Prosím o kontrolu a radu

[pepa11]

Při kontrole avastem mi tento zobrazil problém a nedokázal se s těmito soubory vypořádat
udbhrz.dll [L] Win32:Tiny-AGF [Trj] (0)
C:\WINDOWS\system32\userini.exe

Přikládám log a prosím o radu. Děkuji. JT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:57:37, on 29.6.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe
C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Notes\ntmulti.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Launch Manager\WisLMSvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Install\HijACK\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ks.jm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.ks.jm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [Wbutton] C:\Program Files\Launch Manager\WButton.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IR_SERVER] C:\Program Files\Realtek\DVB-T USB DEVICE\IR_SERVER.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [RegistryMonitor1] C:\WINDOWS\system32\qtplugin.exe
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [userini] C:\WINDOWS\system32\userini.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [userini] C:\WINDOWS\system32\userini.exe
O4 - HKLM\..\Policies\Explorer\Run: [userini] C:\WINDOWS\system32\userini.exe
O4 - HKCU\..\Policies\Explorer\Run: [userini] C:\WINDOWS\system32\userini.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - .DEFAULT User Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: Pinnacle Streaming Server.lnk = C:\Program Files\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe
O4 - Global Startup: TMMonitor.lnk = C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.ks.jm
O15 - Trusted Zone: http://*.ekisweb2
O15 - Trusted Zone: http://*.s//ekisweb3
O15 - Trusted Zone: *.VasServerEtr
O17 - HKLM\System\CCS\Services\Tcpip\..\{9CD9D341-9686-4936-ACB4-6F49D127200B}: NameServer = 10.208.32.210,10.208.32.199,10.208.32.198,10.208.32.197
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = 10.208.32.210
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = 10.208.32.210
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Notes\ntmulti.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Aplikace Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Aplikace Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: Aplikace Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe

--
End of file - 9039 bytes

[Caroprd111]

Zdravím

Vyberte si jeden antivir a firewall, zbývající odinstalujte.

Přečtěte si pravidla fóra a dejte log z RSIT

[pepa11]

Logfile of random's system information tool 1.07 (written by random/random)
Run by jt226370 at 2010-06-30 17:09:24
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 59 GB (77%) free of 76 GB
Total RAM: 1014 MB (46% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:09:27, on 30.6.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe
C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Notes\ntmulti.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\salamander\SALAMAND.EXE
C:\Program Files\Launch Manager\WisLMSvc.exe
C:\Install\HijACK\hijackthis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Install\RSIT\RSIT.exe
C:\Program Files\trend micro\jt226370.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ks.jm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.ks.jm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [Wbutton] C:\Program Files\Launch Manager\WButton.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IR_SERVER] C:\Program Files\Realtek\DVB-T USB DEVICE\IR_SERVER.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [RegistryMonitor1] C:\WINDOWS\system32\qtplugin.exe
O4 - HKLM\..\Run: [userini] C:\WINDOWS\system32\userini.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [userini] C:\WINDOWS\system32\userini.exe
O4 - HKLM\..\Policies\Explorer\Run: [userini] C:\WINDOWS\system32\userini.exe
O4 - HKCU\..\Policies\Explorer\Run: [userini] C:\WINDOWS\system32\userini.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - .DEFAULT User Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: Pinnacle Streaming Server.lnk = C:\Program Files\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe
O4 - Global Startup: TMMonitor.lnk = C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.ks.jm
O15 - Trusted Zone: http://*.ekisweb2
O15 - Trusted Zone: http://*.s//ekisweb3
O15 - Trusted Zone: *.VasServerEtr
O17 - HKLM\System\CCS\Services\Tcpip\..\{9CD9D341-9686-4936-ACB4-6F49D127200B}: NameServer = 10.208.32.210,10.208.32.199,10.208.32.198,10.208.32.197
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = 10.208.32.210
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = 10.208.32.210
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Notes\ntmulti.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Aplikace Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Aplikace Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE
O23 - Service: Aplikace Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe

--
End of file - 9056 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\WINDOWS\WebIE.dll [2008-08-18 491520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-31 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-31 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\WINDOWS\WebIE.dll [2008-08-18 491520]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-04-20 142104]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-04-20 162584]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-04-20 138008]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-10-23 815104]
"HotkeyApp"=C:\Program Files\Launch Manager\HotkeyApp.exe [2007-04-26 192512]
"CtrlVol"=C:\Program Files\Launch Manager\CtrlVol.exe []
"LaunchAp"=C:\Program Files\Launch Manager\LaunchAp.exe []
"Wbutton"=C:\Program Files\Launch Manager\WButton.exe []
"ccApp"=C:\Program Files\Common Files\Symantec Shared\ccApp.exe [2009-07-13 115560]
"IR_SERVER"=C:\Program Files\Realtek\DVB-T USB DEVICE\IR_SERVER.exe []
"ArcSoft Connection Service"=C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-03-18 207360]
"RegistryMonitor1"=C:\WINDOWS\system32\qtplugin.exe []
"userini"=C:\WINDOWS\system32\userini.exe []
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"userini"=C:\WINDOWS\system32\userini.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"userini"=C:\WINDOWS\system32\userini.exe []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"userini"=C:\WINDOWS\system32\userini.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2008-06-12 34672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-31 148888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~2\Office10\OSA.EXE -b -l []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^OPPV^Nabídka Start^Programy^Po spuštění^OpenOffice.org 2.4.lnk]
C:\PROGRA~1\OPENOF~1.4\program\QUICKS~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^sz278883^Nabídka Start^Programy^Po spuštění^OpenOffice.org 2.4.lnk]
C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe []

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Pinnacle Streaming Server.lnk - C:\Program Files\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe
TMMonitor.lnk - C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe

C:\Documents and Settings\jt226370\Nabídka Start\Programy\Po spuštění
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2007-04-16 204800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ccEvtMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ccSetMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SmcService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Symantec Antivirus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Symantec Antvirus]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=255

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe"="C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service"
"C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE"="C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:*:Enabled:SNAC Service"
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email"
"C:\Program Files\ArcSoft\TotalMedia 3.5\TotalMedia.exe"="C:\Program Files\ArcSoft\TotalMedia 3.5\TotalMedia.exe:LocalSubNet:Enabled:ArcSoft TotalMedia 3.5"
"C:\Program Files\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe"="C:\Program Files\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe:LocalSubNet:Enabled:Pinnacle Streaming Server"
"C:\DOCUME~1\sz278883\LOCALS~1\Temp\pdfupd.exe"="C:\DOCUME~1\sz278883\LOCALS~1\Temp\pdfupd.exe:*:Enabled:ldrsoft"
"C:\DOCUME~1\sz278883\LOCALS~1\Temp\svchost.exe"="C:\DOCUME~1\sz278883\LOCALS~1\Temp\svchost.exe:*:Enabled:ldrsoft"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======File associations======

.js - open - %SystemRoot%\System32\CScript.exe "%1" %*
.vbs - open - %SystemRoot%\System32\CScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-06-30 17:09:24 ----D---- C:\rsit
2010-06-30 17:09:24 ----D---- C:\Program Files\trend micro
2010-06-29 20:31:16 ----D---- C:\Nová složka (2)
2010-06-29 20:31:13 ----D---- C:\avast
2010-06-29 20:25:57 ----D---- C:\WINDOWS\Minidump
2010-06-29 17:37:32 ----D---- C:\Program Files\Alwil Software
2010-06-29 17:37:32 ----D---- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
2010-06-26 07:10:20 ----D---- C:\Documents and Settings\jt226370\Data aplikací\Macromedia
2010-06-26 07:09:07 ----D---- C:\Documents and Settings\jt226370\Data aplikací\Mozilla
2010-06-26 07:08:14 ----D---- C:\Documents and Settings\jt226370\Data aplikací\ArcSoft
2010-06-26 07:02:48 ----SD---- C:\Documents and Settings\jt226370\Data aplikací\Microsoft
2010-06-26 07:02:48 ----D---- C:\Documents and Settings\jt226370\Data aplikací\Software602
2010-06-26 07:02:48 ----D---- C:\Documents and Settings\jt226370\Data aplikací\OpenOffice.org2
2010-06-26 07:02:48 ----D---- C:\Documents and Settings\jt226370\Data aplikací\OpenOffice.org
2010-06-26 07:02:48 ----D---- C:\Documents and Settings\jt226370\Data aplikací\Media Player Classic
2010-06-26 07:02:48 ----D---- C:\Documents and Settings\jt226370\Data aplikací\InstallShield
2010-06-26 07:02:48 ----D---- C:\Documents and Settings\jt226370\Data aplikací\Identities
2010-06-26 07:02:48 ----D---- C:\Documents and Settings\jt226370\Data aplikací\DivX
2010-06-26 07:02:48 ----D---- C:\Documents and Settings\jt226370\Data aplikací\Ahead
2010-06-26 07:02:48 ----D---- C:\Documents and Settings\jt226370\Data aplikací\AdobeUM
2010-06-26 07:02:48 ----D---- C:\Documents and Settings\jt226370\Data aplikací\Adobe
2010-06-26 07:02:47 ----D---- C:\Documents and Settings\jt226370\Data aplikací\XnView
2010-06-26 07:02:47 ----D---- C:\Documents and Settings\jt226370\Data aplikací\Sun
2010-06-24 21:51:44 ----A---- C:\WINDOWS\ntbtlog.txt
2010-06-23 20:54:20 ----D---- C:\1_listek
2010-06-22 20:53:32 ----D---- C:\11_nokia_mapy
2010-06-16 18:30:14 ----D---- C:\1_penumatiky
2010-06-05 09:31:48 ----D---- C:\Program Files\MSXML 4.0
2010-06-05 09:31:26 ----N---- C:\WINDOWS\system32\MASE32.DLL
2010-06-05 09:31:26 ----N---- C:\WINDOWS\system32\MASD32.DLL
2010-06-05 09:31:26 ----N---- C:\WINDOWS\system32\MAMC32.DLL
2010-06-05 09:31:26 ----N---- C:\WINDOWS\system32\MACD32.DLL
2010-06-05 09:31:26 ----N---- C:\WINDOWS\system32\MA32.DLL
2010-06-05 09:31:10 ----N---- C:\WINDOWS\system32\MSVCRTD.DLL
2010-06-05 09:31:10 ----N---- C:\WINDOWS\system32\msvcr71d.dll
2010-06-05 09:31:10 ----N---- C:\WINDOWS\system32\msvcr70d.dll
2010-06-05 09:31:10 ----N---- C:\WINDOWS\system32\msvcp71d.dll
2010-06-05 09:31:10 ----N---- C:\WINDOWS\system32\msvcp70d.dll
2010-06-05 09:31:10 ----N---- C:\WINDOWS\system32\mfc71d.dll
2010-06-05 09:31:10 ----N---- C:\WINDOWS\system32\HHActiveX.dll
2010-06-05 09:31:10 ----N---- C:\WINDOWS\system32\DivXEncSettings.txt
2010-06-05 09:30:55 ----N---- C:\WINDOWS\system32\msvcp80.dll
2010-06-05 09:30:54 ----N---- C:\WINDOWS\system32\msvcr80.dll
2010-06-05 09:30:54 ----N---- C:\WINDOWS\system32\MSVCR70.DLL
2010-06-05 09:30:54 ----N---- C:\WINDOWS\system32\MSVCP70.DLL
2010-06-05 09:30:54 ----D---- C:\Program Files\Pinnacle
2010-06-05 09:29:13 ----D---- C:\Documents and Settings\All Users\Data aplikací\Pinnacle
2010-06-01 11:42:38 ----A---- C:\WINDOWS\system32\vfwwdm32.dll
2010-06-01 11:42:38 ----A---- C:\WINDOWS\system32\PsisDecd.dll
2010-05-31 10:54:40 ----D---- C:\1_wwwroot
2010-05-31 09:12:50 ----D---- C:\Documents and Settings\All Users\Data aplikací\ArcSoft
2010-05-31 09:11:47 ----D---- C:\Program Files\ArcSoft
2010-05-31 09:11:47 ----A---- C:\WINDOWS\system32\unicows.dll
2010-05-31 09:11:46 ----D---- C:\Program Files\Common Files\ArcSoft

======List of files/folders modified in the last 1 months======

2010-06-30 17:09:24 ----RD---- C:\Program Files
2010-06-30 17:08:07 ----D---- C:\Install
2010-06-30 17:04:02 ----D---- C:\Program Files\Mozilla Firefox
2010-06-30 17:03:35 ----D---- C:\WINDOWS\Temp
2010-06-30 17:01:25 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-06-30 17:00:11 ----D---- C:\WINDOWS\system32
2010-06-30 17:00:11 ----D---- C:\WINDOWS
2010-06-30 17:00:08 ----D---- C:\WINDOWS\system32\drivers
2010-06-30 16:58:53 ----D---- C:\WINDOWS\Prefetch
2010-06-29 20:26:00 ----SHD---- C:\WINDOWS\CSC
2010-06-29 17:37:50 ----SHD---- C:\WINDOWS\Installer
2010-06-29 17:37:49 ----D---- C:\WINDOWS\WinSxS
2010-06-29 17:31:01 ----D---- C:\WINDOWS\system32\CatRoot2
2010-06-29 17:29:12 ----SHD---- C:\RECYCLER
2010-06-27 20:05:54 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-06-27 20:05:48 ----A---- C:\WINDOWS\explorer.exe
2010-06-26 07:08:11 ----A---- C:\WINDOWS\OEWABLog.txt
2010-06-26 07:03:29 ----D---- C:\Documents and Settings\All Users\Data aplikací\PC Suite
2010-06-26 07:02:46 ----D---- C:\Documents and Settings
2010-06-24 21:56:35 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-06-23 20:40:33 ----A---- C:\WINDOWS\NeroDigital.ini
2010-06-13 14:17:26 ----A---- C:\WINDOWS\win.ini
2010-06-13 12:34:26 ----HD---- C:\Program Files\InstallShield Installation Information
2010-06-05 09:33:15 ----HD---- C:\WINDOWS\inf
2010-06-05 09:31:07 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-06-01 20:36:58 ----D---- C:\1_HTML
2010-06-01 11:37:33 ----D---- C:\WINDOWS\SoftwareDistribution
2010-05-31 09:11:46 ----D---- C:\Program Files\Common Files
2010-05-31 09:10:25 ----D---- C:\Program Files\Common Files\InstallShield
2010-05-31 09:09:37 ----D---- C:\Program Files\Realtek

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 eeCtrl;Symantec Eraser Control driver; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 Hotkey;Hotkey; C:\WINDOWS\system32\drivers\Hotkey.sys [2003-04-28 9867]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 SPBBCDrv;SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys []
R1 SRTSP;SRTSP; C:\WINDOWS\System32\Drivers\SRTSP.SYS [2009-07-13 280112]
R1 SRTSPX;SRTSPX; C:\WINDOWS\System32\Drivers\SRTSPX.SYS [2009-07-13 43824]
R1 SYMTDI;SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [2009-07-13 191536]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R1 WPS;WPS; \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys []
R2 Nbf;Protokol NetBEUI; C:\WINDOWS\system32\DRIVERS\nbf.sys [2008-06-11 98176]
R2 NwlnkIpx;Transportní protokol kompatibilní s NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-14 88320]
R2 NwlnkNb;Služba NWLink pro rozhraní NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2001-10-25 63232]
R2 NwlnkSpx;Protokol NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2001-10-25 55936]
R3 Afc;PPdus ASPI Shell; C:\WINDOWS\system32\drivers\Afc.sys [2006-11-10 18688]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 HdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\CHDAud.sys [2007-05-01 630272]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-04-16 5760096]
R3 NAVENG;NAVENG; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100201.048\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100201.048\NAVEX15.SYS []
R3 NETw4x32;Ovladač adaptéru Intel(R) Wireless WiFi Link pro systém Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw4x32.sys [2007-02-25 2203520]
R3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2008-04-14 163584]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2007-02-07 90880]
R3 SymEvent;SymEvent; \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMREDRV;SYMREDRV; C:\WINDOWS\System32\Drivers\SYMREDRV.SYS [2009-07-13 27696]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2006-10-23 179896]
R3 Teefer2;Teefer2 Miniport; C:\WINDOWS\system32\DRIVERS\teefer2.sys [2009-07-13 49536]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S1 mailKmd;mailKmd; C:\WINDOWS\system32\drivers\mailKmd.sys []
S1 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2008-04-14 31744]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 COH_Mon;COH_Mon; \??\C:\WINDOWS\system32\Drivers\COH_Mon.sys []
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 mod7700;DiBcom DIB7700 based TV tuner device; C:\WINDOWS\System32\Drivers\dvb7700all.sys [2008-06-13 444800]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MPE;Filtr MPE BDA; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-14 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2007-11-29 16896]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2007-11-29 19328]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 SRTSPL;SRTSPL; C:\WINDOWS\System32\Drivers\SRTSPL.SYS [2009-07-13 319920]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2007-11-29 8064]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbser;Nokia USB Serial Port; C:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-14 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2007-11-29 8064]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WpsHelper;WpsHelper; \??\C:\WINDOWS\system32\drivers\WpsHelper.sys []
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;Ovladač filtru Obnovy systému; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-14 73344]
S4 SysPlant;SysPlant for NT; C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys [2009-07-13 91976]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
R2 ccEvtMgr;Symantec Event Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2009-07-13 108392]
R2 ccSetMgr;Symantec Settings Manager; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2009-07-13 108392]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-31 152984]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 Multi-user Cleanup Service;Multi-user Cleanup Service; C:\Notes\ntmulti.exe [2008-02-09 58760]
R2 NWCWorkstation;Klient systému NetWare; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 SmcService;Aplikace Symantec Management Client; C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe [2009-07-13 1803592]
R2 Symantec AntiVirus;Aplikace Symantec Endpoint Protection; C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2009-07-13 2440632]
R2 WinVNC4;VNC Server Version 4; C:\Program Files\RealVNC\VNC4\WinVNC4.exe [2006-05-12 439248]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 WisLMSvc;WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [2006-11-17 118784]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LiveUpdate;LiveUpdate; C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE [2009-05-12 3093880]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-29 572928]
S3 SNAC;Aplikace Symantec Network Access Control ; C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE [2009-07-13 320840]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[Caroprd111]

Stáhněte OTL http://oldtimer.geekstogo.com/OTL.exe na plochu

• Spusťte, poté do spodního políčka vložte následující skript.

Kód: Vybrat vše

 netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys 
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys 
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
tcpip.sys
cryptsvc.dll
Changer.sys
JakNDis.sys
isapnp.sys 
cdrom.sys 
autochk.exe
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav 
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager" /v BootExecute /c
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
CREATERESTOREPOINT

 

• Označte položku Pro všechny uživatele.
• Označte položky Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
• Klikněte na tlačítko Prohledat
• Po dokončení, sem vložte logy OTL.Txt a Extras.txt

[pepa11]

pro velikost vkládám na několikrát.

OTL logfile created on: 30.6.2010 17:27:15 - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\jt226370\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1 014,00 Mb Total Physical Memory | 414,00 Mb Available Physical Memory | 41,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 57,19 Gb Free Space | 76,75% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: 1003A
Current User Name: jt226370
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.06.30 17:24:37 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jt226370\Plocha\OTL.exe
PRC - [2010.06.27 20:05:48 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2010.06.25 19:09:52 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010.06.25 19:09:47 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009.07.13 06:57:50 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2009.07.13 06:57:48 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2009.07.13 06:57:46 | 001,803,592 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2009.07.13 06:57:46 | 001,443,144 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2009.07.13 06:57:44 | 002,440,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2008.07.09 16:52:12 | 000,258,048 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe
PRC - [2008.03.25 14:45:38 | 000,603,408 | ---- | M] (Avid Development GmbH) -- C:\Program Files\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe
PRC - [2008.02.09 04:31:00 | 000,058,760 | ---- | M] (IBM Corp) -- C:\Notes\ntmulti.exe
PRC - [2007.04.26 10:30:24 | 000,192,512 | ---- | M] (Wistron) -- C:\Program Files\Launch Manager\HotkeyApp.exe
PRC - [2006.11.17 20:45:26 | 000,118,784 | ---- | M] (Wistron Corp.) -- C:\Program Files\Launch Manager\WisLMSvc.exe
PRC - [2006.05.12 15:04:08 | 000,439,248 | ---- | M] (RealVNC Ltd.) -- C:\Program Files\RealVNC\VNC4\winvnc4.exe
PRC - [1998.05.24 14:26:54 | 000,351,232 | ---- | M] () -- C:\Program Files\salamander\SALAMAND.EXE


========== Modules (SafeList) ==========

MOD - [2010.06.30 17:24:37 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jt226370\Plocha\OTL.exe
MOD - [2008.04.14 08:49:02 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009.07.13 06:57:50 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2009.07.13 06:57:50 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2009.07.13 06:57:46 | 001,803,592 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2009.07.13 06:57:46 | 000,320,840 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2009.07.13 06:57:44 | 002,440,632 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2009.05.12 15:37:58 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2008.07.29 19:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008.04.29 10:04:58 | 000,572,928 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008.02.09 04:31:00 | 000,058,760 | ---- | M] (IBM Corp) [Auto | Running] -- C:\Notes\ntmulti.exe -- (Multi-user Cleanup Service)
SRV - [2006.11.17 20:45:26 | 000,118,784 | ---- | M] (Wistron Corp.) [On_Demand | Running] -- C:\Program Files\Launch Manager\WisLMSvc.exe -- (WisLMSvc)
SRV - [2006.05.12 15:04:08 | 000,439,248 | ---- | M] (RealVNC Ltd.) [Auto | Running] -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)


========== Driver Services (SafeList) ==========

DRV - [2009.09.17 10:00:00 | 001,323,568 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100201.048\NAVEX15.SYS -- (NAVEX15)
DRV - [2009.09.17 10:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009.09.17 10:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009.09.17 10:00:00 | 000,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20100201.048\NAVENG.SYS -- (NAVENG)
DRV - [2009.07.31 12:57:49 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009.07.13 06:57:54 | 000,042,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2009.07.13 06:57:50 | 000,319,920 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2009.07.13 06:57:50 | 000,280,112 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2009.07.13 06:57:50 | 000,043,824 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2009.07.13 06:57:48 | 000,091,976 | ---- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\Drivers\SysPlant.sys -- (SysPlant)
DRV - [2009.07.13 06:57:48 | 000,049,536 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Teefer2.sys -- (Teefer2)
DRV - [2009.07.13 06:57:42 | 000,191,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2009.07.13 06:57:42 | 000,027,696 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2009.07.13 06:57:40 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2009.07.13 06:57:40 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2009.04.20 23:12:14 | 000,149,768 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WpsHelper.sys -- (WpsHelper)
DRV - [2008.06.13 11:03:12 | 000,444,800 | ---- | M] (DiBcom) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dvb7700all.sys -- (mod7700)
DRV - [2008.06.11 14:03:00 | 000,098,176 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\NBF.SYS -- (Nbf)
DRV - [2008.04.14 00:26:08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008.04.14 00:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2008.04.13 22:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007.11.29 10:39:52 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2007.11.29 10:39:42 | 000,016,896 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2007.11.29 10:39:42 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2007.11.29 10:39:40 | 000,019,328 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2007.09.17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007.05.01 10:11:54 | 000,630,272 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)
DRV - [2007.04.16 14:16:26 | 005,760,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007.02.25 06:05:24 | 002,203,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Ovladač adaptéru Intel(R)
DRV - [2007.02.07 00:43:26 | 000,090,880 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2006.11.10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2006.10.23 11:17:32 | 000,179,896 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2003.04.28 11:27:06 | 000,009,867 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\HOTKEY.sys -- (Hotkey)
DRV - [2001.10.25 14:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2001.10.25 14:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.ks.jm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1390067357-117609710-1801674531-1011\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ks.jm
IE - HKU\S-1-5-21-1390067357-117609710-1801674531-1011\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.06.26 07:09:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.06.25 19:09:52 | 000,000,000 | ---D | M]

[2010.06.26 07:09:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jt226370\Data aplikací\Mozilla\Extensions
[2010.06.26 11:27:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jt226370\Data aplikací\Mozilla\Firefox\Profiles\wp8rlatt.default\extensions
[2010.06.26 11:27:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\jt226370\Data aplikací\Mozilla\Firefox\Profiles\wp8rlatt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.03.02 20:07:54 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.06.30 17:18:42 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.04.11 18:00:47 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.04.11 18:00:47 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.04.11 18:00:47 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.04.11 18:00:47 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.04.11 18:00:47 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2009.03.02 06:01:32 | 000,001,562 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 10.208.32.230 JM_BM_ODP_NT
O1 - Hosts: 10.208.32.210 MAIL-JM
O1 - Hosts: 10.208.32.199 MAIL_JM
O1 - Hosts: 10.208.32.197 DATA_JM
O1 - Hosts: 10.208.32.231 SQL_JM
O1 - Hosts: 10.208.32.229 SAVPS
O1 - Hosts: 10.64.161.222 EKONOM
O1 - Hosts: 10.65.160.80 ekiswrkp
O1 - Hosts: 10.65.160.81 hrsap1
O1 - Hosts: 10.65.160.82 ekissza
O1 - Hosts: 10.65.160.83 portal.let.aa portal
O1 - Hosts: 10.65.160.84 mvcr xpraha01 xpraha01/mvcr
O1 - Hosts: 10.65.160.85 portalwp.let.aa portalwp
O1 - Hosts: 10.65.160.91 ekisweb1
O1 - Hosts: 10.65.160.92 ekisweb2
O1 - Hosts: 10.65.160.93 ekisweb3
O1 - Hosts: 10.65.160.94 ekisweb
O1 - Hosts: 10.65.160.131 sm1
O1 - Hosts: 10.65.160.133 sm3
O1 - Hosts: 10.65.160.100 ekissap3
O1 - Hosts: 10.65.160.101 ekissap4
O1 - Hosts: 10.65.160.102 ekissap5
O1 - Hosts: 10.65.160.108 ekissap1
O1 - Hosts: 10.65.160.109 ekissap2 saphelp
O1 - Hosts: 9 more lines...
O2 - BHO: (WebTransBHO Class) - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll ()
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (WebTranslator) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll ()
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe File not found
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [IR_SERVER] C:\Program Files\Realtek\DVB-T USB DEVICE\IR_SERVER.exe File not found
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe File not found
O4 - HKLM..\Run: [RegistryMonitor1] C:\WINDOWS\System32\qtplugin.exe File not found
O4 - HKLM..\Run: [userini] C:\WINDOWS\System32\userini.exe File not found
O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\WButton.exe File not found
O4 - HKU\S-1-5-21-1390067357-117609710-1801674531-1011..\Run: [userini] C:\WINDOWS\System32\userini.exe File not found
O4 - Startup: C:\Documents and Settings\Administrator\Nabídka Start\Programy\Po spuštění\OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Pinnacle Streaming Server.lnk = C:\Program Files\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe (Avid Development GmbH)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\TMMonitor.lnk = C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe (ArcSoft, Inc.)
O4 - Startup: C:\Documents and Settings\Default User\Nabídka Start\Programy\Po spuštění\OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe File not found
O4 - Startup: C:\Documents and Settings\jt226370\Nabídka Start\Programy\Po spuštění\OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe File not found
O4 - Startup: C:\Documents and Settings\oikt\Nabídka Start\Programy\Po spuštění\OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe File not found
O4 - Startup: C:\Documents and Settings\sz278883\Nabídka Start\Programy\Po spuštění\OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe File not found
O4 - Startup: C:\Documents and Settings\sz278883\Nabídka Start\Programy\Po spuštění\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: userini = C:\WINDOWS\system32\userini.exe File not found
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1390067357-117609710-1801674531-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-1390067357-117609710-1801674531-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: userini = C:\WINDOWS\system32\userini.exe File not found
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll ()
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll ()
O9 - Extra 'Tools' menuitem : &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll ()
O9 - Extra 'Tools' menuitem : Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll ()
O9 - Extra 'Tools' menuitem : Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKU\S-1-5-21-1390067357-117609710-1801674531-1011\..Trusted Domains: ekisweb2 ([]http in Důvěryhodné servery)
O15 - HKU\S-1-5-21-1390067357-117609710-1801674531-1011\..Trusted Domains: ekiswebb ([]https in Důvěryhodné servery)
O15 - HKU\S-1-5-21-1390067357-117609710-1801674531-1011\..Trusted Domains: pcr.cz ([bravo-jm] https in Důvěryhodné servery)
O15 - HKU\S-1-5-21-1390067357-117609710-1801674531-1011\..Trusted Domains: s//ekisweb3 ([]http in Důvěryhodné servery)
O15 - HKU\S-1-5-21-1390067357-117609710-1801674531-1011\..Trusted Domains: VasServerEtr ([]* in Důvěryhodné servery)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.5.5.1 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.08.18 11:26:29 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: AppSecDll - (C:\WINDOWS\system32\config\systemprofile\Local Settings\Data aplikací\Windows Server\udbhrz.dll) - C:\WINDOWS\system32\config\systemprofile\Local Settings\Data aplikací\Windows Server\udbhrz.dll ()
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2010.03.01 20:51:50 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\WINDOWS\System32\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.wmv3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()

CREATERESTOREPOINT
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

========== Files/Folders - Created Within 30 Days ==========

[2010.06.30 17:24:34 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\jt226370\Plocha\OTL.exe
[2010.06.30 17:20:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jt226370\Data aplikací\skypePM
[2010.06.30 17:18:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jt226370\Data aplikací\Skype
[2010.06.30 17:18:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010.06.30 17:18:12 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010.06.30 17:18:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Skype
[2010.06.30 17:09:24 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.06.30 17:09:24 | 000,000,000 | ---D | C] -- C:\rsit
[2010.06.29 20:31:16 | 000,000,000 | ---D | C] -- C:\Nová složka (2)
[2010.06.29 20:31:13 | 000,000,000 | ---D | C] -- C:\avast
[2010.06.29 20:25:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010.06.29 17:37:32 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010.06.29 17:37:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
[2010.06.26 07:23:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jt226370\Dokumenty\Stažené soubory
[2010.06.26 07:10:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jt226370\Data aplikací\Macromedia
[2010.06.26 07:09:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jt226370\Local Settings\Data aplikací\Mozilla
[2010.06.26 07:09:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jt226370\Data aplikací\Mozilla
[2010.06.26 07:08:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jt226370\Local Settings\Data aplikací\ArcSoft
[2010.06.26 07:08:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jt226370\Data aplikací\ArcSoft
[2010.06.26 07:02:48 | 000,000,000 | --SD | C] -- C:\Documents and Settings\jt226370\Data aplikací\Microsoft
[2010.06.26 07:02:48 | 000,000,000 | --SD | C] -- C:\Documents and Settings\jt226370\Cookies
[2010.06.26 07:02:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jt226370\Data aplikací\Software602
[2010.06.26 07:02:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jt226370\Data aplikací\OpenOffice.org2
[2010.06.26 07:02:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jt226370\Data aplikací\OpenOffice.org
[2010.06.26 07:02:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jt226370\Data aplikací\Media Player Classic
[2010.06.26 07:02:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jt226370\Data aplikací\InstallShield
[2010.06.26 07:02:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jt226370\Data aplikací\Identities
[2010.06.26 07:02:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jt226370\Data aplikací\DivX
[2010.06.26 07:02:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jt226370\Data aplikací\Ahead
[2010.06.26 07:02:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jt226370\Data aplikací\AdobeUM
[2010.06.26 07:02:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jt226370\Data aplikací\Adobe
[2010.06.26 07:02:47 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\jt226370\SendTo
[2010.06.26 07:02:47 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\jt226370\Data aplikací
[2010.06.26 07:02:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\jt226370\Dokumenty\Obrázky
[2010.06.26 07:02:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\jt226370\Nabídka Start
[2010.06.26 07:02:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\jt226370\Dokumenty\Hudba
[2010.06.26 07:02:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\jt226370\Dokumenty\Filmy
[2010.06.26 07:02:47 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\jt226370\Šablony
[2010.06.26 07:02:47 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\jt226370\Recent
[2010.06.26 07:02:47 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\jt226370\Okolní tiskárny
[2010.06.26 07:02:47 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\jt226370\Okolní síť
[2010.06.26 07:02:47 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\jt226370\Local Settings
[2010.06.26 07:02:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jt226370\Data aplikací\XnView
[2010.06.26 07:02:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jt226370\Local Settings\Data aplikací\Symantec
[2010.06.26 07:02:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jt226370\Data aplikací\Sun
[2010.06.26 07:02:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jt226370\Plocha
[2010.06.26 07:02:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jt226370\Oblíbené položky
[2010.06.26 07:02:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jt226370\Local Settings\Data aplikací\Microsoft Help
[2010.06.26 07:02:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jt226370\Local Settings\Data aplikací\Microsoft
[2010.06.26 07:02:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jt226370\Dokumenty
[2010.06.26 07:02:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jt226370\Local Settings\Data aplikací\Ahead
[2010.06.26 07:02:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jt226370\Local Settings\Data aplikací\Adobe
[2010.06.24 20:59:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Windows Server
[2010.06.23 20:54:20 | 000,000,000 | ---D | C] -- C:\1_listek
[2010.06.23 20:53:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Windows Server
[2010.06.22 20:53:32 | 000,000,000 | ---D | C] -- C:\11_nokia_mapy
[2010.06.16 18:30:14 | 000,000,000 | ---D | C] -- C:\1_penumatiky
[2010.06.05 09:31:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dokumenty\DistanTVClientSetup
[2010.06.05 09:31:48 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010.06.05 09:31:10 | 002,179,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc71d.dll
[2010.06.05 09:31:10 | 000,765,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp71d.dll
[2010.06.05 09:31:10 | 000,737,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp70d.dll
[2010.06.05 09:31:10 | 000,544,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr71d.dll
[2010.06.05 09:31:10 | 000,536,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr70d.dll
[2010.06.05 09:31:10 | 000,446,464 | ---- | C] (eHelp Corporation.) -- C:\WINDOWS\System32\HHActiveX.dll
[2010.06.05 09:31:10 | 000,385,100 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSVCRTD.DLL
[2010.06.05 09:30:55 | 000,548,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp80.dll
[2010.06.05 09:30:54 | 000,626,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr80.dll
[2010.06.05 09:30:54 | 000,487,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSVCP70.DLL
[2010.06.05 09:30:54 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSVCR70.DLL
[2010.06.05 09:30:54 | 000,000,000 | ---D | C] -- C:\Program Files\Pinnacle
[2010.06.05 09:29:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Pinnacle
[2010.06.01 11:43:16 | 000,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstee.sys
[2010.06.01 11:43:14 | 000,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MPE.sys
[2010.06.01 11:43:14 | 000,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mpe.sys
[2010.06.01 11:43:03 | 000,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndisip.sys
[2010.06.01 11:43:01 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ipsink.ax
[2010.06.01 11:43:01 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipsink.ax
[2010.06.01 11:43:01 | 000,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\streamip.sys
[2010.06.01 11:42:58 | 000,011,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\slip.sys
[2010.06.01 11:42:55 | 000,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wstcodec.sys
[2010.06.01 11:42:52 | 000,085,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nabtsfec.sys
[2010.06.01 11:42:49 | 000,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ccdecode.sys
[2010.06.01 11:42:38 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kswdmcap.ax
[2010.06.01 11:42:38 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kswdmcap.ax
[2010.06.01 11:42:38 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kstvtune.ax
[2010.06.01 11:42:38 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kstvtune.ax
[2010.06.01 11:42:38 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vfwwdm32.dll
[2010.06.01 11:42:38 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vfwwdm32.dll
[2010.06.01 11:42:37 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\BdaSup.sys
[2010.06.01 11:42:37 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdasup.sys
[2010.06.01 11:42:36 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksxbar.ax
[2010.06.01 11:42:36 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksxbar.ax
[2010.06.01 11:42:36 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bdaplgin.ax
[2010.06.01 11:42:36 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\BdaPlgIn.ax
[2010.06.01 11:41:03 | 000,444,800 | ---- | C] (DiBcom) -- C:\WINDOWS\System32\drivers\dvb7700all.sys
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[pepa11]

========== Files - Modified Within 30 Days ==========

[2010.06.30 17:24:37 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jt226370\Plocha\OTL.exe
[2010.06.30 17:20:38 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010.06.30 17:18:15 | 000,001,896 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Skype.lnk
[2010.06.30 17:03:01 | 000,000,349 | ---- | M] () -- C:\Documents and Settings\All Users\Dokumenty\PCLECHAL.INI
[2010.06.30 17:02:47 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.06.30 17:02:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.06.30 17:01:19 | 001,572,864 | ---- | M] () -- C:\Documents and Settings\jt226370\NTUSER.DAT
[2010.06.30 17:01:19 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\jt226370\ntuser.ini
[2010.06.30 17:00:08 | 000,002,504 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010.06.29 20:54:34 | 002,283,978 | -H-- | M] () -- C:\Documents and Settings\jt226370\Local Settings\Data aplikací\IconCache.db
[2010.06.29 20:28:10 | 000,002,563 | ---- | M] () -- C:\Documents and Settings\jt226370\Plocha\Microsoft Office Word 2007.lnk
[2010.06.29 17:27:12 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.06.27 20:05:48 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\explorer.exe
[2010.06.27 20:05:48 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
[2010.06.26 07:08:04 | 000,000,452 | RHS- | M] () -- C:\Documents and Settings\jt226370\ntuser.pol
[2010.06.24 21:56:35 | 001,028,820 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.06.24 21:56:35 | 000,435,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.06.24 21:56:35 | 000,431,998 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2010.06.24 21:56:35 | 000,079,040 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2010.06.24 21:56:35 | 000,068,156 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.06.23 20:40:33 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.06.13 14:17:26 | 000,000,712 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.06.08 11:41:03 | 000,025,574 | ---- | M] () -- C:\WINDOWS\IM16.CFG
[2010.06.08 11:41:03 | 000,003,208 | ---- | M] () -- C:\WINDOWS\im32st.dat
[2010.06.05 09:35:27 | 000,212,880 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.06.05 09:32:24 | 000,002,105 | ---- | M] () -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Pinnacle Streaming Server.lnk
[2010.06.05 09:31:26 | 000,001,670 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Pinnacle TVCenter Pro.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.06.30 17:20:38 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010.06.30 17:18:15 | 000,001,896 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Skype.lnk
[2010.06.26 07:02:49 | 000,000,876 | ---- | C] () -- C:\Documents and Settings\jt226370\Nabídka Start\Programy\Po spuštění\OpenOffice.org 2.4.lnk
[2010.06.26 07:02:48 | 000,002,563 | ---- | C] () -- C:\Documents and Settings\jt226370\Plocha\Microsoft Office Word 2007.lnk
[2010.06.26 07:02:48 | 000,002,477 | ---- | C] () -- C:\Documents and Settings\jt226370\Plocha\Microsoft Office Excel 2007.lnk
[2010.06.26 07:02:48 | 000,002,319 | ---- | C] () -- C:\Documents and Settings\jt226370\Plocha\InfoMapa 16.lnk
[2010.06.26 07:02:48 | 000,000,891 | ---- | C] () -- C:\Documents and Settings\jt226370\Plocha\OpenOffice.org Writer.lnk
[2010.06.26 07:02:48 | 000,000,833 | ---- | C] () -- C:\Documents and Settings\jt226370\Plocha\OpenOffice.org Calc.lnk
[2010.06.26 07:02:48 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\jt226370\Plocha\Outlook Express.lnk
[2010.06.26 07:02:48 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\jt226370\Plocha\SALAMAND.lnk
[2010.06.26 07:02:48 | 000,000,685 | ---- | C] () -- C:\Documents and Settings\jt226370\Plocha\IrfanView.lnk
[2010.06.26 07:02:48 | 000,000,515 | ---- | C] () -- C:\Documents and Settings\jt226370\Plocha\Slovník.lnk
[2010.06.26 07:02:48 | 000,000,515 | ---- | C] () -- C:\Documents and Settings\jt226370\Plocha\PC Translator 2007.lnk
[2010.06.26 07:02:47 | 001,572,864 | ---- | C] () -- C:\Documents and Settings\jt226370\NTUSER.DAT
[2010.06.26 07:02:47 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\jt226370\ntuser.dat.LOG
[2010.06.26 07:02:47 | 000,000,452 | RHS- | C] () -- C:\Documents and Settings\jt226370\ntuser.pol
[2010.06.26 07:02:47 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\jt226370\ntuser.ini
[2010.06.05 09:32:24 | 000,002,105 | ---- | C] () -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Pinnacle Streaming Server.lnk
[2010.06.05 09:31:26 | 000,201,488 | ---- | C] () -- C:\WINDOWS\System32\MACD32.DLL
[2010.06.05 09:31:26 | 000,144,144 | ---- | C] () -- C:\WINDOWS\System32\MASE32.DLL
[2010.06.05 09:31:26 | 000,141,584 | ---- | C] () -- C:\WINDOWS\System32\MAMC32.DLL
[2010.06.05 09:31:26 | 000,063,248 | ---- | C] () -- C:\WINDOWS\System32\MASD32.DLL
[2010.06.05 09:31:26 | 000,033,040 | ---- | C] () -- C:\WINDOWS\System32\MA32.DLL
[2010.06.05 09:31:26 | 000,001,670 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Pinnacle TVCenter Pro.lnk
[2010.06.05 09:30:32 | 000,000,349 | ---- | C] () -- C:\Documents and Settings\All Users\Dokumenty\PCLECHAL.INI
[2010.06.01 11:42:38 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2010.06.01 11:42:38 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
[2010.06.01 11:42:37 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\MSDvbNP.ax
[2010.06.01 11:42:37 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
[2010.06.01 11:42:36 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\PsisRndr.ax
[2010.06.01 11:42:36 | 000,033,280 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
[2009.11.25 18:08:38 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.11.10 12:07:02 | 000,000,027 | ---- | C] () -- C:\WINDOWS\SmAudio.INI
[2009.08.12 09:13:05 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2009.07.30 14:50:37 | 000,016,031 | ---- | C] () -- C:\WINDOWS\System32\SETUP.INI
[2008.08.27 07:55:39 | 000,000,155 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2008.08.20 10:19:28 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008.08.20 10:19:28 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008.08.20 10:19:26 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008.08.20 10:19:24 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008.08.20 10:19:24 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008.08.18 14:56:27 | 000,000,390 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008.08.18 14:26:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2008.08.18 13:19:42 | 000,035,328 | ---- | C] () -- C:\WINDOWS\System32\INETWH32.DLL
[2008.08.18 13:19:42 | 000,009,136 | ---- | C] () -- C:\WINDOWS\System32\INETWH16.DLL
[2008.08.18 13:13:01 | 000,491,520 | ---- | C] () -- C:\WINDOWS\WebIE.dll
[2008.08.18 13:12:49 | 000,000,033 | ---- | C] () -- C:\WINDOWS\WTRDCTM.INI
[2008.08.18 13:12:23 | 000,002,753 | ---- | C] () -- C:\WINDOWS\UN32P.INI
[2008.08.18 13:11:56 | 000,002,464 | ---- | C] () -- C:\WINDOWS\TRNCOM.INI
[2008.08.18 13:11:49 | 000,004,507 | ---- | C] () -- C:\WINDOWS\WTRAN32.INI
[2008.08.18 13:11:49 | 000,002,123 | ---- | C] () -- C:\WINDOWS\WDICT32.INI
[2008.08.18 11:52:57 | 000,009,867 | ---- | C] () -- C:\WINDOWS\System32\drivers\HOTKEY.sys
[2008.08.18 11:52:06 | 001,060,424 | ---- | C] () -- C:\WINDOWS\System32\WdfCoInstaller01000.dll
[2008.08.18 11:50:42 | 000,910,464 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2008.08.18 11:50:42 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4820.dll
[2007.03.29 23:00:40 | 000,203,264 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll

========== LOP Check ==========

[2008.08.20 10:30:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Software602
[2010.06.30 17:00:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
[2009.08.03 11:29:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Installations
[2010.06.26 07:03:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\PC Suite
[2010.06.05 09:36:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Pinnacle
[2009.07.31 09:33:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Data aplikací\OpenOffice.org
[2008.08.20 10:30:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Data aplikací\Software602
[2009.07.31 09:33:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Data aplikací\XnView
[2009.07.31 09:33:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jt226370\Data aplikací\OpenOffice.org
[2008.08.20 10:30:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jt226370\Data aplikací\Software602
[2009.07.31 09:33:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jt226370\Data aplikací\XnView
[2009.07.31 09:33:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\oikt\Data aplikací\OpenOffice.org
[2008.08.20 10:30:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\oikt\Data aplikací\Software602
[2009.07.31 09:33:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\oikt\Data aplikací\XnView
[2009.08.03 13:19:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sz278883\Data aplikací\Nokia
[2009.07.31 09:33:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sz278883\Data aplikací\OpenOffice.org
[2010.04.23 18:42:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sz278883\Data aplikací\PC Suite
[2008.08.20 10:30:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sz278883\Data aplikací\Software602
[2010.05.31 22:36:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sz278883\Data aplikací\XnView

========== Purity Check ==========



========== Custom Scans ==========


< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"CTFMON.EXE" = C:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 08:52:18 | 000,015,360 | ---- | M] (Microsoft Corporation)
"userini" = C:\WINDOWS\system32\userini.exe -- File not found
"Skype" = "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized -- [2010.05.13 16:12:40 | 026,192,168 | R--- | M] (Skype Technologies S.A.)

< c:\windows\*.* /U >
[4 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2010.06.26 07:10:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jt226370\Data aplikací\Adobe
[2008.08.20 10:26:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jt226370\Data aplikací\AdobeUM
[2009.07.31 09:33:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jt226370\Data aplikací\Ahead
[2010.06.26 07:08:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jt226370\Data aplikací\ArcSoft
[2009.07.31 09:33:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jt226370\Data aplikací\DivX
[2009.07.31 09:33:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jt226370\Data aplikací\Identities
[2009.07.31 09:33:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jt226370\Data aplikací\InstallShield
[2010.06.26 07:10:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jt226370\Data aplikací\Macromedia
[2009.07.31 09:33:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jt226370\Data aplikací\Media Player Classic
[2010.06.30 17:18:06 | 000,000,000 | --SD | M] -- C:\Documents and Settings\jt226370\Data aplikací\Microsoft
[2010.06.26 07:09:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jt226370\Data aplikací\Mozilla
[2009.07.31 09:33:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jt226370\Data aplikací\OpenOffice.org
[2008.08.20 10:30:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jt226370\Data aplikací\OpenOffice.org2
[2010.06.30 17:21:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jt226370\Data aplikací\Skype
[2010.06.30 17:20:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jt226370\Data aplikací\skypePM
[2008.08.20 10:30:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jt226370\Data aplikací\Software602
[2009.07.31 09:33:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jt226370\Data aplikací\Sun
[2009.07.31 09:33:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jt226370\Data aplikací\XnView

< %APPDATA%\*.exe /s >


< MD5 for: AGP440.SYS >
[2004.08.17 16:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004.08.17 16:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2008.04.14 08:52:12 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\ServicePackFiles\i386\autochk.exe
[2008.04.14 08:52:12 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\system32\autochk.exe

< MD5 for: CDROM.SYS >
[2004.08.17 16:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008.04.14 00:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008.04.14 00:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys

< MD5 for: CRYPTSVC.DLL >
[2008.04.14 08:51:40 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[2008.04.14 08:51:40 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2008.04.14 08:51:42 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 08:51:42 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2010.06.27 20:05:48 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 08:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2010.06.27 20:05:48 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\system32\dllcache\explorer.exe
[2010.06.26 11:27:43 | 000,000,000 | ---- | M] () MD5=D41D8CD98F00B204E9800998ECF8427E -- C:\WINDOWS\Prefetch\EXPLORER.EXE

< MD5 for: HAL.DLL >
[2004.08.17 16:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll
[2008.04.14 00:01:30 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=4329EE7D502C9113EBA0F9570392F5EE -- C:\WINDOWS\system32\HAL.DLL
[2008.04.14 00:01:34 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll

< MD5 for: CHANGER.SYS >
[2004.08.17 16:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Changer.sys
[2008.04.14 00:11:00 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\ServicePackFiles\i386\changer.sys

< MD5 for: ISAPNP.SYS >
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:isapnp.sys
[2001.10.25 14:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\isapnp.sys
[2008.04.14 07:57:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\ServicePackFiles\i386\isapnp.sys
[2008.04.14 07:57:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\drivers\isapnp.sys

< MD5 for: LSASS.EXE >
[2008.04.14 08:52:30 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[2008.04.14 08:52:30 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\lsass.exe

< MD5 for: NDIS.SYS >
[2008.04.14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008.04.14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys

< MD5 for: NETLOGON.DLL >
[2008.04.14 08:51:52 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 08:51:52 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008.04.14 08:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 08:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SMSS.EXE >
[2008.04.14 08:52:48 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\ServicePackFiles\i386\smss.exe
[2008.04.14 08:52:48 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\smss.exe

< MD5 for: SVCHOST.EXE >
[2010.06.30 17:03:45 | 000,025,610 | ---- | M] (sososssdssafsdf) MD5=934127D7A69F697C2369A28525F68814 -- C:\Documents and Settings\sz278883\Local Settings\Temp\svchost.exe
[2008.04.14 08:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008.04.14 08:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: TCPIP.SYS >
[2008.04.14 00:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.04.14 08:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 08:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008.04.14 08:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 08:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WS2_32.DLL >
[2008.04.14 08:52:08 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008.04.14 08:52:08 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009.07.13 06:57:54 | 000,049,480 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\FwsVpn.dll
[2009.07.13 06:57:54 | 000,107,848 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\SymVPN.dll
[2009.07.13 06:57:54 | 000,357,704 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\sysfer.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2009.07.13 06:57:48 | 000,091,976 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\SysPlant.sys
[2009.07.13 06:57:48 | 000,049,536 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\Teefer2.sys
[2009.07.13 06:57:54 | 000,042,312 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\WPSDRVnt.sys
[2009.04.20 23:12:14 | 000,149,768 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\WpsHelper.sys

< %systemroot%\System32\config\*.sav >
[2008.08.18 12:17:20 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008.08.18 12:17:20 | 000,663,552 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008.08.18 12:17:20 | 000,479,232 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >
[2009.07.13 06:57:54 | 000,049,480 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\FwsVpn.dll
[2009.07.13 06:57:54 | 000,107,848 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\SymVPN.dll
[2009.07.13 06:57:54 | 000,357,704 | ---- | M] (Symantec Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\sysfer.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager" /v BootExecute /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\SESSION MANAGER
BOOTEXECUTE REG_MULTI_SZ autocheck autochk *\0\0

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2010.06.30 17:00:08 | 000,002,504 | ---- | M] () -- C:\WINDOWS\system32\CONFIG.NT
[2010.06.30 17:20:38 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\system32\ezsidmv.dat
[2010.06.29 17:27:12 | 000,002,206 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

========== Alternate Data Streams ==========

@Alternate Data Stream - 8684 bytes -> C:\WINDOWS\Prefetch\EXPLORER.EXE:USERINI.EXE-07411549.pf
< End of report >

[pepa11]

OTL Extras logfile created on: 30.6.2010 17:27:15 - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\jt226370\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1 014,00 Mb Total Physical Memory | 414,00 Mb Available Physical Memory | 41,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 57,19 Gb Free Space | 76,75% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: 1003A
Current User Name: jt226370
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.js [@ = JSFile] -- C:\WINDOWS\System32\CScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\CScript.exe (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\CScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\CScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\CScript.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1390067357-117609710-1801674531-1011\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Prozkoumat v XnView] -- "C:\Program Files\XnView\xnview.exe" "%1" (XnView, http://www.xnview.com)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"AllAlertsDisabled" = 1
"TermService" = 1
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe" = C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service -- (Symantec Corporation)
"C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE" = C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:*:Enabled:SNAC Service -- (Symantec Corporation)
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe" = C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email -- (Symantec Corporation)
"C:\Program Files\ArcSoft\TotalMedia 3.5\TotalMedia.exe" = C:\Program Files\ArcSoft\TotalMedia 3.5\TotalMedia.exe:LocalSubNet:Enabled:ArcSoft TotalMedia 3.5 -- (ArcSoft, Inc.)
"C:\Program Files\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe" = C:\Program Files\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe:LocalSubNet:Enabled:Pinnacle Streaming Server -- (Avid Development GmbH)
"C:\DOCUME~1\sz278883\LOCALS~1\Temp\pdfupd.exe" = C:\DOCUME~1\sz278883\LOCALS~1\Temp\pdfupd.exe:*:Enabled:ldrsoft -- File not found
"C:\DOCUME~1\sz278883\LOCALS~1\Temp\svchost.exe" = C:\DOCUME~1\sz278883\LOCALS~1\Temp\svchost.exe:*:Enabled:ldrsoft -- (sososssdssafsdf)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0ACE4475-7995-4F6D-81EC-264069F3AC9B}" = InfoMapa 16
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{277724EF-CC62-4465-8978-5401E6C0229E}" = Lotus Notes 8.0.1 (Basic) cs
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4F1DCA42-2030-437C-A94E-736692A499C1}" = Nokia Connectivity Cable Driver
"{5AFEABF5-7411-4C29-9FA9-71ABE880662D}" = Nokia PC Suite
"{5F32D89B-D3A0-4562-AC03-F6DE4614AE1A}" = DVB-T USB DEVICE
"{6DFC4B13-4489-4A59-AF95-12628A86FA76}" = 602PC SUITE
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74292F90-895A-4FC6-A692-9641532B1B63}" = ArcSoft TotalMedia 3.5
"{7C7AC2D4-1077-45C8-826A-16445B5E0DB7}" = Pinnacle DistanTV Server
"{90120000-0010-0405-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Czech) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0015-0405-0000-0000000FF1CE}_PROPLUS_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}_PROPLUS_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}_PROPLUS_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}_PROPLUS_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}_PROPLUS_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}_PROPLUS_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}_PROPLUS_{294B4278-CF7B-40B9-86A1-2D3FF0C2C524}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-001F-041B-0000-0000000FF1CE}_PROPLUS_{10EC59E5-9BCE-4884-BB1A-E28627220232}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2007
"{90120000-0044-0405-0000-0000000FF1CE}_PROPLUS_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}_PROPLUS_{E12F9D31-4025-4BC6-B1B2-AB262C5580B0}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1029-7B44-A90000000001}" = Adobe Reader 9 - Czech
"{BE8BE32F-F595-4693-9F82-1E0A5A047BB6}" = OpenOffice.org 3.0
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.4.6
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D34D82E0-4600-407B-9478-8506C1DD1029}" = Nero 7 Essentials
"{D689B418-235A-4290-A0A5-A75E490E0351}" = Symantec Endpoint Protection
"{E9BC886E-0D8A-4EF5-B793-30DB776C6E2C}" = PC Connectivity Solution
"{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}" = Pinnacle TVCenter Pro
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Balíček ovladače systému Windows - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"CBF192A85B624E32B8D19ADEEF2DCFC5BC3AA73A" = Balíček ovladače systému Windows - Nokia Modem (03/05/2008 3.7)
"CNXT_HDAUDIO" = Conexant HD Audio
"E092B2EBF2FFE83E896F8F7F829A7B5D7D1B2F9D" = Balíček ovladače systému Windows - Nokia Modem (03/13/2008 6.86.0.1)
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"KLiteCodecPack_is1" = K-Lite Codec Pack 2.84 Full
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.4)" = Mozilla Firefox (3.6.4)
"Nero BurnRights!UninstallKey" = Nero BurnRights
"Nokia PC Suite" = Nokia PC Suite
"PC Translator" = PC Translator
"PROPLUS" = Microsoft Office Professional Plus 2007
"RealVNC_is1" = VNC Free Edition 4.1.2
"SmartAudio" = SmartAudio
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Wdf01000" = Microsoft Kernel-Mode Driver Framework 1.0
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"WM Converter 2.0" = WM Converter 2.0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5
"XnView_is1" = XnView 1.95.4

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 25.6.2010 14:25:05 | Computer Name = 1003A | Source = SescLU | ID = 13
Description = LiveUpdate returned a non-critical error. Available content updates
may have failed to install.

Error - 25.6.2010 15:35:44 | Computer Name = 1003A | Source = Symantec AntiVirus | ID = 16711731
Description = Bylo nalezeno bezpecnostní riziko!Tracking Cookie v souboru: Není
k dispozici dle: TruScan proverení. Akce: Karanténa selhalo : Ponechat selhalo.
Popis akce: Soubor byl úspešne odstranen.

Error - 25.6.2010 15:35:45 | Computer Name = 1003A | Source = Symantec AntiVirus | ID = 16711731
Description = Bylo nalezeno bezpecnostní riziko!Trojan Horse v souboru: c:\windows\explorer.exe:userini.exe
dle: TruScan proverení. Akce: Karanténa úspešné. Popis akce: Soubor byl úspešne
izolován v karanténe.

Error - 27.6.2010 14:06:17 | Computer Name = 1003A | Source = SescLU | ID = 13
Description = LiveUpdate returned a non-critical error. Available content updates
may have failed to install.

Error - 29.6.2010 11:31:05 | Computer Name = 1003A | Source = Symantec AntiVirus | ID = 16711731
Description = Bylo nalezeno bezpecnostní riziko!Trojan Horse v souboru: c:\windows\explorer.exe:userini.exe
dle: Plánovaný proverení. Akce: Proces nebo služba musí být zastavena. Popis
akce:

Error - 29.6.2010 11:35:58 | Computer Name = 1003A | Source = SescLU | ID = 13
Description = LiveUpdate returned a non-critical error. Available content updates
may have failed to install.

Error - 29.6.2010 11:37:28 | Computer Name = 1003A | Source = SescLU | ID = 13
Description = LiveUpdate returned a non-critical error. Available content updates
may have failed to install.

Error - 29.6.2010 13:42:25 | Computer Name = 1003A | Source = Symantec AntiVirus | ID = 16711731
Description = Bylo nalezeno bezpecnostní riziko!Bloodhound.SONAR.1 v souboru: c:\windows\explorer.exe:userini.exe
dle: TruScan proverení. Akce: Karanténa úspešné. Popis akce: Soubor byl úspešne
izolován v karanténe.

Error - 29.6.2010 13:42:26 | Computer Name = 1003A | Source = Symantec AntiVirus | ID = 16711731
Description = Bylo nalezeno bezpecnostní riziko!Tracking Cookie v souboru: Není
k dispozici dle: TruScan proverení. Akce: Karanténa selhalo : Ponechat selhalo.
Popis akce: Soubor byl úspešne odstranen.

Error - 29.6.2010 14:47:52 | Computer Name = 1003A | Source = SescLU | ID = 13
Description = LiveUpdate returned a non-critical error. Available content updates
may have failed to install.

[ System Events ]
Error - 29.6.2010 14:27:03 | Computer Name = 1003A | Source = Service Control Manager | ID = 7023
Description = Služba Služba obnovení systému byla ukončena s následující chybou:
%%2

Error - 30.6.2010 10:56:07 | Computer Name = 1003A | Source = SRService | ID = 104
Description = Proces inicializace nástroje Obnovení systému se nezdařil.

Error - 30.6.2010 10:56:34 | Computer Name = 1003A | Source = Service Control Manager | ID = 7023
Description = Služba Služba obnovení systému byla ukončena s následující chybou:
%%2

Error - 30.6.2010 10:59:20 | Computer Name = 1003A | Source = Service Control Manager | ID = 7006
Description = Volání ScRegSetValueExW skončilo neúspěšné pro FailureActions s touto
chybou: %%5

Error - 30.6.2010 10:59:20 | Computer Name = 1003A | Source = Service Control Manager | ID = 7006
Description = Volání ScRegSetValueExW skončilo neúspěšné pro FailureActions s touto
chybou: %%5

Error - 30.6.2010 10:59:20 | Computer Name = 1003A | Source = Service Control Manager | ID = 7006
Description = Volání ScRegSetValueExW skončilo neúspěšné pro FailureActions s touto
chybou: %%5

Error - 30.6.2010 11:03:13 | Computer Name = 1003A | Source = SRService | ID = 104
Description = Proces inicializace nástroje Obnovení systému se nezdařil.

Error - 30.6.2010 11:03:29 | Computer Name = 1003A | Source = Service Control Manager | ID = 7023
Description = Služba Služba obnovení systému byla ukončena s následující chybou:
%%2

Error - 30.6.2010 11:27:35 | Computer Name = 1003A | Source = SRService | ID = 104
Description = Proces inicializace nástroje Obnovení systému se nezdařil.

Error - 30.6.2010 11:27:36 | Computer Name = 1003A | Source = Service Control Manager | ID = 7023
Description = Služba Služba obnovení systému byla ukončena s následující chybou:
%%2


< End of report >

[Caroprd111]

Spusťte OTL a do spodního okna vložte následující skript.

Kód: Vybrat vše

:OTL
IE - HKU\S-1-5-21-1390067357-117609710-1801674531-1011\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ks.jm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.ks.jm
O4 - HKLM..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe File not found
O4 - HKLM..\Run: [IR_SERVER] C:\Program Files\Realtek\DVB-T USB DEVICE\IR_SERVER.exe File not found
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe File not found
O4 - HKLM..\Run: [RegistryMonitor1] C:\WINDOWS\System32\qtplugin.exe File not found
O4 - HKLM..\Run: [userini] C:\WINDOWS\System32\userini.exe File not found
O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\WButton.exe File not found
O4 - HKU\S-1-5-21-1390067357-117609710-1801674531-1011..\Run: [userini] C:\WINDOWS\System32\userini.exe File not found
O4 - Startup: C:\Documents and Settings\Administrator\Nabídka Start\Programy\Po spuštění\OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe File not found
O4 - Startup: C:\Documents and Settings\Default User\Nabídka Start\Programy\Po spuštění\OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe File not found
O4 - Startup: C:\Documents and Settings\jt226370\Nabídka Start\Programy\Po spuštění\OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe File not found
O4 - Startup: C:\Documents and Settings\oikt\Nabídka Start\Programy\Po spuštění\OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe File not found
O4 - Startup: C:\Documents and Settings\sz278883\Nabídka Start\Programy\Po spuštění\OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: userini = C:\WINDOWS\system32\userini.exe File not found
O7 - HKU\S-1-5-21-1390067357-117609710-1801674531-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: userini = C:\WINDOWS\system32\userini.exe File not found
O15 - HKU\S-1-5-21-1390067357-117609710-1801674531-1011\..Trusted Domains: ekisweb2 ([]http in Důvěryhodné servery)
O15 - HKU\S-1-5-21-1390067357-117609710-1801674531-1011\..Trusted Domains: ekiswebb ([]https in Důvěryhodné servery)
O15 - HKU\S-1-5-21-1390067357-117609710-1801674531-1011\..Trusted Domains: pcr.cz ([bravo-jm] https in Důvěryhodné servery)
O15 - HKU\S-1-5-21-1390067357-117609710-1801674531-1011\..Trusted Domains: s//ekisweb3 ([]http in Důvěryhodné servery)
O15 - HKU\S-1-5-21-1390067357-117609710-1801674531-1011\..Trusted Domains: VasServerEtr ([]* in Důvěryhodné servery)
O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O36 - AppCertDlls: AppSecDll - (C:\WINDOWS\system32\config\systemprofile\Local Settings\Data aplikací\Windows Server\udbhrz.dll) - C:\WINDOWS\system32\config\systemprofile\Local Settings\Data aplikací\Windows Server\udbhrz.dll ()
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2010.06.30 17:20:38 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
@Alternate Data Stream - 8684 bytes -> C:\WINDOWS\Prefetch\EXPLORER.EXE:USERINI.EXE-07411549.pf

:Files
C:\WINDOWS\Prefetch\EXPLORER.EXE

:Commands
[EMPTYTEMP] 
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[RESETHOSTS] 

Klikněte na Opravit, PC se restartuje, log vložte sem.


Stáhněte a uložte na plochu http://jpshortstuff.247fixes.com/SystemLook.exe nebo http://images.malwareremoval.com/jpshor ... emLook.exe

• Dvojklikem na ikonu program spusťte.
• Do bílého okénka zkopírujte text z následujícího bílého pole.

Kód: Vybrat vše

:dir 
C:\WINDOWS\system32\config\systemprofile\Local Settings\Data aplikací\Windows Server /s

• Klikněte na Look, po dokončení skenu na Vás vyskočí log, zkopírujte ho sem.
• Log se také bude nacházet na ploše v souboru SystemLook.txt

[pepa11]

All processes killed
========== OTL ==========
HKU\S-1-5-21-1390067357-117609710-1801674531-1011\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\CtrlVol deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\IR_SERVER deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\LaunchAp deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\RegistryMonitor1 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\userini deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Wbutton deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1390067357-117609710-1801674531-1011\Software\Microsoft\Windows\CurrentVersion\Run\\userini deleted successfully.
C:\Documents and Settings\Administrator\Nabídka Start\Programy\Po spuštění\OpenOffice.org 2.4.lnk moved successfully.
C:\Documents and Settings\Default User\Nabídka Start\Programy\Po spuštění\OpenOffice.org 2.4.lnk moved successfully.
C:\Documents and Settings\jt226370\Nabídka Start\Programy\Po spuštění\OpenOffice.org 2.4.lnk moved successfully.
C:\Documents and Settings\oikt\Nabídka Start\Programy\Po spuštění\OpenOffice.org 2.4.lnk moved successfully.
C:\Documents and Settings\sz278883\Nabídka Start\Programy\Po spuštění\OpenOffice.org 2.4.lnk moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\userini deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1390067357-117609710-1801674531-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\userini deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1390067357-117609710-1801674531-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ekisweb2\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1390067357-117609710-1801674531-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ekiswebb\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1390067357-117609710-1801674531-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\pcr.cz\bravo-jm\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1390067357-117609710-1801674531-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\s//ekisweb3\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1390067357-117609710-1801674531-1011\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\VasServerEtr\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\\AppSecDll:C:\WINDOWS\system32\config\systemprofile\Local Settings\Data aplikací\Windows Server\udbhrz.dll deleted successfully.
C:\WINDOWS\system32\config\systemprofile\Local Settings\Data aplikací\Windows Server\udbhrz.dll moved successfully.
C:\WINDOWS\002888_.tmp deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\system32\ezsidmv.dat moved successfully.
ADS C:\WINDOWS\Prefetch\EXPLORER.EXE:USERINI.EXE-07411549.pf deleted successfully.
========== FILES ==========
C:\WINDOWS\Prefetch\EXPLORER.EXE moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User
->Temp folder emptied: 12495195 bytes
->Temporary Internet Files folder emptied: 1488899163 bytes
->Java cache emptied: 0 bytes

User: jt226370
->Temp folder emptied: 22776778 bytes
->Temporary Internet Files folder emptied: 119457 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 37662197 bytes
->Flash cache emptied: 3729 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 706074 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: oikt
->Temp folder emptied: 12495195 bytes
->Temporary Internet Files folder emptied: 1488899163 bytes
->Java cache emptied: 0 bytes

User: sz278883
->Temp folder emptied: 25610 bytes
->Temporary Internet Files folder emptied: 3866758 bytes
->Java cache emptied: 2576854 bytes
->FireFox cache emptied: 59592214 bytes
->Flash cache emptied: 22830 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5807094 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 10954740 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 65984 bytes

Total Files Cleaned = 3 001,00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: jt226370
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: oikt

User: sz278883
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

Unable to start service SRService!
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.7.0 log created on 06302010_202213

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

[pepa11]

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 20:30 on 30/06/2010 by jt226370 (Administrator - Elevation successful)

========== dir ==========

C:\WINDOWS\system32\config\systemprofile\Local Settings\Data aplikací\Windows Server - Parameters: "/s"

---Files---
udbhrz.dll --a--- 3072 bytes [14:49 17/08/2004] [06:52 14/04/2008]

No folders found.

-=End Of File=-

[Caroprd111]

Ještě jednou spusťte SystemLook s následujícím skriptem.

Kód: Vybrat vše

:filefind
udbhrz.dll

[pepa11]

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 20:50 on 01/07/2010 by jt226370 (Administrator - Elevation successful)

========== filefind ==========

Searching for "udbhrz.dll"
C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Windows Server\udbhrz.dll --a--- 3072 bytes [14:49 17/08/2004] [06:52 14/04/2008] 574CEE41690397E264030B0A8FAEED73
C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Windows Server\udbhrz.dll --a--- 3072 bytes [14:49 17/08/2004] [06:52 14/04/2008] 574CEE41690397E264030B0A8FAEED73
C:\WINDOWS\system32\config\systemprofile\Local Settings\Data aplikací\Windows Server\udbhrz.dll --a--- 3072 bytes [14:49 17/08/2004] [06:52 14/04/2008] 574CEE41690397E264030B0A8FAEED73
C:\_OTL\MovedFiles\06302010_202213\C_WINDOWS\system32\config\systemprofile\Local Settings\Data aplikací\Windows Server\udbhrz.dll --a--- 3072 bytes [14:49 17/08/2004] [06:52 14/04/2008] 574CEE41690397E264030B0A8FAEED73

-=End Of File=-

[Caroprd111]

Spusťte OTL a do spodního okna vložte následující skript.

Kód: Vybrat vše

:Files
C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Windows Server
C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Windows Server
C:\WINDOWS\system32\config\systemprofile\Local Settings\Data aplikací\Windows Server

:Commands
[REBOOT] 

Klikněte na Opravit, PC se restartuje, log vložte sem.

[pepa11]

počítač se restartoval ale nevytvořil se log.

[Caroprd111]

Podívejte se, jestli není v C:\_OTL\MovedFiles