Nod hlasí červy...prosím o pomoc

Zpráva

Duhen · #76 Příspěvek od **Duhen** » 19 lis 2010 20:27

Jdu na OTL, ale například ten lsass.exe myslím dělal problémy už u předcházejících PC.

Za moment je to tady.

#77 Příspěvek od **motji** » 19 lis 2010 20:47

Skalní fanoušky

teda keygeny smazat

, jste na bezpečnostním foru a tohle jsou potencionální zdoje nákazy

.

Duhen · #78 Příspěvek od **Duhen** » 19 lis 2010 20:57

OTL.TXT
OTL logfile created on: 19.11.2010 20:28:48 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Dumastr\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

894,00 Mb Total Physical Memory | 215,00 Mb Available Physical Memory | 24,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 42,00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29,29 Gb Total Space | 12,86 Gb Free Space | 43,89% Space Free | Partition Type: NTFS
Drive D: | 119,75 Gb Total Space | 16,52 Gb Free Space | 13,79% Space Free | Partition Type: NTFS

Computer Name: DUMASTR-COMPAQ | User Name: Dumastr | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010.11.19 20:23:38 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dumastr\Plocha\OTL.exe
PRC - [2010.10.16 09:46:31 | 000,102,400 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\SAMSUNG\Samsung New PC Studio\NPSAgent.exe
PRC - [2010.09.30 11:09:13 | 000,116,104 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2010.09.29 09:57:46 | 000,616,448 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2010.09.23 15:44:32 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2010.08.18 19:42:52 | 000,353,736 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\IncrediMail\bin\IncMail.exe
PRC - [2010.08.18 19:41:26 | 000,255,432 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\IncrediMail\bin\ImApp.exe
PRC - [2010.06.22 14:22:52 | 000,138,752 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2010.04.29 14:39:32 | 001,090,952 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2010.04.01 18:59:58 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009.11.11 09:57:36 | 001,451,520 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
PRC - [2009.10.17 17:35:17 | 000,026,624 | ---- | M] () -- C:\WINDOWS\OETRN.EXE
PRC - [2009.04.26 16:28:57 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2009.04.23 22:39:48 | 000,495,616 | ---- | M] (Eset ) -- C:\Program Files\ESET\nod32krn.exe
PRC - [2009.03.31 08:39:36 | 000,233,472 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe
PRC - [2009.02.15 23:10:22 | 002,402,184 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2009.02.15 23:10:22 | 000,981,384 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2008.08.22 17:05:28 | 001,942,816 | ---- | M] (Axentra Corporation) -- C:\Program Files\HipServ Desktop Applications\HipServAgent\HipServAgent.exe
PRC - [2008.08.11 12:41:00 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2008.08.11 12:41:00 | 000,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2008.04.14 07:52:24 | 000,976,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.03.18 02:06:00 | 001,848,648 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2007.11.13 19:23:15 | 002,585,360 | ---- | M] (Hagel Technologies Ltd) -- C:\Program Files\DU Meter\DUMeter.exe
PRC - [2007.11.10 09:02:13 | 001,382,672 | ---- | M] (Hagel Technologies Ltd) -- C:\Program Files\DU Meter\DUMeterSvc.exe
PRC - [2007.06.06 06:00:00 | 001,074,896 | ---- | M] (C. Ghisler & Co.) -- C:\Program Files\totalcmd\TOTALCMD.EXE
PRC - [2007.03.18 23:05:02 | 000,630,784 | ---- | M] () -- C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
PRC - [2006.10.22 22:24:02 | 000,620,152 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
PRC - [2006.05.21 08:43:14 | 000,155,648 | ---- | M] (Y'z@Home) -- C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
PRC - [2006.05.21 08:43:08 | 000,180,224 | ---- | M] () -- C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
PRC - [2006.05.19 13:43:06 | 000,147,456 | ---- | M] (Nokia Corporation) -- C:\Nokia\Tools\Nokia_S40_Theme_Studio_2_1\S40ThemeStudio.exe
PRC - [2005.12.13 21:30:16 | 000,917,504 | ---- | M] (Eset ) -- C:\Program Files\ESET\nod32kui.exe
PRC - [2005.09.19 16:02:54 | 000,581,693 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\MSI\Star Key Bluetooth Software\BTTray.exe
PRC - [2005.09.19 15:56:06 | 000,258,103 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\MSI\Star Key Bluetooth Software\bin\btwdins.exe
PRC - [2005.07.13 20:05:00 | 000,344,064 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\Ovladaci panel ATI\atiptaxx.exe
PRC - [2003.08.20 00:22:30 | 000,278,528 | ---- | M] (ABBYY (BIT Software)) -- C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe
PRC - [2000.03.30 15:22:04 | 000,152,576 | R--- | M] () -- C:\Program Files\Eject.exe

========== Modules (SafeList) ==========

MOD - [2010.11.19 20:23:38 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dumastr\Plocha\OTL.exe
MOD - [2010.08.23 17:12:33 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009.10.17 17:35:17 | 000,045,056 | ---- | M] () -- C:\WINDOWS\TRNOEH.DLL
MOD - [2007.03.18 23:04:22 | 000,069,632 | ---- | M] () -- C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.dll
MOD - [2006.05.21 08:43:14 | 000,053,248 | ---- | M] () -- C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.dll
MOD - [2006.05.21 08:43:08 | 000,065,536 | ---- | M] () -- C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon.dll
MOD - [2006.05.03 21:53:54 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (SysmonLogDUMeterSvc)
SRV - [2010.09.30 11:09:13 | 000,116,104 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2010.09.29 09:57:46 | 000,616,448 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010.09.23 15:44:32 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2010.03.22 14:53:24 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2009.04.26 16:28:57 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.04.23 22:39:48 | 000,495,616 | ---- | M] (Eset ) [Auto | Running] -- C:\Program Files\Eset\nod32krn.exe -- (NOD32krn)
SRV - [2009.03.31 08:39:36 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2009.02.15 23:10:22 | 002,402,184 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2008.10.16 17:22:20 | 000,464,264 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\AskBarDis\bar\bin\AskService.exe -- (ASKService)
SRV - [2008.08.11 12:41:00 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2007.11.10 09:02:13 | 001,382,672 | ---- | M] (Hagel Technologies Ltd) [Auto | Running] -- C:\Program Files\DU Meter\DUMeterSvc.exe -- (DUMeterSvc)
SRV - [2005.09.19 15:56:06 | 000,258,103 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\MSI\Star Key Bluetooth Software\bin\btwdins.exe -- (btwdins)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\Drivers\SSPORT.sys -- (SSPORT)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Dumastr\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010.10.16 09:46:09 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2010.09.30 11:09:01 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2010.04.29 14:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010.04.25 22:01:51 | 000,010,454 | ---- | M] (Data Encryption Systems Limited) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\parldr2k.sys -- (PARLDR2K)
DRV - [2010.02.26 14:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010.02.26 14:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010.02.26 14:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010.02.26 14:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010.02.26 14:21:22 | 000,137,344 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2010.02.26 14:21:22 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2009.11.24 13:04:59 | 000,114,048 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2009.05.10 15:20:44 | 001,294,200 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2009.04.23 22:51:32 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2009.04.23 22:39:49 | 000,502,208 | ---- | M] (Eset ) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\amon.sys -- (AMON)
DRV - [2009.03.31 08:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009.03.20 09:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2009.03.20 09:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV - [2009.03.20 09:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV - [2009.02.15 23:10:26 | 000,353,672 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2008.11.17 02:24:00 | 000,051,688 | ---- | M] (Check Point Software Technologies LTD) [Kernel | Boot | Running] -- C:\WINDOWS\system32\ZoneLabs\srescan.sys -- (srescan)
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.08.11 12:41:00 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008.08.11 12:41:00 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2008.07.23 23:29:16 | 000,047,744 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vserial.sys -- (vserial)
DRV - [2008.07.23 23:29:16 | 000,015,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vsb.sys -- (vsbus)
DRV - [2008.01.24 18:25:22 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2006.06.18 22:59:28 | 000,043,008 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005.09.20 15:26:16 | 001,342,122 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2005.09.20 15:03:36 | 000,401,664 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2005.09.19 15:44:52 | 000,023,271 | ---- | M] (Broadcom Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btserial.sys -- (BTSERIAL)
DRV - [2005.09.19 15:44:46 | 000,222,876 | ---- | M] (Broadcom Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btslbcsp.sys -- (BTSLBCSP)
DRV - [2005.09.19 15:42:04 | 000,030,363 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2005.09.19 15:41:58 | 000,030,189 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2005.09.19 15:41:36 | 000,056,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2005.09.19 15:38:26 | 000,148,040 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2005.08.30 00:49:38 | 000,094,000 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssm_mdm.sys -- (ssm_mdm)
DRV - [2005.08.30 00:49:34 | 000,008,336 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssm_mdfl.sys -- (ssm_mdfl)
DRV - [2005.08.30 00:47:38 | 000,058,320 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ssm_bus.sys -- (ssm_bus) SAMSUNG Mobile USB Device II 1.0 driver (WDM)
DRV - [2005.08.23 06:07:00 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005.08.23 06:06:10 | 000,718,464 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005.08.23 06:06:00 | 000,231,424 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWATI.sys -- (HSFHWATI)
DRV - [2005.07.14 11:37:16 | 001,269,760 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005.02.18 14:42:02 | 000,349,696 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6hal.sys -- (CAMCHALA)
DRV - [2005.02.18 14:41:18 | 000,038,016 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6aud.sys -- (CAMCAUD)
DRV - [2004.08.03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-484763869-413027322-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/english/
IE - HKU\S-1-5-21-484763869-413027322-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "megaup"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "megaup"
FF - prefs.js..browser.search.selectedEngine: "MyStart Search"
FF - prefs.js..browser.startup.homepage: "http://seznam.cz/"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: cs@dictionaries.addons.mozilla.org:1.0.1
FF - prefs.js..extensions.enabledItems: {4BBDD651-70CF-4821-84F8-2B918CF89CA3}:6.3.2
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.10.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com:1.0.0.608
FF - prefs.js..extensions.enabledItems: {77cc7167-f384-464c-897a-2ea636283c95}:0.9.2.1
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {FDE3FEE9-893E-4cc7-A814-60E0DE7B2E01}:3.6
FF - prefs.js..extensions.enabledItems: {9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}:3.72
FF - prefs.js..extensions.enabledItems: {dd30bf68-268a-4815-ad48-8740b774c764}:5.0.0
FF - prefs.js..extensions.enabledItems: {5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}:1.8.57
FF - prefs.js..keyword.URL: "http://mystart.incredimail.com/?loc=ff_ ... fs&search="

FF - HKLM\software\mozilla\Firefox\extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010.04.25 19:17:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.10.17 22:30:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.09.06 09:02:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.09.06 09:00:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2010.12.04 17:50:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dumastr\Data aplikací\Mozilla\Extensions
[2010.12.04 17:50:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dumastr\Data aplikací\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.10.23 10:17:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dumastr\Data aplikací\Mozilla\Firefox\Profiles\xzvne7mb.default\extensions
[2009.06.16 10:44:22 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Documents and Settings\Dumastr\Data aplikací\Mozilla\Firefox\Profiles\xzvne7mb.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2009.08.08 11:03:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Dumastr\Data aplikací\Mozilla\Firefox\Profiles\xzvne7mb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.04.25 09:36:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dumastr\Data aplikací\Mozilla\Firefox\Profiles\xzvne7mb.default\extensions\{29852C08-1E91-4889-A6BF-C77F91D6A8F3}
[2009.04.25 09:36:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dumastr\Data aplikací\Mozilla\Firefox\Profiles\xzvne7mb.default\extensions\{34274bf4-1d97-a289-e984-17e546307e4f}
[2009.04.25 09:36:00 | 000,000,000 | ---D | M] (Mega Manager Integration) -- C:\Documents and Settings\Dumastr\Data aplikací\Mozilla\Firefox\Profiles\xzvne7mb.default\extensions\{40a1f5d7-afc2-498f-b264-02668d616ff6}
[2009.11.13 09:49:57 | 000,000,000 | ---D | M] (FEBE) -- C:\Documents and Settings\Dumastr\Data aplikací\Mozilla\Firefox\Profiles\xzvne7mb.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2010.01.29 10:47:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dumastr\Data aplikací\Mozilla\Firefox\Profiles\xzvne7mb.default\extensions\{5A170DD3-63CA-4c58-93B7-DE9FF536C2FF}
[2009.11.20 10:37:06 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dumastr\Data aplikací\Mozilla\Firefox\Profiles\xzvne7mb.default\extensions\{77cc7167-f384-464c-897a-2ea636283c95}
[2010.01.07 17:51:56 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Documents and Settings\Dumastr\Data aplikací\Mozilla\Firefox\Profiles\xzvne7mb.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
[2009.07.01 13:05:35 | 000,000,000 | ---D | M] (Web Developer) -- C:\Documents and Settings\Dumastr\Data aplikací\Mozilla\Firefox\Profiles\xzvne7mb.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2009.04.25 09:36:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dumastr\Data aplikací\Mozilla\Firefox\Profiles\xzvne7mb.default\extensions\{d650973c-0444-4ac7-9d00-19e3613c83b9}
[2010.06.07 14:55:00 | 000,000,000 | ---D | M] (Red Cats (green flavor)) -- C:\Documents and Settings\Dumastr\Data aplikací\Mozilla\Firefox\Profiles\xzvne7mb.default\extensions\{dd30bf68-268a-4815-ad48-8740b774c764}
[2010.04.12 10:02:55 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\Dumastr\Data aplikací\Mozilla\Firefox\Profiles\xzvne7mb.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009.10.24 13:45:04 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dumastr\Data aplikací\Mozilla\Firefox\Profiles\xzvne7mb.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2010.06.07 14:54:59 | 000,000,000 | ---D | M] (Aeon Clouds) -- C:\Documents and Settings\Dumastr\Data aplikací\Mozilla\Firefox\Profiles\xzvne7mb.default\extensions\{FDE3FEE9-893E-4cc7-A814-60E0DE7B2E01}
[2009.04.25 09:35:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dumastr\Data aplikací\Mozilla\Firefox\Profiles\xzvne7mb.default\extensions\cs@dictionaries.addons.mozilla.org
[2010.09.02 08:35:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dumastr\Data aplikací\Mozilla\Firefox\Profiles\xzvne7mb.default\extensions\LogMeInClient@logmein.com
[2009.04.25 09:35:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dumastr\Data aplikací\Mozilla\Firefox\Profiles\xzvne7mb.default\extensions\SphereGnome
[2009.04.25 09:35:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dumastr\Data aplikací\Mozilla\Firefox\Profiles\xzvne7mb.default\extensions\SphereGnomeBig
[2009.04.25 09:35:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dumastr\Data aplikací\Mozilla\Firefox\Profiles\xzvne7mb.default\extensions\SphereGnomeJumbo
[2009.04.25 09:35:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dumastr\Data aplikací\Mozilla\Firefox\Profiles\xzvne7mb.default\extensions\temp
[2009.04.25 09:35:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dumastr\Data aplikací\Mozilla\Firefox\Profiles\xzvne7mb.default\extensions\zoomy
[2010.12.04 17:52:16 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\Dumastr\Data aplikací\Mozilla\Firefox\Profiles\xzvne7mb.default\searchplugins\icqplugin.xml
[2010.06.08 12:24:57 | 000,002,060 | ---- | M] () -- C:\Documents and Settings\Dumastr\Data aplikací\Mozilla\Firefox\Profiles\xzvne7mb.default\searchplugins\MyStart Search.xml
[2009.10.22 14:36:16 | 000,002,061 | ---- | M] () -- C:\Documents and Settings\Dumastr\Data aplikací\Mozilla\Firefox\Profiles\xzvne7mb.default\searchplugins\qipsearch.xml
[2010.10.23 10:17:35 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.07.23 17:31:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.10.22 09:57:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.09.15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.04.01 17:51:34 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.04.01 17:51:34 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.04.01 17:51:34 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.04.01 17:51:34 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.04.01 17:51:34 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2010.11.19 15:17:03 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (WebTransBHO Class) - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (WebTranslator) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll ()
O3 - HKU\S-1-5-21-484763869-413027322-839522115-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\Ovladaci panel ATI\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [FineReader7NewsReaderPro] C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe (ABBYY (BIT Software))
O4 - HKLM..\Run: [HipServ Agent] C:\Program Files\HipServ Desktop Applications\HipServAgent\HipServAgent.exe (Axentra Corporation)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [nod32kui] C:\Program Files\Eset\nod32kui.exe (Eset )
O4 - HKLM..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe ()
O4 - HKLM..\Run: [UpdateReminder] C:\Program Files\ESET\UpdateReminder.exe (ESET, spol. s r.o.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-21-484763869-413027322-839522115-1003..\Run: [AutoStartNPSAgent] C:\Program Files\SAMSUNG\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKU\S-1-5-21-484763869-413027322-839522115-1003..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe (Hagel Technologies Ltd)
O4 - HKU\S-1-5-21-484763869-413027322-839522115-1003..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
O4 - HKU\S-1-5-21-484763869-413027322-839522115-1003..\Run: [OEXPRESS] C:\WINDOWS\OETRN.EXE ()
O4 - HKU\S-1-5-21-484763869-413027322-839522115-1003..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth.lnk = C:\Program Files\MSI\Star Key Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\Dumastr\Nabídka Start\Programy\Po spuštění\RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe ()
O4 - Startup: C:\Documents and Settings\Dumastr\Nabídka Start\Programy\Po spuštění\TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe (AKSoftware)
O4 - Startup: C:\Documents and Settings\Dumastr\Nabídka Start\Programy\Po spuštění\UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe ()
O4 - Startup: C:\Documents and Settings\Dumastr\Nabídka Start\Programy\Po spuštění\Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe (Y'z@Home)
O4 - Startup: C:\Documents and Settings\Dumastr\Nabídka Start\Programy\Po spuštění\Zástupce - Eject.lnk = C:\Program Files\Eject.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-484763869-413027322-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-484763869-413027322-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-484763869-413027322-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-484763869-413027322-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll ()
O9 - Extra 'Tools' menuitem : &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll ()
O9 - Extra 'Tools' menuitem : &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll ()
O9 - Extra 'Tools' menuitem : Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll ()
O9 - Extra 'Tools' menuitem : Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - File not found
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/ ... ontrol.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\BricoPack Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\BricoPack Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Kristal Studio)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: VIDC.ACDV - C:\WINDOWS\System32\ACDV.dll (ACD Systems)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.ffds - C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
Drivers32: vidc.I420 - C:\WINDOWS\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (56027075282206720)

========== Files/Folders - Created Within 30 Days ==========

[2010.12.04 17:50:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dumastr\Local Settings\Data aplikací\Thunderbird
[2010.12.04 17:50:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dumastr\Data aplikací\Thunderbird
[2010.12.04 17:49:05 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2010.11.19 20:23:27 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dumastr\Plocha\OTL.exe
[2010.11.19 17:19:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dumastr\Application Data
[2010.11.19 17:18:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dumastr\.Nokia
[2010.11.19 17:17:41 | 000,000,000 | ---D | C] -- C:\Nokia
[2010.11.19 15:29:06 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Dumastr\Recent
[2010.11.19 15:26:47 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010.11.19 15:22:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010.11.19 12:42:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dumastr\Plocha\gmer
[2010.11.19 09:57:07 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010.11.19 09:57:07 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010.11.19 09:57:06 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010.11.19 09:57:06 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010.11.19 09:52:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010.11.19 09:52:17 | 000,416,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF28957.exe
[2010.11.19 09:52:07 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.11.19 09:47:23 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.11.19 09:47:21 | 000,000,000 | ---D | C] -- C:\rsit
[2010.11.13 16:21:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dumastr\Local Settings\Data aplikací\ABBYY
[2010.11.13 16:21:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dumastr\Data aplikací\ABBYY
[2010.11.13 16:20:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\ABBYY
[2010.11.13 16:18:23 | 000,000,000 | ---D | C] -- C:\Program Files\ABBYY FineReader 7.0 Professional Edition
[2010.11.13 15:10:17 | 000,000,000 | ---D | C] -- C:\Program Files\YouTube Downloader
[2010.11.09 14:43:57 | 000,018,816 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys
[2010.11.09 14:42:31 | 000,008,320 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcdnsuc.sys
[2010.11.09 14:42:29 | 000,137,344 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\nmwcdnsu.sys
[2010.11.09 14:42:27 | 000,008,192 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerfltj.sys
[2010.11.09 14:42:26 | 000,008,192 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerflt.sys
[2010.11.09 14:42:24 | 000,022,528 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmbo.sys
[2010.11.09 14:42:21 | 001,461,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfcoinstaller01009.dll
[2010.11.09 14:42:21 | 000,662,016 | ---- | C] (Nokia) -- C:\WINDOWS\System32\nmwcdcocls.dll
[2010.11.09 14:42:21 | 000,018,176 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmb.sys
[2010.10.22 09:57:55 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010.10.22 09:57:55 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010.10.22 09:57:55 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009.08.06 13:00:47 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Dumastr\Data aplikací\pcouffin.sys
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\Documents and Settings\Dumastr\Dokumenty\*.tmp files -> C:\Documents and Settings\Dumastr\Dokumenty\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.12.04 17:33:56 | 000,001,664 | ---- | M] () -- C:\Documents and Settings\Dumastr\Plocha\Zástupce (2) - Pohoda.lnk
[2010.11.19 20:23:38 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dumastr\Plocha\OTL.exe
[2010.11.19 20:18:03 | 000,001,678 | ---- | M] () -- C:\WINDOWS\MAILTRAN.INI
[2010.11.19 18:50:21 | 000,000,440 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2010.11.19 17:21:39 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010.11.19 17:21:39 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010.11.19 17:16:51 | 000,005,277 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2010.11.19 15:42:34 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.11.19 15:42:22 | 000,350,196 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010.11.19 15:41:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.11.19 15:29:26 | 000,435,594 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.11.19 15:29:26 | 000,432,516 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2010.11.19 15:29:26 | 000,079,440 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2010.11.19 15:29:26 | 000,068,490 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.11.19 15:17:03 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.11.19 10:57:40 | 003,911,589 | R--- | M] () -- C:\Documents and Settings\Dumastr\Plocha\ComboFix.exe
[2010.11.19 10:57:40 | 003,911,589 | ---- | M] () -- C:\Documents and Settings\Dumastr\Dokumenty\ComboFix.exe
[2010.11.19 10:21:42 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2010.11.19 09:51:58 | 000,416,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF28957.exe
[2010.11.19 09:40:16 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.11.16 21:07:25 | 000,016,384 | ---- | M] () -- C:\Documents and Settings\Dumastr\Dokumenty\Skylink.xls
[2010.11.16 20:59:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010.11.15 18:18:43 | 000,000,099 | ---- | M] () -- C:\WINDOWS\posta2.ini
[2010.11.14 13:12:22 | 000,037,888 | ---- | M] () -- C:\Documents and Settings\Dumastr\Dokumenty\Zpráva 2.doc
[2010.11.14 13:11:12 | 000,037,888 | ---- | M] () -- C:\Documents and Settings\Dumastr\Dokumenty\Zpráva 1.doc
[2010.11.14 00:55:34 | 000,032,350 | ---- | M] () -- C:\DiseqC 1.0.jpg
[2010.11.13 18:16:58 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Dumastr\Dokumenty\Zpráva 3.doc
[2010.11.13 15:10:20 | 000,000,810 | ---- | M] () -- C:\Documents and Settings\Dumastr\Plocha\YouTube Downloader.lnk
[2010.11.12 17:33:59 | 000,001,905 | ---- | M] () -- C:\WINDOWS\diagwrn.xml
[2010.11.12 17:33:59 | 000,001,905 | ---- | M] () -- C:\WINDOWS\diagerr.xml
[2010.11.12 17:00:52 | 000,050,451 | ---- | M] () -- C:\WINDOWS\CSTBox.INI
[2010.11.12 14:33:06 | 000,607,451 | ---- | M] () -- C:\Documents and Settings\Dumastr\Plocha\100_0834_parabola.jpg
[2010.11.12 14:23:55 | 000,044,674 | ---- | M] () -- C:\Documents and Settings\Dumastr\Plocha\Prijem-dvou-druzic-l.jpg
[2010.11.10 14:07:24 | 000,000,256 | ---- | M] () -- C:\dk2.mem
[2010.11.09 14:50:34 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
[2010.11.09 14:50:29 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_user_01_09_00.Wdf
[2010.11.09 14:40:47 | 000,001,868 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Nokia Software Updater.lnk
[2010.11.08 10:32:38 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Dumastr\Plocha\gmer.exe
[2010.11.08 01:20:24 | 000,089,088 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2010.11.01 14:33:10 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Dumastr\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\Documents and Settings\Dumastr\Dokumenty\*.tmp files -> C:\Documents and Settings\Dumastr\Dokumenty\*.tmp -> ]

========== Files Created - No Company Name ==========

Duhen · #79 Příspěvek od **Duhen** » 19 lis 2010 20:58

OTL.txt POKRAČOVÁNÍ

[2010.11.19 17:21:31 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010.11.19 17:21:31 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010.11.19 12:42:46 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\Dumastr\Plocha\gmer.exe
[2010.11.19 10:58:40 | 003,911,589 | R--- | C] () -- C:\Documents and Settings\Dumastr\Plocha\ComboFix.exe
[2010.11.19 10:57:31 | 003,911,589 | ---- | C] () -- C:\Documents and Settings\Dumastr\Dokumenty\ComboFix.exe
[2010.11.19 09:57:08 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010.11.19 09:57:07 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010.11.19 09:57:07 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010.11.19 09:57:07 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010.11.19 09:57:07 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010.11.14 14:22:07 | 000,016,384 | ---- | C] () -- C:\Documents and Settings\Dumastr\Dokumenty\Skylink.xls
[2010.11.14 00:55:34 | 000,032,350 | ---- | C] () -- C:\DiseqC 1.0.jpg
[2010.11.13 18:05:40 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Dumastr\Dokumenty\Zpráva 3.doc
[2010.11.13 17:46:56 | 000,037,888 | ---- | C] () -- C:\Documents and Settings\Dumastr\Dokumenty\Zpráva 2.doc
[2010.11.13 17:25:17 | 000,037,888 | ---- | C] () -- C:\Documents and Settings\Dumastr\Dokumenty\Zpráva 1.doc
[2010.11.13 15:10:20 | 000,000,810 | ---- | C] () -- C:\Documents and Settings\Dumastr\Plocha\YouTube Downloader.lnk
[2010.11.12 17:33:37 | 000,001,905 | ---- | C] () -- C:\WINDOWS\diagwrn.xml
[2010.11.12 17:33:37 | 000,001,905 | ---- | C] () -- C:\WINDOWS\diagerr.xml
[2010.11.12 14:33:05 | 000,607,451 | ---- | C] () -- C:\Documents and Settings\Dumastr\Plocha\100_0834_parabola.jpg
[2010.11.12 14:23:52 | 000,044,674 | ---- | C] () -- C:\Documents and Settings\Dumastr\Plocha\Prijem-dvou-druzic-l.jpg
[2010.11.10 14:07:24 | 000,000,256 | ---- | C] () -- C:\dk2.mem
[2010.11.09 14:50:34 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
[2010.11.09 14:50:29 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_user_01_09_00.Wdf
[2010.11.09 14:40:47 | 000,001,868 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Nokia Software Updater.lnk
[2010.10.16 09:24:09 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2010.10.16 09:24:09 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2010.10.16 09:23:42 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Dumastr\Data aplikací\$_hpcst$.hpc
[2010.09.06 09:01:13 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\QTSBandwidthCache
[2010.06.01 16:13:22 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2010.03.31 14:50:47 | 000,000,741 | ---- | C] () -- C:\WINDOWS\tcburner.ini
[2010.03.18 17:31:10 | 000,050,451 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2010.01.14 12:27:26 | 000,434,176 | ---- | C] () -- C:\WINDOWS\System32\CNQL3203.DLL
[2009.11.04 14:00:30 | 000,000,005 | ---- | C] () -- C:\Program Files\trl.trl
[2009.10.17 17:35:18 | 000,200,704 | ---- | C] () -- C:\WINDOWS\TRNOET.DLL
[2009.10.17 17:33:33 | 000,001,678 | ---- | C] () -- C:\WINDOWS\MAILTRAN.INI
[2009.10.17 17:33:32 | 000,002,476 | ---- | C] () -- C:\WINDOWS\TRNCOM.INI
[2009.10.17 17:33:22 | 000,004,811 | ---- | C] () -- C:\WINDOWS\WTRAN32.INI
[2009.10.17 17:33:22 | 000,001,581 | ---- | C] () -- C:\WINDOWS\WDICT32.INI
[2009.10.15 22:01:09 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\LauncherAccess.dt
[2009.10.15 21:47:21 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009.08.06 13:01:29 | 000,001,044 | ---- | C] () -- C:\Documents and Settings\Dumastr\Data aplikací\vso_ts_preview.xml
[2009.08.06 13:01:07 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\Dumastr\Data aplikací\pcouffin.log
[2009.08.06 13:00:47 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Dumastr\Data aplikací\inst.exe
[2009.08.06 13:00:47 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Dumastr\Data aplikací\pcouffin.cat
[2009.08.06 13:00:47 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Dumastr\Data aplikací\pcouffin.inf
[2009.08.04 16:10:24 | 000,152,576 | R--- | C] () -- C:\Program Files\Eject.exe
[2009.07.29 09:18:43 | 000,000,024 | ---- | C] () -- C:\Documents and Settings\Dumastr\Data aplikací\xpy.ini
[2009.07.03 11:34:31 | 000,758,018 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009.07.03 11:34:31 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009.06.06 09:55:41 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS66.DLL
[2009.05.10 16:00:48 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Dumastr\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.05.10 12:50:39 | 000,000,031 | ---- | C] () -- C:\WINDOWS\idc.ini
[2009.05.10 12:50:32 | 000,000,148 | ---- | C] () -- C:\WINDOWS\usdthank.ini
[2009.05.04 14:17:38 | 000,000,155 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.04.27 13:20:07 | 000,000,099 | ---- | C] () -- C:\WINDOWS\posta2.ini
[2009.04.27 10:53:02 | 000,001,567 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2009.04.27 09:24:43 | 000,112,688 | ---- | C] () -- C:\WINDOWS\System32\shw32.dll
[2009.04.26 17:02:41 | 000,491,520 | ---- | C] () -- C:\WINDOWS\WebIE.dll
[2009.04.26 17:02:40 | 000,045,056 | ---- | C] () -- C:\WINDOWS\TRNOEH.DLL
[2009.04.26 17:02:15 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WTRDCTM.INI
[2009.04.26 17:01:46 | 000,002,753 | ---- | C] () -- C:\WINDOWS\UN32P.INI
[2009.04.26 16:57:22 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2009.04.24 15:14:12 | 000,000,390 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009.04.23 22:57:29 | 000,000,132 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2009.04.23 13:41:38 | 000,004,249 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009.04.23 12:54:10 | 000,005,277 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2008.07.23 23:29:16 | 000,047,744 | ---- | C] () -- C:\WINDOWS\System32\drivers\vserial.sys
[2008.07.23 23:29:16 | 000,015,264 | ---- | C] () -- C:\WINDOWS\System32\drivers\vsb.sys
[2005.09.19 15:50:42 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2003.04.09 14:38:04 | 000,005,664 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002.03.21 14:39:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2001.08.29 13:11:40 | 000,398,848 | R--- | C] () -- C:\WINDOWS\System32\DK2WIN32.DLL

========== LOP Check ==========

[2010.09.24 08:09:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ACD Systems
[2009.11.24 13:13:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Acronis
[2009.07.31 14:31:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Azureus
[2009.10.14 22:03:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\CanonBJ
[2009.04.26 16:57:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Hagel Technologies
[2010.06.08 12:26:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\IM
[2010.06.08 12:24:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\IncrediMail
[2010.11.09 14:39:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Installations
[2009.11.10 17:23:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\LogMeIn
[2010.05.11 09:46:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Nokia
[2010.01.18 10:01:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\OviInstallerCache
[2010.04.25 19:21:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\PC Suite
[2010.07.02 11:28:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Sony
[2010.07.30 09:25:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2009.08.08 08:46:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\vsosdk
[2009.04.26 17:36:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dumastr\Data aplikací\ACD Systems
[2010.06.01 16:51:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dumastr\Data aplikací\AnvSoft
[2010.05.30 13:22:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dumastr\Data aplikací\Azureus
[2010.08.08 20:10:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dumastr\Data aplikací\BSplayer
[2010.08.08 20:01:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dumastr\Data aplikací\BSplayer Pro
[2010.11.12 17:00:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dumastr\Data aplikací\Canon
[2009.10.26 17:33:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dumastr\Data aplikací\CD-LabelPrint
[2009.06.17 13:48:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dumastr\Data aplikací\diag
[2010.01.19 15:25:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dumastr\Data aplikací\HipServDesktopMirror
[2010.03.20 15:37:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dumastr\Data aplikací\ICQ
[2010.11.09 14:34:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dumastr\Data aplikací\MOBILedit
[2010.10.16 09:00:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dumastr\Data aplikací\MyPhoneExplorer
[2010.11.10 15:16:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dumastr\Data aplikací\Nokia
[2010.01.26 16:25:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dumastr\Data aplikací\Nokia Ovi Suite
[2010.10.12 09:48:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dumastr\Data aplikací\PC Suite
[2010.07.02 11:38:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dumastr\Data aplikací\Publish Providers
[2010.10.16 09:23:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dumastr\Data aplikací\Samsung
[2010.05.22 11:38:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dumastr\Data aplikací\Software Informer
[2010.07.02 11:44:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dumastr\Data aplikací\Sony
[2009.04.27 14:23:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dumastr\Data aplikací\STORMWARE
[2009.06.19 16:12:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dumastr\Data aplikací\streamripper
[2010.12.04 17:50:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dumastr\Data aplikací\Thunderbird
[2010.07.30 09:29:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dumastr\Data aplikací\VideoReDo-TVSuite4
[2009.05.10 12:57:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dumastr\Data aplikací\VitySoft
[2010.07.23 13:50:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dumastr\Data aplikací\Vso
[2010.07.22 15:07:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dumastr\Data aplikací\Zoner

========== Purity Check ==========

========== Custom Scans ==========

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"IncrediMail" = C:\Program Files\IncrediMail\bin\IncMail.exe /c -- [2010.08.18 19:42:52 | 000,353,736 | ---- | M] (IncrediMail, Ltd.)
"DU Meter" = C:\Program Files\DU Meter\DUMeter.exe -- [2007.11.13 19:23:15 | 002,585,360 | ---- | M] (Hagel Technologies Ltd)
"OEXPRESS" = C:\WINDOWS\OETRN.EXE -- [2009.10.17 17:35:17 | 000,026,624 | ---- | M] ()
"PC Suite Tray" = "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray -- [2009.11.11 09:57:36 | 001,451,520 | ---- | M] (Nokia)
"AutoStartNPSAgent" = C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe -- [2010.10.16 09:46:31 | 000,102,400 | ---- | M] (Samsung Electronics Co., Ltd.)
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\AutorunsDisabled]
"MSMSGS" = "C:\Program Files\Messenger\msmsgs.exe" /background -- [2008.04.14 07:52:38 | 001,695,232 | ---- | M] (Microsoft Corporation)

< c:\windows\*.* /U >
[4 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >
[2010.07.08 12:51:10 | 079,313,640 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\10-2_legacy_xp32-64_dd_ccc.exe
[2010.07.08 13:42:46 | 086,796,704 | ---- | M] (NVIDIA Corporation) -- C:\257.21_desktop_winxp_32bit_english_whql.exe
[2010.07.08 13:36:34 | 050,510,847 | ---- | M] (AMD Inc.) -- C:\6-11-pre-r300_xp-2k_dd_ccc_wdm_38185.exe

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2010.11.13 16:21:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dumastr\Data aplikací\ABBYY
[2009.04.26 17:36:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dumastr\Data aplikací\ACD Systems
[2009.04.26 15:35:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dumastr\Data aplikací\Adobe
[2009.10.20 16:43:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dumastr\Data aplikací\Ahead
[2010.06.01 16:51:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dumastr\Data aplikací\AnvSoft
[2010.09.06 09:01:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dumastr\Data aplikací\Apple Computer
[2010.05.30 13:22:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dumastr\Data aplikací\Azureus
[2010.08.08 20:10:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dumastr\Data aplikací\BSplayer
[2010.08.08 20:01:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dumastr\Data aplikací\BSplayer Pro
[2010.11.12 17:00:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dumastr\Data aplikací\Canon
[2009.10.26 17:33:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dumastr\Data aplikací\CD-LabelPrint
[2009.04.30 13:54:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dumastr\Data aplikací\Corel
[2009.05.26 09:14:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dumastr\Data aplikací\CyberLink
[2009.06.17 13:48:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dumastr\Data aplikací\diag
[2010.06.05 14:27:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dumastr\Data aplikací\Download Manager
[2010.05.15 17:27:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dumastr\Data aplikací\Help
[2010.01.19 15:25:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dumastr\Data aplikací\HipServDesktopMirror
[2010.03.20 15:37:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dumastr\Data aplikací\ICQ
[2009.04.23 12:29:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dumastr\Data aplikací\Identities
[2009.05.10 15:17:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dumastr\Data aplikací\InstallShield
[2009.07.29 10:42:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dumastr\Data aplikací\Lavasoft
[2009.09.10 14:03:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dumastr\Data aplikací\Macromedia
[2009.08.21 11:31:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dumastr\Data aplikací\Malwarebytes
[2009.05.25 09:42:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dumastr\Data aplikací\Media Player Classic
[2010.10.06 12:29:30 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Dumastr\Data aplikací\Microsoft
[2010.11.09 14:34:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dumastr\Data aplikací\MOBILedit
[2009.04.25 09:33:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dumastr\Data aplikací\Mozilla
[2010.10.16 09:00:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dumastr\Data aplikací\MyPhoneExplorer
[2010.11.10 15:16:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dumastr\Data aplikací\Nokia
[2010.01.26 16:25:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dumastr\Data aplikací\Nokia Ovi Suite
[2010.10.12 09:48:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dumastr\Data aplikací\PC Suite
[2010.07.02 11:38:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dumastr\Data aplikací\Publish Providers
[2010.10.16 09:23:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dumastr\Data aplikací\Samsung
[2010.10.16 12:15:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dumastr\Data aplikací\Skype
[2010.10.16 08:49:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dumastr\Data aplikací\skypePM
[2010.05.22 11:38:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dumastr\Data aplikací\Software Informer
[2010.07.02 11:44:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dumastr\Data aplikací\Sony
[2009.04.27 14:23:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dumastr\Data aplikací\STORMWARE
[2009.06.19 16:12:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dumastr\Data aplikací\streamripper
[2009.05.10 12:53:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dumastr\Data aplikací\Sun
[2010.12.04 17:50:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dumastr\Data aplikací\Thunderbird
[2010.06.25 16:41:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dumastr\Data aplikací\U3
[2010.07.30 09:29:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dumastr\Data aplikací\VideoReDo-TVSuite4
[2009.05.10 12:57:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dumastr\Data aplikací\VitySoft
[2010.07.23 13:50:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dumastr\Data aplikací\Vso
[2009.04.26 15:11:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dumastr\Data aplikací\WinRAR
[2010.07.22 15:07:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dumastr\Data aplikací\Zoner

< %APPDATA%\*.exe /s >
[2009.08.06 13:00:47 | 000,087,608 | ---- | M] () -- C:\Documents and Settings\Dumastr\Data aplikací\inst.exe
[2009.08.11 20:21:26 | 000,087,552 | ---- | M] () -- C:\Documents and Settings\Dumastr\Data aplikací\BSplayer\AC3 Filter\ac3config.exe
[2009.08.11 20:21:30 | 000,090,112 | ---- | M] () -- C:\Documents and Settings\Dumastr\Data aplikací\BSplayer\AC3 Filter\spdif_test.exe
[2010.03.22 13:52:04 | 000,697,690 | ---- | M] () -- C:\Documents and Settings\Dumastr\Data aplikací\BSplayer\AC3 Filter\unins000.exe
[2010.02.23 16:01:52 | 001,185,871 | ---- | M] () -- C:\Documents and Settings\Dumastr\Data aplikací\BSplayer\FFDShow\unins000.exe
[2009.11.14 18:11:36 | 000,113,152 | ---- | M] () -- C:\Documents and Settings\Dumastr\Data aplikací\BSplayer\Haali media splitter\dsmux.exe
[2009.11.14 18:33:40 | 000,357,888 | ---- | M] () -- C:\Documents and Settings\Dumastr\Data aplikací\BSplayer\Haali media splitter\gdsmux.exe
[2009.11.14 18:11:36 | 000,136,704 | ---- | M] () -- C:\Documents and Settings\Dumastr\Data aplikací\BSplayer\Haali media splitter\mkv2vfr.exe
[2010.02.23 15:00:42 | 000,042,288 | ---- | M] () -- C:\Documents and Settings\Dumastr\Data aplikací\BSplayer\Haali media splitter\uninstall.exe
[2010.01.19 15:19:28 | 000,092,854 | R--- | M] () -- C:\Documents and Settings\Dumastr\Data aplikací\Microsoft\Installer\{D323C27E-5DB7-4EE6-B75D-35C0F4D3FABD}\ARPPRODUCTICON.exe
[2010.01.19 15:19:28 | 000,315,204 | R--- | M] () -- C:\Documents and Settings\Dumastr\Data aplikací\Microsoft\Installer\{D323C27E-5DB7-4EE6-B75D-35C0F4D3FABD}\UNINST_Uninstall_H_D323C27E5DB74EE6B75D35C0F4D3FABD.exe
[2009.10.26 19:16:02 | 019,188,224 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Dumastr\Data aplikací\MOBILedit\Update.exe
[2010.03.22 14:53:24 | 000,029,984 | ---- | M] (NOS Microsystems Ltd.) -- C:\Documents and Settings\Dumastr\Data aplikací\Mozilla\Firefox\Profiles\xzvne7mb.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe
[2010.01.15 13:25:04 | 000,372,736 | ---- | M] (LogMeIn, Inc.) -- C:\Documents and Settings\Dumastr\Data aplikací\Mozilla\Firefox\Profiles\xzvne7mb.default\extensions\LogMeInClient@logmein.com\plugins\LMIGuardian.exe
[2010.01.15 13:26:54 | 000,070,984 | ---- | M] () -- C:\Documents and Settings\Dumastr\Data aplikací\Mozilla\Firefox\Profiles\xzvne7mb.default\extensions\LogMeInClient@logmein.com\plugins\LMIProxyHelper.exe
[2010.10.16 09:44:20 | 089,280,248 | ---- | M] (Samsung Electronics Co., Ltd. ) -- C:\Documents and Settings\Dumastr\Data aplikací\Samsung\New PC Studio\LiveUpdate\Setup_For_Full_Update_IH2_7.exe
[2006.12.14 09:00:02 | 000,110,592 | ---- | M] () -- C:\Documents and Settings\Dumastr\Data aplikací\U3\temp\cleanup.exe
[2007.02.12 16:46:54 | 003,096,576 | -H-- | M] (SanDisk Corporation) -- C:\Documents and Settings\Dumastr\Data aplikací\U3\temp\Launchpad Removal.exe
[2010.07.22 15:10:28 | 007,377,592 | ---- | M] (ZONER software ) -- C:\Documents and Settings\Dumastr\Data aplikací\Zoner\NLMDB\product.0032\autoupdate.cz\ZPS12_Update_Build09.exe
[2010.08.26 09:02:44 | 007,383,104 | ---- | M] (ZONER software ) -- C:\Documents and Settings\Dumastr\Data aplikací\Zoner\NLMDB\product.0032\autoupdate.cz\ZPS12_Update_Build10.exe

< MD5 for: AGP440.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 23:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008.04.13 23:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 23:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008.04.13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: CDROM.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008.04.13 23:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008.04.13 23:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2004.08.03 22:59:54 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys

< MD5 for: CRYPTSVC.DLL >
[2004.08.17 15:49:04 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll
[2008.04.14 07:51:40 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\ERDNT\cache\cryptsvc.dll
[2008.04.14 07:51:40 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[2008.04.14 07:51:40 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2008.04.14 07:51:42 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008.04.14 07:51:42 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 07:51:42 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll
[2004.08.17 15:49:08 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008.04.14 07:52:24 | 000,976,384 | ---- | M] (Microsoft Corporation) MD5=13E794E5591776CBC71055A7B3CC1D5F -- C:\WINDOWS\explorer.exe
[2008.04.14 07:52:24 | 000,976,384 | ---- | M] (Microsoft Corporation) MD5=13E794E5591776CBC71055A7B3CC1D5F -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004.08.17 15:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: HAL.DLL >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll
[2008.04.13 23:01:34 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll
[2008.04.13 23:01:30 | 000,131,840 | ---- | M] (Microsoft Corporation) MD5=6F61D3287A6A15A08A9433222C09D17F -- C:\WINDOWS\system32\HAL.DLL
[2004.08.03 22:59:10 | 000,131,968 | ---- | M] (Microsoft Corporation) MD5=F9A0F579FC18036FFDD9E26E0D268CCD -- C:\WINDOWS\$NtServicePackUninstall$\hal.dll

< MD5 for: CHANGER.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Changer.sys
[2008.04.13 23:11:00 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\ServicePackFiles\i386\changer.sys

< MD5 for: IASTOR.SYS >
[2007.10.19 11:59:28 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\WINDOWS\NLDRV\001\iastor.sys

< MD5 for: ISAPNP.SYS >
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:isapnp.sys
[2001.10.25 13:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\$NtServicePackUninstall$\isapnp.sys
[2008.04.14 06:57:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\ServicePackFiles\i386\isapnp.sys
[2008.04.14 06:57:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\drivers\isapnp.sys

< MD5 for: LSASS.EXE >
[2004.08.17 15:49:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
[2008.04.14 07:52:30 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\ERDNT\cache\lsass.exe
[2008.04.14 07:52:30 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[2008.04.14 07:52:30 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\lsass.exe

< MD5 for: NDIS.SYS >
[2008.04.13 23:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ERDNT\cache\ndis.sys
[2008.04.13 23:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008.04.13 23:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2004.08.03 23:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

< MD5 for: NETLOGON.DLL >
[2004.08.17 15:49:14 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008.04.14 07:51:52 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008.04.14 07:51:52 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 07:51:52 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004.08.17 15:49:18 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008.04.14 07:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008.04.14 07:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 07:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SMSS.EXE >
[2004.08.17 15:49:28 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\$NtServicePackUninstall$\smss.exe
[2008.04.14 07:52:48 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\ServicePackFiles\i386\smss.exe
[2008.04.14 07:52:48 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\smss.exe

< MD5 for: SVCHOST.EXE >
[2008.04.14 07:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008.04.14 07:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008.04.14 07:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe
[2004.08.17 15:49:28 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: TCPIP.SYS >
[2008.04.13 23:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.04.13 23:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\ERDNT\cache\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2004.08.03 23:14:42 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2008.06.20 12:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.04.14 07:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008.04.14 07:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 07:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe
[2004.08.17 15:49:28 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004.08.17 15:49:28 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 07:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008.04.14 07:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 07:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WS2_32.DLL >
[2004.08.17 15:49:22 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
[2008.04.14 07:52:08 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\ERDNT\cache\ws2_32.dll
[2008.04.14 07:52:08 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008.04.14 07:52:08 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009.03.08 03:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009.03.08 03:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009.04.23 13:39:25 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009.04.23 13:39:25 | 000,663,552 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009.04.23 13:39:25 | 000,462,848 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >
[2009.03.08 03:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009.03.08 03:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2010.11.19 09:51:58 | 000,416,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\CF28957.exe
[2010.11.19 09:40:16 | 000,000,664 | ---- | M] () -- C:\WINDOWS\system32\d3d9caps.dat
[2010.11.19 15:29:26 | 000,079,440 | ---- | M] () -- C:\WINDOWS\system32\perfc005.dat
[2010.11.19 15:29:26 | 000,068,490 | ---- | M] () -- C:\WINDOWS\system32\perfc009.dat
[2010.11.19 15:29:26 | 000,432,516 | ---- | M] () -- C:\WINDOWS\system32\perfh005.dat
[2010.11.19 15:29:26 | 000,435,594 | ---- | M] () -- C:\WINDOWS\system32\perfh009.dat
[2010.11.19 15:29:24 | 001,028,912 | ---- | M] () -- C:\WINDOWS\system32\PerfStringBackup.INI
[2010.11.19 15:42:22 | 000,350,196 | ---- | M] () -- C:\WINDOWS\system32\vsconfig.xml
[2010.11.19 15:42:34 | 000,002,206 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
[2010.11.19 10:21:42 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\system32\zllictbl.dat
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

========== Files - Unicode (All) ==========
[2010.09.05 12:56:15 | 000,000,000 | ---D | M](C:\Documents and Settings\All Users\Data aplikac?ncrediMail) -- C:\Documents and Settings\All Users\Data aplikac웉ncrediMail
(C:\Documents and Settings\All Users\Data aplikac?ncrediMail) -- C:\Documents and Settings\All Users\Data aplikac웉ncrediMail

========== Alternate Data Streams ==========

@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:3440EB47
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:66633281
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:0888F409
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:1AAB2E68

< End of report >

Duhen · #80 Příspěvek od **Duhen** » 19 lis 2010 20:59

EXTRAS.txt

OTL Extras logfile created on: 19.11.2010 20:28:53 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Dumastr\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

894,00 Mb Total Physical Memory | 215,00 Mb Available Physical Memory | 24,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 42,00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29,29 Gb Total Space | 12,86 Gb Free Space | 43,89% Space Free | Partition Type: NTFS
Drive D: | 119,75 Gb Total Space | 16,52 Gb Free Space | 13,79% Space Free | Partition Type: NTFS

Computer Name: DUMASTR-COMPAQ | User Name: Dumastr | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-484763869-413027322-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Photo Manager 12.Manage] -- "C:\Program Files\ACD Systems\ACDSee\12.0\ACDSeeQV12.exe" "%1" (ACD Systems International Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\IncrediMail\bin\ImApp.exe" = C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Program Files\IncrediMail\bin\IncMail.exe" = C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Program Files\IncrediMail\bin\ImpCnt.exe" = C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Program Files\ICQ6.5\ICQ.exe" = C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
"C:\Program Files\totalcmd\TOTALCMD.EXE" = C:\Program Files\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows -- (C. Ghisler & Co.)
"C:\WINDOWS\system32\java.exe" = C:\WINDOWS\system32\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"D:\Strong\StrongDC.exe" = D:\Strong\StrongDC.exe:*:Enabled:StrongDC++ -- ()
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\DreamCom\DreamCom.exe" = C:\Program Files\DreamCom\DreamCom.exe:*:Enabled:DreamCom -- ()
"C:\Program Files\viphone communicator\viphone communicator.exe" = C:\Program Files\viphone communicator\viphone communicator.exe:*:Enabled:viphone communicator -- (Unient)
"C:\Program Files\IncrediMail\bin\ImLc.exe" = C:\Program Files\IncrediMail\bin\ImLc.exe:*:Enabled:IncrediMail -- (IncrediMail, Ltd.)
"C:\Program Files\HipServ Desktop Applications\DesktopMirror\rsync.exe" = C:\Program Files\HipServ Desktop Applications\DesktopMirror\rsync.exe:*:Enabled:HipServ DesktopMirror (rsync) -- ()
"C:\Program Files\HipServ Desktop Applications\DesktopMirror\ssh.exe" = C:\Program Files\HipServ Desktop Applications\DesktopMirror\ssh.exe:*:Enabled:HipServ DesktopMirror (ssh) -- ()
"C:\Program Files\HipServ Desktop Applications\QuickConnect\AxentraPicturesWizard.exe" = C:\Program Files\HipServ Desktop Applications\QuickConnect\AxentraPicturesWizard.exe:*:Enabled:HipServ Pictures Wizard -- (Axentra Corporation)
"C:\Program Files\HipServ Desktop Applications\QuickConnect\AxentraSmartShortcut.exe" = C:\Program Files\HipServ Desktop Applications\QuickConnect\AxentraSmartShortcut.exe:*:Enabled:HipServ SmartShortcut -- (Axentra Corporation)
"C:\Program Files\HipServ Desktop Applications\HipServAgent\HipServAgent.exe" = C:\Program Files\HipServ Desktop Applications\HipServAgent\HipServAgent.exe:*:Enabled:HipServAgent -- (Axentra Corporation)
"C:\Program Files\SAMSUNG\Samsung New PC Studio\npsasvr.exe" = C:\Program Files\SAMSUNG\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server -- (PeeringPortal)
"C:\Program Files\SAMSUNG\Samsung New PC Studio\npsvsvr.exe" = C:\Program Files\SAMSUNG\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server -- (PeeringPortal)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{08094E03-AFE4-4853-9D31-6D0743DF5328}" = QuickTime
"{088A077A-8028-408C-AE7B-4512AE2A65A0}" = Canon CanoScan Toolbox 4.6
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = Ovladaci panel ATI
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4600_series" = Canon iP4600 series Printer Driver
"{138B53E6-34D8-45FF-89D7-1D54A44FA355}" = Nokia Series 40 Theme Studio 2.1
"{18DB3375-0649-4EA3-959A-44F1ACD278BA}" = IncrediMail
"{19DC9559-9C20-4A46-A67D-7ECBA52A2788}" = Nokia PC Suite
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{2300EE96-0A41-4FAB-BD03-989EC44577A0}" = Acronis Disk Director Suite
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 22
"{28D8717A-2F55-4726-AFC8-78F26B2ACAF2}" = STORMWARE POHODA CZ Standard
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}" = Macromedia Flash MX
"{3DAD83B9-4C8B-4AC6-BF5E-B9FB181CCBE8}" = Nokia Service Tool Drivers
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = WIDCOMM Bluetooth Software
"{3F9170C9-A7C2-408F-A4D8-EC77250040BF}" = Sound Forge Pro 10.0
"{49C09E32-B9FD-4EDC-9152-9BC0CC618A13}" = GetDataBack Data Recovery
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D826618-59C6-11D4-976E-00C04F8EEB39}" = Macromedia FreeHand 10
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{650E2ABD-270A-499C-BA9F-09180DDDDA16}" = Nokia Software Updater
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.7.3.190b
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84713778-D9A9-4130-A811-DF3187827B05}" = LogMeIn
"{871E5903-D17B-48E1-A481-05984B5E49C3}" = Samsung PC Studio 3
"{888F53F2-0F13-4CA2-AE1B-211425A59D46}" = Phoenix Service Software
"{8B4AB829-DFD3-436D-B808-D9733D76C590}" = Macromedia Dreamweaver MX
"{90110405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0405-0000-0000000FF1CE}" = Sada Compatibility Pack pro systém Office 2007
"{930B2432-43D4-11D5-9871-00C04F8EEB39}" = Macromedia Fireworks MX
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A260B422-70E1-41E2-957D-F76FA21266D5}" = Apple Software Update
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A5CBD7C5-CF16-443F-A4F2-3503C9DE311B}" = ACDSee Photo Manager 12
"{AAF70000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 7.0 Professional Edition
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D323C27E-5DB7-4EE6-B75D-35C0F4D3FABD}" = HipServ Desktop Applications
"{DC754D8F-1D06-4016-BF57-8D21F97E1F0A}" = JunkFilterPlus
"{DEF82746-D3DC-4DB8-A941-604B9D610DFB}_is1" = WMP11 Slipstreamer 1.3.4.3
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E3DBED25-09EE-45FE-BE53-4B07B0CBA0FC}" = PC Connectivity Solution
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{EDF04509-B350-4EAB-BE77-5F2C87C33B35}_is1" = MPEG Video Wizard DVD 4.0.4.112 (12/2008)
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F1FDAA01-988C-423F-AC12-0D8F333943FD}" = Nokia Connectivity Cable Driver
"{F9835182-794B-4F24-902A-E2CA9D43380F}" = NVIDIA PhysX
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"05B59228C7E1C21DFBE89260F879BD95880548D8" = Balíček ovladače systému Windows - Nokia Modem (10/05/2009 4.2)
"3FA1705966809259F916AF817C59B4F389F4572C" = Balíček ovladače systému Windows - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"504244733D18C8F63FF584AEB290E3904E791693" = Balíček ovladače systému Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 4.65
"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Balíček ovladače systému Windows - Nokia Modem (06/01/2009 7.01.0.4)
"ACDSee Photo Manager 12 Build 342" = ACDSee Photo Manager 12 Build 342 - odinstalovat češtinu
"Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = Softarová utilita ATI - Odinstalovat
"Any Video Converter_is1" = Any Video Converter 3.0.5
"Ask Toolbar_is1" = ZoneAlarm Spy Blocker Toolbar
"ATI Display Driver" = ATI Display Driver
"Broadcom 802.11b Network Adapter" = Bezdrátový adaptér Broadcom 802.11 LAN
"BSPlayerf" = BS.Player FREE
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"CNXT_AUDIO" = Conexant AC-Link Audio
"CNXT_MODEM_PCI_VEN_1002&DEV_4378&SUBSYS_3091103C" = Data Fax SoftModem with SmartCP
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"Corel Applications" = Corel Applications
"DUMeter3_is1" = DU Meter
"DVD Shrink_is1" = DVD Shrink 3.2
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.30
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"FS6_is1" = FORM studio 2009
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"IncrediMail" = IncrediMail 2.0
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"IrfanView" = IrfanView (remove only)
"IsoBuster_is1" = IsoBuster 2.8
"JAFSetup" = JAF Setup
"JunkFilterPlus" = IncrediMail JunkFilter Plus
"Kubik SMS DreamCom_is1" = Kubik SMS DreamCom 5.89
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MOBILedit!" = MOBILedit! 3.3
"MozBackup" = MozBackup 1.4.10
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Mozilla Thunderbird (3.0.1)" = Mozilla Thunderbird (3.0.1)
"MPE" = MyPhoneExplorer
"Mpeg Video Wizard DVD" = MPEG Video Wizard DVD 4.0.4.111 (12/2008)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Native Instruments Traktor DJ Studio 3" = Native Instruments Traktor DJ Studio 3
"Nero - Burning Rom!UninstallKey" = Nero 6 Enterprise Edition
"nLite_is1" = nLite 1.4.9.1
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NOD32" = Antivirový systém NOD32
"Noki_is1" = Noki v2.1
"Nokia Maps Updater_is1" = Nokia Maps Updater 1.0.12
"Nokia PC Suite" = Nokia PC Suite
"NSS" = NSS (remove only)
"Pack Vista Inspirat 2" = Pack Vista Inspirat 2 1.0
"PC Translator" = PC Translator
"Phoenix Service Software 2009.34.7.40015_is1" = Phoenix Service Software 2009.34.7.40015
"Remote Professional" = Remote Professional
"SAMSUNG CDMA Modem" = SAMSUNG CDMA Modem Driver Set
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Samsung SCX-4200 Series" = Samsung SCX-4200 Series
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"Skiny programu Pošta a kancelář_is1" = Skiny programu Pošta a kancelář
"STORMWARE PDF Printer_is1" = STORMWARE PDF Printer 5.0.0.614
"Streamripper" = Streamripper (Remove only)
"SUPER ©" = SUPER © Version 2010.bld.38 (May 2, 2010)
"Totalcmd" = Total Commander (Remove or Repair)
"Vector Magic" = Vector Magic
"VideoReDo TVSuite V4 w/H.264_is1" = VideoReDo TVSuite Version 4.20.5.600
"viphone communicator_is1" = viphone communicator
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9
"ZoneAlarm Pro" = ZoneAlarm Pro
"ZonerPhotoStudio12_CZ_is1" = Zoner Photo Studio 12

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-484763869-413027322-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 19.11.2010 5:44:19 | Computer Name = DUMASTR-COMPAQ | Source = crypt32 | ID = 131080
Description = Načtení automatické aktualizace pořadového čísla kořenového seznamu
jiného výrobce z: <http://www.download.windowsupdate.com/m ... ootseq.txt>
se nezdařilo. Chyba: A connection with the server could not be established

Error - 19.11.2010 6:06:09 | Computer Name = DUMASTR-COMPAQ | Source = crypt32 | ID = 131083
Description = Extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou
aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>
se nezdařilo. Chyba: Při ověření se systémovými hodinami nebo časovým razítkem
podepsaného souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti.

Error - 19.11.2010 6:06:09 | Computer Name = DUMASTR-COMPAQ | Source = crypt32 | ID = 131083
Description = Extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou
aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>
se nezdařilo. Chyba: Při ověření se systémovými hodinami nebo časovým razítkem
podepsaného souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti.

Error - 19.11.2010 6:06:09 | Computer Name = DUMASTR-COMPAQ | Source = crypt32 | ID = 131080
Description = Načtení automatické aktualizace pořadového čísla kořenového seznamu
jiného výrobce z: <http://www.download.windowsupdate.com/m ... ootseq.txt>
se nezdařilo. Chyba: A connection with the server could not be established

Error - 19.11.2010 8:11:08 | Computer Name = DUMASTR-COMPAQ | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace WINWORD.EXE, verze 11.0.5604.0, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 19.11.2010 8:11:10 | Computer Name = DUMASTR-COMPAQ | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace WINWORD.EXE, verze 11.0.5604.0, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 19.11.2010 8:12:01 | Computer Name = DUMASTR-COMPAQ | Source = Microsoft Office 11 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office Word.

Error - 19.11.2010 10:09:55 | Computer Name = DUMASTR-COMPAQ | Source = crypt32 | ID = 131083
Description = Extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou
aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>
se nezdařilo. Chyba: Při ověření se systémovými hodinami nebo časovým razítkem
podepsaného souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti.

Error - 19.11.2010 10:09:55 | Computer Name = DUMASTR-COMPAQ | Source = crypt32 | ID = 131083
Description = Extrakce kořenového seznamu jiného výrobce ze souboru CAB pro automatickou
aktualizaci v: <http://www.download.windowsupdate.com/m ... ootstl.cab>
se nezdařilo. Chyba: Při ověření se systémovými hodinami nebo časovým razítkem
podepsaného souboru bylo zjištěno, že požadovaný certifikát je mimo lhůtu platnosti.

Error - 19.11.2010 10:09:55 | Computer Name = DUMASTR-COMPAQ | Source = crypt32 | ID = 131080
Description = Načtení automatické aktualizace pořadového čísla kořenového seznamu
jiného výrobce z: <http://www.download.windowsupdate.com/m ... ootseq.txt>
se nezdařilo. Chyba: The server name or address could not be resolved

[ System Events ]
Error - 10.4.2010 4:53:34 | Computer Name = DUMASTR-COMPAQ | Source = BROWSER | ID = 8032
Description = Službě Browser se při přenosu \Device\NetBT_Tcpip_{62DC6DAC-B28B-4B7D-9625-D8CFAADA9196}
příliš často nezdařilo načíst záložní seznam. Záložní prohledávač bude ukončen.

Error - 10.4.2010 8:35:54 | Computer Name = DUMASTR-COMPAQ | Source = ipnathlp | ID = 30013
Description = Přidělování DHCP bylo automaticky vypnuto u adresy IP 192.168.1.3,
protože
tato adresa nespadá do oboru 192.168.0.0/255.255.255.0, ze kterého jsou přidělovány
adresy klientům DHCP. Chcete-li přidělování DHCP u této adresy IP zapnout, změňte
obor tak, aby tuto adresu IP zahrnoval, nebo změňte adresu IP tak, aby spadala do
oboru.

Error - 10.4.2010 11:42:22 | Computer Name = DUMASTR-COMPAQ | Source = Dhcp | ID = 1002
Description = Zapůjčení adresy IP 192.168.2.103 pro síťovou kartu s adresou 0014A5B9AB7F
byla serverem DHCP 192.168.2.5 odmítnuta. (Server DHCP odeslal zprávu DHCPNACK).

Error - 11.4.2010 8:34:30 | Computer Name = DUMASTR-COMPAQ | Source = Dhcp | ID = 1002
Description = Zapůjčení adresy IP 192.168.1.3 pro síťovou kartu s adresou 001636799B44
byla serverem DHCP 0.0.0.0 odmítnuta. (Server DHCP odeslal zprávu DHCPNACK).

Error - 11.4.2010 8:34:36 | Computer Name = DUMASTR-COMPAQ | Source = ipnathlp | ID = 30013
Description = Přidělování DHCP bylo automaticky vypnuto u adresy IP 192.168.1.2,
protože
tato adresa nespadá do oboru 192.168.0.0/255.255.255.0, ze kterého jsou přidělovány
adresy klientům DHCP. Chcete-li přidělování DHCP u této adresy IP zapnout, změňte
obor tak, aby tuto adresu IP zahrnoval, nebo změňte adresu IP tak, aby spadala do
oboru.

Error - 12.4.2010 3:23:31 | Computer Name = DUMASTR-COMPAQ | Source = Dhcp | ID = 1002
Description = Zapůjčení adresy IP 192.168.1.2 pro síťovou kartu s adresou 001636799B44
byla serverem DHCP 192.168.2.1 odmítnuta. (Server DHCP odeslal zprávu DHCPNACK).

Error - 12.4.2010 3:23:35 | Computer Name = DUMASTR-COMPAQ | Source = ipnathlp | ID = 30013
Description = Přidělování DHCP bylo automaticky vypnuto u adresy IP 192.168.2.100,
protože
tato adresa nespadá do oboru 192.168.0.0/255.255.255.0, ze kterého jsou přidělovány
adresy klientům DHCP. Chcete-li přidělování DHCP u této adresy IP zapnout, změňte
obor tak, aby tuto adresu IP zahrnoval, nebo změňte adresu IP tak, aby spadala do
oboru.

Error - 12.11.2010 7:06:58 | Computer Name = DUMASTR-COMPAQ | Source = ipnathlp | ID = 30013
Description = Přidělování DHCP bylo automaticky vypnuto u adresy IP 192.168.1.3,
protože
tato adresa nespadá do oboru 192.168.0.0/255.255.255.0, ze kterého jsou přidělovány
adresy klientům DHCP. Chcete-li přidělování DHCP u této adresy IP zapnout, změňte
obor tak, aby tuto adresu IP zahrnoval, nebo změňte adresu IP tak, aby spadala do
oboru.

Error - 12.11.2010 7:56:23 | Computer Name = DUMASTR-COMPAQ | Source = ipnathlp | ID = 30013
Description = Přidělování DHCP bylo automaticky vypnuto u adresy IP 192.168.2.100,
protože
tato adresa nespadá do oboru 192.168.0.0/255.255.255.0, ze kterého jsou přidělovány
adresy klientům DHCP. Chcete-li přidělování DHCP u této adresy IP zapnout, změňte
obor tak, aby tuto adresu IP zahrnoval, nebo změňte adresu IP tak, aby spadala do
oboru.

Error - 12.11.2010 7:56:39 | Computer Name = DUMASTR-COMPAQ | Source = W32Time | ID = 39452706
Description = Služba Systémový čas zjistila, že je nutné změnit systémový čas o
-18493192 sekund. Služba Systémový čas nemění systémový čas o více než -54000 sekund.
Ověřte správnost času a časového pásma, a zda zdroj času time.windows.com (ntp.m|0x1|192.168.2.100:123->207.46.232.182:123)
pracuje správně.

< End of report >

#81 Příspěvek od **motji** » 19 lis 2010 22:04

Spustte OTL
-do bílého okna dole skopírujte tento skript:

Kód: Vybrat vše

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:3440EB47
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:66633281
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:0888F409
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:1AAB2E68
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - File not found
IE - HKU\S-1-5-21-484763869-413027322-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com/english/
FF - prefs.js..keyword.URL: "http://mystart.incredimail.com/?loc=ff_address_bar_fs&search="

:files
C:\WINDOWS\system32\*.tmp.dll /s
C:\WINDOWS\system32\SET*.tmp /s
C:\WINDOWS\*.tmp /s
c:\program files\AskBarDis\
c:\windows\system32\Drivers\SSPORT.sys

:services
ASKService
SSPORT

:commands
[emptytemp]
[EMPTYFLASH]
[Reboot]

-klikněte na tlačítko opravit.
-Následně se pc restartuje.
- Log vložte zde

Duhen · #82 Příspěvek od **Duhen** » 19 lis 2010 23:06

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:3440EB47 deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:66633281 deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:0888F409 deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:1AAB2E68 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000024\ deleted successfully.
HKU\S-1-5-21-484763869-413027322-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Prefs.js: "http://mystart.incredimail.com/?loc=ff_ ... fs&search=" removed from keyword.URL
========== FILES ==========
File\Folder C:\WINDOWS\system32\*.tmp.dll not found.
C:\WINDOWS\system32\SET21A6.tmp moved successfully.
C:\WINDOWS\002671_.tmp moved successfully.
C:\WINDOWS\SET3.tmp moved successfully.
C:\WINDOWS\SET4.tmp moved successfully.
C:\WINDOWS\SET8.tmp moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP526.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP603.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP729E.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP73C5.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP74D1.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP74FD.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP7578.tmp folder moved successfully.
C:\WINDOWS\Installer\MSI1BFE.tmp moved successfully.
C:\WINDOWS\Internet Logs\xDB1.tmp moved successfully.
C:\WINDOWS\Internet Logs\xDB2.tmp moved successfully.
C:\WINDOWS\Internet Logs\xDB3.tmp moved successfully.
C:\WINDOWS\Internet Logs\xDB4.tmp moved successfully.
C:\WINDOWS\system32\CONFIG.TMP moved successfully.
C:\WINDOWS\temp\exp9AD.tmp moved successfully.
c:\program files\AskBarDis\bar\Settings folder moved successfully.
c:\program files\AskBarDis\bar\History folder moved successfully.
c:\program files\AskBarDis\bar\Cache folder moved successfully.
c:\program files\AskBarDis\bar\bin folder moved successfully.
c:\program files\AskBarDis\bar folder moved successfully.
c:\program files\AskBarDis folder moved successfully.
File\Folder c:\windows\system32\Drivers\SSPORT.sys not found.
========== SERVICES/DRIVERS ==========
Service ASKService stopped successfully!
Service ASKService deleted successfully!
Service SSPORT stopped successfully!
Service SSPORT deleted successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Dumastr
->Temp folder emptied: 15295576 bytes
->Temporary Internet Files folder emptied: 238065 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 44723216 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 5642 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 17821 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 29199 bytes

Total Files Cleaned = 58,00 mb

[EMPTYFLASH]

User: All Users

User: Default User

User: Dumastr
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0,00 mb

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\: LSP stack updated.

OTL by OldTimer - Version 3.2.17.3 log created on 11192010_230012

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

#83 Příspěvek od **motji** » 20 lis 2010 00:10

Fajn, počítač ok?
Ještě vydržte, kolega dělá rozbor těch BSOD

Duhen · #84 Příspěvek od **Duhen** » 20 lis 2010 12:07

Počítač se chová normálně.
Ale stále mi vrtá hlavou, že stále combofix a GMER způsobují BSOD

třeba to kolega zjistí.

#85 Příspěvek od **motji** » 20 lis 2010 14:08

Tak podle všeho za to může pravděpodobně driver od daemonu a grafika, to co jsme Vám říkala už předtím, dělá to i v kombinaci gmer a combofix, prostě konflikt driverů

.

Odinstalujte combofix přes Start - Spustit
- zkopírujte do okénka:

ComboFix /Uninstall

-stiskněte Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.

***********

Stáhněte T-Cleaner
http://sweb.cz/Marinus/T-Cleaner.exe

-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir

***********

Z mého podpisu stahněte Ccleaner
- nainstalujte, při výběru, co se má nainstalovat, dejte pryč fajfku u instalace yahoo toolbaru

Obrázek

záložka čistič
- nechejte v levém sloupečku zatrhnuté vše jak je, klikněte na analyzovat
- po analýze klikněte na Spustit Ccleaner

Obrázek

záložka Registry
- klikněte na hledej problémy
- pak klikněte na opravit vybrané problémy -- udělat zálohu registrů - nemusíte
- kliknete opravit všechny problémy

ok

zavřít

Záložka Nástroje
- zde můžete odinstalovat programy. Je to důkladnější odinstalace než u přidat/odebrat programy ve Windows.

Ccleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.

***********

Stahněte OTC a použijte
http://oldtimer.geekstogo.com/OTC.exe
-vyčistí tempy a po použitých programech

***********

Vložte nový log ze RSIT a řekněte co počítač, jak se chová, už je vše v pořádku?

Duhen · #86 Příspěvek od **Duhen** » 20 lis 2010 16:06

Drivery nějak zkusím poladit , jinak PC se chová normálně

Logfile of random's system information tool 1.06 (written by random/random)
Run by Dumastr at 2010-11-20 16:05:53
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 14 GB (46%) free of 30 GB
Total RAM: 894 MB (37% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:05:57, on 20.11.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\MSI\Star Key Bluetooth Software\bin\btwdins.exe
C:\Program Files\DU Meter\DUMeterSvc.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe
C:\Program Files\ATI Technologies\Ovladaci panel ATI\atiptaxx.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\WINDOWS\OETRN.EXE
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\MSI\Star Key Bluetooth Software\BTTray.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
C:\Program Files\Eject.exe
C:\Program Files\IncrediMail\Bin\ImApp.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Dumastr\Plocha\Léčba\RSIT.exe
C:\Program Files\trend micro\Dumastr.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\WINDOWS\WebIE.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\WINDOWS\WebIE.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
O4 - HKLM\..\Run: [FineReader7NewsReaderPro] C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UpdateReminder] C:\Program Files\Eset\UpdateReminder.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\Ovladaci panel ATI\atiptaxx.exe"
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKCU\..\Run: [OEXPRESS] C:\WINDOWS\OETRN.EXE
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
O4 - Startup: Zástupce - Eject.lnk = C:\Program Files\Eject.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\WebIE.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\WebIE.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\MSI\Star Key Bluetooth Software\bin\btwdins.exe
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd - C:\Program Files\DU Meter\DUMeterSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Výstrahy a protokolování výkonu SysmonLogDUMeterSvc (SysmonLogDUMeterSvc) - Unknown owner - .exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 12145 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2008-06-11 61816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\WINDOWS\WebIE.dll [2009-10-17 491520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 321120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-09-15 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-09-15 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 321120]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\WINDOWS\WebIE.dll [2009-10-17 491520]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2005-12-13 917504]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2006-10-22 620152]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2005-01-12 32768]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2008-03-11 689488]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2008-03-18 1848648]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2009-02-15 981384]
"LogMeIn GUI"=C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [2008-08-11 63048]
"OSSelectorReinstall"=C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe [2007-03-15 2225208]
"FineReader7NewsReaderPro"=C:\Program Files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe [2003-08-20 278528]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-04-27 282624]
"UpdateReminder"=C:\Program Files\Eset\UpdateReminder.exe [2010-11-03 413696]
"ATIPTA"=C:\Program Files\ATI Technologies\Ovladaci panel ATI\atiptaxx.exe [2005-07-13 344064]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"=C:\Program Files\IncrediMail\bin\IncMail.exe [2010-08-18 353736]
"DU Meter"=C:\Program Files\DU Meter\DUMeter.exe [2007-11-13 2585360]
"OEXPRESS"=C:\WINDOWS\OETRN.EXE [2009-10-17 26624]
"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2009-11-11 1451520]
"AutoStartNPSAgent"=C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [2010-10-16 102400]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Bluetooth.lnk - C:\Program Files\MSI\Star Key Bluetooth Software\BTTray.exe

C:\Documents and Settings\Dumastr\Nabídka Start\Programy\Po spuštění
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
UberIcon.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
Y'z Shadow.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\YzShadow\YzShadow.exe
Zástupce - Eject.lnk - C:\Program Files\Eject.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2005-07-14 46080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit]
C:\WINDOWS\system32\LMIinit.dll [2010-09-30 87424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\IncrediMail\bin\ImApp.exe"="C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\totalcmd\TOTALCMD.EXE"="C:\Program Files\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\WINDOWS\system32\java.exe"="C:\WINDOWS\system32\java.exe:*:Enabled:Java(TM) Platform SE binary"
"D:\Strong\StrongDC.exe"="D:\Strong\StrongDC.exe:*:Enabled:StrongDC++"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\DreamCom\DreamCom.exe"="C:\Program Files\DreamCom\DreamCom.exe:*:Enabled:DreamCom"
"C:\Program Files\viphone communicator\viphone communicator.exe"="C:\Program Files\viphone communicator\viphone communicator.exe:*:Enabled:viphone communicator"
"C:\Program Files\IncrediMail\bin\ImLc.exe"="C:\Program Files\IncrediMail\bin\ImLc.exe:*:Enabled:IncrediMail"
"C:\Program Files\HipServ Desktop Applications\DesktopMirror\rsync.exe"="C:\Program Files\HipServ Desktop Applications\DesktopMirror\rsync.exe:*:Enabled:HipServ DesktopMirror (rsync)"
"C:\Program Files\HipServ Desktop Applications\DesktopMirror\ssh.exe"="C:\Program Files\HipServ Desktop Applications\DesktopMirror\ssh.exe:*:Enabled:HipServ DesktopMirror (ssh)"
"C:\Program Files\HipServ Desktop Applications\QuickConnect\AxentraPicturesWizard.exe"="C:\Program Files\HipServ Desktop Applications\QuickConnect\AxentraPicturesWizard.exe:*:Enabled:HipServ Pictures Wizard"
"C:\Program Files\HipServ Desktop Applications\QuickConnect\AxentraSmartShortcut.exe"="C:\Program Files\HipServ Desktop Applications\QuickConnect\AxentraSmartShortcut.exe:*:Enabled:HipServ SmartShortcut"
"C:\Program Files\HipServ Desktop Applications\HipServAgent\HipServAgent.exe"="C:\Program Files\HipServ Desktop Applications\HipServAgent\HipServAgent.exe:*:Enabled:HipServAgent"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\SAMSUNG\Samsung New PC Studio\npsasvr.exe"="C:\Program Files\SAMSUNG\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server"
"C:\Program Files\SAMSUNG\Samsung New PC Studio\npsvsvr.exe"="C:\Program Files\SAMSUNG\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-12-04 17:50:31 ----D---- C:\Documents and Settings\Dumastr\Data aplikací\Thunderbird
2010-12-04 17:49:05 ----D---- C:\Program Files\Mozilla Thunderbird
2010-11-20 16:01:46 ----D---- C:\Program Files\trend micro
2010-11-20 16:01:45 ----D---- C:\rsit
2010-11-20 15:57:17 ----D---- C:\Program Files\ATI Technologies
2010-11-20 15:56:44 ----D---- C:\swsetup
2010-11-20 15:53:04 ----SHD---- C:\Config.Msi
2010-11-20 15:45:07 ----A---- C:\WINDOWS\WININIT.INI
2010-11-20 11:53:04 ----SHD---- C:\RECYCLER
2010-11-19 17:17:41 ----D---- C:\Nokia
2010-11-19 15:22:19 ----D---- C:\WINDOWS\temp
2010-11-13 16:21:33 ----D---- C:\Documents and Settings\Dumastr\Data aplikací\ABBYY
2010-11-13 16:20:59 ----D---- C:\Documents and Settings\All Users\Data aplikací\ABBYY
2010-11-13 16:18:23 ----D---- C:\Program Files\ABBYY FineReader 7.0 Professional Edition
2010-11-13 15:10:17 ----D---- C:\Program Files\YouTube Downloader
2010-11-09 14:50:18 ----HDC---- C:\WINDOWS\$NtUninstallWudf01009$
2010-11-09 14:42:21 ----A---- C:\WINDOWS\system32\wdfcoinstaller01009.dll
2010-11-09 14:42:21 ----A---- C:\WINDOWS\system32\nmwcdcocls.dll
2010-10-22 09:57:55 ----A---- C:\WINDOWS\system32\javaws.exe
2010-10-22 09:57:55 ----A---- C:\WINDOWS\system32\javaw.exe
2010-10-22 09:57:55 ----A---- C:\WINDOWS\system32\java.exe

======List of files/folders modified in the last 1 months======

2010-11-20 16:05:48 ----D---- C:\WINDOWS
2010-11-20 16:05:48 ----A---- C:\WINDOWS\MAILTRAN.INI
2010-11-20 16:05:46 ----A---- C:\WINDOWS\wincmd.ini
2010-11-20 16:03:19 ----D---- C:\WINDOWS\Internet Logs
2010-11-20 16:02:57 ----D---- C:\WINDOWS\Prefetch
2010-11-20 16:01:46 ----RD---- C:\Program Files
2010-11-20 16:00:19 ----D---- C:\WINDOWS\system32\CatRoot2
2010-11-20 16:00:09 ----HD---- C:\WINDOWS\inf
2010-11-20 15:58:32 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-11-20 15:58:30 ----D---- C:\WINDOWS\system32\CatRoot
2010-11-20 15:58:03 ----D---- C:\WINDOWS\system32\ReinstallBackups
2010-11-20 15:57:46 ----HD---- C:\Program Files\InstallShield Installation Information
2010-11-20 15:57:36 ----D---- C:\WINDOWS\system32\drivers
2010-11-20 15:57:36 ----AD---- C:\WINDOWS\system32
2010-11-20 15:53:15 ----SHD---- C:\WINDOWS\Installer
2010-11-20 15:53:15 ----SD---- C:\Documents and Settings\Dumastr\Data aplikací\Microsoft
2010-11-20 15:53:13 ----D---- C:\Program Files\HipServ Desktop Applications
2010-11-20 15:45:35 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-11-20 15:44:41 ----D---- C:\Program Files\VideoReDoTVSuite4
2010-11-20 15:43:10 ----D---- C:\Program Files\SAMSUNG
2010-11-20 15:35:33 ----D---- C:\WINDOWS\Minidump
2010-11-20 15:11:53 ----D---- C:\WINDOWS\system32\Restore
2010-11-20 11:48:02 ----A---- C:\WINDOWS\system.ini
2010-11-20 11:45:27 ----D---- C:\WINDOWS\AppPatch
2010-11-20 11:45:22 ----D---- C:\Program Files\Common Files
2010-11-20 11:26:49 ----D---- C:\Program Files\LogMeIn
2010-11-19 23:06:53 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-11-19 15:29:07 ----D---- C:\WINDOWS\Debug
2010-11-19 09:57:05 ----SHD---- C:\System Volume Information
2010-11-15 18:18:43 ----A---- C:\WINDOWS\posta2.ini
2010-11-15 18:18:08 ----D---- C:\Program Files\Pošta a kancelář 2
2010-11-14 11:25:25 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-11-12 17:00:58 ----D---- C:\Documents and Settings\Dumastr\Data aplikací\Canon
2010-11-12 17:00:52 ----A---- C:\WINDOWS\CSTBox.INI
2010-11-12 13:15:20 ----D---- C:\Program Files\CommViewWiFi
2010-11-11 10:33:11 ----D---- C:\FORM studio 2009
2010-11-11 09:39:13 ----A---- C:\WINDOWS\system32\MRT.exe
2010-11-10 15:16:59 ----D---- C:\Documents and Settings\Dumastr\Data aplikací\Nokia
2010-11-09 14:43:57 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-11-09 14:43:43 ----D---- C:\Program Files\PC Connectivity Solution
2010-11-09 14:42:09 ----D---- C:\Program Files\Nokia
2010-11-09 14:40:40 ----D---- C:\Program Files\Common Files\Nokia
2010-11-09 14:39:42 ----D---- C:\Documents and Settings\All Users\Data aplikací\Installations
2010-11-09 14:34:44 ----D---- C:\Documents and Settings\Dumastr\Data aplikací\MOBILedit
2010-11-03 16:54:28 ----D---- C:\Program Files\ESET
2010-10-22 09:57:50 ----D---- C:\Program Files\Java

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-18 43008]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2010-10-16 5632]
R1 vsdatant;vsdatant; C:\WINDOWS\System32\vsdatant.sys [2009-02-15 353672]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 AMON;AMON; \??\C:\WINDOWS\system32\drivers\amon.sys []
R2 BTSERIAL;Bluetooth Serial Driver; \??\C:\WINDOWS\system32\drivers\btserial.sys []
R2 BTSLBCSP;Bluetooth Port Client Driver; \??\C:\WINDOWS\system32\drivers\btslbcsp.sys []
R2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys []
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-06 12544]
R2 PARLDR2K;ParLdr2k; \??\C:\WINDOWS\system32\drivers\parldr2k.sys []
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2005-07-14 1269760]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2009-05-10 1294200]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2005-09-20 1342122]
R3 CAMCAUD;Conexant AMC Audio; C:\WINDOWS\system32\drivers\camc6aud.sys [2005-02-18 38016]
R3 CAMCHALA;CAMCHALA; C:\WINDOWS\system32\drivers\camc6hal.sys [2005-02-18 349696]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 FsUsbExDisk;FsUsbExDisk; \??\C:\WINDOWS\system32\FsUsbExDisk.SYS []
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-08-23 1035008]
R3 HSFHWATI;HSFHWATI; C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys [2005-08-23 231424]
R3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys [2008-08-11 10144]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-08-06 47360]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2009-04-23 10368]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Ovladač standardního rozbočovače USB; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 vsbus;Virtual Serial Bus Enumerator; C:\WINDOWS\system32\DRIVERS\vsb.sys [2008-07-23 15264]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-08-23 718464]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S2 DgiVecp;DgiVecp; \??\C:\WINDOWS\system32\Drivers\DgiVecp.sys []
S3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2005-09-20 401664]
S3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2005-09-19 30363]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2005-09-19 148040]
S3 btwmodem;Bluetooth Modem; C:\WINDOWS\system32\DRIVERS\btwmodem.sys [2005-09-19 30189]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2005-09-19 56648]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2010-02-26 18176]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2010-02-26 22528]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2010-02-26 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2010-02-26 8320]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-10-25 5888]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM); C:\WINDOWS\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter); C:\WINDOWS\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem; C:\WINDOWS\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856]
S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ssm_bus.sys [2005-08-30 58320]
S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys [2005-08-30 8336]
S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys [2005-08-30 94000]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2010-02-26 8192]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2010-02-26 8192]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 vserial;ELTIMA Virtual Serial Ports Driver; C:\WINDOWS\System32\DRIVERS\vserial.sys [2008-07-23 47744]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-07-13 132224]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 LMIRfsClientNP;LMIRfsClientNP; C:\WINDOWS\system32\drivers\LMIRfsClientNP.sys []
S4 sr;Ovladač filtru Obnovy systému; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-14 73344]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2005-07-14 380928]
R2 btwdins;Bluetooth Service; C:\Program Files\MSI\Star Key Bluetooth Software\bin\btwdins.exe [2005-09-19 258103]
R2 DUMeterSvc;DU Meter Service; C:\Program Files\DU Meter\DUMeterSvc.exe [2007-11-10 1382672]
R2 FsUsbExService;FsUsbExService; C:\WINDOWS\system32\FsUsbExService.Exe [2009-03-31 233472]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-09-15 153376]
R2 LMIGuardianSvc;LMIGuardianSvc; C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe [2010-09-23 374152]
R2 LMIMaint;LogMeIn Maintenance Service; C:\Program Files\LogMeIn\x86\RaMaint.exe [2010-09-30 116104]
R2 LogMeIn;LogMeIn; C:\Program Files\LogMeIn\x86\LogMeIn.exe [2008-08-11 63040]
R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2009-04-23 495616]
R2 vsmon;TrueVector Internet Monitor; C:\WINDOWS\system32\ZoneLabs\vsmon.exe [2009-02-15 2402184]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-04-26 654848]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-09-29 616448]
S2 SysmonLogDUMeterSvc;Výstrahy a protokolování výkonu SysmonLogDUMeterSvc; srv []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 getPlusHelper;getPlus(R) Helper; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#87 Příspěvek od **motji** » 20 lis 2010 19:43

tohle fixněte v HJT (návod už Vám nemusím dávat, že?

)
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip

Spustte CCleaner - nástroje - start
a povypínejte zbytečné programy po spuštění

Doporučuji stahnout NOd evrze 4, tomuto končí na konci roku podpora.

Jsou ještě s nějakým počítačem problémy?

Duhen · #88 Příspěvek od **Duhen** » 20 lis 2010 20:14

Fix proveden

.

No když už jsme v tom , tak by bylo možná dobré ještě juknout na log domácího PC dcery

, kde se připojuji přes router a mohlo tam něco po síti skočit z mého již vyčištěného NTB. Vyloženě problémy nedělá, ale určitě tam něco bude.

Vložil bych zítra log combo a rsit. Dnes končím a jdu na pivko

Přeji krásný večer.

#89 Příspěvek od **motji** » 20 lis 2010 23:13

Vy nás zásobujete, pane Karfík

Duhen · #90 Příspěvek od **Duhen** » 21 lis 2010 17:14

Jojo, pravda

A je to tady

Tak to jsem zvědav , ale asi by to nemělo být snad tak strašné.

Logfile of random's system information tool 1.06 (written by random/random)
Run by Dumastr at 2010-11-21 16:39:14
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 18 GB (39%) free of 46 GB
Total RAM: 1022 MB (48% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:39:17, on 21.11.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\VibrateGameDeviceDriver\RFPIcon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\Program Files\DU Meter\DUMeterSvc.exe
C:\Program Files\IncrediMail\Bin\ImApp.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Dumastr\Plocha\Léčení\RSIT.exe
C:\Documents and Settings\Dumastr\Plocha\Léčení\Dumastr.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredimail.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: Blackjack-Madness Toolbar - {ca9aeaa0-4588-4bbe-99af-8fb0a0a9e5e1} - C:\Program Files\Blackjack-Madness\tbBla2.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: Blackjack-Madness Toolbar - {ca9aeaa0-4588-4bbe-99af-8fb0a0a9e5e1} - C:\Program Files\Blackjack-Madness\tbBla2.dll
O3 - Toolbar: Blackjack-Madness Toolbar - {ca9aeaa0-4588-4bbe-99af-8fb0a0a9e5e1} - C:\Program Files\Blackjack-Madness\tbBla2.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [RTBatteryMeter] C:\Program Files\VibrateGameDeviceDriver\RFPIcon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Dumastr\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: SpeedFan.lnk = C:\Program Files\SpeedFan\speedfan.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout odkaz s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Stáhnout všechna videa s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Stáhnout všechny odkazy s použitím BitCometu - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd - C:\Program Files\DU Meter\DUMeterSvc.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 8795 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-2049760794-839522115-1003Core1cabd1b745d03e0.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-2049760794-839522115-1003UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-05-30 1410344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
Conduit Engine - C:\Program Files\ConduitEngine\ConduitEngine.dll [2010-10-18 3908192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}]
BitComet Helper - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll [2008-01-25 496952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ca9aeaa0-4588-4bbe-99af-8fb0a0a9e5e1}]
Blackjack-Madness Toolbar - C:\Program Files\Blackjack-Madness\tbBla2.dll [2010-10-18 3908192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{ca9aeaa0-4588-4bbe-99af-8fb0a0a9e5e1} - Blackjack-Madness Toolbar - C:\Program Files\Blackjack-Madness\tbBla2.dll [2010-10-18 3908192]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-03-28 1017592]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2005-01-12 32768]
"RTBatteryMeter"=C:\Program Files\VibrateGameDeviceDriver\RFPIcon.exe [2003-01-16 49152]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2008-05-28 570664]
"OSSelectorReinstall"=C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe [2007-03-15 2225208]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-08-30 69632]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2008-03-18 1848648]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2010-04-07 2145000]
"nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2010-07-07 1753192]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2010-07-09 13923432]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2010-07-09 110696]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Documents and Settings\Dumastr\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2010-03-06 135664]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"IncrediMail"=C:\Program Files\IncrediMail\bin\IncMail.exe [2010-08-18 353736]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"DU Meter"=C:\Program Files\DU Meter\DUMeter.exe [2007-11-13 2585360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2008-01-22 152872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DU Meter]
C:\Program Files\DU Meter\DUMeter.exe [2007-11-13 2585360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Fraps]
C:\FRAPS\FRAPS.EXE [2008-01-14 913064]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Program Files\ICQ7.2\ICQ.exe [2010-10-27 133432]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
C:\Program Files\Internet Download Manager\IDMan.exe /onboot []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
C:\Program Files\IncrediMail\bin\IncMail.exe [2010-08-18 353736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Infium]
C:\Program Files\QIP 2010\qip.exe [2010-11-01 5832656]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe [2008-02-28 63048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nexus Radio]
D:\Hry\Nexus Radio\Nexus Radio.exe [2009-11-18 4745216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
D:\Hry\Steam\Steam.exe -silent []

C:\Documents and Settings\Dumastr\Nabídka Start\Programy\Po spuštění
SpeedFan.lnk - C:\Program Files\SpeedFan\speedfan.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LMIinit]
C:\WINDOWS\system32\LMIinit.dll [2009-10-01 87352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\IncrediMail\bin\ImApp.exe"="C:\Program Files\IncrediMail\bin\ImApp.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\IncMail.exe"="C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail"
"C:\Program Files\IncrediMail\bin\ImpCnt.exe"="C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Hry\Counter-Strike\hl.exe"="D:\Hry\Counter-Strike\hl.exe:*:Enabled:Half-Life Launcher"
"D:\Martin\QIP\qip.exe"="D:\Martin\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"D:\Hry\Sniper Elite\SniperElite.exe"="D:\Hry\Sniper Elite\SniperElite.exe:*:Enabled:SniperElite"
"C:\Program Files\Trillian\trillian.exe"="C:\Program Files\Trillian\trillian.exe:*:Enabled:Trillian"
"D:\Hry\HLSW\hlsw.exe"="D:\Hry\HLSW\hlsw.exe:*:Enabled:HLSW Application"
"C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe"="C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe:*:Enabled:Nero ProductSetup"
"D:\Hry\COD\CoDMP.exe"="D:\Hry\COD\CoDMP.exe:*:Enabled:CoDMP"
"C:\Program Files\Xfire\xfire.exe"="C:\Program Files\Xfire\xfire.exe:*:Enabled:Xfire"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"D:\Hry\Counter-Strike Source\hl2.exe"="D:\Hry\Counter-Strike Source\hl2.exe:*:Enabled:hl2"
"D:\Hry\Need For Speed Undrerground 2\speed2.exe"="D:\Hry\Need For Speed Undrerground 2\speed2.exe:*:Enabled:speed2.exe"
"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"D:\Hry\Quake 3 demo\quake3.exe"="D:\Hry\Quake 3 demo\quake3.exe:*:Enabled:quake3.exe"
"C:\Program Files\QIP 8085_2\QIP 8085_2.exe"="C:\Program Files\QIP 8085_2\QIP 8085_2.exe:*:Disabled:Quiet Internet Pager"
"D:\Hry\ChickenInvaders 2\CI3demo.exe"="D:\Hry\ChickenInvaders 2\CI3demo.exe:*:Enabled:CI3demo.exe"
"C:\Program Files\QIP 8095_1\QIP 8095_1.exe"="C:\Program Files\QIP 8095_1\QIP 8095_1.exe:*:Enabled:Quiet Internet Pager"
"C:\Program Files\aTube Catcher 2.0\yct.exe"="C:\Program Files\aTube Catcher 2.0\yct.exe:*:Enabled:aTube Catcher to download and convert videos."
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\QIP 8085_2\QIP.exe"="C:\Program Files\QIP 8085_2\QIP.exe:*:Enabled:QIP.exe"
"C:\Program Files\QIP 8095\QIP.exe"="C:\Program Files\QIP 8095\QIP.exe:*:Enabled:Quiet Internet Pager"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7abbbe22-6ffd-11df-a034-0040ca7fdfaa}]
shell\AutoRun\command - G:\NokiaPCIA_Autorun.exe

======File associations======

.reg - open - "regedit.exe" "%1"

======List of files/folders created in the last 1 months======

2103-01-01 00:10:24 ----D---- C:\WINDOWS\Minidump
2010-11-17 16:50:25 ----D---- C:\Program Files\QIP 2010
2010-11-15 18:34:27 ----D---- C:\AliEditor
2010-11-12 20:30:15 ----D---- C:\Program Files\ConduitEngine
2010-11-12 20:30:15 ----A---- C:\WINDOWS\system32\ConduitEngine.tmp
2010-11-08 18:17:32 ----D---- C:\Program Files\WinZip
2010-11-06 11:14:49 ----D---- C:\Program Files\MSECache
2010-11-04 21:01:02 ----D---- C:\Program Files\Microsoft Silverlight
2010-11-02 20:37:07 ----D---- C:\Documents and Settings\All Users\Data aplikací\BigFishGamesCache

======List of files/folders modified in the last 1 months======

2010-11-21 16:39:10 ----D---- C:\WINDOWS\Prefetch
2010-11-21 16:39:08 ----D---- C:\WINDOWS\temp
2010-11-21 15:48:37 ----D---- C:\Program Files\LogMeIn
2010-11-21 15:48:31 ----D---- C:\Program Files\SpeedFan
2010-11-20 20:09:33 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-11-20 14:09:11 ----D---- C:\WINDOWS\system32\CatRoot2
2010-11-20 13:26:28 ----A---- C:\WINDOWS\wincmd.ini
2010-11-19 16:50:03 ----A---- C:\WINDOWS\winamp.ini
2010-11-19 14:37:58 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-11-19 14:37:53 ----D---- C:\WINDOWS\system32\drivers
2010-11-18 07:33:34 ----SH---- C:\boot.ini
2010-11-18 07:33:34 ----A---- C:\WINDOWS\win.ini
2010-11-18 07:33:34 ----A---- C:\WINDOWS\system.ini
2010-11-17 17:18:42 ----D---- C:\Documents and Settings\Dumastr\Data aplikací\Skype
2010-11-17 17:16:17 ----D---- C:\Program Files\QIP 8095
2010-11-17 17:15:42 ----D---- C:\Program Files
2010-11-12 20:30:15 ----D---- C:\WINDOWS\system32
2010-11-12 20:30:12 ----D---- C:\Program Files\Blackjack-Madness
2010-11-10 14:59:10 ----A---- C:\WINDOWS\system32\MRT.exe
2010-11-08 20:32:44 ----A---- C:\WINDOWS\NeroDigital.ini
2010-11-08 18:18:05 ----D---- C:\Documents and Settings\All Users\Data aplikací\WinZip
2010-11-08 18:18:04 ----SHD---- C:\WINDOWS\Installer
2010-11-08 18:17:57 ----D---- C:\WINDOWS
2010-11-08 18:17:57 ----D---- C:\Config.Msi
2010-11-06 13:54:18 ----D---- C:\Documents and Settings\Dumastr\Data aplikací\ICQ
2010-11-06 11:15:36 ----D---- C:\WINDOWS\WinSxS
2010-11-06 11:15:23 ----RSD---- C:\WINDOWS\Fonts
2010-11-06 11:15:22 ----D---- C:\Program Files\Microsoft Office
2010-11-06 11:15:19 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-11-03 19:54:00 ----D---- C:\Program Files\ICQ7.2
2010-11-03 15:40:03 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-11-02 21:07:54 ----HD---- C:\WINDOWS\inf
2010-10-29 11:58:45 ----D---- C:\Documents and Settings\Dumastr\Data aplikací\Xfire
2010-10-29 11:58:41 ----D---- C:\Program Files\Xfire
2010-10-28 15:46:26 ----D---- C:\Program Files\Mozilla Firefox
2010-10-23 08:41:46 ----D---- C:\Tuning 2009

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2010-04-07 114984]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2010-04-07 95872]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-07-20 278728]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2010-04-07 139192]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-07-20 25416]
R2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files\LogMeIn\x86\RaInfo.sys []
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\WINDOWS\system32\drivers\LMIRfsDriver.sys []
R3 ALCXSENS;Service for WDM 3D Audio Driver; C:\WINDOWS\system32\drivers\ALCXSENS.SYS [2004-02-24 400384]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-08-30 637713]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 DynCal;Dynamic Calibration Service; C:\WINDOWS\system32\drivers\Dyncal.sys [2003-11-14 8192]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2007-01-04 171520]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-07-09 10604128]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 awazlsix;awazlsix; C:\WINDOWS\system32\drivers\awazlsix.sys []
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 lmimirr;lmimirr; C:\WINDOWS\system32\DRIVERS\lmimirr.sys [2008-02-28 10144]
S3 MSICPL;MSICPL; \??\E:\install4\MSICPL.sys []
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2008-05-02 17536]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2008-05-02 20864]
S3 NTACCESS;NTACCESS; \??\E:\NTACCESS.sys []
S3 SetupNTGLM7X;SetupNTGLM7X; \??\E:\NTGLM7X.sys []
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2008-05-02 8064]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2008-05-02 8064]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2004-08-11 18944]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 XDva310;XDva310; \??\C:\WINDOWS\system32\XDva310.sys []
S3 XDva315;XDva315; \??\C:\WINDOWS\system32\XDva315.sys []
S4 dwshd;dwshd; C:\WINDOWS\System32\drivers\dwshd.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 LMIRfsClientNP;LMIRfsClientNP; C:\WINDOWS\system32\drivers\LMIRfsClientNP.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 DUMeterSvc;DU Meter Service; C:\Program Files\DU Meter\DUMeterSvc.exe [2007-11-10 1382672]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-04-07 810120]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-03-28 246520]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-06-28 79136]
R2 LMIMaint;LogMeIn Maintenance Service; C:\Program Files\LogMeIn\x86\RaMaint.exe [2009-10-01 116032]
R2 LogMeIn;LogMeIn; C:\Program Files\LogMeIn\x86\LogMeIn.exe [2008-02-28 63040]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2010-07-09 155752]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-12-02 66872]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2009-03-07 540672]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 PCLEPCI;PCLEPCI; C:\WINDOWS\system32\drivers\pclepci.sys [2005-02-09 14165]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2010-04-07 33560]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2008-04-08 800040]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2008-01-22 275752]
S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2009-08-31 3264636]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

VIRY.CZ

Nod hlasí červy...prosím o pomoc

Re: Nod hlasí červy...prosím o pomoc

Re: Nod hlasí červy...prosím o pomoc

Re: Nod hlasí červy...prosím o pomoc

Re: Nod hlasí červy...prosím o pomoc

Re: Nod hlasí červy...prosím o pomoc

Re: Nod hlasí červy...prosím o pomoc

Re: Nod hlasí červy...prosím o pomoc

Re: Nod hlasí červy...prosím o pomoc

Re: Nod hlasí červy...prosím o pomoc

Re: Nod hlasí červy...prosím o pomoc

Re: Nod hlasí červy...prosím o pomoc

Re: Nod hlasí červy...prosím o pomoc

Re: Nod hlasí červy...prosím o pomoc

Re: Nod hlasí červy...prosím o pomoc

Re: Nod hlasí červy...prosím o pomoc