VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

qooqlle - nechtěná domovská stránka

https://forum.viry.cz:443/viewtopic.php?t=106368

Stránka 2 z 4

Re: qooqlle - nechtěná domovská stránka

Napsal: 12 lis 2010 17:57
od K-A-R-E-L
OK, AVG jsem odinstaloval, provedl log a dal zpět :o)).

ComboFix 10-11-11.02 - Karel 12.11.2010 17:39:49.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3326.2700 [GMT 1:00]
Spuštěný z: c:\documents and settings\Karel\Plocha\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning disabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\pthreadVC.dll

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-10-12 do 2010-11-12 )))))))))))))))))))))))))))))))
.

2010-11-10 21:21 . 2010-11-10 21:21 -------- d-----w- c:\documents and settings\Karel\Local Settings\Data aplikací\Unity
2010-11-08 17:12 . 2010-11-08 17:12 -------- d-----w- C:\rsit
2010-11-08 11:55 . 2010-11-08 11:55 388096 ----a-r- c:\documents and settings\Karel\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-11-08 11:55 . 2010-11-10 14:02 -------- d-----w- c:\program files\Trend Micro
2010-11-08 06:47 . 2010-11-08 06:47 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-11-08 06:43 . 2010-11-08 11:39 350769 ----a-w- c:\windows\system32\drivers\sfi.dat
2010-11-08 06:39 . 2010-11-08 11:34 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Comodo
2010-11-07 22:07 . 2010-11-08 11:40 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-11-07 22:07 . 2010-11-08 11:35 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-11-07 19:40 . 2010-11-07 19:40 -------- d-----w- c:\documents and settings\All Users\Data aplikací\SUPERAntiSpyware.com
2010-11-06 07:49 . 2010-11-06 07:50 -------- d-----w- c:\documents and settings\Karel\Data aplikací\DivX
2010-11-06 07:49 . 2010-07-12 18:36 126448 ------w- c:\windows\system32\pxinsi64.exe
2010-11-06 07:49 . 2010-07-12 18:36 123888 ------w- c:\windows\system32\pxcpyi64.exe
2010-11-06 07:47 . 2010-11-07 22:14 -------- d-----w- c:\documents and settings\All Users\Data aplikací\DivX
2010-11-06 07:47 . 2010-11-06 07:47 6782976 ----a-w- c:\documents and settings\Karel\Data aplikací\igfxtray.exe
2010-10-29 13:56 . 2010-10-29 13:56 -------- d-----w- c:\documents and settings\Karel\Local Settings\Data aplikací\AVG Security Toolbar
2010-10-26 11:56 . 2010-10-26 11:56 -------- d-----w- c:\documents and settings\LocalService\Nabídka Start

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 10:23 . 2007-04-03 06:44 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2008-04-14 06:51 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2008-04-14 06:51 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-18 06:53 . 2001-10-25 13:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-10 05:52 . 2008-12-18 09:52 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:52 . 2008-12-18 09:52 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:52 . 2008-12-18 09:52 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-01 11:52 . 2008-04-14 06:37 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-09-01 07:57 . 2008-04-14 05:45 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-08-27 08:03 . 2008-04-14 06:52 119808 ----a-w- c:\windows\system32\t2embed.dll
2010-08-27 05:54 . 2008-04-14 06:52 99840 ----a-w- c:\windows\system32\srvsvc.dll
2010-08-27 01:43 . 2008-05-05 06:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2010-08-26 13:39 . 2008-04-13 22:45 357248 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-26 03:33 . 2010-02-05 18:48 5386752 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2010-08-26 02:12 . 2010-02-05 18:48 57344 ----a-w- c:\windows\system32\aticalrt.dll
2010-08-26 02:11 . 2010-02-05 18:48 53248 ----a-w- c:\windows\system32\aticalcl.dll
2010-08-26 02:10 . 2010-02-05 18:48 4390912 ----a-w- c:\windows\system32\aticaldd.dll
2010-08-26 02:03 . 2010-02-05 18:48 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2010-08-26 02:01 . 2010-02-05 18:48 15876096 ----a-w- c:\windows\system32\atioglxx.dll
2010-08-26 01:57 . 2010-02-05 18:48 450560 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-08-26 01:56 . 2010-02-05 18:48 300544 ----a-w- c:\windows\system32\ati2dvag.dll
2010-08-26 01:52 . 2010-02-05 18:48 3927936 ----a-w- c:\windows\system32\ati3duag.dll
2010-08-26 01:39 . 2010-02-05 18:48 208896 ----a-w- c:\windows\system32\atipdlxx.dll
2010-08-26 01:39 . 2010-02-05 18:48 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2010-08-26 01:38 . 2010-02-05 18:48 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2010-08-26 01:38 . 2010-02-05 18:48 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-08-26 01:38 . 2010-02-05 18:48 159744 ----a-w- c:\windows\system32\ati2evxx.dll
2010-08-26 01:37 . 2010-02-05 18:48 2603520 ----a-w- c:\windows\system32\ativvaxx.dll
2010-08-26 01:37 . 2010-02-05 18:48 606208 ----a-w- c:\windows\system32\ati2evxx.exe
2010-08-26 01:35 . 2010-02-05 18:48 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2010-08-26 01:34 . 2010-10-06 19:14 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-08-26 01:30 . 2010-02-05 18:48 626688 ----a-w- c:\windows\system32\atikvmag.dll
2010-08-26 01:30 . 2010-02-05 18:48 393216 ----a-w- c:\windows\system32\atiok3x2.dll
2010-08-26 01:29 . 2010-02-05 18:48 188416 ----a-w- c:\windows\system32\atiadlxx.dll
2010-08-26 01:28 . 2010-02-05 18:48 17408 ----a-w- c:\windows\system32\atitvo32.dll
2010-08-26 01:23 . 2010-02-05 18:48 688128 ----a-w- c:\windows\system32\ati2cqag.dll
2010-08-26 01:22 . 2010-02-05 18:48 64512 ----a-w- c:\windows\system32\atimpc32.dll
2010-08-26 01:22 . 2010-02-05 18:48 64512 ----a-w- c:\windows\system32\amdpcom32.dll
2010-08-26 01:21 . 2010-02-05 18:48 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-08-23 16:12 . 2008-04-14 06:51 617472 ----a-w- c:\windows\system32\comctl32.dll
2010-08-17 13:17 . 2008-04-14 06:52 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2008-04-14 06:51 590848 ----a-w- c:\windows\system32\rpcrt4.dll
.

------- Sigcheck -------

[-] 2008-12-18 . 1E603EA2A3FDBAE9E5B88A8CB3C03124 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-05-21 17881600]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-25 98304]
"IgfxTraySound"="c:\documents and settings\Karel\Data aplikací\igfxtray.exe" [2010-11-06 6782976]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-2-5 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0oodbs

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-10-06 19:27 1242448 ----a-w- c:\program files\Steam\steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector]
2005-07-28 07:32 94208 ------w- c:\program files\Common Files\Ulead Systems\AutoDetector\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead Calendar Checker]
2005-08-22 08:10 69632 ----a-w- c:\program files\Ulead Systems\Ulead Photo Express 6\CalCheck.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"k:\\Programy\\Strong DC 2.40\\StrongDC.exe"=
"c:\\Totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\moon base alpha\\Binaries\\Win32\\MoonBaseAlphaGame.exe"=
"e:\\Hry\\StarCraft II\\StarCraft II.exe"=
"e:\\Hry\\StarCraft II\\Versions\\Base15405\\SC2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5.2.2010 20:13 691696]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files\CyberLink\PowerDVD8\000.fcl [7.10.2008 20:31 61424]
R2 AVerRemote;AVerRemote;c:\program files\Common Files\AVerMedia\Service\AVerRemote.exe [5.2.2010 20:27 344064]
R2 AVerScheduleService;AVerScheduleService;c:\program files\Common Files\AVerMedia\Service\AVerScheduleService.exe [5.2.2010 20:27 405504]
R2 BCUService;Browser Configuration Utility Service;c:\program files\DeviceVM\Browser Configuration Utility\BCUService.exe [5.2.2010 19:32 212232]
R3 AVerA706;AVerMedia A706 BDA Service;c:\windows\system32\drivers\AVerA706.sys [5.2.2010 20:27 1169920]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [15.8.2008 5:46 284016]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [5.2.2010 19:32 1684736]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.qooqlle.com/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\translat\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\translat\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\translat\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\translat\WEBIE.DLL
TCP: {82FB2278-B20F-4DF9-9D1C-A45CE1DFE6AA} = 192.168.1.1
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
FF - ProfilePath - c:\documents and settings\Karel\Data aplikací\Mozilla\Firefox\Profiles\g4m4jwa5.default\
FF - prefs.js: browser.search.selectedEngine - qooqlle
FF - prefs.js: browser.startup.homepage - hxxp://www.qooqlle.com/
FF - prefs.js: network.proxy.ftp - 127.0.0.1
FF - prefs.js: network.proxy.ftp_port - 9666
FF - prefs.js: network.proxy.gopher - 127.0.0.1
FF - prefs.js: network.proxy.gopher_port - 9666
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 9666
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 9666
FF - prefs.js: network.proxy.ssl - 127.0.0.1
FF - prefs.js: network.proxy.ssl_port - 9666
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\XStandard\Bin\NPXStandard.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
------- Asociace souborů -------
.
.scr=AutoCADScriptFile
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-AdobeBridge - (no file)
Notify-avgrsstarter - avgrsstx.dll
MSConfigStartUp-DivXUpdate - c:\program files\DivX\DivX Update\DivXUpdate.exe
AddRemove-UnityWebPlayer - c:\documents and settings\Karel\Local Settings\Data aplikací\Unity\WebPlayer\Uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-12 17:41
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD8\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="CC90383C0FC5E2944214E6CAA370970A07B045B11D82E2A998D264AD590E0F8FA9D06CCC1B84965EA56C0E9590A65812BCAA057BE93E692100752A2A00AA67FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6171C11EC38DE3DA6A0AC4980AC7933A6171C11EC38DE3D3149C658C22FFAD0209D91A7B187D911A250C5BC18B26470A9E35EA16B09D75C0587DD941BD1BF210BB77618516088B87E67FC1796D0D84358C42D1830CC3D755303BDFBDCE1292ACE3A46D55F683FF97B59F348D1796DE9619D0CFB54755D9D2DA6419E811BAE2AD014D879362C016CF3B22090AA285574B33C2DD4618E36FE38A2F76CD4B7B9830C753BFB06B744C856472B11585B3216D435F71130A838662C6D25BA757827BB10532DBCD61D756F272DF0D3E2949DA65B5F067EEFD5C845D7BC4143D8A34A7C7BE723FC7E717263FD3D0541A8DBA223F2D4A55324AFBEAF9C0DF6234581691409AE45E3AC4E8ECA85962DAB5A3AC12ADE755BA7A2D0E95FEE9F27DB57DD3EF4806A727BDE5311717D1BE04480406F81F0645B7616D80AB0D8F76353FE0AF5B3BF9FB8B2EB9FB4C5B8F04FA4727F920F938911227DEBD4A3F5DD74D27FD9B38ABA175E5CFAD928599D815946DE0F87DFC08E9B6EACB072DE795ED40771A60DD876DD59AC0B2C8F65A87C1589C7089FA289E3CC0349D380AA28483501BECC8B1F0EC5D8406B440144E8D3CBB1820C9D2D12BCAA6DCE0410F3DA31F838A8ADAE822F643D15C0D287F3023CF965B9BA3976140F701D0CF526CA00EFB604C2AD674F1C11198C050DA197AAB1D131693D2019D9160D662260BAE497223B2375341B712BEA366E042F4476AD703A8364BC70D64552A2828900BB1BB62785B57BAEA5FA47D212E45FF3D47B6BFBCA30D0673F134906088D0D140B6A872348C2E48F5323EDEC5B7C8A9FAFB4D61AD26E287194556F384687CA5FFB73477DECB21548E6C2322277A9CEF5A156F6D4D15AB8106BC953B49D55B52B59FA47630CD2C45495D739A07EC2C9C0F03767FA7F73A2003540A40B01BF94415EEA6B45F8D47F2F0B84BDD93E816B4E51D0D61E439BDDFC56ACA88C95F102F23DCE2F57B3CCA458648F10023604F870EFC20A133C1C32CC25A63751B5FDEC921BD71E8FF5B6E75634E00E929A4D8A7CEA515676BA1EBEB26EEA3DB470D598788F5C5AADAAEE5231FE8732C8D3430DCB55E0A7A545B3F3FCF1593A5688D49B01A9D219AEF136BDF4403585A50031423CB6FEFC4214CD99776474C11873B4DF8AE9DA23D71D32DA3266C0256F6E443EAF89D86BB296C5C7F56DE47DA25E18A57843B3D63236EB2D00D022C32D248FE98B3DC018A1EDD5ECCEA8F7A95FA4827E342141240878510E74D879A8AC588A013934AF3F"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(776)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
Celkový čas: 2010-11-12 17:42:54
ComboFix-quarantined-files.txt 2010-11-12 16:42

Před spuštěním: Volných bajtů: 185 776 160 768
Po spuštění: Volných bajtů: 185 808 961 536

WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
;
;Warning: Boot.ini is used on Windows XP and earlier operating systems.
;Warning: Use BCDEDIT.exe to modify Windows Vista boot options.
;
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /NOEXECUTE=OPTIN /FASTDETECT /usepmtimer

- - End Of File - - 1BB3E58021213B36067DBC5722A27CAE

Re: qooqlle - nechtěná domovská stránka

Napsal: 12 lis 2010 19:52
od motji
Ať Vás netrápím s combofixem, zkusíme to jinak. Mrška se pořád drží :?:

:arrow: Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe
-uložte ho na plochu a spustte soubor OTL.exe.
-do bílého okna dole skopírujte tento skript:

Kód: Vybrat vše

netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
tcpip.sys
cryptsvc.dll
Changer.sys
JakNDis.sys
isapnp.sys
cdrom.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
CREATERESTOREPOINT
- zaškrtněte okénko Pro všechny uživatele.
-označte okénka Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
- Klikněte na tlačítko Prohledat
-po dokončení skenu se objeví logy OTL.Txt a Extras.txt, vložte je zde :)

Re: qooqlle - nechtěná domovská stránka

Napsal: 12 lis 2010 19:58
od K-A-R-E-L
Ok, dám se do toho, jen jsem našel ještě pár věcí které bych chtěl ujasnit:

1. Po aplikaci ComboFixu se mi objevily některé (asi jinak skryté) složky.
2. Chci se zeptat zda je lepší antivit AVG či Avast či něco jiného
3. Zdá se mi že nyní mi PC jde trošku pomaleji (možná je to jen pocit).

Díky
Karel

Re: qooqlle - nechtěná domovská stránka

Napsal: 12 lis 2010 20:05
od motji
:arrow: Combofix můžete hned odinstalovat, tím zmizí ty soubory co se Vám objevili

:arrow: Odinstalujte combofix přes Start - Spustit
- zkopírujte do okénka:

ComboFix /Uninstall

-stiskněte Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.


***********


:arrow: Stáhněte T-Cleaner
http://sweb.cz/Marinus/T-Cleaner.exe

-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir



***********


:arrow: Z mého podpisu stahněte Ccleaner
- nainstalujte, při výběru, co se má nainstalovat, dejte pryč fajfku u instalace yahoo toolbaru

Obrázekzáložka čistič
- nechejte v levém sloupečku zatrhnuté vše jak je, klikněte na analyzovat
- po analýze klikněte na Spustit Ccleaner

Obrázekzáložka Registry
- klikněte na hledej problémy
- pak klikněte na opravit vybrané problémy -- udělat zálohu registrů - nemusíte
- kliknete opravit všechny problémy :arrow: ok :arrow: zavřít

Obrázek Záložka Nástroje
- zde můžete odinstalovat programy. Je to důkladnější odinstalace než u přidat/odebrat programy ve Windows.

Ccleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.


***********



:arrow: AVG bych Vám doporučila uplně odinstalovat a dát raději Avast nebo Aviru.
Ještě nejsme s čištěním u konce, pak by měl být rychlejší :)

Re: qooqlle - nechtěná domovská stránka

Napsal: 12 lis 2010 20:13
od K-A-R-E-L
Ok, dám se do toho, soubory jsou zde:

OTL.Txt

OTL logfile created on: 12.11.2010 20:01:05 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Karel\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 71,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 172,21 Gb Free Space | 73,95% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 177,32 Gb Free Space | 76,14% Space Free | Partition Type: NTFS
Drive E: | 1397,25 Gb Total Space | 416,47 Gb Free Space | 29,81% Space Free | Partition Type: NTFS
Drive K: | 153,38 Gb Total Space | 88,63 Gb Free Space | 57,79% Space Free | Partition Type: NTFS

Computer Name: PC-DOMA | User Name: Karel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010.11.12 19:59:18 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Karel\Plocha\OTL.exe
PRC - [2010.11.12 18:23:54 | 004,105,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgui.exe
PRC - [2010.11.12 18:23:54 | 002,069,856 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010.11.12 18:23:50 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010.11.12 18:23:50 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010.11.12 18:23:41 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010.11.12 18:23:40 | 000,755,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgscanx.exe
PRC - [2010.11.12 18:23:38 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010.11.12 18:23:33 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010.11.12 18:23:30 | 000,842,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe
PRC - [2010.10.17 20:34:37 | 000,328,056 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2010.04.01 10:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2009.11.11 10:57:36 | 001,451,520 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
PRC - [2009.10.27 09:26:36 | 000,657,408 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2009.10.27 09:15:44 | 000,132,608 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2009.10.27 09:15:02 | 000,120,832 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
PRC - [2009.09.09 07:50:00 | 003,514,112 | ---- | M] (Ghisler Software GmbH) -- C:\Totalcmd\TOTALCMD.EXE
PRC - [2009.06.22 20:47:18 | 000,212,232 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2009.04.08 19:49:30 | 000,344,064 | ---- | M] (AVerMedia) -- c:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe
PRC - [2008.12.10 02:01:50 | 000,405,504 | ---- | M] () -- c:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe
PRC - [2008.09.30 12:48:28 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2008.05.02 02:44:08 | 000,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2008.05.02 02:40:56 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008.04.14 07:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005.05.11 03:09:54 | 000,225,280 | ---- | M] (O&O Software GmbH) -- C:\WINDOWS\system32\oodag.exe


========== Modules (SafeList) ==========

MOD - [2010.11.12 19:59:18 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Karel\Plocha\OTL.exe
MOD - [2010.08.23 17:12:33 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009.07.12 01:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2008.05.02 02:42:50 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll


========== Win32 Services (SafeList) ==========

SRV - [2010.11.12 18:23:41 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010.02.06 11:48:36 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2010.02.05 22:29:36 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.10.27 09:26:36 | 000,657,408 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009.06.22 20:47:18 | 000,212,232 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009.04.08 19:49:30 | 000,344,064 | ---- | M] (AVerMedia) [Auto | Running] -- c:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe -- (AVerRemote)
SRV - [2008.12.10 02:01:50 | 000,405,504 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe -- (AVerScheduleService)
SRV - [2008.09.30 12:48:28 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008.08.15 05:46:20 | 000,284,016 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe -- (Adobe Version Cue CS4)
SRV - [2008.05.02 02:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2005.05.11 03:09:54 | 000,225,280 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\WINDOWS\system32\oodag.exe -- (O&O Defrag)
SRV - [2000.05.24 14:20:36 | 000,015,360 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\WINDOWS\system32\ATMsrvc.exe -- (ATMsrvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Karel\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010.11.12 18:23:51 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010.11.12 18:23:50 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010.11.12 18:23:34 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010.11.12 18:23:31 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2010.08.26 04:33:38 | 005,386,752 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2010.02.05 20:17:34 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.10.06 11:52:50 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009.10.06 11:52:34 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009.10.06 11:52:34 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009.10.06 11:52:34 | 000,007,936 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009.06.10 11:26:24 | 001,169,920 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVerA706.sys -- (AVerA706)
DRV - [2009.06.02 11:02:46 | 005,085,184 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009.05.21 02:03:54 | 003,733,760 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtKHDMI.sys -- (RTHDMIAzAudService)
DRV - [2009.04.24 03:22:16 | 000,141,568 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008.10.07 20:31:38 | 000,061,424 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD8\000.fcl -- ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054})
DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.08.14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\adfs.sys -- (adfs)
DRV - [2008.08.05 13:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008.04.14 00:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2008.04.13 21:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008.02.29 03:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008.02.29 03:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007.06.29 13:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2007.04.16 16:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2006.01.04 08:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2002.09.16 17:14:32 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-790525478-1390067357-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKU\S-1-5-21-790525478-1390067357-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "qooqlle"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.qooqlle.com/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.863
FF - prefs.js..network.proxy.backup.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.backup.ftp_port: 9666
FF - prefs.js..network.proxy.backup.gopher: "127.0.0.1"
FF - prefs.js..network.proxy.backup.gopher_port: 9666
FF - prefs.js..network.proxy.backup.socks: "127.0.0.1"
FF - prefs.js..network.proxy.backup.socks_port: 9666
FF - prefs.js..network.proxy.backup.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.backup.ssl_port: 9666
FF - prefs.js..network.proxy.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.ftp_port: 9666
FF - prefs.js..network.proxy.gopher: "127.0.0.1"
FF - prefs.js..network.proxy.gopher_port: 9666
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 9666
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "127.0.0.1"
FF - prefs.js..network.proxy.socks_port: 9666
FF - prefs.js..network.proxy.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.ssl_port: 9666
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010.11.12 18:26:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.11.07 22:36:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.11.07 22:36:03 | 000,000,000 | ---D | M]

[2010.07.02 17:00:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karel\Data aplikací\Mozilla\Extensions
[2010.11.12 18:29:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karel\Data aplikací\Mozilla\Firefox\Profiles\g4m4jwa5.default\extensions
[2010.07.02 18:01:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Karel\Data aplikací\Mozilla\Firefox\Profiles\g4m4jwa5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.11.12 18:27:43 | 000,001,860 | ---- | M] () -- C:\Documents and Settings\Karel\Data aplikací\Mozilla\Firefox\Profiles\g4m4jwa5.default\searchplugins\qooqlle.xml
[2010.07.02 17:00:02 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.11.07 20:32:10 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.11.07 20:32:10 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.11.07 20:32:10 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.11.07 20:32:10 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.11.07 20:32:10 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2010.11.12 17:41:55 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (WebTransBHO Class) - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\TRANSLAT\WEBIE.DLL ()
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (PDFCreator Toolbar Helper) - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O2 - BHO: (BHO Class) - {DD92DE22-ED91-4560-B788-DEE2B26612E6} - C:\Program Files\DeviceVM\Browser Configuration Utility\IEHelper.dll (DeviceVM, Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (PDFCreator Toolbar) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (WebTranslator) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\TRANSLAT\WEBIE.DLL ()
O3 - HKU\S-1-5-21-790525478-1390067357-725345543-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [IgfxTraySound] C:\Documents and Settings\Karel\Data aplikací\igfxtray.exe ()
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-790525478-1390067357-725345543-1003..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-790525478-1390067357-725345543-1003..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-790525478-1390067357-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-790525478-1390067357-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-790525478-1390067357-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-790525478-1390067357-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Převést do Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Připojit cíl vazby k existujícímu PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Připojit k existujícímu PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\TRANSLAT\WEBIE.DLL ()
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLAT\WEBIE.DLL ()
O9 - Extra 'Tools' menuitem : Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\TRANSLAT\WEBIE.DLL ()
O9 - Extra 'Tools' menuitem : Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLAT\WEBIE.DLL ()
O16 - DPF: {CE8267C2-D41A-4A50-A69D-F32B5C289F14} http://plugin.fileopen.com/current/FileOpen.CAB (FoInstaller Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Nebe.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Nebe.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.02.05 18:28:13 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (oodbs) - C:\WINDOWS\System32\oodbs.exe (O&O Software GmbH)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (56308550258917376)

========== Files/Folders - Created Within 30 Days ==========

[2010.11.12 19:56:45 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Karel\Plocha\OTL.exe
[2010.11.12 18:28:56 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Karel\Recent
[2010.11.12 18:23:50 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010.11.12 18:13:05 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010.11.12 18:12:55 | 000,243,024 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010.11.12 18:12:55 | 000,052,872 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2010.11.12 18:12:52 | 000,216,400 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010.11.12 18:12:51 | 000,029,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010.11.12 18:12:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg
[2010.11.12 18:12:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\avg9
[2010.11.12 17:44:30 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010.11.12 17:42:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010.11.12 17:39:14 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010.11.12 17:38:11 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010.11.12 17:38:11 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010.11.12 17:38:11 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010.11.12 17:38:11 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010.11.12 17:37:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010.11.12 17:12:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\MFAData
[2010.11.12 16:58:47 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.11.10 22:21:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Karel\Local Settings\Data aplikací\Unity
[2010.11.08 18:12:39 | 000,000,000 | ---D | C] -- C:\rsit
[2010.11.08 12:55:17 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010.11.08 07:39:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Comodo
[2010.11.07 23:07:21 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010.11.07 23:07:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
[2010.11.07 22:57:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Windows Genuine Advantage
[2010.11.07 20:40:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\SUPERAntiSpyware.com
[2010.11.06 08:49:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Karel\Data aplikací\DivX
[2010.11.06 08:49:18 | 000,126,448 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsi64.exe
[2010.11.06 08:49:18 | 000,123,888 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpyi64.exe
[2010.11.06 08:47:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\DivX
[2010.10.29 14:56:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Karel\Local Settings\Data aplikací\AVG Security Toolbar
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.11.12 19:59:18 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Karel\Plocha\OTL.exe
[2010.11.12 19:51:03 | 000,000,022 | ---- | M] () -- C:\WINDOWS\TRNCOM.INI
[2010.11.12 18:31:43 | 000,435,396 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.11.12 18:31:43 | 000,432,328 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2010.11.12 18:31:43 | 000,079,244 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2010.11.12 18:31:43 | 000,068,292 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.11.12 18:27:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.11.12 18:27:02 | 000,162,960 | ---- | M] () -- C:\WINDOWS\System32\OODBS.lor
[2010.11.12 18:23:51 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010.11.12 18:23:50 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010.11.12 18:23:50 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010.11.12 18:23:34 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010.11.12 18:23:31 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2010.11.12 18:18:05 | 000,037,376 | ---- | M] () -- C:\Documents and Settings\Karel\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.11.12 18:15:20 | 067,564,053 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010.11.12 18:15:15 | 000,142,495 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010.11.12 18:12:56 | 000,001,517 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\AVG 9.0.lnk
[2010.11.12 18:12:51 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010.11.12 18:12:48 | 006,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2010.11.12 18:12:48 | 000,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2010.11.12 17:41:55 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.11.12 17:39:17 | 000,000,483 | RHS- | M] () -- C:\boot.ini
[2010.11.12 17:37:39 | 003,908,474 | R--- | M] () -- C:\Documents and Settings\Karel\Plocha\ComboFix.exe
[2010.11.12 16:10:23 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.11.11 07:49:38 | 000,002,561 | ---- | M] () -- C:\Documents and Settings\Karel\Plocha\Microsoft Office Word 2003.lnk
[2010.11.09 11:44:42 | 000,000,012 | ---- | M] () -- C:\Documents and Settings\Karel\intlname.ols
[2010.11.09 10:44:56 | 000,002,517 | ---- | M] () -- C:\Documents and Settings\Karel\Plocha\Microsoft Office Excel 2003.lnk
[2010.11.08 12:55:26 | 000,002,441 | ---- | M] () -- C:\Documents and Settings\Karel\Plocha\HiJackThis.lnk
[2010.11.08 12:39:15 | 000,350,769 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2010.11.08 01:20:24 | 000,089,088 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2010.11.07 21:05:03 | 000,000,692 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\CCleaner.lnk
[2010.11.07 20:30:13 | 000,000,602 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Opera.lnk
[2010.11.07 20:22:00 | 000,000,367 | ---- | M] () -- C:\Boot.bak
[2010.11.07 20:16:30 | 000,004,605 | ---- | M] () -- C:\WINDOWS\WDICT32.INI
[2010.11.06 08:47:21 | 006,782,976 | ---- | M] () -- C:\Documents and Settings\Karel\Data aplikací\igfxtray.exe
[2010.10.27 19:15:30 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.10.24 12:33:03 | 000,002,401 | ---- | M] () -- C:\Documents and Settings\Karel\Plocha\O&O Defrag.lnk
[2010.10.15 16:45:11 | 002,688,112 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.11.12 18:12:56 | 000,001,517 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\AVG 9.0.lnk
[2010.11.12 18:12:51 | 000,113,461 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010.11.12 18:12:48 | 067,564,053 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010.11.12 18:12:48 | 006,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2010.11.12 18:12:48 | 000,492,629 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2010.11.12 18:12:48 | 000,142,495 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010.11.12 17:39:15 | 000,261,312 | RHS- | C] () -- C:\cmldr
[2010.11.12 17:38:11 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010.11.12 17:38:11 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010.11.12 17:38:11 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010.11.12 17:38:11 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010.11.12 17:38:11 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010.11.10 16:18:26 | 003,908,474 | R--- | C] () -- C:\Documents and Settings\Karel\Plocha\ComboFix.exe
[2010.11.08 12:55:17 | 000,002,441 | ---- | C] () -- C:\Documents and Settings\Karel\Plocha\HiJackThis.lnk
[2010.11.08 07:43:15 | 000,350,769 | ---- | C] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2010.11.07 21:05:03 | 000,000,692 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\CCleaner.lnk
[2010.11.06 08:47:22 | 006,782,976 | ---- | C] () -- C:\Documents and Settings\Karel\Data aplikací\igfxtray.exe
[2010.08.02 16:03:57 | 000,899,552 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\FontCache3.0.0.0.dat
[2010.07.24 20:05:27 | 000,001,398 | ---- | C] () -- C:\WINDOWS\VPlayer.INI
[2010.05.13 11:01:12 | 000,001,799 | ---- | C] () -- C:\WINDOWS\aoxppr.ini
[2010.05.07 14:47:30 | 000,001,540 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2010.05.07 14:47:29 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2010.04.01 17:48:05 | 000,000,209 | ---- | C] () -- C:\Documents and Settings\Karel\Data aplikací\default.rss
[2010.04.01 17:46:03 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010.03.28 12:06:21 | 000,000,022 | ---- | C] () -- C:\WINDOWS\TRNCOM.INI
[2010.02.06 11:29:37 | 000,000,033 | ---- | C] () -- C:\WINDOWS\WTRDCTM.INI
[2010.02.06 11:28:44 | 000,000,226 | ---- | C] () -- C:\WINDOWS\MAILTRAN.INI
[2010.02.06 11:28:34 | 000,004,647 | ---- | C] () -- C:\WINDOWS\WTRAN32.INI
[2010.02.06 11:28:34 | 000,004,605 | ---- | C] () -- C:\WINDOWS\WDICT32.INI
[2010.02.05 23:38:05 | 000,004,767 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2010.02.05 22:00:22 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2010.02.05 21:55:17 | 000,000,427 | ---- | C] () -- C:\WINDOWS\ULEAD32.INI
[2010.02.05 21:45:17 | 000,000,807 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\hpzinstall.log
[2010.02.05 21:23:03 | 000,000,390 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010.02.05 21:08:13 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010.02.05 21:08:12 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010.02.05 21:08:11 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2010.02.05 21:08:11 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010.02.05 21:08:11 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010.02.05 21:08:10 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010.02.05 21:01:10 | 000,037,376 | ---- | C] () -- C:\Documents and Settings\Karel\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.02.05 20:28:04 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2010.02.05 20:27:48 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll
[2010.02.05 20:27:19 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\AVerIO.dll
[2010.02.05 20:27:19 | 000,003,456 | ---- | C] () -- C:\WINDOWS\System32\AVerIO.sys
[2010.02.05 20:27:16 | 000,290,816 | ---- | C] () -- C:\WINDOWS\System32\sptlib22.dll
[2010.02.05 20:27:15 | 000,598,016 | ---- | C] () -- C:\WINDOWS\System32\sptlib21.dll
[2010.02.05 20:27:15 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\sptlib11.dll
[2010.02.05 20:27:15 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\sptlib03.dll
[2010.02.05 20:27:15 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\sptlib01.dll
[2010.02.05 20:27:15 | 000,225,280 | ---- | C] () -- C:\WINDOWS\System32\sptlib02.dll
[2010.02.05 20:27:15 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\sptlib12.dll
[2010.02.05 20:13:12 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010.02.05 20:12:57 | 000,000,563 | ---- | C] () -- C:\WINDOWS\NXPowerLite.INI
[2010.02.05 20:03:58 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\Karel\Data aplikací\setup_ldm.iss
[2010.02.05 19:34:57 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2010.02.05 19:17:29 | 000,004,249 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008.10.07 08:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008.10.07 08:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2003.04.09 15:38:04 | 000,005,664 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002.03.17 01:00:00 | 000,007,420 | ---- | C] () -- C:\WINDOWS\UA000011.DLL

========== LOP Check ==========

[2010.02.05 20:59:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ACD Systems
[2010.09.13 13:58:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Autodesk
[2010.02.05 20:32:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\AVerTV
[2010.11.12 17:33:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\AVG Security Toolbar
[2010.11.12 18:12:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\avg9
[2010.02.05 20:17:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
[2010.04.20 10:57:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\FileOpen
[2010.02.05 23:49:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Installations
[2010.11.12 17:13:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\MFAData
[2010.02.06 00:05:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\PC Suite
[2010.02.05 21:12:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Temp
[2010.02.05 21:57:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Ulead Systems
[2010.02.05 21:00:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karel\Data aplikací\ACD Systems
[2010.09.13 13:23:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karel\Data aplikací\Autodesk
[2010.02.05 21:19:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karel\Data aplikací\DAEMON Tools Lite
[2010.04.20 10:57:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karel\Data aplikací\FileOpen
[2010.03.20 17:28:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karel\Data aplikací\Image Zone Express
[2010.02.05 20:04:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karel\Data aplikací\Leadertech
[2010.02.06 12:06:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karel\Data aplikací\MAXON
[2010.02.05 23:51:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karel\Data aplikací\Nokia
[2010.07.09 11:10:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karel\Data aplikací\Opera
[2010.02.06 00:05:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karel\Data aplikací\PC Suite
[2010.03.20 17:24:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karel\Data aplikací\Printer Info Cache
[2010.05.10 11:07:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karel\Data aplikací\QuickStoresToolbar
[2010.07.01 17:59:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karel\Data aplikací\TS3Client
[2010.02.05 21:56:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karel\Data aplikací\Ulead Systems
[2010.11.12 20:03:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karel\Data aplikací\uTorrent
[2010.02.06 11:37:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karel\Data aplikací\Zoner

========== Purity Check ==========



========== Custom Scans ==========


< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"PC Suite Tray" = "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray -- [2009.11.11 10:57:36 | 001,451,520 | ---- | M] (Nokia)
"DAEMON Tools Lite" = "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun -- [2010.04.01 10:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd)
"ctfmon.exe" = C:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 07:52:18 | 000,015,360 | ---- | M] (Microsoft Corporation)
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater]
"" =

< c:\windows\*.* /U >
[4 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2010.02.05 21:00:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karel\Data aplikací\ACD Systems
[2010.05.05 07:51:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karel\Data aplikací\Adobe
[2010.02.05 19:50:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karel\Data aplikací\ATI
[2010.09.13 13:23:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karel\Data aplikací\Autodesk
[2010.04.02 08:00:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karel\Data aplikací\Corel
[2010.02.05 21:11:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karel\Data aplikací\CyberLink
[2010.02.05 21:19:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karel\Data aplikací\DAEMON Tools Lite
[2010.11.06 08:50:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karel\Data aplikací\DivX
[2010.04.20 10:57:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karel\Data aplikací\FileOpen
[2010.02.05 21:49:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karel\Data aplikací\HP
[2010.02.05 18:33:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karel\Data aplikací\Identities
[2010.03.20 17:28:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karel\Data aplikací\Image Zone Express
[2010.02.05 19:32:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karel\Data aplikací\InstallShield
[2010.02.05 20:04:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karel\Data aplikací\Leadertech
[2010.02.05 20:04:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karel\Data aplikací\Logitech
[2010.02.05 22:33:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karel\Data aplikací\Macromedia
[2010.02.05 21:01:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karel\Data aplikací\Malwarebytes
[2010.02.06 12:06:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karel\Data aplikací\MAXON
[2010.07.27 16:00:47 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Karel\Data aplikací\Microsoft
[2010.07.02 17:00:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karel\Data aplikací\Mozilla
[2010.04.30 17:52:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karel\Data aplikací\Nero
[2010.02.05 23:51:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karel\Data aplikací\Nokia
[2010.07.09 11:10:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karel\Data aplikací\Opera
[2010.02.06 00:05:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karel\Data aplikací\PC Suite
[2010.03.20 17:24:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karel\Data aplikací\Printer Info Cache
[2010.05.10 11:07:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karel\Data aplikací\QuickStoresToolbar
[2010.02.07 14:02:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karel\Data aplikací\Real
[2010.07.18 20:48:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karel\Data aplikací\Skype
[2010.07.18 19:31:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karel\Data aplikací\skypePM
[2010.07.01 17:59:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karel\Data aplikací\TS3Client
[2010.02.05 21:56:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karel\Data aplikací\Ulead Systems
[2010.11.12 20:03:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karel\Data aplikací\uTorrent
[2010.11.07 21:07:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karel\Data aplikací\Winamp
[2010.02.06 11:37:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Karel\Data aplikací\Zoner

< %APPDATA%\*.exe /s >
[2010.11.06 08:47:21 | 006,782,976 | ---- | M] () -- C:\Documents and Settings\Karel\Data aplikací\igfxtray.exe
[2010.02.05 20:04:02 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Documents and Settings\Karel\Data aplikací\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
[2010.11.08 12:55:18 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Karel\Data aplikací\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
[2010.04.20 10:57:29 | 000,014,846 | R--- | M] () -- C:\Documents and Settings\Karel\Data aplikací\Microsoft\Installer\{857CBF4A-192C-44B0-86A5-6281FCEFA1FE}\FileOpenNew.exe
[2010.07.19 09:26:01 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\Karel\Data aplikací\Microsoft\Installer\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}\ARPPRODUCTICON.exe
[2010.04.07 09:25:56 | 000,003,262 | R--- | M] () -- C:\Documents and Settings\Karel\Data aplikací\Microsoft\Installer\{D2E68FA6-2637-4100-996F-E99337C9157E}\_2f33355a.exe
[2010.04.07 09:25:56 | 000,003,262 | R--- | M] () -- C:\Documents and Settings\Karel\Data aplikací\Microsoft\Installer\{D2E68FA6-2637-4100-996F-E99337C9157E}\_517f6df9.exe
[2010.04.07 09:25:56 | 000,003,262 | R--- | M] () -- C:\Documents and Settings\Karel\Data aplikací\Microsoft\Installer\{D2E68FA6-2637-4100-996F-E99337C9157E}\_74fc1359.exe
[2010.04.07 09:25:56 | 000,003,262 | R--- | M] () -- C:\Documents and Settings\Karel\Data aplikací\Microsoft\Installer\{D2E68FA6-2637-4100-996F-E99337C9157E}\_79c97d4f.exe
[2010.04.07 09:25:56 | 000,003,262 | R--- | M] () -- C:\Documents and Settings\Karel\Data aplikací\Microsoft\Installer\{D2E68FA6-2637-4100-996F-E99337C9157E}\_7bc39f3.exe
[2010.04.07 09:25:56 | 000,003,262 | R--- | M] () -- C:\Documents and Settings\Karel\Data aplikací\Microsoft\Installer\{D2E68FA6-2637-4100-996F-E99337C9157E}\_7bc633ef.exe
[2010.04.07 09:25:56 | 000,003,262 | R--- | M] () -- C:\Documents and Settings\Karel\Data aplikací\Microsoft\Installer\{D2E68FA6-2637-4100-996F-E99337C9157E}\_7bca5dec.exe
[2010.04.07 09:25:56 | 000,003,262 | R--- | M] () -- C:\Documents and Settings\Karel\Data aplikací\Microsoft\Installer\{D2E68FA6-2637-4100-996F-E99337C9157E}\_fbe2705.exe
[2010.05.10 11:04:58 | 000,704,248 | ---- | M] () -- C:\Documents and Settings\Karel\Data aplikací\QuickStoresToolbar\unins000.exe
[2010.03.03 14:00:50 | 000,045,304 | ---- | M] (Andreas Breitschopp - Softwareentwicklung und -vertrieb) -- C:\Documents and Settings\Karel\Data aplikací\QuickStoresToolbar\Update.exe


< MD5 for: AGP440.SYS >
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

< MD5 for: AHCIX86.SYS >
[2008.10.13 20:14:18 | 000,184,848 | ---- | M] (Advanced Micro Devices, Inc) MD5=1ED718CA8A8B3F5AB77416A873C2BF9D -- C:\Programy pro Windows XP\Drivery\Základní deska (MB GIGABYTE MA785GMT-UD2H)\Chipset\MA74\XP\SBDrv\RAID7xx\x86\ahcix86.sys
[2009.04.08 22:46:22 | 000,189,968 | ---- | M] (Advanced Micro Devices, Inc) MD5=3936A49ECB74CF23BBB6979CD683DD56 -- C:\Programy pro Windows XP\Drivery\Základní deska (MB GIGABYTE MA785GMT-UD2H)\BootDrv\SB750\x86\ahcix86.sys
[2009.04.08 22:46:22 | 000,189,968 | ---- | M] (Advanced Micro Devices, Inc) MD5=3936A49ECB74CF23BBB6979CD683DD56 -- C:\Programy pro Windows XP\Drivery\Základní deska (MB GIGABYTE MA785GMT-UD2H)\Chipset\7-Ser\XP\SBDrv\RAID7xx\x86\ahcix86.sys
[2007.08.08 02:54:32 | 000,123,392 | ---- | M] (Promise Technology, Inc.) MD5=DDD2E4A9AA3A57C510962B862663A3B6 -- C:\Programy pro Windows XP\Drivery\Základní deska (MB GIGABYTE MA785GMT-UD2H)\Chipset\RD790\XP2K\SBDrv\RAID\x86\ahcix86.sys

< MD5 for: AHCIX86S.SYS >
[2008.10.03 17:08:52 | 000,183,312 | ---- | M] (Advanced Micro Devices, Inc) MD5=03081E98C515CB838434D252F407F6E8 -- C:\Programy pro Windows XP\Drivery\Základní deska (MB GIGABYTE MA785GMT-UD2H)\Chipset\MA74\Vista\RAID\Packages\Drivers\SBDrv\SB7xx\RAID\LH\ahcix86s.sys
[2007.08.08 02:55:08 | 000,122,880 | ---- | M] (Promise Technology, Inc.) MD5=4283A0F3A9557EB133D2BA8979747A77 -- C:\Programy pro Windows XP\Drivery\Základní deska (MB GIGABYTE MA785GMT-UD2H)\Chipset\RD790\Vista\Packages\Drivers\SBDrv\SB6xx\RAID\LH\ahcix86s.sys
[2009.04.08 22:45:10 | 000,188,944 | ---- | M] (Advanced Micro Devices, Inc) MD5=A2A2E677071141196C57FF7D2608EBB3 -- C:\Programy pro Windows XP\Drivery\Základní deska (MB GIGABYTE MA785GMT-UD2H)\BootDrv\SB750V\LH\ahcix86s.sys
[2009.04.08 22:45:10 | 000,188,944 | ---- | M] (Advanced Micro Devices, Inc) MD5=A2A2E677071141196C57FF7D2608EBB3 -- C:\Programy pro Windows XP\Drivery\Základní deska (MB GIGABYTE MA785GMT-UD2H)\Chipset\7-Ser\Vista\RAID\Packages\Drivers\SBDrv\SB7xx\RAID\LH\ahcix86s.sys

Re: qooqlle - nechtěná domovská stránka

Napsal: 12 lis 2010 20:14
od K-A-R-E-L
< MD5 for: ATAPI.SYS >
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008.04.13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: CDROM.SYS >
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008.04.13 23:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[1994.09.08 09:41:00 | 000,023,824 | ---- | M] () MD5=62BA6218692436275B0332A5AAA6E4F6 -- C:\Programy pro Windows XP\Drivery\Základní deska (MB GIGABYTE MA785GMT-UD2H)\Other\GCDROM\SCSI\CDROM.SYS

< MD5 for: CRYPTSVC.DLL >
[2008.04.14 07:51:40 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\ERDNT\cache\cryptsvc.dll
[2008.04.14 07:51:40 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\cryptsvc.dll
[2008.04.14 07:51:40 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\dllcache\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2008.04.14 07:51:42 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008.04.14 07:51:42 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008.04.14 07:51:42 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008.04.14 07:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008.04.14 07:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 07:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: HAL.DLL >
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2008.04.13 23:01:30 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=4329EE7D502C9113EBA0F9570392F5EE -- C:\WINDOWS\system32\hal.dll

< MD5 for: CHANGER.SYS >
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys

< MD5 for: ISAPNP.SYS >
[2008.04.14 08:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2008.04.14 06:57:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\drivers\isapnp.sys

< MD5 for: LSASS.EXE >
[2008.04.14 07:52:30 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\ERDNT\cache\lsass.exe
[2008.04.14 07:52:30 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\dllcache\lsass.exe
[2008.04.14 07:52:30 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\lsass.exe

< MD5 for: NDIS.SYS >
[2008.04.13 23:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ERDNT\cache\ndis.sys
[2008.04.13 23:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\ndis.sys
[2008.04.13 23:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys

< MD5 for: NETLOGON.DLL >
[2008.04.14 07:51:52 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008.04.14 07:51:52 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008.04.14 07:51:52 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008.04.14 07:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008.04.14 07:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008.04.14 07:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SMSS.EXE >
[2004.08.17 15:49:28 | 000,164,864 | ---- | M] (Microsoft Corporation) MD5=3C100B7FDB179B63829103DF6541337F -- C:\cmdcons\SYSTEM32\SMSS.EXE
[2008.04.14 07:52:48 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\dllcache\smss.exe
[2008.04.14 07:52:48 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\smss.exe

< MD5 for: SVCHOST.EXE >
[2008.04.14 07:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008.04.14 07:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008.04.14 07:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: TCPIP.SYS >
[2008.04.13 23:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\ERDNT\cache\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2008.06.20 12:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.04.14 07:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008.04.14 07:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008.04.14 07:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008.04.14 07:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008.04.14 07:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008.04.14 07:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WS2_32.DLL >
[2008.04.14 07:52:08 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\ERDNT\cache\ws2_32.dll
[2008.04.14 07:52:08 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\dllcache\ws2_32.dll
[2008.04.14 07:52:08 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010.02.05 20:17:34 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys

< %systemroot%\System32\config\*.sav >
[2010.02.05 19:13:38 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010.02.05 19:13:38 | 001,093,632 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010.02.05 19:13:37 | 000,524,288 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs

< %systemroot%\system32\drivers\*.sys /3 >
[2010.11.12 18:23:34 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys
[2010.11.12 18:23:50 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys
[2010.11.12 18:23:31 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgrkx86.sys
[2010.11.12 18:23:51 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgtdix.sys

< %systemroot%\system32\*.* /3 >
[2010.11.12 18:23:50 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\avgrsstx.dll
[2010.11.10 14:56:18 | 035,758,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MRT.exe
[2010.11.12 18:27:02 | 000,162,960 | ---- | M] () -- C:\WINDOWS\system32\OODBS.lor
[2010.11.12 18:31:43 | 000,079,244 | ---- | M] () -- C:\WINDOWS\system32\perfc005.dat
[2010.11.12 18:31:43 | 000,068,292 | ---- | M] () -- C:\WINDOWS\system32\perfc009.dat
[2010.11.12 18:31:43 | 000,432,328 | ---- | M] () -- C:\WINDOWS\system32\perfh005.dat
[2010.11.12 18:31:43 | 000,435,396 | ---- | M] () -- C:\WINDOWS\system32\perfh009.dat
[2010.11.12 18:31:42 | 001,028,820 | ---- | M] () -- C:\WINDOWS\system32\PerfStringBackup.INI
[2010.11.12 16:10:23 | 000,002,206 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< End of report >

Re: qooqlle - nechtěná domovská stránka

Napsal: 12 lis 2010 20:15
od K-A-R-E-L
A zde Extras.Txt

OTL Extras logfile created on: 12.11.2010 20:01:05 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Karel\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 71,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 172,21 Gb Free Space | 73,95% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 177,32 Gb Free Space | 76,14% Space Free | Partition Type: NTFS
Drive E: | 1397,25 Gb Total Space | 416,47 Gb Free Space | 29,81% Space Free | Partition Type: NTFS
Drive K: | 153,38 Gb Total Space | 88,63 Gb Free Space | 57,79% Space Free | Partition Type: NTFS

Computer Name: PC-DOMA | User Name: Karel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee 11.0.Browse] -- "C:\Program Files\ACD Systems\ACDSee\11.0\ACDSeeQV11.exe" "%1" (ACD Systems)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
"3703:TCP" = 3703:TCP:*:Enabled:Adobe Version Cue CS4 Server
"3704:TCP" = 3704:TCP:*:Enabled:Adobe Version Cue CS4 Server
"51000:TCP" = 51000:TCP:*:Enabled:Adobe Version Cue CS4 Server
"51001:TCP" = 51001:TCP:*:Enabled:Adobe Version Cue CS4 Server
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe" = C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:*:Enabled:Adobe Version Cue CS4 Server -- (Adobe Systems Incorporated)
"K:\Programy\Strong DC 2.40\StrongDC.exe" = K:\Programy\Strong DC 2.40\StrongDC.exe:*:Enabled:StrongDC++ -- ()
"C:\Totalcmd\TOTALCMD.EXE" = C:\Totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit -- (Ghisler Software GmbH)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files\Steam\steamapps\common\moon base alpha\Binaries\Win32\MoonBaseAlphaGame.exe" = C:\Program Files\Steam\steamapps\common\moon base alpha\Binaries\Win32\MoonBaseAlphaGame.exe:*:Enabled:Moonbase Alpha -- ()
"E:\Hry\StarCraft II\StarCraft II.exe" = E:\Hry\StarCraft II\StarCraft II.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"E:\Hry\StarCraft II\Versions\Base15405\SC2.exe" = E:\Hry\StarCraft II\Versions\Base15405\SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment, Inc.)
"C:\Program Files\AVG\AVG9\avgam.exe" = C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgdiagex.exe" = C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{02627ee5-eaca-4742-a9cc-e687631773e4}" = Nero ShowTime
"{03DEEAD2-F3B7-45BF-9006-A25D015F00D2}" = Adobe Flash Player 10 Plugin
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{076A2323-68F0-4359-9D17-030882B70514}" = NXPowerLite
"{086a7d8c-0a38-4c7f-819a-620275550d5c}" = Nero BurningROM
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0A55CDBB-0566-4AA2-A15B-24C7F27C6FF4}" = BPD_Scan
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0E7B80B8-C934-1CC9-CA7E-3676C386AB5C}" = CCC Help Czech
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{129DDEC1-A6A3-3D60-AABE-76E6E5334922}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - CSY
"{135F1649-39EE-9691-1843-A35ABC1F34D5}" = CCC Help Turkish
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16d2742c-fd81-4bcf-a324-d135794da7d1}" = Nero 9
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1c00c7c5-e615-4139-b817-7f4003de68c0}" = Nero PhotoSnap Help
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = LifeFrame2
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool
"{23053452-2481-FB26-72E3-D2AD4C84510B}" = CCC Help Dutch
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{300578F9-9EFF-4B93-9AB1-C0E5707EF463}" = ACDSee Photo Manager 2009
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{359cfc0a-beb1-440d-95ba-cf63a86da34f}" = Nero Recode
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{368ba326-73ad-4351-84ed-3c0a7a52cc53}" = Nero Rescue Agent
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C1C7ACD-FFDE-4D11-5AAD-D3F2D9B60CC4}" = CCC Help Danish
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{41C51858-3373-A022-81A9-1CC9058838D3}" = CCC Help Russian
"{425AD62D-5B16-494C-8AAB-6B3D0CF2527A}" = Adobe Setup
"{428FDF9F-E010-4C4C-A8BB-156960AFCA1C}" = Adobe Fireworks CS4
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{47C6F987-685A-41AE-B092-E75B277AEE39}" = Adobe Flash CS4 Extension - Flash Lite STI others
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4FB600F5-C478-4DF7-A2BC-57D3807BAC91}" = BPDSoftware_Ini
"{505AFDC0-5E72-4928-8368-5DEA385E3647}" = CorelDRAW Graphics Suite 12
"{5104B07C-6A3D-4E7E-8BBB-960B52554BDD}" = BPD_HPSU
"{53480370-6CA2-47EC-BC05-02B4B9271C31}" = O&O Defrag Professional Edition
"{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5783F2D7-7001-0405-0002-0060B0CE6BBA}" = AutoCAD 2009 - český
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5B363E1D-8C36-4458-BAE4-D5081999E094}" = Browser Configuration Utility
"{5d9be3c1-8ba4-4e7e-82fd-9f74fa6815d1}" = Nero Vision
"{5e08ecd1-c98e-4711-bf65-8fd736b3f969}" = Nero RescueAgent Help
"{60c731fb-c951-41ce-ad41-8e54c8594609}" = Nero Disc Copy Gadget Help
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6869591A-7DD8-46D2-837F-57CBF7358955}" = Nokia Connectivity Cable Driver
"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}" = PC Connectivity Solution
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6FE8B722-4D7E-3CD7-BB3A-3AD1684B1295}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - CSY
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74DCC43B-33C9-3389-BD0D-33EB37973657}" = Microsoft .NET Framework 3.5 Language Pack - csy
"{760B29F2-8663-419B-A025-5A55066E130B}" = Ulead Photo Express 6

"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{77e33d87-255e-413e-9c8d-eed2a7f9bebf}" = Nero Live Help
"{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express
"{83744391-B5A4-40E3-8A7D-E8BF39CB00ED}" = Adobe Creative Suite 4 Design Premium
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{857CBF4A-192C-44B0-86A5-6281FCEFA1FE}" = FileOpen Client
"{85D48C66-7D4B-98A1-1EEC-2D1742CA7142}" = ccc-core-static
"{868EA922-5675-4E91-BDA6-BBD0F923C5EF}" = HP Officejet Pro All-In-One Series
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{87CC8013-56D1-43E1-A0A5-AD406B4EBA95}" = Opera 10.63
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8868D822-2CBA-46B2-A286-B400B6185769}" = 7500_7600_7700_Help
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8AF3E926-ED59-11D4-A44B-0000E86D2305}" = Ulead GIF Animator 5 ESD
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8F8DCF37-7D1B-9540-3926-C119660884AD}" = Catalyst Control Center Localization All
"{8F968232-15C6-4872-84C2-9FCDAA1AEAB6}" = MPM
"{90110405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0405-0000-0000000FF1CE}" = Sada Compatibility Pack pro systém Office 2007
"{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}" = Nokia PC Suite
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-0052-0405-0000-0000000FF1CE}" = Microsoft Office Visio Viewer 2007
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{98a67610-a3b5-4098-a423-3708040026d3}" = "Nero SoundTrax Help
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AE02FD8-6351-20D2-AF36-D024E692BB07}" = Catalyst Control Center Graphics Previews Common
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9e82b934-9a25-445b-b8df-8012808074ac}" = Nero PhotoSnap
"{9F1776BA-F105-C5EC-0B98-B68073BD99F9}" = CCC Help Norwegian
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{a209525b-3377-43f4-b886-32f6b6e7356f}" = Nero WaveEditor
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-1029-4770-7760-000000000004}" = Adobe Acrobat 9 Pro - Czech, Hungarian, Polish, Slovak
"{AC76BA86-1029-4770-7760-000000000004}{AC76BA86-1029-4770-7760-000000000004}" = Adobe Acrobat 9 Pro - Czech, Hungarian, Polish, Slovak
"{ad6bc5cc-2ef0-49c4-b33d-cdc8b2c4dc80}" = Nero Recode Help
"{AE6EF4BA-D6B0-CBAE-8EA4-6083AC8DC95A}" = CCC Help English
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{B000FB7B-A489-25FC-EA84-1AA54AAD55BB}" = ATI Catalyst Install Manager
"{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B3317B1D-F474-179D-DE80-A6BA55E682BD}" = CCC Help Swedish
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{b78120a0-cf84-4366-a393-4d0a59bc546c}" = Menu Templates - Starter Kit
"{B9CDE16C-D0CA-BB14-5126-5EB77AC51E0E}" = ccc-utility
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD3374D3-C2E6-42B7-A80B-E850B6886246}" = Adobe Flash CS4 STI-other
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{BE99B4DC-754E-4D40-AFA6-AB43248231EC}" = Canon Camera WIA Driver
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C27246BF-80D2-2FC2-33AE-A6C7E437BFB9}" = Catalyst Control Center InstallProxy
"{C3E98E64-683E-4271-9D39-88B1AAB1AE7B}" = L7600
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{c5a7cb6c-e76d-408f-ba0e-85605420fe9d}" = SoundTrax
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C7C032A7-B5EF-7C1D-ED30-5DAD01883820}" = CCC Help Finnish
"{C86E7C99-E4AD-79C7-375B-1AEF9A91EC2B}" = Acrobat.com
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{ce96f5a5-584d-4f8f-aa3e-9baed413db72}" = Nero CoverDesigner Help
"{d025a639-b9c9-417d-8531-208859000af8}" = NeroBurningROM
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2E68FA6-2637-4100-996F-E99337C9157E}" = Balík TT 2008
"{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}" = NVIDIA PhysX v8.10.29
"{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}" = Nero ShowTime
"{DDA34038-89BD-4804-B0B8-DC48D5DFB463}" = Catalyst Control Center - Branding
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{DEB9AEF7-3ADA-40a9-9C98-546D54FE9CBD}" = ProductContext
"{df6a95f5-adc1-406a-bdc6-2aa7cc0182aa}" = Nero Live
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}" = AVerTV
"{E43ED0A0-C85E-40F0-807C-6A8A9D2FAEF3}_is1" = King's Bounty. The Legend (Remove Only)
"{e498385e-1c51-459a-b45f-1721e37aa1a0}" = Movie Templates - Starter Kit
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed
"{e8631efb-6b9a-426c-b1ce-e7173ca26bf8}" = Nero WaveEditor Help
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{EC68232E-C74E-4F1A-B296-DFD2E1944E10}" = Adobe Setup
"{ECAD4F6A-0BF3-4028-9C81-E5D9F9606CBA}" = BPDSoftware
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f1861f30-3419-44db-b2a1-c274825698b3}" = Nero Disc Copy Gadget
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"05B59228C7E1C21DFBE89260F879BD95880548D8" = Balíček ovladače systému Windows - Nokia Modem (10/05/2009 4.2)
"504244733D18C8F63FF584AEB290E3904E791693" = Balíček ovladače systému Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Balíček ovladače systému Windows - Nokia Modem (06/01/2009 7.01.0.4)
"ACDSee Photo Manager 2009" = ACDSee Photo Manager 2009
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Type Manager Deluxe 4.1" = Adobe Type Manager Deluxe 4.1
"Adobe_7774cb1e022c49962995a9014500066" = Adobe Media Encoder CS4 Importer
"Adobe_9e18dc90ff20e45c0662c733e20a10d" = Adobe Creative Suite 4 Design Premium
"Allplan 2004" = Nemetschek Allplan 2004
"AutoCAD 2009 - český" = AutoCAD 2009 - český
"AVerMedia M135-Series PCI TV Tuner" = AVerMedia M135-Series PCI TV Tuner 3.6.0.6
"AVerMedia MCE Encoder x86" = AVerMedia MCE Encoder x86 3.0.1.6
"AVG9Uninstall" = AVG 9.0
"CCleaner" = CCleaner
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"FormatFactory" = FormatFactory 2.30
"Hardlock Device Driver" = Hardlock Device Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"ie8" = Windows Internet Explorer 8
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0
"InstallShield_{BE99B4DC-754E-4D40-AFA6-AB43248231EC}" = Canon PowerShot G3 WIA Driver
"InstallShield_{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}" = AVerTV
"Kings Bounty Armored Princess_is1" = Kings Bounty Armored Princess
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.3.4
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack - csy" = Microsoft .NET Framework 3.5 Language Pack - CSY
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"Mp3 Knife_is1" = Mp3 Knife 3.2
"MV2Player" = MV2Player (remove only)
"Nokia PC Suite" = Nokia PC Suite
"PDFCreator Toolbar" = PDFCreator Toolbar
"QuickStores-Toolbar_is1" = QuickStores-Toolbar 1.0.0
"S2TNG" = The Settlers II - 10th Anniversary
"StarCraft II" = StarCraft II
"Steam App 39000" = Moonbase Alpha
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Totalcmd" = Total Commander (Remove or Repair)
"uTorrent" = µTorrent
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Web Translator" = Web Translator
"Winamp" = Winamp
"WinRAR archiver" = Archivátor WinRAR
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"XStandard" = XStandard
"Zoner Photo Studio 9_is1" = Zoner Photo Studio 9

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 31.8.2010 6:53:44 | Computer Name = PC-DOMA | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace iexplore.exe, verze 8.0.6001.18702, zablokovaný
modul hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 5.9.2010 13:58:38 | Computer Name = PC-DOMA | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace SC2.exe, verze 1.0.0.16117, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 6.9.2010 4:05:29 | Computer Name = PC-DOMA | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace SC2.exe, verze 1.0.0.16117, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 8.9.2010 1:42:27 | Computer Name = PC-DOMA | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace Mv2PlayerPlus.exe, verze 0.7.0.16, zablokovaný
modul hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 10.9.2010 8:41:25 | Computer Name = PC-DOMA | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace SC2.exe, verze 1.0.0.16117, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 13.9.2010 13:04:43 | Computer Name = PC-DOMA | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace iexplore.exe, verze 8.0.6001.18702, zablokovaný
modul hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 26.10.2010 9:00:25 | Computer Name = PC-DOMA | Source = Application Error | ID = 1000
Description = Chybující aplikace acrodist.exe, verze 9.0.0.332, chybující modul
acrodistdll.dll, verze 9.0.0.332, adresa chyby 0x001ed704.

Error - 27.10.2010 14:16:19 | Computer Name = PC-DOMA | Source = MsiInstaller | ID = 1013
Description = Product: PowerDVD -- This installation cannot be run by directly launching
the MSI package. You must run setup.exe.

Error - 1.11.2010 13:34:07 | Computer Name = PC-DOMA | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace iexplore.exe, verze 8.0.6001.18702, zablokovaný
modul hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 12.11.2010 12:14:26 | Computer Name = PC-DOMA | Source = MsiInstaller | ID = 1013
Description = Product: AVG 2011 -- Automatická odinstalace staré verze AVG selhala
a nelze dokončit novou instalaci. Odinstalujte starou verzi manuálně a spusťte
instalaci znovu.


< End of report >

Re: qooqlle - nechtěná domovská stránka

Napsal: 12 lis 2010 20:51
od K-A-R-E-L
Ok,

1. ComboFix /Uninstall - OK
2. T-Cleaner - OK
3. Ccleaner - OK
4. AVG odinstalace, Avast - instalace - OK
5. To OTL stačí smazat či je opět třeba nějak odinstalovat, jelikož adresáře typu (Boot, Config.Msi,$RECYCLE.BIN, MSOCache atd. na discích jsem dříve nevídal).
Také ta konzola na zotavení na začátku, ne že by to tolik vadilo když se vybírá systém, ale nevím zda to lze nějak lehce vypnout.

Díky moc
Karel

Re: qooqlle - nechtěná domovská stránka

Napsal: 12 lis 2010 21:33
od motji
:arrow: Spustte OTL
-do bílého okna dole skopírujte tento skript:

Kód: Vybrat vše

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
E - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
FF - prefs.js..browser.search.selectedEngine: "qooqlle"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.qooqlle.com/"

:files
C:\WINDOWS\system32\*.tmp.dll /s
C:\WINDOWS\system32\SET*.tmp /s
C:\WINDOWS\*.tmp /s

:commands
[emptytemp]
[EMPTYFLASH]
[Reboot]

-klikněte na tlačítko opravit.
-Následně se pc restartuje.
- Log vložte zde :)


Konzoli a OTL mi připomeňte na závěr :)

Re: qooqlle - nechtěná domovská stránka

Napsal: 12 lis 2010 21:43
od K-A-R-E-L
Ok, i když v programu vidím (Prefs.js: "http://www.qooqlle.com/" removed from browser.startup.homepage) tak to zatím tak není. :o

Napadá mě jako laika zda není někde ve standardních startovacích programech prostě nějaká instrukce vložena (podobně jako při startu se nabízí systém i konzola atd.).

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Prefs.js: "qooqlle" removed from browser.search.selectedEngine
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "http://www.qooqlle.com/" removed from browser.startup.homepage
========== FILES ==========
File\Folder C:\WINDOWS\system32\*.tmp.dll not found.
File\Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\msdownld.tmp folder moved successfully.
C:\WINDOWS\SET3.tmp moved successfully.
C:\WINDOWS\SET4.tmp moved successfully.
C:\WINDOWS\SET8.tmp moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP176.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1F4.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP254.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP27A.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP291.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP343.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP420.tmp folder moved successfully.
C:\WINDOWS\Installer\MSI13.tmp moved successfully.
C:\WINDOWS\Installer\MSI14.tmp moved successfully.
C:\WINDOWS\Installer\MSI17.tmp moved successfully.
C:\WINDOWS\Installer\MSI18.tmp moved successfully.
C:\WINDOWS\Installer\MSI19.tmp moved successfully.
C:\WINDOWS\Installer\MSI1A.tmp moved successfully.
C:\WINDOWS\Installer\MSI1B.tmp moved successfully.
C:\WINDOWS\Installer\MSI1C.tmp moved successfully.
C:\WINDOWS\Installer\MSI1C0.tmp moved successfully.
C:\WINDOWS\Installer\MSI1C1.tmp moved successfully.
C:\WINDOWS\Installer\MSI1C2.tmp moved successfully.
C:\WINDOWS\Installer\MSI1C3.tmp moved successfully.
C:\WINDOWS\Installer\MSI1C4.tmp moved successfully.
C:\WINDOWS\system32\CONFIG.TMP moved successfully.
C:\WINDOWS\temp\_avast5_\unp147259847.tmp moved successfully.
C:\WINDOWS\twain_32\hpqgnds2.tmp moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Karel
->Temp folder emptied: 2679516 bytes
->Temporary Internet Files folder emptied: 5686307 bytes
->FireFox cache emptied: 40984247 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 1524 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: user

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 21604 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 4625 bytes

Total Files Cleaned = 47,00 mb


[EMPTYFLASH]

User: All Users

User: Default User

User: Karel
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: user

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.17.3 log created on 11122010_213732

Files\Folders moved on Reboot...
C:\Documents and Settings\Karel\Local Settings\Temporary Internet Files\Content.IE5\KN8ID353\viewtopic[1].htm moved successfully.
C:\Documents and Settings\Karel\Local Settings\Temporary Internet Files\Content.IE5\IWI8KY2H\afr[1].htm moved successfully.
C:\Documents and Settings\Karel\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Re: qooqlle - nechtěná domovská stránka

Napsal: 12 lis 2010 21:45
od motji
Poprosím o nový log ze Rsitu. Teď jsme Vás nepochopila, je tam ten šmejd nebo ne?

Re: qooqlle - nechtěná domovská stránka

Napsal: 12 lis 2010 21:49
od K-A-R-E-L
Bohužel, někde něco stále je když mi to neustále po každém startu tu domovskou stránku mění a to u všech prohlížečů. :o
Stane se to i po odhlášení, ani se PC nemusí restartnout a je to zase na tom ujetém qooqlle. :?: , ale stejně to vždy zkusím vrátit zpět na seznam - marně.

Logfile of random's system information tool 1.08 (written by random/random)
Run by Karel at 2010-11-12 21:47:55
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 180 GB (76%) free of 238 GB
Total RAM: 3326 MB (81% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:47:59, on 12.11.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe
c:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe
C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\Program Files\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Totalcmd\TOTALCMD.EXE
K:\RSIT.exe
C:\Program Files\trend micro\Karel.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\TRANSLAT\WEBIE.DLL
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O2 - BHO: CStat - {DD92DE22-ED91-4560-B788-DEE2B26612E6} - C:\Program Files\DeviceVM\Browser Configuration Utility\IEHelper.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\TRANSLAT\WEBIE.DLL
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [IgfxTraySound] %appdata%\igfxtray.exe
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Připojit cíl vazby k existujícímu PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Připojit k existujícímu PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {CE8267C2-D41A-4A50-A69D-F32B5C289F14} (FileOpenInstaller) - http://plugin.fileopen.com/current/FileOpen.CAB
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{82FB2278-B20F-4DF9-9D1C-A45CE1DFE6AA}: NameServer = 192.168.1.1
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - (no file)
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: AVerRemote - AVerMedia - c:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe
O23 - Service: AVerScheduleService - Unknown owner - c:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe
O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 10274 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\TRANSLAT\WEBIE.DLL [2010-02-06 360448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}]
PDFCreator Toolbar Helper - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll [2010-02-05 806912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DD92DE22-ED91-4560-B788-DEE2B26612E6}]
BHO Class - C:\Program Files\DeviceVM\Browser Configuration Utility\IEHelper.dll [2009-06-22 335104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - PDFCreator Toolbar - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll [2010-02-05 806912]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\TRANSLAT\WEBIE.DLL [2010-02-06 360448]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-05-21 17881600]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2008-02-29 76304]
"amd_dc_opt"=C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2008-07-22 77824]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-08-25 98304]
"IgfxTraySound"=C:\Documents and Settings\Karel\Data aplikací\igfxtray.exe [2010-11-06 6782976]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2010-09-07 2838912]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2009-11-11 1451520]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
c:\program files\steam\steam.exe [2010-10-06 1242448]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector]
C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe [2005-07-28 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead Calendar Checker]
C:\Program Files\Ulead Systems\Ulead Photo Express 6\CalCheck.exe [2005-08-22 69632]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2010-08-26 159744]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
avgrsstx.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2008-05-02 72208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2008-12-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe"="C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:*:Enabled:Adobe Version Cue CS4 Server"
"K:\Programy\Strong DC 2.40\StrongDC.exe"="K:\Programy\Strong DC 2.40\StrongDC.exe:*:Enabled:StrongDC++"
"C:\Totalcmd\TOTALCMD.EXE"="C:\Totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\Steam\steamapps\common\moon base alpha\Binaries\Win32\MoonBaseAlphaGame.exe"="C:\Program Files\Steam\steamapps\common\moon base alpha\Binaries\Win32\MoonBaseAlphaGame.exe:*:Enabled:Moonbase Alpha"
"E:\Hry\StarCraft II\StarCraft II.exe"="E:\Hry\StarCraft II\StarCraft II.exe:*:Enabled:Blizzard Launcher"
"E:\Hry\StarCraft II\Versions\Base15405\SC2.exe"="E:\Hry\StarCraft II\Versions\Base15405\SC2.exe:*:Enabled:StarCraft II"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======File associations======

.scr - open - C:\WINDOWS\system32\notepad.exe "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2010-11-12 21:47:55 ----D---- C:\rsit
2010-11-12 21:37:32 ----D---- C:\_OTL
2010-11-12 20:57:33 ----SHD---- C:\$RECYCLE.BIN
2010-11-12 20:42:20 ----A---- C:\WINDOWS\system32\drivers\aswSP.sys
2010-11-12 20:42:20 ----A---- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2010-11-12 20:42:18 ----A---- C:\WINDOWS\system32\drivers\aswRdr.sys
2010-11-12 20:42:17 ----A---- C:\WINDOWS\system32\drivers\aswTdi.sys
2010-11-12 20:42:15 ----A---- C:\WINDOWS\system32\drivers\aswmon2.sys
2010-11-12 20:42:15 ----A---- C:\WINDOWS\system32\drivers\aswmon.sys
2010-11-12 20:42:14 ----A---- C:\WINDOWS\system32\drivers\aavmker4.sys
2010-11-12 20:42:08 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-11-12 20:42:06 ----D---- C:\Program Files\Alwil Software
2010-11-12 20:42:06 ----D---- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
2010-11-12 18:12:39 ----D---- C:\Documents and Settings\All Users\Data aplikací\avg9
2010-11-12 17:44:30 ----SHD---- C:\RECYCLER
2010-11-12 17:42:56 ----D---- C:\WINDOWS\temp
2010-11-12 17:39:14 ----RASHD---- C:\cmdcons
2010-11-12 17:12:59 ----D---- C:\Documents and Settings\All Users\Data aplikací\MFAData
2010-11-08 12:55:17 ----D---- C:\Program Files\Trend Micro
2010-11-08 07:39:53 ----D---- C:\Documents and Settings\All Users\Data aplikací\Comodo
2010-11-07 23:07:21 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-11-07 23:07:21 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-11-07 22:57:33 ----D---- C:\Documents and Settings\All Users\Data aplikací\Windows Genuine Advantage
2010-11-07 20:40:46 ----D---- C:\Documents and Settings\All Users\Data aplikací\SUPERAntiSpyware.com
2010-11-06 08:49:35 ----D---- C:\Documents and Settings\Karel\Data aplikací\DivX
2010-11-06 08:49:18 ----N---- C:\WINDOWS\system32\pxinsi64.exe
2010-11-06 08:49:18 ----N---- C:\WINDOWS\system32\pxcpyi64.exe
2010-11-06 08:47:23 ----D---- C:\Documents and Settings\All Users\Data aplikací\DivX
2010-11-06 08:47:22 ----A---- C:\Documents and Settings\Karel\Data aplikací\igfxtray.exe
2010-10-14 06:09:40 ----HDC---- C:\WINDOWS\$NtUninstallKB2387149$
2010-10-14 06:09:35 ----HDC---- C:\WINDOWS\$NtUninstallKB2279986$
2010-10-14 06:09:31 ----HDC---- C:\WINDOWS\$NtUninstallKB2345886$
2010-10-14 06:09:28 ----HDC---- C:\WINDOWS\$NtUninstallKB2296011$
2010-10-14 06:09:23 ----HDC---- C:\WINDOWS\$NtUninstallKB2378111_WM9$
2010-10-14 06:09:18 ----HDC---- C:\WINDOWS\$NtUninstallKB982132$
2010-10-14 06:09:14 ----HDC---- C:\WINDOWS\$NtUninstallKB979687$
2010-10-14 06:07:12 ----HDC---- C:\WINDOWS\$NtUninstallKB981957$
2010-10-14 06:07:07 ----HDC---- C:\WINDOWS\$NtUninstallKB2360937$

======List of files/folders modified in the last 1 months======

2010-11-12 21:47:54 ----D---- C:\WINDOWS\Prefetch
2010-11-12 21:43:36 ----D---- C:\WINDOWS\system32
2010-11-12 21:43:36 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-11-12 21:41:06 ----D---- C:\WINDOWS
2010-11-12 21:41:06 ----A---- C:\WINDOWS\TRNCOM.INI
2010-11-12 21:37:58 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-11-12 21:37:35 ----SHD---- C:\WINDOWS\Installer
2010-11-12 21:37:35 ----D---- C:\WINDOWS\twain_32
2010-11-12 20:42:20 ----D---- C:\WINDOWS\system32\drivers
2010-11-12 20:42:13 ----D---- C:\Config.Msi
2010-11-12 20:42:12 ----D---- C:\WINDOWS\WinSxS
2010-11-12 20:42:06 ----RD---- C:\Program Files
2010-11-12 20:31:07 ----D---- C:\WINDOWS\system32\Restore
2010-11-12 20:12:52 ----D---- C:\Documents and Settings\Karel\Data aplikací\uTorrent
2010-11-12 17:42:00 ----A---- C:\WINDOWS\system.ini
2010-11-12 17:41:55 ----D---- C:\WINDOWS\system32\drivers\etc
2010-11-12 17:40:50 ----D---- C:\WINDOWS\AppPatch
2010-11-12 17:40:47 ----D---- C:\Program Files\Common Files
2010-11-12 17:39:43 ----D---- C:\WINDOWS\system32\CatRoot2
2010-11-12 17:39:17 ----RASH---- C:\boot.ini
2010-11-12 17:36:48 ----D---- C:\WINDOWS\system32\config
2010-11-12 17:33:17 ----D---- C:\Documents and Settings\All Users\Data aplikací\AVG Security Toolbar
2010-11-10 23:00:56 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2010-11-10 21:33:35 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2010-11-10 20:18:35 ----HD---- C:\WINDOWS\$hf_mig$
2010-11-10 15:15:00 ----D---- C:\WINDOWS\Debug
2010-11-10 14:56:18 ----A---- C:\WINDOWS\system32\MRT.exe
2010-11-09 19:59:11 ----D---- C:\Program Files\TeamSpeak 3 Client
2010-11-07 22:57:26 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2010-11-07 22:36:06 ----D---- C:\Program Files\Mozilla Firefox
2010-11-07 21:07:40 ----D---- C:\Documents and Settings\Karel\Data aplikací\Winamp
2010-11-07 21:05:02 ----D---- C:\Program Files\CCleaner
2010-11-07 20:30:11 ----D---- C:\Program Files\Opera
2010-11-07 20:22:00 ----A---- C:\WINDOWS\win.ini
2010-11-07 20:22:00 ----A---- C:\Boot.bak
2010-11-07 20:16:30 ----A---- C:\WINDOWS\WDICT32.INI
2010-10-27 19:15:30 ----A---- C:\WINDOWS\NeroDigital.ini
2010-10-14 06:09:43 ----HD---- C:\WINDOWS\inf
2010-10-14 06:09:42 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-10-14 06:09:08 ----D---- C:\Program Files\Internet Explorer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-07-12 45648]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-02-05 691696]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-01-18 77696]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-09-07 28880]
R1 AmdPPM;Ovladač procesoru HwPState AMD; C:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 33792]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-09-07 165584]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-09-07 46672]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2002-09-16 4228]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; \??\C:\Program Files\CyberLink\PowerDVD8\000.fcl []
R2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys [2008-08-14 74720]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-09-07 17744]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-09-07 100176]
R3 AmdLLD;AMD Low Level Device Driver; C:\WINDOWS\system32\DRIVERS\AmdLLD.sys [2007-06-29 34304]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-09-07 23376]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2010-08-26 5386752]
R3 AVerA706;AVerMedia A706 BDA Service; C:\WINDOWS\system32\DRIVERS\AVerA706.sys [2009-06-10 1169920]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-06-02 5085184]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2008-02-29 35344]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2008-02-29 36880]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 RTHDMIAzAudService;Service for HDMI; C:\WINDOWS\system32\drivers\RtKHDMI.sys [2009-05-21 3733760]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2009-04-24 141568]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]
S3 acq7dzgx;acq7dzgx; C:\WINDOWS\system32\drivers\acq7dzgx.sys []
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-07-05 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-07-05 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-07-05 21568]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-04 1389056]
S3 MPE;Filtr MPE BDA; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-14 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-10-06 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-10-06 22016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-10-06 7936]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-14 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-10-06 7936]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2010-08-26 606208]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
R2 AVerRemote;AVerRemote; c:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe [2009-04-08 344064]
R2 AVerScheduleService;AVerScheduleService; c:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe [2008-12-10 405504]
R2 BCUService;Browser Configuration Utility Service; C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-06-22 212232]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-09-30 935208]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 O&O Defrag;O&O Defrag; C:\WINDOWS\system32\oodag.exe [2005-05-11 225280]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-10-27 657408]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2010-02-06 85096]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-02-05 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe [2008-05-02 121360]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 ATMsrvc;ATM Service; C:\WINDOWS\System32\ATMsrvc.exe [2000-05-24 15360]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Re: qooqlle - nechtěná domovská stránka

Napsal: 12 lis 2010 22:18
od motji
:hmm: ale jen u mozilly, že?

Re: qooqlle - nechtěná domovská stránka

Napsal: 12 lis 2010 22:33
od K-A-R-E-L
Ne, bohužel u všech. To že někde to není je tím že to zkouším přepsat abych si ověřil zda je to ok, ale po odhlášení či restartu je to zase zpátky. :o

Logfile of random's system information tool 1.08 (written by random/random)
Run by Karel at 2010-11-12 22:32:02
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 180 GB (76%) free of 238 GB
Total RAM: 3326 MB (76% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:32:12, on 12.11.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe
c:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe
C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Totalcmd\TOTALCMD.EXE
C:\Program Files\Mv2Player\Mv2PlayerPlus.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
K:\RSIT.exe
C:\Program Files\trend micro\Karel.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qooqlle.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\TRANSLAT\WEBIE.DLL
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O2 - BHO: CStat - {DD92DE22-ED91-4560-B788-DEE2B26612E6} - C:\Program Files\DeviceVM\Browser Configuration Utility\IEHelper.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\TRANSLAT\WEBIE.DLL
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [IgfxTraySound] %appdata%\igfxtray.exe
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Připojit cíl vazby k existujícímu PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Připojit k existujícímu PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {CE8267C2-D41A-4A50-A69D-F32B5C289F14} (FileOpenInstaller) - http://plugin.fileopen.com/current/FileOpen.CAB
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{82FB2278-B20F-4DF9-9D1C-A45CE1DFE6AA}: NameServer = 192.168.1.1
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - (no file)
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: AVerRemote - AVerMedia - c:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe
O23 - Service: AVerScheduleService - Unknown owner - c:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe
O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 10291 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\TRANSLAT\WEBIE.DLL [2010-02-06 360448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}]
PDFCreator Toolbar Helper - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll [2010-02-05 806912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DD92DE22-ED91-4560-B788-DEE2B26612E6}]
BHO Class - C:\Program Files\DeviceVM\Browser Configuration Utility\IEHelper.dll [2009-06-22 335104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - PDFCreator Toolbar - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll [2010-02-05 806912]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\TRANSLAT\WEBIE.DLL [2010-02-06 360448]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-05-21 17881600]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2008-02-29 76304]
"amd_dc_opt"=C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2008-07-22 77824]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-08-25 98304]
"IgfxTraySound"=C:\Documents and Settings\Karel\Data aplikací\igfxtray.exe [2010-11-06 6782976]
"avast5"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2010-09-07 2838912]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2009-11-11 1451520]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
c:\program files\steam\steam.exe [2010-10-06 1242448]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector]
C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe [2005-07-28 94208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead Calendar Checker]
C:\Program Files\Ulead Systems\Ulead Photo Express 6\CalCheck.exe [2005-08-22 69632]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2010-08-26 159744]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
avgrsstx.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2008-05-02 72208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2008-12-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe"="C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:*:Enabled:Adobe Version Cue CS4 Server"
"K:\Programy\Strong DC 2.40\StrongDC.exe"="K:\Programy\Strong DC 2.40\StrongDC.exe:*:Enabled:StrongDC++"
"C:\Totalcmd\TOTALCMD.EXE"="C:\Totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\Steam\steamapps\common\moon base alpha\Binaries\Win32\MoonBaseAlphaGame.exe"="C:\Program Files\Steam\steamapps\common\moon base alpha\Binaries\Win32\MoonBaseAlphaGame.exe:*:Enabled:Moonbase Alpha"
"E:\Hry\StarCraft II\StarCraft II.exe"="E:\Hry\StarCraft II\StarCraft II.exe:*:Enabled:Blizzard Launcher"
"E:\Hry\StarCraft II\Versions\Base15405\SC2.exe"="E:\Hry\StarCraft II\Versions\Base15405\SC2.exe:*:Enabled:StarCraft II"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======File associations======

.scr - open - C:\WINDOWS\system32\notepad.exe "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2010-11-12 21:47:55 ----D---- C:\rsit
2010-11-12 21:37:32 ----D---- C:\_OTL
2010-11-12 20:57:33 ----SHD---- C:\$RECYCLE.BIN
2010-11-12 20:42:20 ----A---- C:\WINDOWS\system32\drivers\aswSP.sys
2010-11-12 20:42:20 ----A---- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2010-11-12 20:42:18 ----A---- C:\WINDOWS\system32\drivers\aswRdr.sys
2010-11-12 20:42:17 ----A---- C:\WINDOWS\system32\drivers\aswTdi.sys
2010-11-12 20:42:15 ----A---- C:\WINDOWS\system32\drivers\aswmon2.sys
2010-11-12 20:42:15 ----A---- C:\WINDOWS\system32\drivers\aswmon.sys
2010-11-12 20:42:14 ----A---- C:\WINDOWS\system32\drivers\aavmker4.sys
2010-11-12 20:42:08 ----A---- C:\WINDOWS\system32\aswBoot.exe
2010-11-12 20:42:06 ----D---- C:\Program Files\Alwil Software
2010-11-12 20:42:06 ----D---- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
2010-11-12 18:12:39 ----D---- C:\Documents and Settings\All Users\Data aplikací\avg9
2010-11-12 17:44:30 ----SHD---- C:\RECYCLER
2010-11-12 17:42:56 ----D---- C:\WINDOWS\temp
2010-11-12 17:39:14 ----RASHD---- C:\cmdcons
2010-11-12 17:12:59 ----D---- C:\Documents and Settings\All Users\Data aplikací\MFAData
2010-11-08 12:55:17 ----D---- C:\Program Files\Trend Micro
2010-11-08 07:39:53 ----D---- C:\Documents and Settings\All Users\Data aplikací\Comodo
2010-11-07 23:07:21 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-11-07 23:07:21 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-11-07 22:57:33 ----D---- C:\Documents and Settings\All Users\Data aplikací\Windows Genuine Advantage
2010-11-07 20:40:46 ----D---- C:\Documents and Settings\All Users\Data aplikací\SUPERAntiSpyware.com
2010-11-06 08:49:35 ----D---- C:\Documents and Settings\Karel\Data aplikací\DivX
2010-11-06 08:49:18 ----N---- C:\WINDOWS\system32\pxinsi64.exe
2010-11-06 08:49:18 ----N---- C:\WINDOWS\system32\pxcpyi64.exe
2010-11-06 08:47:23 ----D---- C:\Documents and Settings\All Users\Data aplikací\DivX
2010-11-06 08:47:22 ----A---- C:\Documents and Settings\Karel\Data aplikací\igfxtray.exe
2010-10-14 06:09:40 ----HDC---- C:\WINDOWS\$NtUninstallKB2387149$
2010-10-14 06:09:35 ----HDC---- C:\WINDOWS\$NtUninstallKB2279986$
2010-10-14 06:09:31 ----HDC---- C:\WINDOWS\$NtUninstallKB2345886$
2010-10-14 06:09:28 ----HDC---- C:\WINDOWS\$NtUninstallKB2296011$
2010-10-14 06:09:23 ----HDC---- C:\WINDOWS\$NtUninstallKB2378111_WM9$
2010-10-14 06:09:18 ----HDC---- C:\WINDOWS\$NtUninstallKB982132$
2010-10-14 06:09:14 ----HDC---- C:\WINDOWS\$NtUninstallKB979687$
2010-10-14 06:07:12 ----HDC---- C:\WINDOWS\$NtUninstallKB981957$
2010-10-14 06:07:07 ----HDC---- C:\WINDOWS\$NtUninstallKB2360937$

======List of files/folders modified in the last 1 months======

2010-11-12 22:31:56 ----D---- C:\Documents and Settings\Karel\Data aplikací\uTorrent
2010-11-12 22:30:26 ----D---- C:\WINDOWS
2010-11-12 22:30:26 ----A---- C:\WINDOWS\TRNCOM.INI
2010-11-12 22:15:44 ----D---- C:\WINDOWS\Prefetch
2010-11-12 21:43:36 ----D---- C:\WINDOWS\system32
2010-11-12 21:43:36 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-11-12 21:37:58 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-11-12 21:37:35 ----SHD---- C:\WINDOWS\Installer
2010-11-12 21:37:35 ----D---- C:\WINDOWS\twain_32
2010-11-12 20:42:20 ----D---- C:\WINDOWS\system32\drivers
2010-11-12 20:42:13 ----D---- C:\Config.Msi
2010-11-12 20:42:12 ----D---- C:\WINDOWS\WinSxS
2010-11-12 20:42:06 ----RD---- C:\Program Files
2010-11-12 20:31:07 ----D---- C:\WINDOWS\system32\Restore
2010-11-12 17:42:00 ----A---- C:\WINDOWS\system.ini
2010-11-12 17:41:55 ----D---- C:\WINDOWS\system32\drivers\etc
2010-11-12 17:40:50 ----D---- C:\WINDOWS\AppPatch
2010-11-12 17:40:47 ----D---- C:\Program Files\Common Files
2010-11-12 17:39:43 ----D---- C:\WINDOWS\system32\CatRoot2
2010-11-12 17:39:17 ----RASH---- C:\boot.ini
2010-11-12 17:36:48 ----D---- C:\WINDOWS\system32\config
2010-11-12 17:33:17 ----D---- C:\Documents and Settings\All Users\Data aplikací\AVG Security Toolbar
2010-11-10 23:00:56 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2010-11-10 21:33:35 ----HDC---- C:\WINDOWS\$NtUninstallKB971737$
2010-11-10 20:18:35 ----HD---- C:\WINDOWS\$hf_mig$
2010-11-10 15:15:00 ----D---- C:\WINDOWS\Debug
2010-11-10 14:56:18 ----A---- C:\WINDOWS\system32\MRT.exe
2010-11-09 19:59:11 ----D---- C:\Program Files\TeamSpeak 3 Client
2010-11-07 22:57:26 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2010-11-07 22:36:06 ----D---- C:\Program Files\Mozilla Firefox
2010-11-07 21:07:40 ----D---- C:\Documents and Settings\Karel\Data aplikací\Winamp
2010-11-07 21:05:02 ----D---- C:\Program Files\CCleaner
2010-11-07 20:30:11 ----D---- C:\Program Files\Opera
2010-11-07 20:22:00 ----A---- C:\WINDOWS\win.ini
2010-11-07 20:22:00 ----A---- C:\Boot.bak
2010-11-07 20:16:30 ----A---- C:\WINDOWS\WDICT32.INI
2010-10-27 19:15:30 ----A---- C:\WINDOWS\NeroDigital.ini
2010-10-14 06:09:43 ----HD---- C:\WINDOWS\inf
2010-10-14 06:09:42 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-10-14 06:09:08 ----D---- C:\Program Files\Internet Explorer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-07-12 45648]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-02-05 691696]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-01-18 77696]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-09-07 28880]
R1 AmdPPM;Ovladač procesoru HwPState AMD; C:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 33792]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-09-07 165584]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-09-07 46672]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2002-09-16 4228]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; \??\C:\Program Files\CyberLink\PowerDVD8\000.fcl []
R2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys [2008-08-14 74720]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-09-07 17744]
R2 aswMon2;aswMon2; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-09-07 100176]
R3 AmdLLD;AMD Low Level Device Driver; C:\WINDOWS\system32\DRIVERS\AmdLLD.sys [2007-06-29 34304]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-09-07 23376]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2010-08-26 5386752]
R3 AVerA706;AVerMedia A706 BDA Service; C:\WINDOWS\system32\DRIVERS\AVerA706.sys [2009-06-10 1169920]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-06-02 5085184]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2008-02-29 35344]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2008-02-29 36880]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 RTHDMIAzAudService;Service for HDMI; C:\WINDOWS\system32\drivers\RtKHDMI.sys [2009-05-21 3733760]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2009-04-24 141568]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]
S3 acq7dzgx;acq7dzgx; C:\WINDOWS\system32\drivers\acq7dzgx.sys []
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-07-05 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-07-05 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-07-05 21568]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-04 1389056]
S3 MPE;Filtr MPE BDA; C:\WINDOWS\system32\DRIVERS\MPE.sys [2008-04-14 15232]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-10-06 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-10-06 22016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-10-06 7936]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-14 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-10-06 7936]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2010-08-26 606208]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
R2 AVerRemote;AVerRemote; c:\Program Files\Common Files\AVerMedia\Service\AVerRemote.exe [2009-04-08 344064]
R2 AVerScheduleService;AVerScheduleService; c:\Program Files\Common Files\AVerMedia\Service\AVerScheduleService.exe [2008-12-10 405504]
R2 BCUService;Browser Configuration Utility Service; C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-06-22 212232]
R2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-09-30 935208]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 O&O Defrag;O&O Defrag; C:\WINDOWS\system32\oodag.exe [2005-05-11 225280]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-09-07 40384]
R3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-10-27 657408]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2010-02-06 85096]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-02-05 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe [2008-05-02 121360]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 ATMsrvc;ATM Service; C:\WINDOWS\System32\ATMsrvc.exe [2000-05-24 15360]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Re: qooqlle - nechtěná domovská stránka

Napsal: 12 lis 2010 22:39
od motji
Aha, zkusíme se podívat po rootkitovi.

:arrow: Stáhněte Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878
- rozbalte a spusťte
-proběhne sken, po skončení se otevře okno s výsledky, klikněte na Save a tím si uložíte log,který sem vložíte

-Podle návodu v odkazu provedete druhý sken a log sem také vložíte.
Všechny časy jsou v UTC+01:00
Stránka 2 z 4

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz