc6d17d338351\autochk.exe --a--- 730112 bytes [09:03 02/11/2006] [11:15 02/11/2006] B56DB371DC4C6F791B2708EAA4814BB7
C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.0.6001.18000_none_3e1288cd7a1e9425\autochk.exe --a--- 733696 bytes [16:22 21/12/2008] [08:00 19/01/2008] F74203F70337352EEABADAE16A05EAEA
C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.0.6002.18005_none_3ffe01d977405f71\autochk.exe --a--- 734720 bytes [19:05 14/08/2009] [07:09 11/04/2009] E24D4475713CB382A720D003BDDA9628
C:\Windows\winsxs\x86_microsoft-windows-autochk.resources_31bf3856ad364e35_6.0.6000.16386_cs-cz_0400fa470da94876\autochk.exe.mui --a--- 258048 bytes [23:32 19/12/2008] [23:32 19/12/2008] AEA35F037F8E19865C1D4E155BB72F93
C:\Windows\winsxs\x86_microsoft-windows-autochk.resources_31bf3856ad364e35_6.0.6000.16386_en-us_475745a2f4a3a4d4\autochk.exe.mui --a--- 233472 bytes [15:13 02/11/2006] [15:13 02/11/2006] 1400EBBA85B7AB8B9DAF3E8035C7FF13
C:\Windows\winsxs\x86_microsoft-windows-autochk.resources_31bf3856ad364e35_6.0.6001.18000_cs-cz_0637bc430a94594a\autochk.exe.mui --a--- 258048 bytes [23:35 19/12/2008] [23:35 19/12/2008] 1CE8ADD8B3F8134F61892D54BF0D1286
C:\Windows\winsxs\x86_microsoft-windows-autochk.resources_31bf3856ad364e35_6.0.6001.18000_en-us_498e079ef18eb5a8\autochk.exe.mui --a--- 233472 bytes [16:19 21/12/2008] [07:47 19/01/2008] 44ECE111DA2C47212B60EFFD0957FB96
C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6000.16386_none_dfbd2b4dc4d6121b\autochk.exe --a--- 640000 bytes [12:13 02/11/2006] [09:44 02/11/2006] C08D1FE284C3330934E45D6E5F5B768B
C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6001.18000_none_e1f3ed49c1c122ef\autochk.exe --a--- 642560 bytes [16:21 21/12/2008] [07:33 19/01/2008] 2FC5BE79B51714B479809358E4908FC3
C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6002.18005_none_e3df6655bee2ee3b\autochk.exe --a--- 643072 bytes [19:05 14/08/2009] [06:27 11/04/2009] 10761177A6EBE45843F443E99509F5E7

-=End Of File=-

#38 Příspěvek od **vyosek** » 04 čer 2010 10:47

Zda se ze soubor je na svem miste, poprosim jeste kolegu Naughtyho o radu - byva tu az kolem vecera....

kazi21 · #39 Příspěvek od **kazi21** » 04 čer 2010 10:49

Tak zati diky

Do večera!

kazi21 · #40 Příspěvek od **kazi21** » 05 čer 2010 14:10

Cauky zde je log sorry za zdržení

fakt nabytost

OTL logfile created on: 5.6.2010 14:57:20 - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Users\vista\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 46,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 64,00% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 455,53 Gb Total Space | 207,01 Gb Free Space | 45,44% Space Free | Partition Type: NTFS
Drive D: | 10,23 Gb Total Space | 1,41 Gb Free Space | 13,83% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VISTA-PC
Current User Name: vista
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.06.05 14:56:54 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\vista\Desktop\OTL.exe
PRC - [2010.06.02 22:37:43 | 000,187,392 | -H-- | M] (Roman Svihalek, Advanced Software) -- C:\Windows\SysWOW64\asam\svchost.exe
PRC - [2010.06.02 22:37:43 | 000,187,392 | -H-- | M] (Roman Svihalek, Advanced Software) -- C:\Windows\SysWOW64\asam\svchost.exe
PRC - [2010.06.02 22:37:43 | 000,187,392 | -H-- | M] (Roman Svihalek, Advanced Software) -- C:\Windows\SysWOW64\asam\svchost.exe
PRC - [2010.06.02 22:37:40 | 000,256,512 | -H-- | M] () -- C:\Windows\SysWOW64\asam\rundll32.exe
PRC - [2010.05.27 08:40:16 | 000,971,968 | ---- | M] () -- C:\Program Files (x86)\Mail.Ru\Guard\GuardMailRu.exe
PRC - [2010.05.12 21:07:52 | 000,103,736 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2010.04.14 12:43:20 | 003,037,696 | ---- | M] (Crawler.com) -- C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
PRC - [2010.04.14 12:43:19 | 000,488,960 | ---- | M] (Crawler.com) -- C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe
PRC - [2010.03.25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2010.03.16 13:16:58 | 000,140,288 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
PRC - [2010.02.26 16:14:04 | 000,652,800 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
PRC - [2010.02.03 09:46:52 | 001,531,904 | ---- | M] (Nokia) -- C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe
PRC - [2010.01.27 02:58:38 | 000,256,280 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10e.exe
PRC - [2009.12.23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2009.11.16 10:04:30 | 000,735,960 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2009.10.27 10:15:02 | 000,120,832 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2009.08.06 15:57:46 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2008.12.06 16:57:20 | 000,114,840 | ---- | M] () -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe

========== Modules (SafeList) ==========

MOD - [2010.06.05 14:56:54 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\vista\Desktop\OTL.exe
MOD - [2009.04.11 08:28:18 | 000,450,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2008.01.19 09:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009.11.16 10:12:56 | 000,023,296 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV:64bit: - [2009.11.16 10:04:30 | 000,735,960 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2009.09.25 03:26:26 | 001,142,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2009.04.11 09:11:27 | 000,252,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009.04.11 09:11:14 | 000,604,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009.04.11 09:11:13 | 000,053,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bthserv.dll -- (BthServ)
SRV:64bit: - [2009.04.11 09:11:04 | 001,149,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbengine.exe -- (wbengine)
SRV:64bit: - [2008.01.19 10:06:50 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2008.01.19 10:00:52 | 000,195,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2008.01.19 10:00:17 | 000,689,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fxssvc.exe -- (Fax)
SRV - [2010.05.27 08:40:16 | 000,971,968 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Mail.Ru\Guard\GuardMailRu.exe -- (Guard.Mail.ru)
SRV - [2010.05.12 21:07:52 | 000,103,736 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2010.04.14 12:43:19 | 000,488,960 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe -- (sp_rssrv)
SRV - [2010.03.25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010.02.26 16:14:04 | 000,652,800 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009.12.23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009.08.06 15:57:46 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2009.03.30 06:39:54 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2006.11.02 15:34:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2006.11.02 08:35:15 | 000,060,994 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2006.11.02 08:35:15 | 000,055,846 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vss.mof -- (VSS)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2010.06.02 17:46:12 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.03.12 18:40:20 | 002,060,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\VX1000.sys -- (VX1000)
DRV:64bit: - [2010.02.26 14:33:40 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usbser_lowerfltx64j.sys -- (UsbserFilt)
DRV:64bit: - [2010.02.26 14:33:24 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2010.02.26 14:33:22 | 000,025,088 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdcx64)
DRV:64bit: - [2010.02.26 14:33:22 | 000,019,456 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcdx64)
DRV:64bit: - [2010.02.26 14:21:22 | 000,173,056 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64)
DRV:64bit: - [2010.02.26 14:21:20 | 000,012,288 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys -- (nmwcdnsucx64)
DRV:64bit: - [2009.12.18 16:02:26 | 000,123,200 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2009.11.16 10:03:42 | 000,136,584 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2009.11.16 09:56:16 | 000,145,336 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\eamon.sys -- (eamon)
DRV:64bit: - [2009.10.01 02:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009.05.09 02:14:20 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NuidFltr.sys -- (NuidFltr)
DRV:64bit: - [2009.05.01 20:53:51 | 000,033,344 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\hamachi.sys -- (hamachi)
DRV:64bit: - [2009.04.11 09:15:30 | 000,160,744 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\fvevol.sys -- (fvevol)
DRV:64bit: - [2009.04.11 07:40:06 | 000,694,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BTHport.sys -- (BTHPORT)
DRV:64bit: - [2009.04.11 07:39:57 | 000,178,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\rfcomm.sys -- (RFCOMM) Bluetooth Device (RFCOMM Protocol TDI)
DRV:64bit: - [2009.04.11 07:39:55 | 000,026,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\BthEnum.sys -- (BthEnum)
DRV:64bit: - [2009.04.11 07:39:53 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\BTHUSB.sys -- (BTHUSB)
DRV:64bit: - [2009.04.11 07:39:51 | 000,275,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV:64bit: - [2009.04.11 07:39:37 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usbser.sys -- (usbser)
DRV:64bit: - [2009.04.11 07:39:34 | 000,098,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV:64bit: - [2009.04.11 06:56:24 | 000,460,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2008.08.28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2008.01.19 08:38:16 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RootMdm.sys -- (ROOTMODEM)
DRV:64bit: - [2008.01.19 08:34:19 | 000,115,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bthpan.sys -- (BthPan) Bluetooth Device (Personal Area Network)
DRV:64bit: - [2007.06.19 08:50:54 | 000,143,400 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s816mdm.sys -- (s816mdm)
DRV:64bit: - [2007.06.19 08:50:48 | 000,018,472 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s816mdfl.sys -- (s816mdfl)
DRV:64bit: - [2007.06.19 08:50:46 | 000,107,048 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s816bus.sys -- (s816bus) Sony Ericsson Device 816 driver (WDM)
DRV - [2010.03.12 18:40:20 | 000,101,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\VX1000.dll -- (VX1000)
DRV - [2008.12.19 19:37:35 | 000,000,000 | ---D | M] [Kernel | System | Running] -- C:\Windows\CSC -- (CSC)
DRV - [2007.07.14 01:50:52 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)
DRV - [2006.09.18 23:36:40 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {83821C2B-32A8-4DD7-B6D4-44309A78E668} - C:\Program Files (x86)\Mail.Ru\Agent\Mra\dll\newmrasearch.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "http://www.mail.ru/"
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: "http://go.mail.ru/search?fr=fftb&utf8in&q="
FF - prefs.js..browser.search.order.1: "Crawler Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..keyword.URL: "http://go.mail.ru/search?utf8in=1&fr=fftbUFix&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\ [2010.01.07 21:04:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010.05.26 15:54:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2009.05.15 22:50:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.05.30 14:19:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010.02.22 20:47:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010.05.26 15:54:35 | 000,000,000 | ---D | M]

[2008.12.22 00:31:59 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\Mozilla\Extensions
[2010.05.31 13:13:37 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\Mozilla\Firefox\Profiles\39ywwxh5.default\extensions
[2010.03.06 20:16:15 | 000,000,000 | ---D | M] (WebTran) -- C:\Users\vista\AppData\Roaming\Mozilla\Firefox\Profiles\39ywwxh5.default\extensions\{003D3EDC-99B9-4a34-9C20-60CB94F7E829}
[2010.05.29 13:43:35 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Users\vista\AppData\Roaming\Mozilla\Firefox\Profiles\39ywwxh5.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2009.08.11 23:15:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\vista\AppData\Roaming\Mozilla\Firefox\Profiles\39ywwxh5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.01.22 08:06:19 | 000,000,000 | ---D | M] (ĐˇĐżŃŃ‚Đ˝Đ¸Đş @Mail.Ru) -- C:\Users\vista\AppData\Roaming\Mozilla\Firefox\Profiles\39ywwxh5.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}
[2009.01.16 14:33:28 | 000,000,000 | ---D | M] (free-downloads.net Toolbar) -- C:\Users\vista\AppData\Roaming\Mozilla\Firefox\Profiles\39ywwxh5.default\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949}
[2009.03.28 10:49:56 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\Mozilla\Firefox\Profiles\39ywwxh5.default\extensions\yasearch@yandex.ru
[2009.03.28 10:49:54 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\Mozilla\Firefox\Profiles\39ywwxh5.default\extensions\yasearch@yandex.ru\chrome\skin\extensions-hacks
[2009.06.18 18:05:35 | 000,000,523 | ---- | M] () -- C:\Users\vista\AppData\Roaming\Mozilla\Firefox\Profiles\39ywwxh5.default\searchplugins\daemon-search.xml
[2010.06.02 20:00:11 | 000,000,950 | ---- | M] () -- C:\Users\vista\AppData\Roaming\Mozilla\Firefox\Profiles\39ywwxh5.default\searchplugins\icqplugin-1.xml
[2009.12.30 01:20:38 | 000,000,944 | ---- | M] () -- C:\Users\vista\AppData\Roaming\Mozilla\Firefox\Profiles\39ywwxh5.default\searchplugins\icqplugin.xml
[2010.06.02 20:00:13 | 000,001,533 | ---- | M] () -- C:\Users\vista\AppData\Roaming\Mozilla\Firefox\Profiles\39ywwxh5.default\searchplugins\mailru---.xml
[2010.01.22 08:06:34 | 000,001,431 | ---- | M] () -- C:\Users\vista\AppData\Roaming\Mozilla\Firefox\Profiles\39ywwxh5.default\searchplugins\mailru.xml
[2010.06.02 19:59:00 | 000,001,196 | ---- | M] () -- C:\Users\vista\AppData\Roaming\Mozilla\Firefox\Profiles\39ywwxh5.default\searchplugins\winamp-search.xml
[2010.03.27 20:21:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2009.01.30 09:50:33 | 000,000,000 | ---D | M] (TorrentMan Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{7c5c0f58-e061-457d-9033-77307f5ed00c}
[2009.08.05 15:25:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2009.08.25 09:32:38 | 000,001,340 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\crawlersrch.xml
[2009.03.28 21:52:40 | 000,000,638 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.01.22 08:06:34 | 000,001,431 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\mailru.xml
[2009.03.28 21:52:40 | 000,001,687 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\mall-cz.xml
[2009.03.28 21:52:40 | 000,001,367 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\seznam-cz.xml
[2009.03.28 21:52:40 | 000,000,654 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2009.03.28 21:52:40 | 000,001,179 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg64.dll (Google Inc.)
O2 - BHO: (WebTransBHO Class) - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\ProgramData\LangSoft\WebIE.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
O3 - HKLM\..\Toolbar: (WebTranslator) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\ProgramData\LangSoft\WebIE.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - No CLSID value found.
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Guard.Mail.ru.gui] C:\Program Files (x86)\Mail.Ru\Guard\GuardMailRu.exe ()
O4 - HKLM..\Run: [MAgent] C:\Program Files (x86)\Mail.Ru\Agent\MAgent.exe (Mail.Ru)
O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe (Take-Two Interactive Software, Inc.)
O4 - HKCU..\Run: [SpywareTerminatorUpdate] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O9 - Extra Button: Mail.Ru Агент - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:\Program Files (x86)\Mail.Ru\Agent\magent.exe (Mail.Ru)
O9 - Extra 'Tools' menuitem : Mail.Ru Агент - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:\Program Files (x86)\Mail.Ru\Agent\magent.exe (Mail.Ru)
O9 - Extra Button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\ProgramData\LangSoft\WebIE.dll ()
O9 - Extra 'Tools' menuitem : &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll ()
O9 - Extra 'Tools' menuitem : &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll ()
O9 - Extra 'Tools' menuitem : Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll ()
O9 - Extra 'Tools' menuitem : Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll ()
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: mojebanka.cz ([www] https in Důvěryhodné servery)
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} http://webcam.aicomp.de/kxhcm10.ocx (KX-HCM10 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/f ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.188.178.129 80.188.178.132
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\vista\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta galerie Windows Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\vista\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta galerie Windows Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.06.05 14:56:22 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Users\vista\Desktop\OTL.exe
[2010.06.03 19:54:34 | 000,000,000 | ---D | C] -- C:\Users\vista\Documents\The KMPlayer
[2010.06.03 19:47:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The KMPlayer
[2010.06.03 16:29:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero
[2010.06.02 21:41:09 | 000,000,000 | -H-D | C] -- C:\Windows\SysWow64\asam
[2010.06.02 21:39:48 | 014,344,192 | ---- | C] (Microsoft Corporation) -- C:\Users\vista\Documents\ActivityMonSetupCZ.exe
[2010.06.02 20:17:15 | 003,347,968 | ---- | C] (Alcohol Soft Development Team) -- C:\Users\vista\Desktop\Alcohol.exe
[2010.06.02 19:53:37 | 000,000,000 | ---D | C] -- C:\Users\vista\AppData\Local\Nero_AG
[2010.06.02 18:47:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2010.06.02 18:37:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LightScribe
[2010.06.02 18:36:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2010.05.31 10:19:30 | 000,000,000 | ---D | C] -- C:\Users\vista\Documents\Games for Windows - LIVE Demos
[2010.05.27 12:25:57 | 000,000,000 | ---D | C] -- C:\Users\vista\AppData\Roaming\PhoneRemoteControl
[2010.05.27 12:24:49 | 000,000,000 | ---D | C] -- C:\Users\vista\AppData\Local\Downloaded Installations
[2010.05.27 08:40:07 | 000,000,000 | ---D | C] -- C:\Users\vista\AppData\Roaming\Mra
[2010.05.27 08:39:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mail.Ru
[2010.05.26 10:50:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2010.05.19 15:46:13 | 000,000,000 | R--D | C] -- C:\Users\vista\Documents\Scanned Documents
[2010.05.19 15:46:13 | 000,000,000 | ---D | C] -- C:\Users\vista\Documents\Fax
[2010.05.19 09:12:36 | 000,042,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2010.05.19 09:05:12 | 000,025,600 | ---- | C] (Nokia) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys
[2010.05.19 09:04:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Connectivity Solution
[2010.05.16 15:21:00 | 000,000,000 | ---D | C] -- C:\Users\vista\Desktop\HRY
[2010.05.10 21:34:03 | 000,000,000 | ---D | C] -- C:\Users\vista\DoctorWeb
[2010.05.09 12:57:50 | 000,000,000 | ---D | C] -- C:\Users\vista\AppData\Roaming\Malwarebytes
[2010.05.09 12:57:40 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.05.09 12:57:38 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.05.09 12:57:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.05.09 12:57:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

========== Files - Modified Within 30 Days ==========

[2010.06.05 15:00:33 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{46834853-4A93-4B6F-8290-4000792C283D}.job
[2010.06.05 15:00:32 | 004,456,448 | ---- | M] () -- C:\Users\vista\NTUSER.DAT
[2010.06.05 14:56:54 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\vista\Desktop\OTL.exe
[2010.06.05 14:50:10 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010.06.05 14:22:26 | 000,598,622 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2010.06.05 14:22:26 | 000,586,980 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.06.05 14:22:26 | 000,114,816 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2010.06.05 14:22:26 | 000,101,052 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.06.05 14:22:25 | 001,393,930 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.06.05 14:20:43 | 000,003,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.06.05 14:20:43 | 000,003,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.06.05 14:18:51 | 000,211,716 | ---- | M] () -- C:\Users\vista\Desktop\Appz_12426_Trial_ultimatevoicerecorder_s60_3_0_v3_01_1.sis
[2010.06.05 14:16:00 | 000,000,952 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.06.05 10:21:07 | 000,226,592 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.06.05 10:21:01 | 000,226,592 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.06.05 10:20:42 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.06.05 10:20:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.06.05 00:00:00 | 000,000,394 | ---- | M] () -- C:\Windows\tasks\NeroLiveEpgUpdate-vista-PC_vista.job
[2010.06.04 21:22:11 | 000,200,192 | ---- | M] () -- C:\Users\vista\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.04 12:03:48 | 000,004,692 | ---- | M] () -- C:\Users\vista\Documents\cc_20100604_120342.reg
[2010.06.03 21:35:05 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.06.03 21:34:55 | 000,524,288 | -HS- | M] () -- C:\Users\vista\NTUSER.DAT{979c3d3d-3262-11de-8e53-001e9029280e}.TMContainer00000000000000000001.regtrans-ms
[2010.06.03 21:34:55 | 000,065,536 | -HS- | M] () -- C:\Users\vista\NTUSER.DAT{979c3d3d-3262-11de-8e53-001e9029280e}.TM.blf
[2010.06.03 21:34:40 | 003,041,537 | -H-- | M] () -- C:\Users\vista\AppData\Local\IconCache.db
[2010.06.03 19:54:01 | 000,000,870 | ---- | M] () -- C:\Users\vista\Desktop\KMPlayer.lnk
[2010.06.03 16:37:28 | 000,002,182 | ---- | M] () -- C:\Users\Public\Desktop\Nero StartSmart 10.lnk
[2010.06.03 16:35:39 | 000,002,140 | ---- | M] () -- C:\Users\Public\Desktop\Nero Vision 10.lnk
[2010.06.03 16:33:32 | 000,002,188 | ---- | M] () -- C:\Users\Public\Desktop\Nero MediaHub 10.lnk
[2010.06.03 16:31:04 | 000,002,330 | ---- | M] () -- C:\Users\Public\Desktop\Nero BackItUp 10.lnk
[2010.06.03 16:30:25 | 000,002,162 | ---- | M] () -- C:\Users\Public\Desktop\Nero Burning ROM 10.lnk
[2010.06.02 21:40:04 | 014,344,192 | ---- | M] (Microsoft Corporation) -- C:\Users\vista\Documents\ActivityMonSetupCZ.exe
[2010.06.02 20:17:39 | 000,000,110 | ---- | M] () -- C:\Users\vista\Documents\ax_files.xml
[2010.06.02 18:37:58 | 000,001,940 | ---- | M] () -- C:\Users\Public\Desktop\LightScribe.lnk
[2010.06.02 17:46:12 | 000,834,544 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys
[2010.06.02 17:35:14 | 000,003,746 | ---- | M] () -- C:\Users\vista\Documents\cc_20100602_173509.reg
[2010.06.02 17:30:08 | 000,102,592 | ---- | M] () -- C:\Users\vista\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.06.02 17:29:57 | 000,387,800 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.06.02 17:22:13 | 000,003,410 | ---- | M] () -- C:\Users\vista\Documents\cc_20100602_172208.reg
[2010.06.02 12:17:20 | 000,000,202 | ---- | M] () -- C:\Users\vista\defogger_reenable
[2010.05.31 10:18:41 | 000,001,900 | ---- | M] () -- C:\Users\vista\Documents\cc_20100531_101836.reg
[2010.05.29 13:20:24 | 000,012,116 | ---- | M] () -- C:\Users\vista\Documents\cc_20100529_132019.reg
[2010.05.27 13:47:42 | 000,000,680 | ---- | M] () -- C:\Users\vista\AppData\Local\d3d9caps.dat
[2010.05.27 10:58:31 | 000,024,998 | ---- | M] () -- C:\Users\vista\Documents\cc_20100527_105824.reg
[2010.05.26 17:14:13 | 000,001,376 | ---- | M] () -- C:\Users\vista\Documents\cc_20100526_171409.reg
[2010.05.26 16:51:41 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010.05.26 15:58:22 | 000,001,966 | ---- | M] () -- C:\Users\Public\Desktop\Nokia Ovi Suite.lnk
[2010.05.25 15:12:06 | 000,013,490 | ---- | M] () -- C:\Users\vista\Documents\geografie.odt
[2010.05.22 10:44:42 | 000,002,072 | ---- | M] () -- C:\Users\vista\Documents\cc_20100522_104438.reg
[2010.05.21 20:35:23 | 000,002,622 | ---- | M] () -- C:\Users\vista\Documents\cc_20100521_203514.reg
[2010.05.19 09:13:30 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ccdcmbx64_01009.Wdf
[2010.05.19 09:13:27 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2010.05.19 08:57:44 | 000,002,033 | ---- | M] () -- C:\Users\Public\Desktop\Nokia Software Updater.lnk
[2010.05.19 08:55:59 | 035,926,608 | ---- | M] () -- C:\Users\vista\Documents\NokiaSoftwareUpdaterSetup_cs.exe
[2010.05.19 07:47:33 | 000,004,226 | ---- | M] () -- C:\Users\vista\Documents\cc_20100519_074728.reg
[2010.05.19 07:14:53 | 000,000,017 | ---- | M] () -- C:\Windows\hce29port.ini
[2010.05.12 21:07:52 | 000,103,736 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.05.09 18:07:20 | 000,002,506 | ---- | M] () -- C:\Users\vista\Documents\cc_20100509_180715.reg
[2010.05.09 12:57:45 | 000,000,844 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.05.09 12:55:08 | 000,003,082 | ---- | M] () -- C:\Users\vista\Documents\cc_20100509_125503.reg
[2010.05.09 12:50:20 | 000,001,720 | ---- | M] () -- C:\Users\vista\Desktop\CCleaner.lnk
[2010.05.08 21:16:18 | 000,010,738 | ---- | M] () -- C:\Users\vista\Documents\cc_20100508_211611.reg

========== Files Created - No Company Name ==========

[2010.06.05 14:18:50 | 000,211,716 | ---- | C] () -- C:\Users\vista\Desktop\Appz_12426_Trial_ultimatevoicerecorder_s60_3_0_v3_01_1.sis
[2010.06.04 12:03:44 | 000,004,692 | ---- | C] () -- C:\Users\vista\Documents\cc_20100604_120342.reg
[2010.06.03 19:47:27 | 000,000,870 | ---- | C] () -- C:\Users\vista\Desktop\KMPlayer.lnk
[2010.06.03 16:37:28 | 000,002,182 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart 10.lnk
[2010.06.03 16:35:39 | 000,002,140 | ---- | C] () -- C:\Users\Public\Desktop\Nero Vision 10.lnk
[2010.06.03 16:33:32 | 000,002,188 | ---- | C] () -- C:\Users\Public\Desktop\Nero MediaHub 10.lnk
[2010.06.03 16:31:04 | 000,002,330 | ---- | C] () -- C:\Users\Public\Desktop\Nero BackItUp 10.lnk
[2010.06.03 16:30:25 | 000,002,162 | ---- | C] () -- C:\Users\Public\Desktop\Nero Burning ROM 10.lnk
[2010.06.02 18:37:58 | 000,001,940 | ---- | C] () -- C:\Users\Public\Desktop\LightScribe.lnk
[2010.06.02 18:36:07 | 000,397,616 | ---- | C] () -- C:\Users\vista\AppData\Local\dd_vcredistMSI71B7.txt
[2010.06.02 18:36:07 | 000,011,844 | ---- | C] () -- C:\Users\vista\AppData\Local\dd_vcredistUI71B7.txt
[2010.06.02 17:55:56 | 000,000,110 | ---- | C] () -- C:\Users\vista\Documents\ax_files.xml
[2010.06.02 17:35:11 | 000,003,746 | ---- | C] () -- C:\Users\vista\Documents\cc_20100602_173509.reg
[2010.06.02 17:22:11 | 000,003,410 | ---- | C] () -- C:\Users\vista\Documents\cc_20100602_172208.reg
[2010.06.02 12:17:20 | 000,000,202 | ---- | C] () -- C:\Users\vista\defogger_reenable
[2010.05.31 10:18:38 | 000,001,900 | ---- | C] () -- C:\Users\vista\Documents\cc_20100531_101836.reg
[2010.05.29 13:20:21 | 000,012,116 | ---- | C] () -- C:\Users\vista\Documents\cc_20100529_132019.reg
[2010.05.27 10:58:27 | 000,024,998 | ---- | C] () -- C:\Users\vista\Documents\cc_20100527_105824.reg
[2010.05.26 17:14:11 | 000,001,376 | ---- | C] () -- C:\Users\vista\Documents\cc_20100526_171409.reg
[2010.05.26 15:58:22 | 000,001,966 | ---- | C] () -- C:\Users\Public\Desktop\Nokia Ovi Suite.lnk
[2010.05.23 13:47:13 | 000,013,490 | ---- | C] () -- C:\Users\vista\Documents\geografie.odt
[2010.05.22 10:44:39 | 000,002,072 | ---- | C] () -- C:\Users\vista\Documents\cc_20100522_104438.reg
[2010.05.21 20:35:20 | 000,002,622 | ---- | C] () -- C:\Users\vista\Documents\cc_20100521_203514.reg
[2010.05.19 09:13:30 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ccdcmbx64_01009.Wdf
[2010.05.19 09:13:27 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2010.05.19 09:12:53 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
[2010.05.19 08:57:44 | 000,002,033 | ---- | C] () -- C:\Users\Public\Desktop\Nokia Software Updater.lnk
[2010.05.19 08:54:43 | 035,926,608 | ---- | C] () -- C:\Users\vista\Documents\NokiaSoftwareUpdaterSetup_cs.exe
[2010.05.19 07:47:30 | 000,004,226 | ---- | C] () -- C:\Users\vista\Documents\cc_20100519_074728.reg
[2010.05.09 18:07:18 | 000,002,506 | ---- | C] () -- C:\Users\vista\Documents\cc_20100509_180715.reg
[2010.05.09 12:57:45 | 000,000,844 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.05.09 12:55:05 | 000,003,082 | ---- | C] () -- C:\Users\vista\Documents\cc_20100509_125503.reg
[2010.05.08 21:16:14 | 000,010,738 | ---- | C] () -- C:\Users\vista\Documents\cc_20100508_211611.reg
[2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010.03.09 23:48:43 | 000,000,094 | ---- | C] () -- C:\Windows\winin.ini
[2010.02.22 23:31:46 | 000,000,034 | ---- | C] () -- C:\Windows\WTRDCTM.INI
[2010.01.26 17:36:47 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.11.18 18:26:40 | 001,421,006 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009.09.28 14:50:54 | 000,142,592 | ---- | C] () -- C:\Windows\SysWow64\drivers\sp_rsdrv2.sys
[2009.08.14 21:08:08 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009.08.14 21:05:18 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.07.05 00:02:00 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2009.06.19 21:06:22 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009.06.19 21:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2009.01.15 18:40:18 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini
[2008.12.21 18:19:24 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007.04.10 23:46:39 | 000,015,498 | ---- | C] () -- C:\Windows\VX1000.ini
[2005.10.21 15:05:33 | 000,000,017 | ---- | C] () -- C:\Windows\hce29port.ini
[2003.01.20 16:48:41 | 000,102,400 | ---- | C] () -- C:\Windows\SysWow64\msstc-ocd.dll
[2002.06.26 19:38:44 | 000,009,011 | ---- | C] () -- C:\Windows\SysWow64\mswtn-oce.dll

========== Custom Scans ==========

< HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager /64 >
"CriticalSectionTimeout" = 2592000
"GlobalFlag" = 0
"HeapDeCommitFreeBlockThreshold" = 0
"HeapDeCommitTotalFreeThreshold" = 0
"HeapSegmentCommit" = 0
"HeapSegmentReserve" = 0
"ProcessorControl" = 2
"ResourceTimeoutCount" = 648000
"BootExecute" = [binary data]
"ExcludeFromKnownDlls" = [binary data]
"ObjectDirectories" = \Windows\RPC Control [binary data]
"ProtectionMode" = 1
"NumberOfInitialSessions" = 2
"SetupExecute" = [binary data]
"PendingFileRenameOperations" = [Binary data over 100 bytes]

64bit: [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\AppCompatCache]

64bit: [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\Configuration Manager]

64bit: [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\DOS Devices]

64bit: [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\Environment]

64bit: [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\Executive]

64bit: [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\FileRenameOperations]

64bit: [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\I/O System]

64bit: [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\kernel]

64bit: [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\KnownDLLs]

64bit: [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\Memory Management]

64bit: [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\Power]

64bit: [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\Quota System]

64bit: [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\SubSystems]

64bit: [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\WPA]

< HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager >
"CriticalSectionTimeout" = 2592000
"GlobalFlag" = 0
"HeapDeCommitFreeBlockThreshold" = 0
"HeapDeCommitTotalFreeThreshold" = 0
"HeapSegmentCommit" = 0
"HeapSegmentReserve" = 0
"ProcessorControl" = 2
"ResourceTimeoutCount" = 648000
"BootExecute" = [binary data]
"ExcludeFromKnownDlls" = [binary data]
"ObjectDirectories" = \Windows\RPC Control [binary data]
"ProtectionMode" = 1
"NumberOfInitialSessions" = 2
"SetupExecute" = [binary data]
"PendingFileRenameOperations" = [Binary data over 100 bytes]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\AppCompatCache]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\Configuration Manager]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\DOS Devices]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\Environment]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\Executive]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\FileRenameOperations]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\I/O System]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\kernel]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\KnownDLLs]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\Memory Management]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\Power]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\Quota System]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\SubSystems]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\WPA]

< reg query "HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager" /v BootExecute /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\SESSION MANAGER
BOOTEXECUTE REG_MULTI_SZ

< MD5 for: AUTOCHK.EXE >
[2009.04.11 08:27:20 | 000,643,072 | ---- | M] (Microsoft Corporation) MD5=10761177A6EBE45843F443E99509F5E7 -- C:\Windows\SysWOW64\autochk.exe
[2009.04.11 08:27:20 | 000,643,072 | ---- | M] (Microsoft Corporation) MD5=10761177A6EBE45843F443E99509F5E7 -- C:\Windows\SysWOW64\autochk.exe
[2009.04.11 08:27:20 | 000,643,072 | ---- | M] (Microsoft Corporation) MD5=10761177A6EBE45843F443E99509F5E7 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6002.18005_none_e3df6655bee2ee3b\autochk.exe
[2008.01.19 09:33:01 | 000,642,560 | ---- | M] (Microsoft Corporation) MD5=2FC5BE79B51714B479809358E4908FC3 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6001.18000_none_e1f3ed49c1c122ef\autochk.exe
[2006.11.02 13:15:40 | 000,730,112 | ---- | M] (Microsoft Corporation) MD5=B56DB371DC4C6F791B2708EAA4814BB7 -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.0.6000.16386_none_3bdbc6d17d338351\autochk.exe
[2006.11.02 11:44:50 | 000,640,000 | ---- | M] (Microsoft Corporation) MD5=C08D1FE284C3330934E45D6E5F5B768B -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6000.16386_none_dfbd2b4dc4d6121b\autochk.exe
[2009.04.11 09:09:58 | 000,734,720 | ---- | M] (Microsoft Corporation) MD5=E24D4475713CB382A720D003BDDA9628 -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.0.6002.18005_none_3ffe01d977405f71\autochk.exe
[2008.01.19 10:00:03 | 000,733,696 | ---- | M] (Microsoft Corporation) MD5=F74203F70337352EEABADAE16A05EAEA -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.0.6001.18000_none_3e1288cd7a1e9425\autochk.exe

< c:\windows\system32\autochk.exe /64 >
[2009.04.11 09:09:58 | 000,734,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\autochk.exe

========== Files - Unicode (All) ==========
[2010.05.27 08:40:17 | 000,001,761 | ---- | M] ()(C:\Users\Public\Desktop\Mail.Ru ?????.lnk) -- C:\Users\Public\Desktop\Mail.Ru Агент.lnk
[2010.05.27 08:40:17 | 000,001,761 | ---- | C] ()(C:\Users\Public\Desktop\Mail.Ru ?????.lnk) -- C:\Users\Public\Desktop\Mail.Ru Агент.lnk
[2009.08.11 14:44:53 | 000,000,000 | ---D | M](C:\Users\vista\Documents\????? Mail.Ru ??????) -- C:\Users\vista\Documents\Файлы Mail.Ru Агента
[2009.05.15 23:09:38 | 000,000,000 | ---D | C](C:\Users\vista\Documents\????? Mail.Ru ??????) -- C:\Users\vista\Documents\Файлы Mail.Ru Агента
< End of report >

kazi21 · #41 Příspěvek od **kazi21** » 05 čer 2010 18:59

Zdar hele bug , co to je nevim

,ale mě by spiš zajimal ten exe soubor,jesli bys mi neřek co to je?

kazi21 · #42 Příspěvek od **kazi21** » 05 čer 2010 20:53

Hele jak vytvořím ten reg soubor?Ja jsem myslel, že normalně jako složku do ni to vložím a pak přejmenují třeba na Regedit4(.reg) a ono se mi to změní na tu ikonu registru pak na ní poklepu a je to a přidam to?

Poradíš...?!

#43 Příspěvek od **vyosek** » 05 čer 2010 22:26

Otevrete si poznamkovy blok

Start->spustit->notepad
Vlozte text nize

Kód: Vybrat vše

REGEDIT4

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
"BootExecute"=hex(7):61,75,74,6f,63,68,65,63,6b,20,61,75,74,6f,63,68,6b,20,2a,00,00

Soubor ulozte jako oprava.reg :idea:Pri ukladani dat ulozit jako typ Vsechny soubory
Zavrit notepad a spustit oprava.reg
Okno jen problikne a opravi regsitry - soubor muzete smazat
Restartujte PC

Stahnete a ulozte na plochu OTL (viz muj podpis)

Spustte jako spravce
Kliknete na tlacitko NIC
Do sporniho okenka Vlastni skenovani/opravy vlozte text nize

Kód: Vybrat vše

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager /64
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager
reg query "HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager" /v BootExecute /c
/md5start
autochk.exe
/md5stop
c:\windows\system32\autochk.exe /64

Kliknete na Prohledat
Probehne sken na jehoz konci vyskoci log - jeho obsah sem vlozte

kazi21 · #44 Příspěvek od **kazi21** » 06 čer 2010 11:38

Dobré poledne zde je výsledná zprava:

OTL logfile created on: 6.6.2010 12:32:07 - Run 2
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Users\vista\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 52,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 455,53 Gb Total Space | 206,83 Gb Free Space | 45,41% Space Free | Partition Type: NTFS
Drive D: | 10,23 Gb Total Space | 1,41 Gb Free Space | 13,83% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VISTA-PC
Current User Name: vista
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Custom Scans ==========

< HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager /64 >
"CriticalSectionTimeout" = 2592000
"GlobalFlag" = 0
"HeapDeCommitFreeBlockThreshold" = 0
"HeapDeCommitTotalFreeThreshold" = 0
"HeapSegmentCommit" = 0
"HeapSegmentReserve" = 0
"ProcessorControl" = 2
"ResourceTimeoutCount" = 648000
"BootExecute" = autocheck autochk * [binary data]
"ExcludeFromKnownDlls" = [binary data]
"ObjectDirectories" = \Windows\RPC Control [binary data]
"ProtectionMode" = 1
"NumberOfInitialSessions" = 2
"SetupExecute" = [binary data]

64bit: [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\AppCompatCache]

64bit: [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\Configuration Manager]

64bit: [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\DOS Devices]

64bit: [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\Environment]

64bit: [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\Executive]

64bit: [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\FileRenameOperations]

64bit: [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\I/O System]

64bit: [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\kernel]

64bit: [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\KnownDLLs]

64bit: [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\Memory Management]

64bit: [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\Power]

64bit: [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\Quota System]

64bit: [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\SubSystems]

64bit: [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\WPA]

< HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager >
"CriticalSectionTimeout" = 2592000
"GlobalFlag" = 0
"HeapDeCommitFreeBlockThreshold" = 0
"HeapDeCommitTotalFreeThreshold" = 0
"HeapSegmentCommit" = 0
"HeapSegmentReserve" = 0
"ProcessorControl" = 2
"ResourceTimeoutCount" = 648000
"BootExecute" = autocheck autochk * [binary data]
"ExcludeFromKnownDlls" = [binary data]
"ObjectDirectories" = \Windows\RPC Control [binary data]
"ProtectionMode" = 1
"NumberOfInitialSessions" = 2
"SetupExecute" = [binary data]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\AppCompatCache]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\Configuration Manager]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\DOS Devices]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\Environment]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\Executive]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\FileRenameOperations]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\I/O System]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\kernel]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\KnownDLLs]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\Memory Management]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\Power]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\Quota System]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\SubSystems]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\WPA]

< reg query "HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager" /v BootExecute /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\SESSION MANAGER
BOOTEXECUTE REG_MULTI_SZ autocheck autochk *

< MD5 for: AUTOCHK.EXE >
[2009.04.11 08:27:20 | 000,643,072 | ---- | M] (Microsoft Corporation) MD5=10761177A6EBE45843F443E99509F5E7 -- C:\Windows\SysWOW64\autochk.exe
[2009.04.11 08:27:20 | 000,643,072 | ---- | M] (Microsoft Corporation) MD5=10761177A6EBE45843F443E99509F5E7 -- C:\Windows\SysWOW64\autochk.exe
[2009.04.11 08:27:20 | 000,643,072 | ---- | M] (Microsoft Corporation) MD5=10761177A6EBE45843F443E99509F5E7 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6002.18005_none_e3df6655bee2ee3b\autochk.exe
[2008.01.19 09:33:01 | 000,642,560 | ---- | M] (Microsoft Corporation) MD5=2FC5BE79B51714B479809358E4908FC3 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6001.18000_none_e1f3ed49c1c122ef\autochk.exe
[2006.11.02 13:15:40 | 000,730,112 | ---- | M] (Microsoft Corporation) MD5=B56DB371DC4C6F791B2708EAA4814BB7 -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.0.6000.16386_none_3bdbc6d17d338351\autochk.exe
[2006.11.02 11:44:50 | 000,640,000 | ---- | M] (Microsoft Corporation) MD5=C08D1FE284C3330934E45D6E5F5B768B -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6000.16386_none_dfbd2b4dc4d6121b\autochk.exe
[2009.04.11 09:09:58 | 000,734,720 | ---- | M] (Microsoft Corporation) MD5=E24D4475713CB382A720D003BDDA9628 -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.0.6002.18005_none_3ffe01d977405f71\autochk.exe
[2008.01.19 10:00:03 | 000,733,696 | ---- | M] (Microsoft Corporation) MD5=F74203F70337352EEABADAE16A05EAEA -- C:\Windows\winsxs\amd64_microsoft-windows-autochk_31bf3856ad364e35_6.0.6001.18000_none_3e1288cd7a1e9425\autochk.exe

< c:\windows\system32\autochk.exe /64 >
[2009.04.11 09:09:58 | 000,734,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\autochk.exe
< End of report >

kazi21 · #45 Příspěvek od **kazi21** » 06 čer 2010 20:13

Sorry kamo ted si připadam jako blbec ale žádný safelist registru nemužu v tom programu najit

Jestli ty jsi nahodou nemyslel whitelist?!Tak jsem to zaškrtl u "běžné registry" a dal prohledat.
Zde je log:

OTL logfile created on: 6.6.2010 21:16:04 - Run 3
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Users\vista\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 40,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 71,00% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 455,53 Gb Total Space | 217,92 Gb Free Space | 47,84% Space Free | Partition Type: NTFS
Drive D: | 10,23 Gb Total Space | 1,41 Gb Free Space | 13,83% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VISTA-PC
Current User Name: vista
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {83821C2B-32A8-4DD7-B6D4-44309A78E668} - C:\Program Files (x86)\Mail.Ru\Agent\Mra\dll\newmrasearch.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "http://www.mail.ru/"
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: "http://go.mail.ru/search?fr=fftb&utf8in&q="
FF - prefs.js..browser.search.order.1: "Crawler Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..keyword.URL: "http://go.mail.ru/search?utf8in=1&fr=fftbUFix&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\ [2010.01.07 21:04:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010.05.26 15:54:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2009.05.15 22:50:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.05.30 14:19:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010.02.22 20:47:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010.05.26 15:54:35 | 000,000,000 | ---D | M]

[2008.12.22 00:31:59 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\Mozilla\Extensions
[2010.05.31 13:13:37 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\Mozilla\Firefox\Profiles\39ywwxh5.default\extensions
[2010.03.06 20:16:15 | 000,000,000 | ---D | M] (WebTran) -- C:\Users\vista\AppData\Roaming\Mozilla\Firefox\Profiles\39ywwxh5.default\extensions\{003D3EDC-99B9-4a34-9C20-60CB94F7E829}
[2010.05.29 13:43:35 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Users\vista\AppData\Roaming\Mozilla\Firefox\Profiles\39ywwxh5.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2009.08.11 23:15:02 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\vista\AppData\Roaming\Mozilla\Firefox\Profiles\39ywwxh5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.01.22 08:06:19 | 000,000,000 | ---D | M] (ĐˇĐżŃŃ‚Đ˝Đ¸Đş @Mail.Ru) -- C:\Users\vista\AppData\Roaming\Mozilla\Firefox\Profiles\39ywwxh5.default\extensions\{37964A3C-4EE8-47b1-8321-34DE2C39BA4D}
[2009.01.16 14:33:28 | 000,000,000 | ---D | M] (free-downloads.net Toolbar) -- C:\Users\vista\AppData\Roaming\Mozilla\Firefox\Profiles\39ywwxh5.default\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949}
[2009.03.28 10:49:56 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\Mozilla\Firefox\Profiles\39ywwxh5.default\extensions\yasearch@yandex.ru
[2009.03.28 10:49:54 | 000,000,000 | ---D | M] -- C:\Users\vista\AppData\Roaming\Mozilla\Firefox\Profiles\39ywwxh5.default\extensions\yasearch@yandex.ru\chrome\skin\extensions-hacks
[2009.06.18 18:05:35 | 000,000,523 | ---- | M] () -- C:\Users\vista\AppData\Roaming\Mozilla\Firefox\Profiles\39ywwxh5.default\searchplugins\daemon-search.xml
[2010.06.02 20:00:11 | 000,000,950 | ---- | M] () -- C:\Users\vista\AppData\Roaming\Mozilla\Firefox\Profiles\39ywwxh5.default\searchplugins\icqplugin-1.xml
[2009.12.30 01:20:38 | 000,000,944 | ---- | M] () -- C:\Users\vista\AppData\Roaming\Mozilla\Firefox\Profiles\39ywwxh5.default\searchplugins\icqplugin.xml
[2010.06.02 20:00:13 | 000,001,533 | ---- | M] () -- C:\Users\vista\AppData\Roaming\Mozilla\Firefox\Profiles\39ywwxh5.default\searchplugins\mailru---.xml
[2010.01.22 08:06:34 | 000,001,431 | ---- | M] () -- C:\Users\vista\AppData\Roaming\Mozilla\Firefox\Profiles\39ywwxh5.default\searchplugins\mailru.xml
[2010.06.02 19:59:00 | 000,001,196 | ---- | M] () -- C:\Users\vista\AppData\Roaming\Mozilla\Firefox\Profiles\39ywwxh5.default\searchplugins\winamp-search.xml
[2010.03.27 20:21:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2009.01.30 09:50:33 | 000,000,000 | ---D | M] (TorrentMan Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{7c5c0f58-e061-457d-9033-77307f5ed00c}
[2009.08.05 15:25:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2009.08.25 09:32:38 | 000,001,340 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\crawlersrch.xml
[2009.03.28 21:52:40 | 000,000,638 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.01.22 08:06:34 | 000,001,431 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\mailru.xml
[2009.03.28 21:52:40 | 000,001,687 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\mall-cz.xml
[2009.03.28 21:52:40 | 000,001,367 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\seznam-cz.xml
[2009.03.28 21:52:40 | 000,000,654 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2009.03.28 21:52:40 | 000,001,179 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg64.dll (Google Inc.)
O2 - BHO: (WebTransBHO Class) - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\ProgramData\LangSoft\WebIE.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
O3 - HKLM\..\Toolbar: (WebTranslator) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\ProgramData\LangSoft\WebIE.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - No CLSID value found.
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Guard.Mail.ru.gui] C:\Program Files (x86)\Mail.Ru\Guard\GuardMailRu.exe ()
O4 - HKLM..\Run: [MAgent] C:\Program Files (x86)\Mail.Ru\Agent\MAgent.exe (Mail.Ru)
O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe (Take-Two Interactive Software, Inc.)
O4 - HKCU..\Run: [SpywareTerminatorUpdate] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O9 - Extra Button: Mail.Ru Агент - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:\Program Files (x86)\Mail.Ru\Agent\magent.exe (Mail.Ru)
O9 - Extra 'Tools' menuitem : Mail.Ru Агент - {7558B7E5-7B26-4201-BEDB-00D5FF534523} - C:\Program Files (x86)\Mail.Ru\Agent\magent.exe (Mail.Ru)
O9 - Extra Button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\ProgramData\LangSoft\WebIE.dll ()
O9 - Extra 'Tools' menuitem : &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll ()
O9 - Extra 'Tools' menuitem : &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll ()
O9 - Extra 'Tools' menuitem : Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll ()
O9 - Extra 'Tools' menuitem : Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll ()
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: mojebanka.cz ([www] https in Důvěryhodné servery)
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} http://webcam.aicomp.de/kxhcm10.ocx (KX-HCM10 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/f ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\vista\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta galerie Windows Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\vista\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta galerie Windows Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
< End of report >

VIRY.CZ

Prosím o preventivku

Re: Prosím o preventivku

Re: Prosím o preventivku

Re: Prosím o preventivku

Re: Prosím o preventivku

Re: Prosím o preventivku

Re: Prosím o preventivku

Re: Prosím o preventivku

Re: Prosím o preventivku

Re: Prosím o preventivku

Re: Prosím o preventivku

Re: Prosím o preventivku

Re: Prosím o preventivku

Re: Prosím o preventivku

Re: Prosím o preventivku

Re: Prosím o preventivku