VIRY.CZ

Myslela jsem vaše osobní data, jako fotky a podobně.
Tak to budou viry, hrr na ně

.

Spusťte combofix podle tohoto návodu
http://www.bleepingcomputer.com/combofi ... t-combofix

Dobrý den, tady je log z combofixu:
ComboFix 12-01-28.01 - Tomaš 28.01.2012 15:22:05.1.1 - x86
Spuštěný z: c:\documents and settings\Tomaš\Dokumenty\Stažené soubory\ComboFix.exe
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\facemoods.com
c:\program files\facemoods.com\facemoods\1.4.17.10\bh\facemoods.dll
c:\program files\facemoods.com\facemoods\1.4.17.10\facemoods.crx
c:\program files\facemoods.com\facemoods\1.4.17.10\facemoods.png
c:\program files\facemoods.com\facemoods\1.4.17.10\facemoodsApp.dll
c:\program files\facemoods.com\facemoods\1.4.17.10\facemoodsEng.dll
c:\program files\facemoods.com\facemoods\1.4.17.10\facemoodssrv.exe
c:\program files\facemoods.com\facemoods\1.4.17.10\facemoodsTlbr.dll
c:\program files\facemoods.com\facemoods\1.4.17.10\uninstall.exe
c:\program files\Internet Saving Optimizer
c:\program files\Internet Saving Optimizer\3.4.0.4340\Data\config.md
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFAddOn.xpt
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\components\NPFFHelperComponent.js
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\chrome.manifest
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\content\NPAddOn.js
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\content\NPAddOn.xul
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\chrome\NPAddOn.jar
c:\program files\Internet Saving Optimizer\3.4.0.4340\FF\install.rdf
c:\program files\Internet Saving Optimizer\3.4.0.4340\NPCommon.dll
c:\program files\Internet Saving Optimizer\3.4.0.4340\unins000.dat
c:\program files\Internet Saving Optimizer\3.4.0.4340\unins000.exe
c:\program files\System Search Dispatcher
c:\program files\System Search Dispatcher\1.3.0.840\Data\eacore.mx
c:\program files\System Search Dispatcher\1.3.0.840\Data\URLDynamic.mx
c:\program files\System Search Dispatcher\1.3.0.840\Data\URLStatic.mx
c:\program files\System Search Dispatcher\1.3.0.840\unins000.dat
c:\program files\System Search Dispatcher\1.3.0.840\unins000.exe
c:\windows\IsUn0407.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-12-28 do 2012-01-28 )))))))))))))))))))))))))))))))
.
.
2012-01-28 12:44 . 2012-01-28 12:44 -------- d-----w- c:\documents and settings\Tomaš\Data aplikací\Uniblue
2012-01-28 12:44 . 2012-01-28 12:44 -------- d-----w- c:\program files\Uniblue
2012-01-28 12:43 . 2012-01-28 12:44 -------- d-----w- c:\program files\CrystalDiskInfo
2012-01-28 12:43 . 2012-01-28 12:43 -------- d-----w- c:\documents and settings\Tomaš\Data aplikací\OpenCandy
2012-01-28 10:31 . 2012-01-28 10:31 -------- d-----w- c:\program files\HD Tune
2012-01-28 09:39 . 2012-01-28 09:40 -------- d-----w- c:\program files\Ultimate Process Manager
2012-01-27 22:09 . 2012-01-27 22:10 -------- d-----w- C:\rsit
2012-01-27 22:09 . 2012-01-27 22:09 -------- d-----w- c:\program files\trend micro
2012-01-27 17:08 . 2012-01-27 17:08 -------- d-----w- C:\$WIN_NT$.~BT
2012-01-21 15:22 . 2012-01-21 15:22 -------- d-----w- c:\program files\Common Files\Java
2012-01-21 13:02 . 2012-01-21 13:02 -------- d-----w- C:\found.003
2012-01-21 00:18 . 2012-01-21 00:18 -------- d-----w- c:\program files\Common Files\Adobe AIR
2012-01-20 21:28 . 2012-01-21 12:29 -------- d-----w- c:\documents and settings\Tomaš\Data aplikací\AVG
2012-01-19 18:33 . 2012-01-19 18:33 -------- d-----w- c:\documents and settings\Tomaš\.fontconfig
2012-01-14 20:46 . 2012-01-22 19:26 -------- d---a-w- c:\documents and settings\All Users\Data aplikací\TEMP
2012-01-14 14:41 . 2012-01-14 20:47 -------- d-----w- C:\61c7c1a51d4f21056da7
2012-01-08 16:17 . 2012-01-08 16:17 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-01-08 16:17 . 2012-01-08 16:17 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-08 16:17 . 2012-01-08 16:17 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-08 16:17 . 2012-01-08 16:17 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-01-08 10:07 . 2012-01-08 10:07 -------- d--h--w- c:\documents and settings\All Users\Data aplikací\Common Files
2012-01-08 10:03 . 2012-01-22 19:26 -------- d-----w- c:\program files\AVG
2012-01-08 09:46 . 2012-01-28 14:06 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MFAData
2012-01-07 22:20 . 2002-03-06 00:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2012-01-07 22:20 . 2003-02-02 19:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2012-01-06 19:03 . 2012-01-27 17:03 -------- d-----w- C:\found.002
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-25 21:57 . 2004-08-17 13:49 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 14:40 . 2004-08-17 13:44 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-20 06:12 . 2004-08-17 13:49 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21 . 2004-08-17 13:49 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2004-08-17 13:49 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-10 04:54 . 2011-07-22 18:39 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-10 02:27 . 2011-07-22 18:39 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-11-03 15:29 . 2004-08-17 13:49 386560 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:29 . 2004-08-17 13:49 1294848 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07 . 2004-08-17 13:49 1288192 ----a-w- c:\windows\system32\ole32.dll
2011-10-31 23:37 . 2004-08-17 13:49 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-10-31 23:37 . 2004-08-17 13:49 832512 ----a-w- c:\windows\system32\wininet.dll
2011-10-31 23:37 . 2004-08-17 13:49 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-10-31 23:37 . 2004-08-17 13:49 17408 ------w- c:\windows\system32\corpol.dll
2012-01-08 16:17 . 2011-11-16 14:19 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-03 15:31 1514152 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DriverScanner"="c:\program files\Uniblue\DriverScanner\launcher.exe" [2011-05-16 338296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-12 53248]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-29 16132608]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2010-01-08 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2010-01-08 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2010-01-08 118784]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-27 135664]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-27 135664]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
Obsah adresáře 'Naplánované úlohy'
.
2012-01-28 c:\windows\Tasks\DriverScanner.job
- c:\program files\Uniblue\DriverScanner\dsmonitor.exe [2012-01-28 10:22]
.
2012-01-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-27 17:29]
.
2012-01-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-27 17:29]
.
2012-01-28 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2012-01-03 15:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.facemoods.com/?a=kno
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\Tomaš\Data aplikací\Mozilla\Firefox\Profiles\ucoz3ie8.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bd50fdcf2-80f1-492c-800d-cce266063aef%7D&mid=f41b1aea6fe347d1964ad1503868044f-a4df8540a77f7f0f5c1681aa5eae83954571162e&ds=AVG&v=9.0.0.23&lang=cs&pr=pr&d=2012-01-19%2023%3A22%3A43&sap=ku&q=
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.10\facemoodssrv.exe
MSConfigStartUp-SmileyApp - c:\program files\DoubleD\JuicyAccess Toolbar\4.1.4.20920\stbapp.exe
AddRemove-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.10\uninstall.exe
AddRemove-{C5096216-7703-409E-B85A-8A6EE7395128}}_is1 - c:\program files\System Search Dispatcher\1.3.0.840\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-28 15:27
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
Celkový čas: 2012-01-28 15:30:06
ComboFix-quarantined-files.txt 2012-01-28 14:30
.
Před spuštěním: Volných bajtů: 64 960 602 112
Po spuštění: Volných bajtů: 65 089 843 200
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[Boot Loader]
Timeout=2
Default=c:\$win_nt$.~bt\BOOTSECT.DAT
[Operating Systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
c:\$win_nt$.~bt\BOOTSECT.DAT="Microsoft Windows XP Professional - instalace"
.
- - End Of File - - BD0F56564E1020833D850C02F6A4D258
Tak tady to je, poradíte, co ted s tím? Děkuji.

Něco combofix smazal, ted to vypadá jak?
Nějaké zbytečnosti domažeme, ale až zítra večer, ted už musím od pc.

Je to o hodně lepší, a to jedině díky Vám. Zítra večer tu určitě budu. Díky moc.

Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše

DDS::
uStart Page = hxxp://start.facemoods.com/?a=kno

File::
c:\windows\Tasks\Scheduled Update for Ask Toolbar.job

Folder::
c:\program files\Ask.com

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"=-
[-HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:

Obrázek

-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci

Dobrý večer,
tady je rešerže z combofixu:

ComboFix 12-01-21.02 - Tomaš 29.01.2012 17:16:44.2.1 - x86
Spuštěný z: c:\documents and settings\Tomaš\Plocha\Combofix.exe
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msmqinst.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-12-28 do 2012-01-29 )))))))))))))))))))))))))))))))
.
.
2012-01-29 15:38 . 2009-08-06 18:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2012-01-29 15:38 . 2009-08-06 18:23 215920 ----a-w- c:\windows\system32\muweb.dll
2012-01-29 15:38 . 2012-01-29 15:38 -------- d-----w- c:\windows\LastGood
2012-01-28 16:24 . 2012-01-28 16:24 -------- d--h--w- c:\windows\system32\GroupPolicy
2012-01-28 15:37 . 2012-01-28 15:37 41680 ----a-w- c:\windows\system32\drivers\ppyzhwhs.sys
2012-01-28 15:12 . 2012-01-28 15:12 -------- d-----w- C:\ProgramData
2012-01-28 15:05 . 2012-01-04 09:26 236576 ------w- c:\windows\system32\MpSigStub.exe
2012-01-28 12:44 . 2012-01-28 12:44 -------- d-----w- c:\documents and settings\Tomaš\Data aplikací\Uniblue
2012-01-28 12:44 . 2012-01-28 12:44 -------- d-----w- c:\program files\Uniblue
2012-01-28 12:43 . 2012-01-28 15:37 -------- d-----w- c:\documents and settings\Tomaš\Data aplikací\OpenCandy
2012-01-28 12:43 . 2012-01-28 12:44 -------- d-----w- c:\program files\CrystalDiskInfo
2012-01-28 10:31 . 2012-01-28 10:31 -------- d-----w- c:\program files\HD Tune
2012-01-28 09:39 . 2012-01-28 09:40 -------- d-----w- c:\program files\Ultimate Process Manager
2012-01-27 22:09 . 2012-01-27 22:10 -------- d-----w- C:\rsit
2012-01-27 22:09 . 2012-01-27 22:09 -------- d-----w- c:\program files\trend micro
2012-01-27 17:08 . 2012-01-27 17:08 -------- d-----w- C:\$WIN_NT$.~BT
2012-01-21 15:22 . 2012-01-21 15:22 -------- d-----w- c:\program files\Common Files\Java
2012-01-21 13:02 . 2012-01-21 13:02 -------- d-----w- C:\found.003
2012-01-21 00:18 . 2012-01-21 00:18 -------- d-----w- c:\program files\Common Files\Adobe AIR
2012-01-20 21:28 . 2012-01-21 12:29 -------- d-----w- c:\documents and settings\Tomaš\Data aplikací\AVG
2012-01-19 18:33 . 2012-01-19 18:33 -------- d-----w- c:\documents and settings\Tomaš\.fontconfig
2012-01-14 20:46 . 2012-01-22 19:26 -------- d---a-w- c:\documents and settings\All Users\Data aplikací\TEMP
2012-01-14 14:41 . 2012-01-14 20:47 -------- d-----w- C:\61c7c1a51d4f21056da7
2012-01-08 16:17 . 2012-01-08 16:17 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-01-08 16:17 . 2012-01-08 16:17 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-01-08 16:17 . 2012-01-08 16:17 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-01-08 16:17 . 2012-01-08 16:17 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-01-08 10:07 . 2012-01-08 10:07 -------- d--h--w- c:\documents and settings\All Users\Data aplikací\Common Files
2012-01-08 10:03 . 2012-01-22 19:26 -------- d-----w- c:\program files\AVG
2012-01-08 09:46 . 2012-01-28 14:06 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MFAData
2012-01-07 22:20 . 2002-03-06 00:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2012-01-07 22:20 . 2003-02-02 19:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2012-01-06 19:03 . 2012-01-27 17:03 -------- d-----w- C:\found.002
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-25 21:57 . 2004-08-17 13:49 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 14:40 . 2004-08-17 13:44 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-20 06:12 . 2004-08-17 13:49 60416 ----a-w- c:\windows\system32\packager.exe
2011-11-16 14:21 . 2004-08-17 13:49 354816 ----a-w- c:\windows\system32\winhttp.dll
2011-11-16 14:21 . 2004-08-17 13:49 152064 ----a-w- c:\windows\system32\schannel.dll
2011-11-10 04:54 . 2011-07-22 18:39 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-11-10 02:27 . 2011-07-22 18:39 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-11-03 15:29 . 2004-08-17 13:49 386560 ----a-w- c:\windows\system32\qdvd.dll
2011-11-03 15:29 . 2004-08-17 13:49 1294848 ----a-w- c:\windows\system32\quartz.dll
2011-11-01 16:07 . 2004-08-17 13:49 1288192 ----a-w- c:\windows\system32\ole32.dll
2011-10-31 23:37 . 2004-08-17 13:49 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2011-10-31 23:37 . 2004-08-17 13:49 832512 ----a-w- c:\windows\system32\wininet.dll
2011-10-31 23:37 . 2004-08-17 13:49 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-10-31 23:37 . 2004-08-17 13:49 17408 ------w- c:\windows\system32\corpol.dll
2012-01-08 16:17 . 2011-11-16 14:19 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-28_14.27.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-29 15:37 . 2012-01-29 15:37 16384 c:\windows\Temp\Perflib_Perfdata_1fc.dat
+ 2001-10-25 11:00 . 2012-01-28 19:45 71676 c:\windows\system32\perfc009.dat
+ 2001-10-25 11:00 . 2012-01-28 19:45 83136 c:\windows\system32\perfc005.dat
+ 2008-11-17 18:47 . 2012-01-28 18:44 396224 c:\windows\system32\Restore\rstrlog.dat
+ 2001-10-25 11:00 . 2012-01-28 19:45 441358 c:\windows\system32\perfh009.dat
+ 2001-10-25 11:00 . 2012-01-28 19:45 437776 c:\windows\system32\perfh005.dat
+ 2012-01-28 15:02 . 2012-01-28 15:02 301056 c:\windows\Installer\320e7b.msi
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-03 15:31 1514152 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DriverScanner"="c:\program files\Uniblue\DriverScanner\launcher.exe" [2011-05-16 338296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-12 53248]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-29 16132608]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2010-01-08 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2010-01-08 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2010-01-08 118784]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-27 135664]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-27 135664]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2012-01-29 c:\windows\Tasks\DriverScanner.job
- c:\program files\Uniblue\DriverScanner\dsmonitor.exe [2012-01-28 10:22]
.
2012-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-27 17:29]
.
2012-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-27 17:29]
.
2012-01-29 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2012-01-03 15:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.facemoods.com/?a=kno
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\documents and settings\Tomaš\Data aplikací\Mozilla\Firefox\Profiles\ucoz3ie8.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bd50fdcf2-80f1-492c-800d-cce266063aef%7D&mid=f41b1aea6fe347d1964ad1503868044f-a4df8540a77f7f0f5c1681aa5eae83954571162e&ds=AVG&v=9.0.0.23&lang=cs&pr=pr&d=2012-01-19%2023%3A22%3A43&sap=ku&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-29 17:23
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
Celkový čas: 2012-01-29 17:25:12
ComboFix-quarantined-files.txt 2012-01-29 16:25
ComboFix2.txt 2012-01-28 14:30
.
Před spuštěním: Volných bajtů: 64 487 972 864
Po spuštění: Volných bajtů: 64 477 241 344
.
- - End Of File - - FE28FE03380B1568F0A722508AC0BCDC

Podívejte se na to, prosím.Díky.

Zdravím, už mi funguje brána firewal, i ntb lépe pracuje. Mám Mozillu Firefox (tu používám) a Internet Explorer. Ten je něčím stále chycený(stále výhra Ipodu, atd.), tak jsem se jej snažil odstranit pomocí progamu: odebrat nebo přidat programy, nešlo to. Normálně to vymaže, ale když vyjedu na plochu, tak tam Internet Explorer stále je. Snažil jsem se jej odstranit i Cleanerem, tam je odinstalování programů,ale nejde to,podle Claeneru žádný Explorer nemám, i když je furt na ploše, a Avast mi hlásí, že je vše v pořádku. Jak mám tedy Explorer odstranit z ntb, abych se zbavil všech virů? Děkuji.

IE neodinstalujete, ale mrkneme na to.

Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe
-uložte ho na plochu a spustte soubor OTL.exe.
-do bílého okna dole skopírujte tento skript:

Kód: Vybrat vše

netsvcs
drivers32
savembr:0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s

/md5start
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
hal.dll
logevent.dll
netlogon.dll
ntelogon.dll
scecli.dll
sceclt.dll
ws2_32.dll
autochk.exe
csrss.exe
explorer.exe
lsass.exe
services.exe
smss.exe
spoolsv.exe
svchost.exe
userinit.exe
winlogon.exe
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
cdrom.sys
Changer.sys
fastfat.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys
JakNDis.sys
KR10N.sys
mv61xx.sys
ndis.sys
ntfs.sys
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys
nvrd32.sys
nvstor.sys
nvstor32.sys
symmpi.sys
tcpip.sys
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
/md5stop

C:\windows\system32\spool\prtprocs|dll;true;true;true /FP
%systemroot%\system32\drivers\*.sys /5
%systemroot%\system32\drivers\*.sys /X
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\*.* /5
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\config\*.sav
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\*.* /U /s
%systemroot%\*. /mp /s
%ALLUSERSPROFILE%\Data Aplikací\*.*
%ALLUSERSPROFILE%\Data Aplikací\*.exe /s
%ALLUSERSPROFILE%\Dáta aplikácií\*.*
%ALLUSERSPROFILE%\Dáta aplikácií\*.exe /s
%APPDATA%\*.
%APPDATA%\*.*
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe


HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS /s
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager" /v BootExecute /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager" /v "PendingFileRenameOperations" /c

type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5

- zaškrtněte okénko Pro všechny uživatele.
-označte okénka Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
- Klikněte na tlačítko Prohledat
-po dokončení skenu se objeví logy OTL.Txt a Extras.txt, vložte je zde

Zdravím Vás, tady to je:

OTL Extras logfile created on: 29.1.2012 19:17:16 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Tomaš\Dokumenty\Stažené soubory
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

502,11 Mb Total Physical Memory | 154,21 Mb Available Physical Memory | 30,71% Memory free
1,20 Gb Paging File | 0,88 Gb Available in Paging File | 73,88% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 60,07 Gb Free Space | 80,61% Space Free | Partition Type: NTFS
Drive D: | 111,81 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: TOMA-8AA94CECC7 | User Name: Tomaš | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-746137067-1606980848-725345543-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [JpegResamplerDir] -- "C:\Program Files\JPEG Resampler\JpegResampler.exe" "%1" (David Macek)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1D975A5E-1126-4F46-A423-41781934A63E}" = JuicyAccess Toolbar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 30
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5A3CD8E0-9ADF-4C0D-8A51-B9D2FCCFA447}" = Picture Collage Maker
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7CB9546E-BF2C-47DE-9DB4-C4364FBE57EC}" = Broadcom Wireless LAN Driver 4.100.15.7_Negative_Foxconn
"{7F947BFE-C2DF-4779-9909-5BEE746BD0C4}" = Microsoft .NET Framework 2.0 Language Pack - CSY
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{901C0405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Access 2003 Runtime
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}" = TIPCI
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = Uniblue DriverScanner
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Bibble Lite" = Bibble Lite
"CCleaner" = CCleaner (remove only)
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"CrystalDiskInfo_is1" = CrystalDiskInfo 4.1.3
"Doom Shareware for Windows 95" = Doom Shareware for Windows 95
"Foxit Reader" = Foxit Reader
"GameParkClient_is1" = GamePark
"HD Tune_is1" = HD Tune 2.55
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ImageElements Photomontage" = ImageElements Photomontage
"InstallShield_{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"JPEG Resampler_is1" = JPEG Resampler Vs 4.7
"JuicyAccess Toolbar" = JuicyAccess Toolbar
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.3.1
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - CSY" = Microsoft .NET Framework 2.0 Language Pack - CSY
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 9.0.1 (x86 cs)" = Mozilla Firefox 9.0.1 (x86 cs)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Soldat_is1" = Soldat 1.5.0
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.10
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"xHamster Video Downloader_is1" = xHamster Video Downloader 3.21

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-746137067-1606980848-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"PhotoArtist 2" = BenVista PhotoArtist 2.0.4

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 28.1.2012 19:29:26 | Computer Name = TOMA-8AA94CECC7 | Source = SecurityCenter | ID = 1802
Description = Službě Centrum zabezpečení systému Windows se nepodařilo vytvořit
dotazy na události na službu WMI v zájmu sledování antivirového programu a brány
firewall třetí strany.

Error - 28.1.2012 19:29:28 | Computer Name = TOMA-8AA94CECC7 | Source = Userenv | ID = 1090
Description = Systém Windows nemohl protokolovat stav relace modulu snap-in RSoP.
Pokus o připojení ke službě WMI se nezdařil. Pro toto použití zásad již nebude
prováděno žádné protokolování modulu snap-in RSoP.

Error - 28.1.2012 19:34:30 | Computer Name = TOMA-8AA94CECC7 | Source = WinMgmt | ID = 28
Description = Program WinMgmt nemohl inicializovat hlavní části. To může být způsobeno
chybně nainstalovanou verzí programu WinMgmt, chybou aktualizace úložiště programo
WinMgmt, či nedostatečným místem na disku nebo nedostatkem paměti.

Error - 28.1.2012 19:34:30 | Computer Name = TOMA-8AA94CECC7 | Source = SecurityCenter | ID = 1802
Description = Službě Centrum zabezpečení systému Windows se nepodařilo vytvořit
dotazy na události na službu WMI v zájmu sledování antivirového programu a brány
firewall třetí strany.

Error - 28.1.2012 19:34:33 | Computer Name = TOMA-8AA94CECC7 | Source = Userenv | ID = 1090
Description = Systém Windows nemohl protokolovat stav relace modulu snap-in RSoP.
Pokus o připojení ke službě WMI se nezdařil. Pro toto použití zásad již nebude
prováděno žádné protokolování modulu snap-in RSoP.

Error - 28.1.2012 21:32:59 | Computer Name = TOMA-8AA94CECC7 | Source = Userenv | ID = 1090
Description = Systém Windows nemohl protokolovat stav relace modulu snap-in RSoP.
Pokus o připojení ke službě WMI se nezdařil. Pro toto použití zásad již nebude
prováděno žádné protokolování modulu snap-in RSoP.

Error - 29.1.2012 11:37:19 | Computer Name = TOMA-8AA94CECC7 | Source = WinMgmt | ID = 28
Description = Program WinMgmt nemohl inicializovat hlavní části. To může být způsobeno
chybně nainstalovanou verzí programu WinMgmt, chybou aktualizace úložiště programo
WinMgmt, či nedostatečným místem na disku nebo nedostatkem paměti.

Error - 29.1.2012 11:37:19 | Computer Name = TOMA-8AA94CECC7 | Source = SecurityCenter | ID = 1802
Description = Službě Centrum zabezpečení systému Windows se nepodařilo vytvořit
dotazy na události na službu WMI v zájmu sledování antivirového programu a brány
firewall třetí strany.

Error - 29.1.2012 11:37:20 | Computer Name = TOMA-8AA94CECC7 | Source = Userenv | ID = 1090
Description = Systém Windows nemohl protokolovat stav relace modulu snap-in RSoP.
Pokus o připojení ke službě WMI se nezdařil. Pro toto použití zásad již nebude
prováděno žádné protokolování modulu snap-in RSoP.

Error - 29.1.2012 13:24:49 | Computer Name = TOMA-8AA94CECC7 | Source = Userenv | ID = 1090
Description = Systém Windows nemohl protokolovat stav relace modulu snap-in RSoP.
Pokus o připojení ke službě WMI se nezdařil. Pro toto použití zásad již nebude
prováděno žádné protokolování modulu snap-in RSoP.

[ System Events ]
Error - 8.1.2012 5:39:20 | Computer Name = TOMA-8AA94CECC7 | Source = System Error | ID = 1003
Description = Kód chyby 0000009c, parametr1 00000000, parametr2 80546ef0, parametr3
f2000040, parametr4 00000800.

Error - 8.1.2012 14:01:27 | Computer Name = TOMA-8AA94CECC7 | Source = System Error | ID = 1003
Description = Kód chyby 100000d1, parametr1 000041e8, parametr2 00000002, parametr3
00000000, parametr4 f826d358.

Error - 13.1.2012 10:37:13 | Computer Name = TOMA-8AA94CECC7 | Source = Dhcp | ID = 1002
Description = Zapůjčení adresy IP 10.0.0.1 pro síťovou kartu s adresou 0016D35A3447
byla serverem DHCP 10.0.0.138 odmítnuta. (Server DHCP odeslal zprávu DHCPNACK).

Error - 13.1.2012 13:59:01 | Computer Name = TOMA-8AA94CECC7 | Source = DCOM | ID = 10010
Description = Server {0002DF01-0000-0000-C000-000000000046} se v daném časovém limitu
neregistroval u služby DCOM.

Error - 13.1.2012 16:30:36 | Computer Name = TOMA-8AA94CECC7 | Source = Dhcp | ID = 1002
Description = Zapůjčení adresy IP 10.0.0.1 pro síťovou kartu s adresou 0016D35A3447
byla serverem DHCP 10.0.0.138 odmítnuta. (Server DHCP odeslal zprávu DHCPNACK).

Error - 14.1.2012 14:20:49 | Computer Name = TOMA-8AA94CECC7 | Source = Dhcp | ID = 1002
Description = Zapůjčení adresy IP 10.0.0.1 pro síťovou kartu s adresou 0016D35A3447
byla serverem DHCP 10.0.0.138 odmítnuta. (Server DHCP odeslal zprávu DHCPNACK).

Error - 16.1.2012 7:40:44 | Computer Name = TOMA-8AA94CECC7 | Source = PlugPlayManager | ID = 12
Description = Zařízení Broadcom NetLink (TM) Gigabit Ethernet (PCI\VEN_14E4&DEV_1693&SUBSYS_011C1025&REV_02\4&192ac53f&0&00E0)
se již v systému nenachází, aniž by bylo nejdříve připraveno k odstranění.

Error - 28.1.2012 14:36:30 | Computer Name = TOMA-8AA94CECC7 | Source = PlugPlayManager | ID = 12
Description = Zařízení Broadcom NetLink (TM) Gigabit Ethernet (PCI\VEN_14E4&DEV_1693&SUBSYS_011C1025&REV_02\4&192ac53f&0&00E0)
se již v systému nenachází, aniž by bylo nejdříve připraveno k odstranění.

Error - 28.1.2012 19:30:52 | Computer Name = TOMA-8AA94CECC7 | Source = Dhcp | ID = 1002
Description = Zapůjčení adresy IP 10.0.0.1 pro síťovou kartu s adresou 0016D35A3447
byla serverem DHCP 10.0.0.138 odmítnuta. (Server DHCP odeslal zprávu DHCPNACK).

Error - 29.1.2012 11:37:02 | Computer Name = TOMA-8AA94CECC7 | Source = Dhcp | ID = 1002
Description = Zapůjčení adresy IP 10.0.0.1 pro síťovou kartu s adresou 0016D35A3447
byla serverem DHCP 10.0.0.138 odmítnuta. (Server DHCP odeslal zprávu DHCPNACK).

< End of report >

a Daší:

OTL Extras logfile created on: 29.1.2012 19:17:16 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Tomaš\Dokumenty\Stažené soubory
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

502,11 Mb Total Physical Memory | 154,21 Mb Available Physical Memory | 30,71% Memory free
1,20 Gb Paging File | 0,88 Gb Available in Paging File | 73,88% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 60,07 Gb Free Space | 80,61% Space Free | Partition Type: NTFS
Drive D: | 111,81 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: TOMA-8AA94CECC7 | User Name: Tomaš | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-746137067-1606980848-725345543-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [JpegResamplerDir] -- "C:\Program Files\JPEG Resampler\JpegResampler.exe" "%1" (David Macek)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1D975A5E-1126-4F46-A423-41781934A63E}" = JuicyAccess Toolbar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 30
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5A3CD8E0-9ADF-4C0D-8A51-B9D2FCCFA447}" = Picture Collage Maker
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7CB9546E-BF2C-47DE-9DB4-C4364FBE57EC}" = Broadcom Wireless LAN Driver 4.100.15.7_Negative_Foxconn
"{7F947BFE-C2DF-4779-9909-5BEE746BD0C4}" = Microsoft .NET Framework 2.0 Language Pack - CSY
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{901C0405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Access 2003 Runtime
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}" = TIPCI
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = Uniblue DriverScanner
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Bibble Lite" = Bibble Lite
"CCleaner" = CCleaner (remove only)
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"CrystalDiskInfo_is1" = CrystalDiskInfo 4.1.3
"Doom Shareware for Windows 95" = Doom Shareware for Windows 95
"Foxit Reader" = Foxit Reader
"GameParkClient_is1" = GamePark
"HD Tune_is1" = HD Tune 2.55
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ImageElements Photomontage" = ImageElements Photomontage
"InstallShield_{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"JPEG Resampler_is1" = JPEG Resampler Vs 4.7
"JuicyAccess Toolbar" = JuicyAccess Toolbar
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 4.3.1
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - CSY" = Microsoft .NET Framework 2.0 Language Pack - CSY
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 9.0.1 (x86 cs)" = Mozilla Firefox 9.0.1 (x86 cs)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Soldat_is1" = Soldat 1.5.0
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.10
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"xHamster Video Downloader_is1" = xHamster Video Downloader 3.21

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-746137067-1606980848-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"PhotoArtist 2" = BenVista PhotoArtist 2.0.4

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 28.1.2012 19:29:26 | Computer Name = TOMA-8AA94CECC7 | Source = SecurityCenter | ID = 1802
Description = Službě Centrum zabezpečení systému Windows se nepodařilo vytvořit
dotazy na události na službu WMI v zájmu sledování antivirového programu a brány
firewall třetí strany.

Error - 28.1.2012 19:29:28 | Computer Name = TOMA-8AA94CECC7 | Source = Userenv | ID = 1090
Description = Systém Windows nemohl protokolovat stav relace modulu snap-in RSoP.
Pokus o připojení ke službě WMI se nezdařil. Pro toto použití zásad již nebude
prováděno žádné protokolování modulu snap-in RSoP.

Error - 28.1.2012 19:34:30 | Computer Name = TOMA-8AA94CECC7 | Source = WinMgmt | ID = 28
Description = Program WinMgmt nemohl inicializovat hlavní části. To může být způsobeno
chybně nainstalovanou verzí programu WinMgmt, chybou aktualizace úložiště programo
WinMgmt, či nedostatečným místem na disku nebo nedostatkem paměti.

Error - 28.1.2012 19:34:30 | Computer Name = TOMA-8AA94CECC7 | Source = SecurityCenter | ID = 1802
Description = Službě Centrum zabezpečení systému Windows se nepodařilo vytvořit
dotazy na události na službu WMI v zájmu sledování antivirového programu a brány
firewall třetí strany.

Error - 28.1.2012 19:34:33 | Computer Name = TOMA-8AA94CECC7 | Source = Userenv | ID = 1090
Description = Systém Windows nemohl protokolovat stav relace modulu snap-in RSoP.
Pokus o připojení ke službě WMI se nezdařil. Pro toto použití zásad již nebude
prováděno žádné protokolování modulu snap-in RSoP.

Error - 28.1.2012 21:32:59 | Computer Name = TOMA-8AA94CECC7 | Source = Userenv | ID = 1090
Description = Systém Windows nemohl protokolovat stav relace modulu snap-in RSoP.
Pokus o připojení ke službě WMI se nezdařil. Pro toto použití zásad již nebude
prováděno žádné protokolování modulu snap-in RSoP.

Error - 29.1.2012 11:37:19 | Computer Name = TOMA-8AA94CECC7 | Source = WinMgmt | ID = 28
Description = Program WinMgmt nemohl inicializovat hlavní části. To může být způsobeno
chybně nainstalovanou verzí programu WinMgmt, chybou aktualizace úložiště programo
WinMgmt, či nedostatečným místem na disku nebo nedostatkem paměti.

Error - 29.1.2012 11:37:19 | Computer Name = TOMA-8AA94CECC7 | Source = SecurityCenter | ID = 1802
Description = Službě Centrum zabezpečení systému Windows se nepodařilo vytvořit
dotazy na události na službu WMI v zájmu sledování antivirového programu a brány
firewall třetí strany.

Error - 29.1.2012 11:37:20 | Computer Name = TOMA-8AA94CECC7 | Source = Userenv | ID = 1090
Description = Systém Windows nemohl protokolovat stav relace modulu snap-in RSoP.
Pokus o připojení ke službě WMI se nezdařil. Pro toto použití zásad již nebude
prováděno žádné protokolování modulu snap-in RSoP.

Error - 29.1.2012 13:24:49 | Computer Name = TOMA-8AA94CECC7 | Source = Userenv | ID = 1090
Description = Systém Windows nemohl protokolovat stav relace modulu snap-in RSoP.
Pokus o připojení ke službě WMI se nezdařil. Pro toto použití zásad již nebude
prováděno žádné protokolování modulu snap-in RSoP.

[ System Events ]
Error - 8.1.2012 5:39:20 | Computer Name = TOMA-8AA94CECC7 | Source = System Error | ID = 1003
Description = Kód chyby 0000009c, parametr1 00000000, parametr2 80546ef0, parametr3
f2000040, parametr4 00000800.

Error - 8.1.2012 14:01:27 | Computer Name = TOMA-8AA94CECC7 | Source = System Error | ID = 1003
Description = Kód chyby 100000d1, parametr1 000041e8, parametr2 00000002, parametr3
00000000, parametr4 f826d358.

Error - 13.1.2012 10:37:13 | Computer Name = TOMA-8AA94CECC7 | Source = Dhcp | ID = 1002
Description = Zapůjčení adresy IP 10.0.0.1 pro síťovou kartu s adresou 0016D35A3447
byla serverem DHCP 10.0.0.138 odmítnuta. (Server DHCP odeslal zprávu DHCPNACK).

Error - 13.1.2012 13:59:01 | Computer Name = TOMA-8AA94CECC7 | Source = DCOM | ID = 10010
Description = Server {0002DF01-0000-0000-C000-000000000046} se v daném časovém limitu
neregistroval u služby DCOM.

Error - 13.1.2012 16:30:36 | Computer Name = TOMA-8AA94CECC7 | Source = Dhcp | ID = 1002
Description = Zapůjčení adresy IP 10.0.0.1 pro síťovou kartu s adresou 0016D35A3447
byla serverem DHCP 10.0.0.138 odmítnuta. (Server DHCP odeslal zprávu DHCPNACK).

Error - 14.1.2012 14:20:49 | Computer Name = TOMA-8AA94CECC7 | Source = Dhcp | ID = 1002
Description = Zapůjčení adresy IP 10.0.0.1 pro síťovou kartu s adresou 0016D35A3447
byla serverem DHCP 10.0.0.138 odmítnuta. (Server DHCP odeslal zprávu DHCPNACK).

Error - 16.1.2012 7:40:44 | Computer Name = TOMA-8AA94CECC7 | Source = PlugPlayManager | ID = 12
Description = Zařízení Broadcom NetLink (TM) Gigabit Ethernet (PCI\VEN_14E4&DEV_1693&SUBSYS_011C1025&REV_02\4&192ac53f&0&00E0)
se již v systému nenachází, aniž by bylo nejdříve připraveno k odstranění.

Error - 28.1.2012 14:36:30 | Computer Name = TOMA-8AA94CECC7 | Source = PlugPlayManager | ID = 12
Description = Zařízení Broadcom NetLink (TM) Gigabit Ethernet (PCI\VEN_14E4&DEV_1693&SUBSYS_011C1025&REV_02\4&192ac53f&0&00E0)
se již v systému nenachází, aniž by bylo nejdříve připraveno k odstranění.

Error - 28.1.2012 19:30:52 | Computer Name = TOMA-8AA94CECC7 | Source = Dhcp | ID = 1002
Description = Zapůjčení adresy IP 10.0.0.1 pro síťovou kartu s adresou 0016D35A3447
byla serverem DHCP 10.0.0.138 odmítnuta. (Server DHCP odeslal zprávu DHCPNACK).

Error - 29.1.2012 11:37:02 | Computer Name = TOMA-8AA94CECC7 | Source = Dhcp | ID = 1002
Description = Zapůjčení adresy IP 10.0.0.1 pro síťovou kartu s adresou 0016D35A3447
byla serverem DHCP 10.0.0.138 odmítnuta. (Server DHCP odeslal zprávu DHCPNACK).

< End of report >

Těším se na odpověd:)

Vy jste mi dal 2x ten samý log, zkuste najít ještě ten log.txt.

Zkoušel jsem otl projet znova, ale vyjelo mi z toho jen toto:

OTL logfile created on: 29.1.2012 20:36:44 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Tomaš\Dokumenty\Stažené soubory
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

502,11 Mb Total Physical Memory | 101,04 Mb Available Physical Memory | 20,12% Memory free
1,20 Gb Paging File | 0,85 Gb Available in Paging File | 71,48% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 60,05 Gb Free Space | 80,58% Space Free | Partition Type: NTFS
Drive D: | 111,81 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: TOMA-8AA94CECC7 | User Name: Tomaš | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.01.29 19:14:03 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tomaš\Dokumenty\Stažené soubory\OTL.exe
PRC - [2012.01.08 17:17:42 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012.01.03 16:31:34 | 001,391,272 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2011.05.16 11:22:26 | 000,025,464 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe
PRC - [2008.04.14 04:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2012.01.08 17:17:38 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2010.09.25 21:36:31 | 005,969,360 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

========== Win32 Services (SafeList) ==========

SRV - [2010.01.16 20:08:06 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

========== Driver Services (SafeList) ==========

DRV - [2007.05.31 11:04:56 | 004,424,192 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007.05.02 03:52:00 | 000,290,816 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2007.03.01 22:22:04 | 000,988,032 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2007.03.01 22:21:24 | 000,210,688 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2007.03.01 22:21:22 | 000,731,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2007.02.16 15:46:00 | 000,160,256 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006.10.12 15:28:42 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcmwl5.sys -- (BCM43XX)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-746137067-1606980848-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-746137067-1606980848-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-746137067-1606980848-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - prefs.js..keyword.URL: "http://isearch.avg.com/search?cid=%7Bd5 ... &sap=ku&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.01.14 21:47:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.07.22 19:39:17 | 000,000,000 | ---D | M]

[2010.08.17 15:52:18 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tomaš\Data aplikací\Mozilla\Extensions
[2011.11.26 21:35:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tomaš\Data aplikací\Mozilla\Firefox\Profiles\ucoz3ie8.default\extensions
[2010.09.10 15:27:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Tomaš\Data aplikací\Mozilla\Firefox\Profiles\ucoz3ie8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.06.09 17:24:22 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Tomaš\Data aplikací\Mozilla\Firefox\Profiles\ucoz3ie8.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011.11.26 21:35:50 | 000,000,000 | ---D | M] (Facemoods) -- C:\Documents and Settings\Tomaš\Data aplikací\Mozilla\Firefox\Profiles\ucoz3ie8.default\extensions\ffxtlbr@Facemoods.com
[2012.01.14 20:12:47 | 000,000,000 | ---D | M] ("Ask Toolbar") -- C:\Documents and Settings\Tomaš\Data aplikací\Mozilla\Firefox\Profiles\ucoz3ie8.default\extensions\toolbar@ask.com
[2012.01.21 16:22:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012.01.21 16:22:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\TOMAĹˇ\DATA APLIKACĂ\MOZILLA\FIREFOX\PROFILES\UCOZ3IE8.DEFAULT\EXTENSIONS\TOOLBAR@ASK.COM
[2011.07.22 19:39:00 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012.01.08 17:17:44 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.11.10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.08.17 17:00:25 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2012.01.21 08:34:10 | 000,003,747 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2011.11.26 21:35:51 | 000,002,046 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2011.11.05 05:51:00 | 000,002,208 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\heureka-cz.xml
[2011.11.05 05:51:00 | 000,000,638 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
[2011.11.05 05:51:00 | 000,001,367 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml
[2011.11.05 05:51:00 | 000,000,654 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml
[2011.11.05 05:51:00 | 000,001,179 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2012.01.29 17:23:04 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-746137067-1606980848-725345543-1003\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKU\S-1-5-21-746137067-1606980848-725345543-1003..\Run: [DriverScanner] C:\Program Files\Uniblue\DriverScanner\launcher.exe (Uniblue Systems Limited)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-746137067-1606980848-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-746137067-1606980848-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-746137067-1606980848-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-746137067-1606980848-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1EC6D0AF-E4E8-4465-B45A-7C7EFFB46A1D}: DhcpNameServer = 10.0.0.138
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Tomaš\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Tomaš\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.11.14 18:54:07 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007.06.08 12:00:20 | 000,000,041 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\WINDOWS\System32\divx.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2012.01.29 19:43:01 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Tomaš\Recent
[2012.01.29 18:00:33 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012.01.29 16:38:15 | 000,274,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2012.01.29 16:38:15 | 000,017,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2012.01.29 16:38:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012.01.28 17:24:49 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2012.01.28 16:37:32 | 000,041,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ppyzhwhs.sys
[2012.01.28 16:12:18 | 000,000,000 | ---D | C] -- C:\ProgramData
[2012.01.28 16:05:36 | 000,236,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2012.01.28 15:20:00 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012.01.28 15:13:18 | 004,388,509 | R--- | C] (Swearware) -- C:\Documents and Settings\Tomaš\Plocha\Combofix.exe
[2012.01.28 14:51:55 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012.01.28 14:51:54 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012.01.28 14:51:53 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012.01.28 14:51:53 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012.01.28 14:51:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2012.01.28 14:49:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.01.28 14:49:24 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Tomaš\Nabídka Start\Programy\Nástroje pro správu
[2012.01.28 13:44:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tomaš\Data aplikací\Uniblue
[2012.01.28 13:44:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Uniblue
[2012.01.28 13:44:39 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2012.01.28 13:43:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\CrystalDiskInfo
[2012.01.28 13:43:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tomaš\Data aplikací\OpenCandy
[2012.01.28 13:43:48 | 000,000,000 | ---D | C] -- C:\Program Files\CrystalDiskInfo
[2012.01.28 11:31:30 | 000,000,000 | ---D | C] -- C:\Program Files\HD Tune
[2012.01.28 11:31:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\HD Tune
[2012.01.28 11:21:19 | 001,187,840 | ---- | C] (Lodus Software) -- C:\Documents and Settings\Tomaš\Plocha\UPM.exe
[2012.01.28 11:21:19 | 001,062,704 | R--- | C] (Microsoft Corporation) -- C:\Documents and Settings\Tomaš\Plocha\MSCOMCTL.OCX
[2012.01.28 11:21:19 | 000,068,096 | ---- | C] (xyz) -- C:\Documents and Settings\Tomaš\Plocha\prjXTab.ocx
[2012.01.28 11:21:19 | 000,014,336 | ---- | C] (Lodus Software) -- C:\Documents and Settings\Tomaš\Plocha\upm.dll
[2012.01.28 11:21:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tomaš\Plocha\languages
[2012.01.28 10:39:42 | 000,000,000 | ---D | C] -- C:\Program Files\Ultimate Process Manager
[2012.01.27 23:09:03 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2012.01.27 23:09:03 | 000,000,000 | ---D | C] -- C:\rsit
[2012.01.27 22:27:42 | 000,000,000 | ---D | C] -- C:\Avenger
[2012.01.27 18:08:08 | 000,000,000 | ---D | C] -- C:\$WIN_NT$.~BT
[2012.01.27 17:45:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\setup.pss
[2012.01.21 16:22:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.01.21 16:22:15 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012.01.21 16:22:15 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012.01.21 16:22:15 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012.01.21 14:02:33 | 000,000,000 | ---D | C] -- C:\found.003
[2012.01.21 01:18:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2012.01.20 22:28:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tomaš\Data aplikací\AVG
[2012.01.19 19:33:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tomaš\.fontconfig
[2012.01.14 21:46:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2012.01.14 15:41:47 | 000,000,000 | ---D | C] -- C:\61c7c1a51d4f21056da7
[2012.01.13 20:07:31 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012.01.08 11:07:51 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Data aplikací\Common Files
[2012.01.08 11:03:36 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2012.01.08 10:46:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\MFAData
[2012.01.06 20:03:57 | 000,000,000 | ---D | C] -- C:\found.002
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.01.29 20:40:06 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012.01.29 20:38:08 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2012.01.29 20:17:01 | 000,000,940 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.01.29 18:01:45 | 000,150,772 | ---- | M] () -- C:\Documents and Settings\Tomaš\Dokumenty\cc_20120129_180135.reg
[2012.01.29 17:25:13 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\DriverScanner.job
[2012.01.29 17:23:04 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012.01.29 16:53:31 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.01.29 16:53:26 | 000,000,936 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.01.29 16:37:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.01.28 20:45:02 | 000,441,358 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.01.28 20:45:02 | 000,437,776 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2012.01.28 20:45:02 | 000,083,136 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2012.01.28 20:45:02 | 000,071,676 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.01.28 20:12:09 | 000,000,405 | RHS- | M] () -- C:\boot.ini
[2012.01.28 17:42:19 | 000,140,384 | ---- | M] () -- C:\Documents and Settings\Tomaš\Dokumenty\cc_20120128_174206.reg
[2012.01.28 17:30:53 | 000,002,552 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012.01.28 17:25:09 | 000,001,912 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012.01.28 16:37:33 | 000,041,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ppyzhwhs.sys
[2012.01.28 15:13:20 | 004,388,509 | R--- | M] (Swearware) -- C:\Documents and Settings\Tomaš\Plocha\Combofix.exe
[2012.01.28 13:44:46 | 000,000,764 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\DriverScanner.lnk
[2012.01.28 13:43:53 | 000,001,643 | ---- | M] () -- C:\Documents and Settings\Tomaš\Plocha\CrystalDiskInfo.lnk
[2012.01.28 13:24:24 | 000,121,274 | ---- | M] () -- C:\Documents and Settings\Tomaš\Dokumenty\cc_20120128_132410.reg
[2012.01.28 11:23:18 | 000,000,045 | ---- | M] () -- C:\Documents and Settings\Tomaš\Plocha\nastaveni.usr
[2012.01.28 10:33:16 | 000,000,686 | ---- | M] () -- C:\Documents and Settings\Tomaš\Dokumenty\cc_20120128_103304.reg
[2012.01.27 18:08:29 | 000,000,273 | ---- | M] () -- C:\Boot.bak
[2012.01.21 16:29:57 | 000,026,876 | ---- | M] () -- C:\Documents and Settings\Tomaš\Plocha\Netdiag 21012012 162957.htm
[2012.01.21 00:17:18 | 000,782,902 | ---- | M] () -- C:\Documents and Settings\Tomaš\Dokumenty\cc_20120121_001649.reg
[2012.01.19 19:39:50 | 000,001,569 | ---- | M] () -- C:\Documents and Settings\Tomaš\.recently-used.xbel
[2012.01.15 19:18:53 | 000,000,862 | ---- | M] () -- C:\Documents and Settings\Tomaš\Dokumenty\cc_20120115_191803.reg
[2012.01.14 23:33:52 | 000,194,574 | ---- | M] () -- C:\Documents and Settings\Tomaš\Dokumenty\cc_20120114_233312.reg
[2012.01.14 22:48:14 | 001,433,104 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.01.04 10:26:22 | 000,236,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.01.29 19:18:34 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2012.01.29 18:01:37 | 000,150,772 | ---- | C] () -- C:\Documents and Settings\Tomaš\Dokumenty\cc_20120129_180135.reg
[2012.01.28 17:42:11 | 000,140,384 | ---- | C] () -- C:\Documents and Settings\Tomaš\Dokumenty\cc_20120128_174206.reg
[2012.01.28 15:20:02 | 000,261,312 | RHS- | C] () -- C:\cmldr
[2012.01.28 14:51:55 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012.01.28 14:51:55 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012.01.28 14:51:54 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012.01.28 14:51:53 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012.01.28 14:51:53 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012.01.28 13:44:52 | 000,000,260 | ---- | C] () -- C:\WINDOWS\tasks\DriverScanner.job
[2012.01.28 13:44:46 | 000,000,764 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\DriverScanner.lnk
[2012.01.28 13:43:53 | 000,001,643 | ---- | C] () -- C:\Documents and Settings\Tomaš\Plocha\CrystalDiskInfo.lnk
[2012.01.28 13:24:13 | 000,121,274 | ---- | C] () -- C:\Documents and Settings\Tomaš\Dokumenty\cc_20120128_132410.reg
[2012.01.28 11:23:18 | 000,000,045 | ---- | C] () -- C:\Documents and Settings\Tomaš\Plocha\nastaveni.usr
[2012.01.28 11:21:19 | 000,099,758 | ---- | C] () -- C:\Documents and Settings\Tomaš\Plocha\proc_db.wt
[2012.01.28 11:21:19 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Tomaš\Plocha\LDE.dll
[2012.01.28 11:21:19 | 000,000,043 | ---- | C] () -- C:\Documents and Settings\Tomaš\Plocha\_reg.bat
[2012.01.28 11:21:19 | 000,000,039 | ---- | C] () -- C:\Documents and Settings\Tomaš\Plocha\__make_debug_wt_log.bat
[2012.01.28 11:21:19 | 000,000,026 | ---- | C] () -- C:\Documents and Settings\Tomaš\Plocha\_MAKE_LOG_SW.bat
[2012.01.28 11:21:19 | 000,000,026 | ---- | C] () -- C:\Documents and Settings\Tomaš\Plocha\_MAKE_LOG_EN.bat
[2012.01.28 11:21:19 | 000,000,025 | ---- | C] () -- C:\Documents and Settings\Tomaš\Plocha\_MAKE_LOG_SK.bat
[2012.01.28 11:21:19 | 000,000,024 | ---- | C] () -- C:\Documents and Settings\Tomaš\Plocha\_MAKE_LOG_CZ.bat
[2012.01.28 10:33:13 | 000,000,686 | ---- | C] () -- C:\Documents and Settings\Tomaš\Dokumenty\cc_20120128_103304.reg
[2012.01.27 17:45:33 | 000,468,713 | R--- | C] () -- C:\txtsetup.sif
[2012.01.27 17:45:33 | 000,261,312 | R--- | C] () -- C:\$LDR$
[2012.01.27 17:45:33 | 000,000,273 | ---- | C] () -- C:\Boot.bak
[2012.01.21 16:29:57 | 000,026,876 | ---- | C] () -- C:\Documents and Settings\Tomaš\Plocha\Netdiag 21012012 162957.htm
[2012.01.21 00:16:54 | 000,782,902 | ---- | C] () -- C:\Documents and Settings\Tomaš\Dokumenty\cc_20120121_001649.reg
[2012.01.19 22:33:55 | 000,001,912 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2012.01.19 19:39:50 | 000,001,569 | ---- | C] () -- C:\Documents and Settings\Tomaš\.recently-used.xbel
[2012.01.15 19:18:34 | 000,000,862 | ---- | C] () -- C:\Documents and Settings\Tomaš\Dokumenty\cc_20120115_191803.reg
[2012.01.14 23:33:18 | 000,194,574 | ---- | C] () -- C:\Documents and Settings\Tomaš\Dokumenty\cc_20120114_233312.reg
[2012.01.07 23:20:18 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2012.01.07 23:20:13 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2010.08.17 15:52:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009.03.01 18:50:56 | 000,000,390 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009.02.23 21:32:00 | 000,000,125 | ---- | C] () -- C:\Documents and Settings\Tomaš\Local Settings\Data aplikací\fusioncache.dat
[2008.12.26 21:56:30 | 000,084,480 | ---- | C] () -- C:\Documents and Settings\Tomaš\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.11.25 20:52:56 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008.11.25 20:52:55 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2008.11.25 20:52:52 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008.11.25 20:52:52 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008.11.25 20:52:51 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008.11.25 20:52:49 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008.11.18 12:28:00 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008.11.17 10:23:23 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Tomaš\Data aplikací\AVSDVDPlayer.m3u
[2008.11.17 10:23:09 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2008.11.16 19:23:07 | 000,001,431 | ---- | C] () -- C:\WINDOWS\cpbqs48.ini
[2008.11.14 19:58:17 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2008.11.14 19:45:37 | 000,004,249 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008.11.14 19:44:11 | 001,433,104 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008.11.14 18:56:43 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008.11.14 18:50:48 | 000,021,812 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004.08.17 14:58:58 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004.08.02 13:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2001.10.25 12:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001.10.25 12:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001.10.25 12:00:00 | 000,441,358 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001.10.25 12:00:00 | 000,437,776 | ---- | C] () -- C:\WINDOWS\System32\perfh005.dat
[2001.10.25 12:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001.10.25 12:00:00 | 000,269,162 | ---- | C] () -- C:\WINDOWS\System32\perfi005.dat
[2001.10.25 12:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001.10.25 12:00:00 | 000,083,136 | ---- | C] () -- C:\WINDOWS\System32\perfc005.dat
[2001.10.25 12:00:00 | 000,071,676 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001.10.25 12:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001.10.25 12:00:00 | 000,032,072 | ---- | C] () -- C:\WINDOWS\System32\perfd005.dat
[2001.10.25 12:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001.10.25 12:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001.10.25 12:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2012.01.28 17:30:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\AVAST Software
[2012.01.08 11:07:51 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\Common Files
[2012.01.28 15:06:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\MFAData
[2012.01.22 20:26:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2010.08.28 19:03:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\{5EA804FD-5E7A-4405-A638-CAFBD22489D9}
[2012.01.21 13:29:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tomaš\Data aplikací\AVG
[2011.11.28 14:38:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tomaš\Data aplikací\facemoods.com
[2010.08.17 17:01:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tomaš\Data aplikací\Foxit Software
[2008.11.16 22:34:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tomaš\Data aplikací\FxFotoDB(2)
[2012.01.19 19:37:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tomaš\Data aplikací\gtk-2.0
[2009.03.01 16:42:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tomaš\Data aplikací\Jpeg Resampler
[2012.01.28 16:37:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tomaš\Data aplikací\OpenCandy
[2009.12.20 16:02:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tomaš\Data aplikací\Soldat
[2012.01.28 13:44:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tomaš\Data aplikací\Uniblue
[2012.01.29 17:25:13 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\DriverScanner.job
[2012.01.29 20:40:06 | 000,000,234 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========

========== Custom Scans ==========

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"DriverScanner" = "C:\Program Files\Uniblue\DriverScanner\launcher.exe" delay 20000 -- [2011.05.16 11:22:26 | 000,338,296 | ---- | M] (Uniblue Systems Limited)
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater]
"" =

< >

< MD5 for: AGP440.SYS >
[2004.08.17 14:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.11.20 21:23:04 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.11.20 21:23:04 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004.08.17 14:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.11.20 21:23:04 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.11.20 21:23:04 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2008.04.14 04:22:10 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\cmdcons\autochk.exe
[2008.04.14 04:22:10 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\ServicePackFiles\i386\autochk.exe
[2008.04.14 04:22:10 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\system32\autochk.exe
[2004.08.17 14:49:22 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=CEA8636EC12F062C1ED8A7CB4E75324F -- C:\WINDOWS\$NtServicePackUninstall$\autochk.exe

< MD5 for: CDROM.SYS >
[2004.08.17 14:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2008.11.20 21:23:04 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008.11.20 21:23:04 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008.04.13 19:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008.04.13 19:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2004.08.03 21:59:54 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys

< MD5 for: CRYPTSVC.DLL >
[2004.08.17 14:49:04 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll
[2008.04.14 04:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\ERDNT\cache\cryptsvc.dll
[2008.04.14 04:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[2008.04.14 04:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\cryptsvc.dll

< MD5 for: CSRSS.EXE >
[2004.08.17 14:49:24 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=490E6E57E54FAF5F23F658EA188405A1 -- C:\WINDOWS\$NtServicePackUninstall$\csrss.exe
[2008.04.14 04:22:17 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=628CE66E3FD35BFC7969DBAC245DC069 -- C:\WINDOWS\ServicePackFiles\i386\csrss.exe
[2008.04.14 04:22:17 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=628CE66E3FD35BFC7969DBAC245DC069 -- C:\WINDOWS\system32\csrss.exe

< MD5 for: EVENTLOG.DLL >
[2008.04.14 04:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008.04.14 04:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 04:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll
[2004.08.17 14:49:08 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008.04.14 04:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008.04.14 04:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 04:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004.08.17 14:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: FASTFAT.SYS >
[2004.08.03 22:14:18 | 000,143,360 | ---- | M] (Microsoft Corporation) MD5=3117F595E9615E04F05A54FC15A03B20 -- C:\WINDOWS\$NtServicePackUninstall$\fastfat.sys
[2008.04.13 20:14:29 | 000,143,744 | ---- | M] (Microsoft Corporation) MD5=38D332A6D56AF32635675F132548343E -- C:\WINDOWS\ServicePackFiles\i386\fastfat.sys
[2008.04.13 20:14:29 | 000,143,744 | ---- | M] (Microsoft Corporation) MD5=38D332A6D56AF32635675F132548343E -- C:\WINDOWS\system32\drivers\fastfat.sys

< MD5 for: HAL.DLL >
[2004.08.17 14:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2008.11.20 21:23:04 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2008.11.20 21:23:04 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll
[2008.04.13 19:31:32 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll
[2008.04.13 19:31:28 | 000,131,840 | ---- | M] (Microsoft Corporation) MD5=6F61D3287A6A15A08A9433222C09D17F -- C:\WINDOWS\system32\HAL.DLL
[2004.08.03 21:59:10 | 000,131,968 | ---- | M] (Microsoft Corporation) MD5=F9A0F579FC18036FFDD9E26E0D268CCD -- C:\WINDOWS\$NtServicePackUninstall$\hal.dll

< MD5 for: CHANGER.SYS >
[2004.08.17 14:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2008.11.20 21:23:04 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
[2008.11.20 21:23:04 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Changer.sys
[2008.04.13 19:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\ServicePackFiles\i386\changer.sys

< MD5 for: IASTOR.SYS >
[2008.11.12 21:59:06 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\WINDOWS\NLDRV\001\iastor.sys
[2008.11.12 21:59:06 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\WINDOWS\system32\drivers\iaStor.sys

< MD5 for: ISAPNP.SYS >
[2008.11.20 21:23:04 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2008.11.20 21:23:04 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:isapnp.sys
[2001.10.24 11:44:12 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\$NtServicePackUninstall$\isapnp.sys
[2001.10.25 12:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\isapnp.sys
[2008.04.14 03:27:53 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\ServicePackFiles\i386\isapnp.sys
[2008.04.14 03:27:53 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\drivers\isapnp.sys

< MD5 for: LSASS.EXE >
[2004.08.17 14:49:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
[2008.04.14 04:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\ERDNT\cache\lsass.exe
[2008.04.14 04:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[2008.04.14 04:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\lsass.exe

< MD5 for: NDIS.SYS >
[2008.04.13 20:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ERDNT\cache\ndis.sys
[2008.04.13 20:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008.04.13 20:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2004.08.03 22:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

< MD5 for: NETLOGON.DLL >
[2004.08.17 14:49:14 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008.04.14 04:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008.04.14 04:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 04:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: NTFS.SYS >
[2008.04.13 20:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\ERDNT\cache\ntfs.sys
[2008.04.13 20:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\ServicePackFiles\i386\ntfs.sys
[2008.04.13 20:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\system32\drivers\ntfs.sys
[2004.08.03 23:15:10 | 000,574,592 | R--- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\$WIN_NT$.~BT\ntfs.sys
[2004.08.03 23:15:10 | 000,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\cmdcons\NTFS.SYS
[2004.08.03 22:15:10 | 000,574,592 | ---- | M] (Microsoft Corporation) MD5=B78BE402C3F63DD55521F73876951CDD -- C:\WINDOWS\$NtServicePackUninstall$\ntfs.sys

< MD5 for: SCECLI.DLL >
[2004.08.17 14:49:18 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008.04.14 04:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008.04.14 04:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 04:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SERVICES.EXE >
[2009.02.09 12:18:56 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=3D107D45CCFDB266E91D84B52CD7F430 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2004.08.17 14:49:28 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=6E401E61F952FBBF708AFBECEFAFAE81 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe
[2009.02.09 12:25:57 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=9EF697AF07BB8DD82C3B02CA953A95B7 -- C:\WINDOWS\ERDNT\cache\services.exe
[2009.02.09 12:25:57 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=9EF697AF07BB8DD82C3B02CA953A95B7 -- C:\WINDOWS\system32\dllcache\services.exe
[2009.02.09 12:25:57 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=9EF697AF07BB8DD82C3B02CA953A95B7 -- C:\WINDOWS\system32\services.exe
[2008.04.14 04:22:45 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=F0D2AE69035092BF22DAD6B50FAB85C2 -- C:\WINDOWS\ServicePackFiles\i386\services.exe

< MD5 for: SMSS.EXE >
[2004.08.17 14:49:28 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\$NtServicePackUninstall$\smss.exe
[2001.10.25 13:00:00 | 000,481,792 | R--- | M] (Microsoft Corporation) MD5=0B7569ECA93964A39BEDCF763E78E22A -- C:\$WIN_NT$.~BT\system32\smss.exe
[2004.08.17 15:49:28 | 000,164,864 | ---- | M] (Microsoft Corporation) MD5=3C100B7FDB179B63829103DF6541337F -- C:\cmdcons\SYSTEM32\SMSS.EXE
[2008.04.14 04:22:47 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\ServicePackFiles\i386\smss.exe
[2008.04.14 04:22:47 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\smss.exe

< MD5 for: SPOOLSV.EXE >
[2004.08.17 14:49:28 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=21B6FAA88044A41640E03EBB68BE93E8 -- C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe
[2010.08.17 14:19:36 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=258DD5D4283FD9F9A7166BE9AE45CE73 -- C:\WINDOWS\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[2010.08.17 14:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\ERDNT\cache\spoolsv.exe
[2010.08.17 14:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\system32\dllcache\spoolsv.exe
[2010.08.17 14:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\system32\spoolsv.exe
[2008.04.14 04:22:48 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=CB1090BCA0E7B40D0B5B4E4D66531809 -- C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe

< MD5 for: SVCHOST.EXE >
[2008.04.14 04:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008.04.14 04:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008.04.14 04:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe
[2004.08.17 14:49:28 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: TCPIP.SYS >
[2008.04.13 20:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\ERDNT\cache\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 12:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2004.08.03 22:14:42 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2008.06.20 12:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[2008.06.20 12:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.04.14 04:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008.04.14 04:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 04:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe
[2004.08.17 14:49:28 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004.08.17 14:49:28 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 04:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008.04.14 04:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 04:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WS2_32.DLL >
[2004.08.17 14:49:22 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
[2008.04.14 04:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\ERDNT\cache\ws2_32.dll
[2008.04.14 04:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008.04.14 04:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\ws2_32.dll

< >

< C:\windows\system32\spool\prtprocs|dll;true;true;true /FP >
[2008.07.06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008.07.06 13:06:10 | 000,147,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\x64\filterpipelineprintproc.dll

< %systemroot%\system32\drivers\*.sys /5 >
[2012.01.28 16:37:33 | 000,041,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ppyzhwhs.sys

< %systemroot%\system32\drivers\*.sys /X >
[2008.04.14 04:21:36 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll
[2008.04.14 04:21:36 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll
[2008.04.14 04:21:36 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll
[2008.04.14 04:21:36 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll
[2008.04.14 04:21:36 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll
[2008.04.14 04:21:36 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll
[2008.04.14 04:21:36 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll
[2004.07.17 11:36:24 | 000,064,352 | ---- | M] () -- C:\WINDOWS\system32\drivers\ativmc20.cod
[2008.04.14 04:21:37 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll
[2008.04.14 04:21:37 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll
[2008.04.14 04:21:37 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll
[2008.04.14 04:21:37 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll
[2008.04.14 04:21:37 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll
[2007.02.09 05:47:42 | 000,011,986 | ---- | M] () -- C:\WINDOWS\system32\drivers\bcm43xx.cat
[2007.02.09 05:47:46 | 000,011,986 | ---- | M] () -- C:\WINDOWS\system32\drivers\bcm43xx64.cat
[2007.02.08 01:05:06 | 000,549,158 | ---- | M] () -- C:\WINDOWS\system32\drivers\bcmwl5.inf
[2008.04.14 04:21:38 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2004.07.17 22:55:24 | 000,129,045 | ---- | M] () -- C:\WINDOWS\system32\drivers\cxthsfs2.cty
[2001.10.25 12:00:00 | 003,440,660 | ---- | M] () -- C:\WINDOWS\system32\drivers\gm.dls
[2001.10.25 12:00:00 | 000,000,646 | ---- | M] () -- C:\WINDOWS\system32\drivers\gmreadme.txt
[2007.03.01 23:12:06 | 000,144,393 | ---- | M] () -- C:\WINDOWS\system32\drivers\HSFProf.cty
[2004.07.17 11:35:00 | 000,067,866 | ---- | M] () -- C:\WINDOWS\system32\drivers\netwlan5.img
[2008.04.14 04:21:55 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll
[2008.04.14 04:22:04 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\*.* /5 >
[2012.01.28 17:30:53 | 000,002,552 | ---- | M] () -- C:\WINDOWS\system32\CONFIG.NT
[2012.01.28 20:45:02 | 000,083,136 | ---- | M] () -- C:\WINDOWS\system32\perfc005.dat
[2012.01.28 20:45:02 | 000,071,676 | ---- | M] () -- C:\WINDOWS\system32\perfc009.dat
[2012.01.28 20:45:02 | 000,437,776 | ---- | M] () -- C:\WINDOWS\system32\perfh005.dat
[2012.01.28 20:45:02 | 000,441,358 | ---- | M] () -- C:\WINDOWS\system32\perfh009.dat
[2012.01.28 20:45:02 | 001,046,356 | ---- | M] () -- C:\WINDOWS\system32\PerfStringBackup.INI
[2012.01.29 16:53:31 | 000,002,206 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\config\*.sav >
[2008.11.14 19:43:30 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008.11.14 19:43:30 | 000,663,552 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008.11.14 19:43:30 | 000,475,136 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\*.* /U /s >
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[15 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[7 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
[2 C:\WINDOWS\system32\CatRoot\*.tmp files -> C:\WINDOWS\system32\CatRoot\*.tmp -> ]

< %systemroot%\*. /mp /s >

< %ALLUSERSPROFILE%\Data Aplikací\*.* >
[2008.11.14 19:44:56 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Data Aplikací\desktop.ini

< %ALLUSERSPROFILE%\Data Aplikací\*.exe /s >
[2009.07.29 13:32:15 | 000,595,765 | ---- | M] ( ) -- C:\Documents and Settings\All Users\Data Aplikací\{5EA804FD-5E7A-4405-A638-CAFBD22489D9}\OFFLINE\mFileBagIDE.dll\bag\AdwareSetup.exe
[2009.07.29 13:32:21 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Data Aplikací\{5EA804FD-5E7A-4405-A638-CAFBD22489D9}\OFFLINE\mFileBagIDE.dll\bag\HJSetup.exe
[2008.07.15 03:18:59 | 000,103,936 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Data Aplikací\{5EA804FD-5E7A-4405-A638-CAFBD22489D9}\OFFLINE\mFileBagIDE.dll\bag\MsiZap.Exe
[2009.07.13 10:21:00 | 000,423,528 | ---- | M] ( ) -- C:\Documents and Settings\All Users\Data Aplikací\{5EA804FD-5E7A-4405-A638-CAFBD22489D9}\OFFLINE\mFileBagIDE.dll\bag\SSD.exe
[2010.06.23 17:16:34 | 000,501,936 | ---- | M] (Google Inc.) -- C:\Documents and Settings\All Users\Data Aplikací\Google\Google Toolbar\Update\gtb3.tmp.exe

< %ALLUSERSPROFILE%\Dáta aplikácií\*.* >

< %ALLUSERSPROFILE%\Dáta aplikácií\*.exe /s >

< %APPDATA%\*. >
[2010.03.15 15:46:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tomaš\Data aplikací\Adobe
[2012.01.21 13:29:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tomaš\Data aplikací\AVG
[2011.11.28 14:38:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tomaš\Data aplikací\facemoods.com
[2010.08.17 17:01:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tomaš\Data aplikací\Foxit Software
[2008.11.16 22:34:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tomaš\Data aplikací\FxFotoDB(2)
[2009.05.16 11:40:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tomaš\Data aplikací\Google
[2012.01.19 19:37:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tomaš\Data aplikací\gtk-2.0
[2008.11.16 19:28:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tomaš\Data aplikací\Help
[2008.11.14 18:58:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tomaš\Data aplikací\Identities
[2009.03.01 16:42:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tomaš\Data aplikací\Jpeg Resampler
[2009.05.23 13:49:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tomaš\Data aplikací\Macromedia
[2008.11.25 21:03:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tomaš\Data aplikací\Media Player Classic
[2008.12.26 22:12:17 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Tomaš\Data aplikací\Microsoft
[2010.08.17 15:52:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tomaš\Data aplikací\Mozilla
[2012.01.28 16:37:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tomaš\Data aplikací\OpenCandy
[2008.12.26 18:41:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tomaš\Data aplikací\Real
[2009.12.20 16:02:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tomaš\Data aplikací\Soldat
[2011.07.22 19:38:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tomaš\Data aplikací\Sun
[2012.01.28 13:44:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tomaš\Data aplikací\Uniblue

< %APPDATA%\*.* >
[2008.11.17 13:18:20 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Tomaš\Data aplikací\AVSDVDPlayer.m3u
[2008.11.14 19:44:56 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Tomaš\Data aplikací\desktop.ini

< %APPDATA%\*.exe /s >
[2012.01.13 15:44:46 | 003,884,200 | ---- | M] (Ask) -- C:\Documents and Settings\Tomaš\Data aplikací\Mozilla\Firefox\Profiles\ucoz3ie8.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe
[2011.06.09 20:03:56 | 005,845,528 | ---- | M] (Uniblue Systems Ltd ) -- C:\Documents and Settings\Tomaš\Data aplikací\OpenCandy\7B774A08F40F4E6E9B9F9F2C4DD57B03\driverscanner (33).exe

< %SYSTEMDRIVE%\*.exe >

< >

< >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-01-26 16:13:42

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS /s >
"StateIndex" = 0

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager" /v BootExecute /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\SESSION MANAGER
BOOTEXECUTE REG_MULTI_SZ autocheck autochk *\0\0

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager" /v "PendingFileRenameOperations" /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\SESSION MANAGER
PENDINGFILERENAMEOPERATIONS REG_MULTI_SZ \??\C:\Qoobox\Quarantine\C\MoveEx_test0123.vir\0\0\??\C:\test0123\0\??\C:\Qoobox\Quarantine\C\MoveEx_test0123.vir\0\??\C:\DOCUME~1\TOMA~1\LOCALS~1\TEMPOR~1\Content.IE5\index.dat\0\0\??\C:\DOCUME~1\TOMA~1\Cookies\index.dat\0\0\??\C:\DOCUME~1\TOMA~1\LOCALS~1\History\History.IE5\desktop.ini\0\0\??\C:\DOCUME~1\TOMA~1\LOCALS~1\History\History.IE5\index.dat\0\0\??\C:\DOCUME~1\TOMA~1\LOCALS~1\History\History.IE5\MSHIST~2\index.dat\0\0\??\C:\DOCUME~1\TOMA~1\LOCALS~1\History\History.IE5\MSHIST~1\index.dat\0\0\0

< >

< type c:\boot.ini >> test.txt /c >
[Boot Loader]
Timeout=2
Default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[Operating Systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
C:\$WIN_NT$.~BT\BOOTSECT.DAT="Microsoft Windows XP Professional - instalace"

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2012.01.29 20:38:08 | 000,000,512 | ---- | M] () MD5=7238D7F588536A4DAB18C018AC4C2E05 -- C:\PhysicalMBR.bin

========== Files - Unicode (All) ==========
[2008.11.17 20:17:30 | 000,000,000 | ---D | M](C:\Documents and Settings\Toma?\Data aplikací\bibble) -- C:\Documents and Settings\Toma\Data aplikací\bibble

========== Alternate Data Streams ==========

@Alternate Data Stream - 762 bytes -> C:\WINDOWS\System32\drivers\ppyzhwhs.sys:changelist
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:0B4227B4

< End of report >

Otestujte na www.virustotal.com
C:\WINDOWS\System32\drivers\ppyzhwhs.sys

Vyjelo mi toto:
Antivirus Result Update
AhnLab-V3 - 20120128
AntiVir - 20120127
Antiy-AVL - 20120127
Avast - 20120128
AVG - 20120128
BitDefender - 20120128
ByteHero - 20120128
CAT-QuickHeal - 20120127
ClamAV - 20120128
Commtouch - 20120128
Comodo - 20120128
DrWeb - 20120128
Emsisoft - 20120128
eSafe - 20120126
eTrust-Vet - 20120127
F-Prot - 20120128
F-Secure - 20120128
Fortinet - 20120128
GData - 20120128
Ikarus - 20120128
Jiangmin - 20120128
K7AntiVirus - 20120127
Kaspersky - 20120128
McAfee - 20120128
McAfee-GW-Edition - 20120128
Microsoft - 20120128
NOD32 - 20120128
Norman - 20120128
nProtect - 20120128
Panda - 20120128
PCTools - 20120128
Prevx - 20120128
Rising - 20120118
Sophos - 20120128
SUPERAntiSpyware - 20120128
Symantec - 20120128
TheHacker - 20120127
TrendMicro - 20120128
TrendMicro-HouseCall - 20120128
VBA32 - 20120126
VIPRE - 20120128
ViRobot - 20120128
VirusBuster - 20120128

Spustte OTL
-do bílého okna dole skopírujte tento skript:

Kód: Vybrat vše

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
@Alternate Data Stream - 762 bytes -> C:\WINDOWS\System32\drivers\ppyzhwhs.sys:changelist
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:0B4227B4
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-746137067-1606980848-725345543-1003\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\TOMAĹˇ\DATA APLIKACĂ\MOZILLA\FIREFOX\PROFILES\UCOZ3IE8.DEFAULT\EXTENSIONS\TOOLBAR@ASK.COM
[2011.11.26 21:35:50 | 000,000,000 | ---D | M] (Facemoods) -- C:\Documents and Settings\Tomaš\Data aplikací\Mozilla\Firefox\Profiles\ucoz3ie8.default\extensions\ffxtlbr@Facemoods.com
[2012.01.14 20:12:47 | 000,000,000 | ---D | M] ("Ask Toolbar") -- C:\Documents and Settings\Tomaš\Data aplikací\Mozilla\Firefox\Profiles\ucoz3ie8.default\extensions\toolbar@ask.com
[2012.01.21 16:22:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-746137067-1606980848-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-746137067-1606980848-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

:files
C:\WINDOWS\system32\*.tmp.dll /s
C:\WINDOWS\system32\SET*.tmp /s
C:\WINDOWS\*.tmp /s
C:\WINDOWS\System32\drivers\ppyzhwhs.sys
C:\Documents and Settings\Tomaš\Data aplikací\Mozilla\Firefox\Profiles\ucoz3ie8.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe
C:\Documents and Settings\Tomaš\Data aplikací\facemoods.com
C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
C:\WINDOWS\System32\emptyregdb.dat
C:\Program Files\Ask.com

:services
 ppyzhwh

:commands
[emptytemp]
[EMPTYFLASH]
[Reboot]

-klikněte na tlačítko opravit.
-Následně se pc restartuje.
- Log vložte zde

Tak tady to je:

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
ADS C:\WINDOWS\System32\drivers\ppyzhwhs.sys:changelist deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:0B4227B4 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
C:\Program Files\Ask.com\GenericAskToolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-746137067-1606980848-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
C:\Program Files\Ask.com\Updater\Updater.exe moved successfully.
C:\Documents and Settings\Tomaš\Data aplikací\Mozilla\Firefox\Profiles\ucoz3ie8.default\extensions\ffxtlbr@Facemoods.com\defaults\preferences folder moved successfully.
C:\Documents and Settings\Tomaš\Data aplikací\Mozilla\Firefox\Profiles\ucoz3ie8.default\extensions\ffxtlbr@Facemoods.com\defaults folder moved successfully.
C:\Documents and Settings\Tomaš\Data aplikací\Mozilla\Firefox\Profiles\ucoz3ie8.default\extensions\ffxtlbr@Facemoods.com\content\preferences folder moved successfully.
C:\Documents and Settings\Tomaš\Data aplikací\Mozilla\Firefox\Profiles\ucoz3ie8.default\extensions\ffxtlbr@Facemoods.com\content\images\dropdownicons folder moved successfully.
C:\Documents and Settings\Tomaš\Data aplikací\Mozilla\Firefox\Profiles\ucoz3ie8.default\extensions\ffxtlbr@Facemoods.com\content\images folder moved successfully.
C:\Documents and Settings\Tomaš\Data aplikací\Mozilla\Firefox\Profiles\ucoz3ie8.default\extensions\ffxtlbr@Facemoods.com\content folder moved successfully.
C:\Documents and Settings\Tomaš\Data aplikací\Mozilla\Firefox\Profiles\ucoz3ie8.default\extensions\ffxtlbr@Facemoods.com\components folder moved successfully.
C:\Documents and Settings\Tomaš\Data aplikací\Mozilla\Firefox\Profiles\ucoz3ie8.default\extensions\ffxtlbr@Facemoods.com\chrome folder moved successfully.
C:\Documents and Settings\Tomaš\Data aplikací\Mozilla\Firefox\Profiles\ucoz3ie8.default\extensions\ffxtlbr@Facemoods.com folder moved successfully.
C:\Documents and Settings\Tomaš\Data aplikací\Mozilla\Firefox\Profiles\ucoz3ie8.default\extensions\toolbar@ask.com\searchplugins folder moved successfully.
C:\Documents and Settings\Tomaš\Data aplikací\Mozilla\Firefox\Profiles\ucoz3ie8.default\extensions\toolbar@ask.com\logs folder moved successfully.
C:\Documents and Settings\Tomaš\Data aplikací\Mozilla\Firefox\Profiles\ucoz3ie8.default\extensions\toolbar@ask.com\defaults\preferences folder moved successfully.
C:\Documents and Settings\Tomaš\Data aplikací\Mozilla\Firefox\Profiles\ucoz3ie8.default\extensions\toolbar@ask.com\defaults folder moved successfully.
C:\Documents and Settings\Tomaš\Data aplikací\Mozilla\Firefox\Profiles\ucoz3ie8.default\extensions\toolbar@ask.com\datastore folder moved successfully.
C:\Documents and Settings\Tomaš\Data aplikací\Mozilla\Firefox\Profiles\ucoz3ie8.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Wed-25-May-2011-13-52-58-GMT folder moved successfully.
C:\Documents and Settings\Tomaš\Data aplikací\Mozilla\Firefox\Profiles\ucoz3ie8.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Wed-16-Nov-2011-16-02-34-GMT folder moved successfully.
C:\Documents and Settings\Tomaš\Data aplikací\Mozilla\Firefox\Profiles\ucoz3ie8.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Tue-31-May-2011-16-10-09-GMT folder moved successfully.
C:\Documents and Settings\Tomaš\Data aplikací\Mozilla\Firefox\Profiles\ucoz3ie8.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Tue-17-Aug-2010-16-01-53-GMT folder moved successfully.
C:\Documents and Settings\Tomaš\Data aplikací\Mozilla\Firefox\Profiles\ucoz3ie8.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Tue-15-Nov-2011-15-58-16-GMT folder moved successfully.
C:\Documents and Settings\Tomaš\Data aplikací\Mozilla\Firefox\Profiles\ucoz3ie8.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Tue-06-Sep-2011-14-16-46-GMT folder moved successfully.
C:\Documents and Settings\Tomaš\Data aplikací\Mozilla\Firefox\Profiles\ucoz3ie8.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Thu-29-Dec-2011-17-06-58-GMT folder moved successfully.
C:\Documents and Settings\Tomaš\Data aplikací\Mozilla\Firefox\Profiles\ucoz3ie8.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Sat-30-Jul-2011-22-53-18-GMT folder moved successfully.
C:\Documents and Settings\Tomaš\Data aplikací\Mozilla\Firefox\Profiles\ucoz3ie8.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Sat-16-Oct-2010-13-09-49-GMT folder moved successfully.
C:\Documents and Settings\Tomaš\Data aplikací\Mozilla\Firefox\Profiles\ucoz3ie8.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Sat-02-Apr-2011-18-01-18-GMT folder moved successfully.
C:\Documents and Settings\Tomaš\Data aplikací\Mozilla\Firefox\Profiles\ucoz3ie8.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Mon-07-Nov-2011-17-46-01-GMT folder moved successfully.
C:\Documents and Settings\Tomaš\Data aplikací\Mozilla\Firefox\Profiles\ucoz3ie8.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Fri-23-Sep-2011-18-21-45-GMT folder moved successfully.
C:\Documents and Settings\Tomaš\Data aplikací\Mozilla\Firefox\Profiles\ucoz3ie8.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Fri-21-Jan-2011-23-00-45-GMT folder moved successfully.
C:\Documents and Settings\Tomaš\Data aplikací\Mozilla\Firefox\Profiles\ucoz3ie8.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Fri-20-Aug-2010-13-08-15-GMT folder moved successfully.
C:\Documents and Settings\Tomaš\Data aplikací\Mozilla\Firefox\Profiles\ucoz3ie8.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Fri-14-Jan-2011-17-01-12-GMT folder moved successfully.
C:\Documents and Settings\Tomaš\Data aplikací\Mozilla\Firefox\Profiles\ucoz3ie8.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Fri-13-Jan-2012-17-50-21-GMT folder moved successfully.
C:\Documents and Settings\Tomaš\Data aplikací\Mozilla\Firefox\Profiles\ucoz3ie8.default\extensions\toolbar@ask.com\chrome\temp folder moved successfully.
C:\Documents and Settings\Tomaš\Data aplikací\Mozilla\Firefox\Profiles\ucoz3ie8.default\extensions\toolbar@ask.com\chrome\skin folder moved successfully.
C:\Documents and Settings\Tomaš\Data aplikací\Mozilla\Firefox\Profiles\ucoz3ie8.default\extensions\toolbar@ask.com\chrome\content folder moved successfully.
C:\Documents and Settings\Tomaš\Data aplikací\Mozilla\Firefox\Profiles\ucoz3ie8.default\extensions\toolbar@ask.com\chrome folder moved successfully.
C:\Documents and Settings\Tomaš\Data aplikací\Mozilla\Firefox\Profiles\ucoz3ie8.default\extensions\toolbar@ask.com folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions folder moved successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-746137067-1606980848-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-746137067-1606980848-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
========== FILES ==========
File\Folder C:\WINDOWS\system32\*.tmp.dll not found.
File\Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\002653_.tmp moved successfully.
C:\WINDOWS\SET3.tmp moved successfully.
C:\WINDOWS\SET4.tmp moved successfully.
C:\WINDOWS\SET8.tmp moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP10.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP11F.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP192.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1E1.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP259.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP336.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP37.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3FC.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP4C.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP75.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP77.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPA.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPF1.tmp folder moved successfully.
C:\WINDOWS\Installer\MSI19.tmp moved successfully.
C:\WINDOWS\Installer\MSI1BA.tmp moved successfully.
C:\WINDOWS\Installer\MSI1D.tmp moved successfully.
C:\WINDOWS\Installer\MSI245.tmp moved successfully.
C:\WINDOWS\Installer\MSI62.tmp moved successfully.
C:\WINDOWS\Installer\MSI72.tmp moved successfully.
C:\WINDOWS\Installer\MSIB9.tmp moved successfully.
C:\WINDOWS\system32\CONFIG.TMP moved successfully.
C:\WINDOWS\system32\CatRoot\TMP1.tmp moved successfully.
C:\WINDOWS\system32\CatRoot\TMP5.tmp moved successfully.
C:\WINDOWS\System32\drivers\ppyzhwhs.sys moved successfully.
File\Folder C:\Documents and Settings\Tomaš\Data aplikací\Mozilla\Firefox\Profiles\ucoz3ie8.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe not found.
C:\Documents and Settings\Tomaš\Data aplikací\facemoods.com\facemoods folder moved successfully.
C:\Documents and Settings\Tomaš\Data aplikací\facemoods.com folder moved successfully.
C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job moved successfully.
C:\WINDOWS\System32\emptyregdb.dat moved successfully.
C:\Program Files\Ask.com\Updater folder moved successfully.
C:\Program Files\Ask.com\assets\oobe folder moved successfully.
C:\Program Files\Ask.com\assets folder moved successfully.
C:\Program Files\Ask.com folder moved successfully.
========== SERVICES/DRIVERS ==========
Error: No service named ppyzhwh was found to stop!
Service\Driver key ppyzhwh not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 49286 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes

User: Toma

User: Tomaš
->Temp folder emptied: 1010444 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 85880009 bytes
->Flash cache emptied: 574 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 483 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 83,00 mb

[EMPTYFLASH]

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: Toma

User: Tomaš
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 01292012_214534

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

VIRY.CZ

Zaslání logu

Re: Zaslání logu

Re: Zaslání logu

Re: Zaslání logu

Re: Zaslání logu

Re: Zaslání logu

Re: Zaslání logu

Re: Zaslání logu

Re: Zaslání logu

Re: Zaslání logu

Re: Zaslání logu

Re: Zaslání logu

Re: Zaslání logu

Re: Zaslání logu

Re: Zaslání logu

Re: Zaslání logu