Win32/Mebroot trojský kůň v operační paměti ve Win 7

Zpráva

#31 Příspěvek od **Caroprd111** » 14 čer 2010 22:49

Stahněte dr. Web CureIt http://www.viry.cz/forum/viewtopic.php?f=29&t=47721

Proveďte sken. Infekci, kterou program najde, nechejte léčit, mazat.
Soubor/Uložit výsledky - Uložte jako textový soubor, obsah textového souboru sem zkopírujte.

Pokračujte podle návodu http://www.viry.cz/forum/viewtopic.php?f=29&t=58179

Na výsledky se podívám zítra.

Tealc_EU · #32 Příspěvek od **Tealc_EU** » 15 čer 2010 09:40

Na tom zakladním testu DrWebu nic nenasel dal jsem delat ten kompletni a nechal jsem to dělat přes noc do ted (10:30) a nebyl jsem ani za polovinou testu. Bohuzel vytizeni procesoru bylo 100% takze bych nemohl nic delat a pocitac potrebuji pro praci, takz jsem to prerusil a dam to delat dnes odpoledne do zotrka do odpoledne, tak snad to bude hotove. Pak sem hodim ten log. Jinak problem je tam porad i pres ty drivejsi kroky :"-(

#33 Příspěvek od **Caroprd111** » 15 čer 2010 12:28

Tealc_EU · #34 Příspěvek od **Tealc_EU** » 15 čer 2010 13:41

Ten druhy test nejde udelat...dokoncit porad dokola se to restartuje a odstranuje nakazu ze stejneho mysta.

Log:

Autoscan: stopped 21 minutes ago (events: 15, objects: 10125, time: 00:35:07)
15.6.2010 12:13:07 Task started
15.6.2010 12:27:29 Detected: Trojan-Clicker.Win32.Cycler.ajsi C:\System Volume Information\Microsoft\services.exe
15.6.2010 12:28:06 Task stopped
15.6.2010 13:05:25 Task started
15.6.2010 13:05:29 Detected: Trojan-Clicker.Win32.Cycler.ajsi c:\System Volume Information\Microsoft\services.exe
15.6.2010 13:05:42 Task stopped
15.6.2010 13:11:07 Task started
15.6.2010 13:12:11 Detected: Trojan-Clicker.Win32.Cycler.ajsi C:\System Volume Information\Microsoft\smss.exe
15.6.2010 13:12:19 Task stopped
15.6.2010 13:29:45 Task started
15.6.2010 13:30:22 Detected: Trojan-Clicker.Win32.Cycler.ajsi c:\System Volume Information\Microsoft\services.exe
15.6.2010 13:31:46 Task stopped
15.6.2010 13:43:26 Task started
15.6.2010 13:44:10 Detected: Trojan-Clicker.Win32.Cycler.ajsi C:\System Volume Information\Microsoft\smss.exe
15.6.2010 14:18:34 Task stopped
Disinfect active threats: completed 2 hours ago (events: 6, objects: 5472, time: 00:04:25)
15.6.2010 12:28:05 Task started
15.6.2010 12:30:25 Detected: Trojan-Clicker.Win32.Cycler.ajsi C:\System Volume Information\Microsoft\services.exe
15.6.2010 12:30:42 Will be deleted on system restart: Trojan-Clicker.Win32.Cycler.ajsi C:\System Volume Information\Microsoft\services.exe
15.6.2010 12:30:42 Detected: Trojan-Clicker.Win32.Cycler.ajsi C:\System Volume Information\Microsoft\smss.exe
15.6.2010 12:30:42 Will be deleted on system restart: Trojan-Clicker.Win32.Cycler.ajsi C:\System Volume Information\Microsoft\smss.exe
15.6.2010 12:32:30 Task completed
Disinfect active threats: completed 1 hour ago (events: 10, objects: 6326, time: 00:04:56)
15.6.2010 12:41:03 Task started
15.6.2010 12:41:03 Detected: Trojan-Clicker.Win32.Cycler.ajsi C:\System Volume Information\Microsoft\services.exe
15.6.2010 12:41:22 Will be deleted on system restart: Trojan-Clicker.Win32.Cycler.ajsi C:\System Volume Information\Microsoft\services.exe
15.6.2010 12:41:42 Detected: Trojan-Clicker.Win32.Cycler.ajsi C:\System Volume Information\Microsoft\services.exe
15.6.2010 12:41:50 Detected: Trojan-Clicker.Win32.Cycler.ajsi C:\System Volume Information\Microsoft\smss.exe
15.6.2010 12:44:41 Detected: Trojan-Clicker.Win32.Cycler.ajsi C:\System Volume Information\Microsoft\services.exe
15.6.2010 12:44:45 Will be deleted on system restart: Trojan-Clicker.Win32.Cycler.ajsi C:\System Volume Information\Microsoft\services.exe
15.6.2010 12:44:45 Detected: Trojan-Clicker.Win32.Cycler.ajsi C:\System Volume Information\Microsoft\smss.exe
15.6.2010 12:44:47 Will be deleted on system restart: Trojan-Clicker.Win32.Cycler.ajsi C:\System Volume Information\Microsoft\smss.exe
15.6.2010 12:45:59 Task completed
Disinfect active threats: completed 1 hour ago (events: 7, objects: 6083, time: 00:04:38)
15.6.2010 12:54:42 Task started
15.6.2010 12:54:42 Detected: Trojan-Clicker.Win32.Cycler.ajsi C:\System Volume Information\Microsoft\smss.exe
15.6.2010 12:55:01 Will be deleted on system restart: Trojan-Clicker.Win32.Cycler.ajsi C:\System Volume Information\Microsoft\smss.exe
15.6.2010 12:55:36 Detected: Trojan-Clicker.Win32.Cycler.ajsi c:\System Volume Information\Microsoft\smss.exe
15.6.2010 12:57:01 Detected: Trojan-Clicker.Win32.Cycler.ajsi c:\System Volume Information\Microsoft\smss.exe
15.6.2010 12:58:26 Will be deleted on system restart: Trojan-Clicker.Win32.Cycler.ajsi c:\System Volume Information\Microsoft\smss.exe
15.6.2010 12:59:20 Task completed
Disinfect active threats: completed 1 hour ago (events: 6, objects: 6207, time: 00:02:32)
15.6.2010 13:05:41 Task started
15.6.2010 13:05:45 Detected: Trojan-Clicker.Win32.Cycler.ajsi c:\System Volume Information\Microsoft\services.exe
15.6.2010 13:06:05 Will be deleted on system restart: Trojan-Clicker.Win32.Cycler.ajsi c:\System Volume Information\Microsoft\services.exe
15.6.2010 13:07:47 Detected: Trojan-Clicker.Win32.Cycler.ajsi C:\System Volume Information\Microsoft\services.exe
15.6.2010 13:07:48 Will be deleted on system restart: Trojan-Clicker.Win32.Cycler.ajsi C:\System Volume Information\Microsoft\services.exe
15.6.2010 13:08:13 Task completed
Disinfect active threats: completed 1 hour ago (events: 6, objects: 5983, time: 00:02:22)
15.6.2010 13:12:19 Task started
15.6.2010 13:12:29 Detected: Trojan-Clicker.Win32.Cycler.ajsi C:\System Volume Information\Microsoft\smss.exe
15.6.2010 13:12:48 Will be deleted on system restart: Trojan-Clicker.Win32.Cycler.ajsi C:\System Volume Information\Microsoft\smss.exe
15.6.2010 13:14:18 Detected: Trojan-Clicker.Win32.Cycler.ajsi C:\System Volume Information\Microsoft\smss.exe
15.6.2010 13:14:20 Will be deleted on system restart: Trojan-Clicker.Win32.Cycler.ajsi C:\System Volume Information\Microsoft\smss.exe
15.6.2010 13:14:41 Task completed
Disinfect active threats: completed 1 hour ago (events: 11, objects: 6178, time: 00:03:28)
15.6.2010 13:20:20 Task started
15.6.2010 13:20:20 Detected: Trojan-Clicker.Win32.Cycler.ajsi C:\System Volume Information\Microsoft\smss.exe
15.6.2010 13:20:38 Will be deleted on system restart: Trojan-Clicker.Win32.Cycler.ajsi C:\System Volume Information\Microsoft\smss.exe
15.6.2010 13:20:43 Detected: Trojan-Clicker.Win32.Cycler.ajsi C:\System Volume Information\Microsoft\services.exe
15.6.2010 13:21:12 Will be deleted on system restart: Trojan-Clicker.Win32.Cycler.ajsi C:\System Volume Information\Microsoft\services.exe
15.6.2010 13:21:17 Detected: Trojan-Clicker.Win32.Cycler.ajsi c:\System Volume Information\Microsoft\smss.exe
15.6.2010 13:22:46 Detected: Trojan-Clicker.Win32.Cycler.ajsi c:\System Volume Information\Microsoft\services.exe
15.6.2010 13:23:00 Will be deleted on system restart: Trojan-Clicker.Win32.Cycler.ajsi c:\System Volume Information\Microsoft\services.exe
15.6.2010 13:23:00 Detected: Trojan-Clicker.Win32.Cycler.ajsi c:\System Volume Information\Microsoft\smss.exe
15.6.2010 13:23:02 Will be deleted on system restart: Trojan-Clicker.Win32.Cycler.ajsi c:\System Volume Information\Microsoft\smss.exe
15.6.2010 13:23:48 Task completed
Disinfect active threats: completed 1 hour ago (events: 8, objects: 6090, time: 00:02:35)
15.6.2010 13:31:46 Task started
15.6.2010 13:32:32 Detected: Trojan-Clicker.Win32.Cycler.ajsi c:\System Volume Information\Microsoft\services.exe
15.6.2010 13:32:39 Detected: Trojan-Clicker.Win32.Cycler.ajsi c:\System Volume Information\Microsoft\smss.exe
15.6.2010 13:33:54 Detected: Trojan-Clicker.Win32.Cycler.ajsi C:\System Volume Information\Microsoft\services.exe
15.6.2010 13:33:55 Will be deleted on system restart: Trojan-Clicker.Win32.Cycler.ajsi C:\System Volume Information\Microsoft\services.exe
15.6.2010 13:33:55 Detected: Trojan-Clicker.Win32.Cycler.ajsi C:\System Volume Information\Microsoft\smss.exe
15.6.2010 13:33:56 Will be deleted on system restart: Trojan-Clicker.Win32.Cycler.ajsi C:\System Volume Information\Microsoft\smss.exe
15.6.2010 13:34:21 Task completed
Disinfect active threats: completed 13 minutes ago (events: 5, objects: 10502, time: 00:07:33)
15.6.2010 14:18:34 Task started
15.6.2010 14:19:41 Detected: Trojan-Clicker.Win32.Cycler.ajsi C:\System Volume Information\Microsoft\smss.exe
15.6.2010 14:25:27 Detected: Trojan-Clicker.Win32.Cycler.ajsi C:\System Volume Information\Microsoft\smss.exe
15.6.2010 14:25:28 Will be deleted on system restart: Trojan-Clicker.Win32.Cycler.ajsi C:\System Volume Information\Microsoft\smss.exe
15.6.2010 14:26:07 Task completed

#35 Příspěvek od **Caroprd111** » 15 čer 2010 15:52

Odkud přesně odstraňuje nákazu

Tealc_EU · #36 Příspěvek od **Tealc_EU** » 15 čer 2010 19:13

Caroprd111 píše:Odkud přesně odstraňuje nákazu

Nejčastěji z c:\System Volume Information\Microsoft\smss.exe

v tom poslednim logu je to napsané. Vzdyckly po chvilce testovani se test zastavi a spusti se proces cisteni. Pote se PC restartuje a test zacina znovu z toho posledniho místa, vse se opakuje viz ten log.

Mozna jsem mel napsat že jde o ten program z bodu dva (Kaspersky ?)
"Pokračujte podle návodu viewtopic.php?f=29&t=58179 "

- Kompletni test DrWeb se děla prave ted na mem domacim PC ale neni tam uvedene ze se testuje pamet tak nevím. Pamet testoval ten prvni "rychlejsi" test a nic nenasel

Mimochodem co ten "brabrouk" v te operační paměti vlastně dělá ? Já jen aby se to nezhoršovalo každým restartem

#37 Příspěvek od **Caroprd111** » 15 čer 2010 19:17

Stáhněte OTL http://oldtimer.geekstogo.com/OTL.exe na plochu

Spusťte, poté do spodního políčka vložte následující skript.

Kód: Vybrat vše

 netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
autochk.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys 
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys 
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
tcpip.sys
cryptsvc.dll
Changer.sys
JakNDis.sys
isapnp.sys 
cdrom.sys 
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav 
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
CREATERESTOREPOINT

Označte položku Pro všechny uživatele.
Označte položky Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Klikněte na tlačítko Prohledat
Po dokončení, sem vložte logy OTL.Txt a Extras.txt

Tealc_EU · #38 Příspěvek od **Tealc_EU** » 15 čer 2010 19:23

To byla rychlost...omlouvam se doplnil jsem svoji predchozi zpravu ale byl jste priliz rychlí

Ted nejsem doma takze toto udelam az titra. Chci se zeptat, mam tedy dodelat ten ted bezici kompletni sken DrWeb a znovu zkouset toho Kasperskeho ?

#39 Příspěvek od **Caroprd111** » 15 čer 2010 19:26

Skeny pomocí těch programů můžete přerušit, teď potřebuji spíše log z OTL. Zhoršovat by se to nemělo.

Tealc_EU · #40 Příspěvek od **Tealc_EU** » 16 čer 2010 08:36

OTL:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-14 23:43:07
Windows 6.1.7600
Running: gmer.exe; Driver: C:\Users\Tealc\AppData\Local\Temp\pglcipod.sys

---- System - GMER 1.0.15 ----

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C1CAF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C1C104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C1C3F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C052D8
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C04898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C1C1DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C1C958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C1C6F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C1CF2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C1D1A8

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0x8E4D3AC6]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0x8E4D38EA]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0x8E4D3A24]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82C7C599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CA0F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
PAGE ntkrnlpa.exe!ZwLoadDriver 82DDA279 7 Bytes JMP 8E4D3A28 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 82E41FA7 5 Bytes JMP 8E4CF536 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObInsertObject + 27 82E5BCA7 5 Bytes JMP 8E4D0F28 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!NtCreateSection 82E69D23 7 Bytes JMP 8E4D38EE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 82F13EAA 7 Bytes JMP 8E4D3ACA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
.text peauth.sys 9B8D6C9D 28 Bytes [55, 2A, 36, 72, EF, CB, 33, ...]
.text peauth.sys 9B8D6CC1 28 Bytes [55, 2A, 36, 72, EF, CB, 33, ...]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Programy\Ochrana PC\ESET Smart Security\ekrn.exe[2160] kernel32.dll!SetUnhandledExceptionFilter 77473142 4 Bytes [C2, 04, 00, 00]
.text C:\Program Files\Mozilla Firefox\firefox.exe[4232] ntdll.dll!LdrLoadDll 77ADF585 5 Bytes JMP 013C13F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[1952] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74662494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1952] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74645624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1952] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [746456E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1952] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [7466250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1952] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74658573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1952] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74654D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1952] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [746550CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1952] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [746551A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1952] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [746566D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1952] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [746582CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1952] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74658819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1952] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7465907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1952] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7465E21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[1952] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74654C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \Driver\ACPI_HAL \Device\00000052 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0009dd5001d8
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0009dd5001d8@a007983155f1 0x61 0x71 0x77 0xA6 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Programy\Vypalovaci SW\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x89 0x5A 0x20 0x59 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x27 0x5E 0x15 0x93 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x2C 0x64 0x4E 0xED ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0009dd5001d8 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0009dd5001d8@a007983155f1 0x61 0x71 0x77 0xA6 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Programy\Vypalovaci SW\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x89 0x5A 0x20 0x59 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x27 0x5E 0x15 0x93 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x2C 0x64 0x4E 0xED ...

---- EOF - GMER 1.0.15 ----

Extras:

OTL Extras logfile created on: 16.6.2010 9:05:47 - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\Tealc\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 47,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 66,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 596,07 Gb Total Space | 462,41 Gb Free Space | 77,58% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TEALC-PC
Current User Name: Tealc
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1799825571-120127457-2417961916-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Programy\Internet\FlashGet\FlashGet3.exe" = C:\Program Files\Programy\Internet\FlashGet\FlashGet3.exe:*:Enabled:Flashget3 -- (Trend Media Corporation Limited)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Prostředí Windows XP Mode
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{18DB3375-0649-4EA3-959A-44F1ACD278BA}" = IncrediMail
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{42C8B7DF-FEB0-4D51-B169-506B6BEC5797}" = Nero 10 Menu TemplatePack 1
"{43FBAB46-5969-4200-9958-1FF81FEE506F}" = Nero 10 Movie ThemePack 1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F896DE0-EF26-11D5-BBEC-00D0B740900A}" = Multimedia keyboard driver
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{55DD0FA2-22F0-4071-AC9B-32FE70BBE37D}" = PhotoMail Maker
"{59354E6C-B36F-49EF-9419-D904B86C9C57}" = USB Cockpit
"{5F548A02-80BC-404D-BAE6-F05F9BF6B449}" = Nero DiscCopyGadget 10 Help (CHM)
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6E15BBA7-CFFD-4983-9189-C4D86D3DDD0C}_is1" = Smarty Uninstaller Pro
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{70F19404-B96C-4EBB-AD2B-3574F8736197}" = Nero 10 Movie ThemePack 2
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0015-0405-0000-0000000FF1CE}_OMUI.cs-cz_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}_OMUI.cs-cz_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0017-0405-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (Czech) 2007
"{90120000-0017-0405-0000-0000000FF1CE}_OMUI.cs-cz_{10545811-A0FE-4F20-AF19-7F85937E9E59}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}_OMUI.cs-cz_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}_OMUI.cs-cz_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}_OMUI.cs-cz_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}_OMUI.cs-cz_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}_OMUI.cs-cz_{294B4278-CF7B-40B9-86A1-2D3FF0C2C524}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.cs-cz_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.cs-cz_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-001F-041B-0000-0000000FF1CE}_OMUI.cs-cz_{10EC59E5-9BCE-4884-BB1A-E28627220232}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2007
"{90120000-0044-0405-0000-0000000FF1CE}_OMUI.cs-cz_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}_OMUI.cs-cz_{E12F9D31-4025-4BC6-B1B2-AB262C5580B0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}_OMUI.cs-cz_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2007
"{90120000-00BA-0405-0000-0000000FF1CE}_OMUI.cs-cz_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0100-0405-0000-0000000FF1CE}" = Microsoft Office O MUI (Czech) 2007
"{90120000-0100-0405-0000-0000000FF1CE}_OMUI.cs-cz_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0101-0405-0000-0000000FF1CE}" = Microsoft Office X MUI (Czech) 2007
"{90120000-0101-0405-0000-0000000FF1CE}_OMUI.cs-cz_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{92146419-AE44-4C8B-A48B-0ABB1B5EC026}" = Nero 10 Menu TemplatePack 3
"{92A10E9D-EA00-4A46-8F22-EEA660992D61}" = Nero 10 Sample Videos
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}" = Nero DiscCopy Gadget 10
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{96ED4B78-300E-4033-AE6C-C115CEB4DF07}" = Nero 10 ClipartPack
"{97F81AF1-0E47-DC99-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 ATL (x86) WinSXS MSM
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1029-4770-7760-000000000004}" = Adobe Acrobat 9 Pro - Czech, Hungarian, Polish, Slovak
"{AC76BA86-1029-4770-7760-000000000004}{AC76BA86-1029-4770-7760-000000000004}" = Adobe Acrobat 9 Pro - Czech, Hungarian, Polish, Slovak
"{ACD15FDF-FC42-4175-B477-576F92FF2256}" = Nero 10 Sample ImagePack
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BF6A2102-1833-43EF-B65F-AA331B44E105}" = Yamaha ATS-MA7-SMAF
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{DC754D8F-1D06-4016-BF57-8D21F97E1F0A}" = JunkFilterPlus
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E550F15F-1024-4FB6-8A76-5E9F77368B53}" = Nexus Radio
"{E712C273-7564-4C8E-AA59-0FA19BC35117}" = Nero 10 Menu TemplatePack 2
"{ECD03DA7-5952-406A-8156-5F0C93618D1F}" = MSI Star Cam 370i
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"8461-7759-5462-8226" = Vuze
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast5" = avast! Free Antivirus
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FlashGet 3.3" = FlashGet 3.3
"FormatFactory" = FormatFactory 2.30
"Formix SE_is1" = Formix SE - formuláře kanceláře
"GOM Player" = GOM Player
"HOLUX ezTour for Logger_HOLUX_DL" = HOLUX ezTour for Logger v1.02
"IncrediMail" = IncrediMail 2.0
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platforma Ovladače zařízení
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"JunkFilterPlus" = IncrediMail JunkFilter Plus
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MPEG2 Codec(libmpeg2/mad)" = MPEG2 Codec(libmpeg2/mad)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OMUI.cs-cz" = Microsoft Office Language Pack 2007 - Czech/èeština
"PC Translator" = PC Translator
"PhotoMail" = PhotoMail Maker
"Picasa 3" = Picasa 3
"Pošta & kancelář_is1" = Pošta & kancelář 2.6
"QuickStores-Toolbar_is1" = QuickStores-Toolbar 1.0.0
"SecondLifeViewer2" = SecondLifeViewer2 (remove only)
"Seznam DVD 2008_is1" = Seznam DVD 2008
"SLABCOMM&10C4&EA60" = Silicon Laboratories CP210x USB to UART Bridge (Driver Removal)
"SmartMaps Guide - Cykloturistický průvodce_is1" = SmartMaps Home verze 2.0.0.2
"SystemRequirementsLab" = System Requirements Lab
"Traktor Simulátor_is1" = Traktor Simulátor
"UK Truck Simulator" = UK Truck Simulator 1.02
"WinRAR archiver" = WinRAR
"ZonerPhotoStudio12_CZ_is1" = Zoner Photo Studio 12

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1799825571-120127457-2417961916-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 13.6.2010 16:21:03 | Computer Name = Tealc-PC | Source = SideBySide | ID = 16842815
Description = Generování kontextu aktivace pro c:\program files\Programy\Kancelar\seznam
dvd 2008\delzip179.dll se nezdařilo. Chyba v souboru manifestu nebo zásady c:\program
files\Programy\Kancelar\seznam dvd 2008\delzip179.dll na řádku 8. Hodnota * atributu
language v prvku assemblyIdentity je neplatná.

Error - 13.6.2010 16:21:52 | Computer Name = Tealc-PC | Source = SideBySide | ID = 16842815
Description = Generování kontextu aktivace pro c:\program files\Programy\ochrana
pc\spybot - search & destroy\DelZip179.dll se nezdařilo. Chyba v souboru manifestu
nebo zásady c:\program files\Programy\ochrana pc\spybot - search & destroy\DelZip179.dll
na řádku 8. Hodnota * atributu language v prvku assemblyIdentity je neplatná.

Error - 14.6.2010 4:52:20 | Computer Name = Tealc-PC | Source = SideBySide | ID = 16842815
Description = Generování kontextu aktivace pro c:\program files\Programy\Kancelar\seznam
dvd 2008\delzip179.dll se nezdařilo. Chyba v souboru manifestu nebo zásady c:\program
files\Programy\Kancelar\seznam dvd 2008\delzip179.dll na řádku 8. Hodnota * atributu
language v prvku assemblyIdentity je neplatná.

Error - 14.6.2010 4:52:52 | Computer Name = Tealc-PC | Source = SideBySide | ID = 16842815
Description = Generování kontextu aktivace pro c:\program files\Programy\ochrana
pc\spybot - search & destroy\DelZip179.dll se nezdařilo. Chyba v souboru manifestu
nebo zásady c:\program files\Programy\ochrana pc\spybot - search & destroy\DelZip179.dll
na řádku 8. Hodnota * atributu language v prvku assemblyIdentity je neplatná.

Error - 14.6.2010 14:10:07 | Computer Name = Tealc-PC | Source = Google Update | ID = 20
Description =

Error - 14.6.2010 17:19:31 | Computer Name = Tealc-PC | Source = VSS | ID = 8194
Description =

Error - 14.6.2010 18:17:00 | Computer Name = Tealc-PC | Source = Application Hang | ID = 1002
Description = Program lharrXP.exe verze 0.0.0.0 přestal spolupracovat se systémem
Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto
problému, vyhledejte historii problému v ovládacím panelu Centrum akcí. ID procesu:
16a4 Čas spuštění: 01cb0c0c51fc1940 Čas ukončení: 212 Cesta k aplikaci: C:\Users\Tealc\AppData\Local\Temp\RarSFX0\lharrXP.exe

ID
hlášení: 84a96d41-7802-11df-b518-002215bb86ee

Error - 15.6.2010 8:09:29 | Computer Name = Tealc-PC | Source = SideBySide | ID = 16842815
Description = Generování kontextu aktivace pro c:\program files\Programy\Kancelar\seznam
dvd 2008\delzip179.dll se nezdařilo. Chyba v souboru manifestu nebo zásady c:\program
files\Programy\Kancelar\seznam dvd 2008\delzip179.dll na řádku 8. Hodnota * atributu
language v prvku assemblyIdentity je neplatná.

Error - 15.6.2010 19:31:08 | Computer Name = Tealc-PC | Source = SideBySide | ID = 16842815
Description = Generování kontextu aktivace pro c:\program files\Programy\Kancelar\seznam
dvd 2008\delzip179.dll se nezdařilo. Chyba v souboru manifestu nebo zásady c:\program
files\Programy\Kancelar\seznam dvd 2008\delzip179.dll na řádku 8. Hodnota * atributu
language v prvku assemblyIdentity je neplatná.

Error - 15.6.2010 19:32:10 | Computer Name = Tealc-PC | Source = SideBySide | ID = 16842815
Description = Generování kontextu aktivace pro c:\program files\Programy\ochrana
pc\spybot - search & destroy\DelZip179.dll se nezdařilo. Chyba v souboru manifestu
nebo zásady c:\program files\Programy\ochrana pc\spybot - search & destroy\DelZip179.dll
na řádku 8. Hodnota * atributu language v prvku assemblyIdentity je neplatná.

[ System Events ]
Error - 16.6.2010 2:57:43 | Computer Name = Tealc-PC | Source = Service Control Manager | ID = 7016
Description = Služba NVIDIA Stereoscopic 3D Driver Service ohlásila neplatný současný
stav 0.

Error - 16.6.2010 2:59:06 | Computer Name = Tealc-PC | Source = Service Control Manager | ID = 7000
Description = Služba WinFast CX2388x WDM Video Capture. neuspěla při spuštění v
důsledku následující chyby: %%1058

Error - 16.6.2010 2:59:06 | Computer Name = Tealc-PC | Source = Application Popup | ID = 875
Description = Načtení ovladače CX88TUNE_IBV32.sys je blokováno.

Error - 16.6.2010 2:59:06 | Computer Name = Tealc-PC | Source = Service Control Manager | ID = 7000
Description = Služba Conexant 2388x Tuner neuspěla při spuštění v důsledku následující
chyby: %%1275

Error - 16.6.2010 3:05:05 | Computer Name = Tealc-PC | Source = Service Control Manager | ID = 7031
Description = Služba Zvuk systému Windows byla nečekaně ukončena. Stalo se to 1
krát. Následující opravná akce bude spuštěna za 60000 milisekund: Restartovat službu.

Error - 16.6.2010 3:05:05 | Computer Name = Tealc-PC | Source = Service Control Manager | ID = 7031
Description = Služba Klient DHCP byla nečekaně ukončena. Stalo se to 1 krát. Následující
opravná akce bude spuštěna za 120000 milisekund: Restartovat službu.

Error - 16.6.2010 3:05:05 | Computer Name = Tealc-PC | Source = Service Control Manager | ID = 7031
Description = Služba Protokol událostí systému Windows byla nečekaně ukončena. Stalo
se to 1 krát. Následující opravná akce bude spuštěna za 60000 milisekund: Restartovat
službu.

Error - 16.6.2010 3:05:05 | Computer Name = Tealc-PC | Source = Service Control Manager | ID = 7031
Description = Služba Zprostředkovatel domácích skupin byla nečekaně ukončena. Stalo
se to 1 krát. Následující opravná akce bude spuštěna za 60000 milisekund: Restartovat
službu.

Error - 16.6.2010 3:05:05 | Computer Name = Tealc-PC | Source = Service Control Manager | ID = 7031
Description = Služba Podpora rozhraní NetBIOS nad protokolem TCP/IP byla nečekaně
ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 100 milisekund:
Restartovat službu.

Error - 16.6.2010 3:05:05 | Computer Name = Tealc-PC | Source = Service Control Manager | ID = 7031
Description = Služba Centrum zabezpečení byla nečekaně ukončena. Stalo se to 1 krát.
Následující opravná akce bude spuštěna za 120000 milisekund: Restartovat službu.

< End of report >

#41 Příspěvek od **Caroprd111** » 16 čer 2010 12:17

Místo OTL jste sem zkopíroval log z Gmer. Potřebuji log OTL.txt

Tealc_EU · #42 Příspěvek od **Tealc_EU** » 17 čer 2010 08:21

Omlouvám se,
tady je: (musím to rozdělit na 2 časti, prý mnoho znaku)

OTL logfile created on: 16.6.2010 9:05:47 - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\Tealc\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 47,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 66,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 596,07 Gb Total Space | 462,41 Gb Free Space | 77,58% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TEALC-PC
Current User Name: Tealc
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - File not found -- C:\System Volume Information\Microsoft\smss.exe
PRC - File not found -- C:\System Volume Information\Microsoft\services.exe
PRC - [2010.06.16 09:04:34 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\Tealc\Desktop\OTL.exe
PRC - [2010.06.03 21:05:00 | 004,699,136 | ---- | M] (Egisca Corporation) -- C:\Program Files\Programy\Internet\Nexus Radio\Nexus Radio.exe
PRC - [2010.05.06 22:59:42 | 002,815,192 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010.05.06 22:59:38 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010.04.24 10:13:17 | 000,353,736 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\IncrediMail\Bin\IncMail.exe
PRC - [2010.04.24 10:13:17 | 000,247,240 | ---- | M] (IncrediMail, Ltd.) -- C:\Program Files\IncrediMail\Bin\ImApp.exe
PRC - [2010.04.03 16:59:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010.04.01 19:59:58 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010.03.25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe
PRC - [2009.12.23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files\Programy\Vypalovaci SW\Alcohol 120\StarWind\StarWindServiceAE.exe
PRC - [2009.12.22 10:48:32 | 002,127,408 | ---- | M] (Trend Media Corporation Limited) -- C:\Program Files\Programy\Internet\FlashGet\Flashget3.exe
PRC - [2009.12.17 18:43:24 | 000,116,056 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Programy\MT\Samsung PC Studio\NPSAgent.exe
PRC - [2009.12.17 18:42:54 | 000,238,952 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.08.28 17:43:14 | 001,486,848 | ---- | M] (VIA) -- C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.07.14 03:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sppsvc.exe
PRC - [2009.03.05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Programy\Ochrana PC\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009.02.27 12:14:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Programy\Uzitecny SW\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2009.02.26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Programy\Ochrana PC\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2007.03.30 17:44:20 | 000,262,144 | ---- | M] (SONIX) -- C:\Windows\tsnpstd3.exe
PRC - [2007.01.15 18:55:58 | 000,550,912 | ---- | M] () -- C:\Windows\mHotkey.exe
PRC - [2007.01.15 13:56:14 | 000,028,672 | ---- | M] (CHICONY) -- C:\Windows\OSDShow.exe
PRC - [2007.01.08 16:58:02 | 000,053,248 | ---- | M] (Chicony) -- C:\Windows\ModPS2Key.exe
PRC - [2006.09.18 14:12:12 | 000,843,776 | ---- | M] () -- C:\Windows\vsnpstd3.exe

========== Modules (SafeList) ==========

MOD - [2010.06.16 09:04:34 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\Tealc\Desktop\OTL.exe
MOD - [2009.07.14 03:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009.07.14 03:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009.07.14 03:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009.07.14 03:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009.07.14 03:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009.07.14 03:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009.07.14 03:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009.07.14 03:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009.07.14 03:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009.07.14 03:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009.07.14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2009.07.14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2010.05.21 03:01:01 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010.05.06 22:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010.05.06 22:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010.05.06 22:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010.04.26 21:20:33 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.04.03 16:59:00 | 000,240,232 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.03.25 14:39:22 | 000,490,280 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2009.12.23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files\Programy\Vypalovaci SW\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009.12.17 18:42:54 | 000,238,952 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2009.07.14 03:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009.07.14 03:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009.07.14 03:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009.07.14 03:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009.07.14 03:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009.07.14 03:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc) Protokol PNRP (Peer Name Resolution Protocol)
SRV - [2009.07.14 03:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009.07.14 03:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009.07.14 03:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.14 03:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009.07.14 03:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009.07.14 03:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009.07.14 03:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009.07.14 03:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009.07.14 03:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) Instalační program ovládacích prvků ActiveX (AxInstSV)
SRV - [2009.07.14 03:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009.07.14 03:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009.06.10 23:14:05 | 000,128,848 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Programy\Ochrana PC\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)

========== Driver Services (SafeList) ==========

DRV - [2010.06.14 23:19:46 | 000,697,328 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010.05.06 22:39:23 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010.05.06 22:39:00 | 000,164,048 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010.05.06 22:34:27 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010.05.06 22:34:10 | 000,051,792 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010.05.06 22:33:47 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010.04.04 00:55:31 | 011,573,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010.02.16 20:54:26 | 000,063,488 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\silabser.sys -- (silabser)
DRV - [2010.02.02 16:09:30 | 000,043,520 | ---- | M] (Silicon Laboratories, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\silabenm.sys -- (silabenm)
DRV - [2009.12.14 09:21:44 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009.12.11 09:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009.10.22 13:54:18 | 000,037,392 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\65090282.sys -- (65090282)
DRV - [2009.10.09 23:31:02 | 000,311,312 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\6509028.sys -- (setup_9.0.0.722_13.06.2010_11-39drv)
DRV - [2009.09.25 17:59:42 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\65090281.sys -- (65090281)
DRV - [2009.09.23 03:19:31 | 000,294,912 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2009.09.23 03:19:31 | 000,055,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2009.09.23 03:18:08 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2009.09.23 03:18:07 | 000,165,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2009.09.23 03:18:07 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpcuxd.sys -- (vpcuxd)
DRV - [2009.09.21 10:55:36 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2009.09.21 10:55:36 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV - [2009.09.21 10:55:36 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV - [2009.08.17 19:17:44 | 001,077,760 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2009.07.14 03:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009.07.14 03:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009.07.14 03:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009.07.14 03:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009.07.14 03:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009.07.14 03:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009.07.14 03:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009.07.14 03:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009.07.14 03:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009.07.14 03:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009.07.14 03:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009.07.14 03:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009.07.14 03:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009.07.14 03:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009.07.14 03:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009.07.14 03:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009.07.14 03:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009.07.14 03:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009.07.14 03:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009.07.14 03:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009.07.14 03:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009.07.14 03:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009.07.14 03:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009.07.14 03:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009.07.14 03:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009.07.14 03:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 03:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.07.14 03:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009.07.14 03:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009.07.14 03:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009.07.14 03:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009.07.14 03:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009.07.14 03:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009.07.14 03:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009.07.14 03:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009.07.14 03:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009.07.14 02:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009.07.14 02:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009.07.14 02:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009.07.14 01:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009.07.14 01:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009.07.14 01:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009.07.14 01:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009.07.14 01:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV - [2009.07.14 01:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009.07.14 01:51:23 | 000,080,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) Ovladač zvuků USB (WDM)
DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.07.14 01:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009.07.14 01:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009.07.14 01:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009.07.14 01:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009.07.14 01:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009.07.14 01:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009.07.14 01:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009.07.14 01:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009.07.14 01:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009.07.14 00:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 00:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009.07.14 00:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009.07.14 00:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009.07.14 00:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009.07.14 00:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009.07.14 00:02:52 | 000,347,264 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009.07.14 00:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009.07.14 00:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009.07.14 00:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2007.04.03 19:25:08 | 010,246,144 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3)
DRV - [2006.11.02 13:00:28 | 000,017,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\cx88tune_IBV32.sys -- (CXTUNE)
DRV - [2005.08.11 07:13:00 | 000,163,584 | ---- | M] (Leadtek Research Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\cx88vid.sys -- (CX23880)
DRV - [2004.08.13 09:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1799825571-120127457-2417961916-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
IE - HKU\S-1-5-21-1799825571-120127457-2417961916-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.cz/
IE - HKU\S-1-5-21-1799825571-120127457-2417961916-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = cs
IE - HKU\S-1-5-21-1799825571-120127457-2417961916-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 50 85 F4 05 45 EC CA 01 [binary data]
IE - HKU\S-1-5-21-1799825571-120127457-2417961916-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Search the Web"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.cz/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {003D3EDC-99B9-4a34-9C20-60CB94F7E829}:2010.25.36
FF - prefs.js..extensions.enabledItems: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}:1.0
FF - prefs.js..extensions.enabledItems: nelinka@shabbi.cz:1.3.4
FF - prefs.js..extensions.enabledItems: quickstores@quickstores.de:1.0.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.5.8.6
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:3.6.3
FF - prefs.js..extensions.enabledItems: {afe43e80-0abc-4df2-81a0-3fe44b74abe8}:1.300.306
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.9
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.10.2
FF - prefs.js..keyword.URL: "http://ws.infospace.com/coolchaser_game ... 60531&qkw="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.24 22:01:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.06.03 08:55:55 | 000,000,000 | ---D | M]

[2010.04.24 08:50:00 | 000,000,000 | ---D | M] -- C:\Users\Tealc\AppData\Roaming\Mozilla\Extensions
[2010.06.16 09:03:37 | 000,000,000 | ---D | M] -- C:\Users\Tealc\AppData\Roaming\Mozilla\Firefox\Profiles\k9bv29fl.default\extensions
[2010.04.28 09:51:52 | 000,000,000 | ---D | M] (WebTran) -- C:\Users\Tealc\AppData\Roaming\Mozilla\Firefox\Profiles\k9bv29fl.default\extensions\{003D3EDC-99B9-4a34-9C20-60CB94F7E829}
[2010.05.29 17:09:44 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\Tealc\AppData\Roaming\Mozilla\Firefox\Profiles\k9bv29fl.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2010.05.20 22:47:29 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Users\Tealc\AppData\Roaming\Mozilla\Firefox\Profiles\k9bv29fl.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2010.05.24 11:54:50 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\Tealc\AppData\Roaming\Mozilla\Firefox\Profiles\k9bv29fl.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2010.06.02 22:55:14 | 000,000,000 | ---D | M] (FireFTP) -- C:\Users\Tealc\AppData\Roaming\Mozilla\Firefox\Profiles\k9bv29fl.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010.05.28 22:13:05 | 000,000,000 | ---D | M] (Gamers Unite! Snag Bar) -- C:\Users\Tealc\AppData\Roaming\Mozilla\Firefox\Profiles\k9bv29fl.default\extensions\{afe43e80-0abc-4df2-81a0-3fe44b74abe8}
[2010.04.28 10:06:56 | 000,000,000 | ---D | M] (flashget3 Extension) -- C:\Users\Tealc\AppData\Roaming\Mozilla\Firefox\Profiles\k9bv29fl.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}
[2010.05.02 13:21:37 | 000,000,000 | ---D | M] -- C:\Users\Tealc\AppData\Roaming\Mozilla\Firefox\Profiles\k9bv29fl.default\extensions\nelinka@shabbi.cz
[2010.06.07 13:21:44 | 000,001,751 | ---- | M] () -- C:\Users\Tealc\AppData\Roaming\Mozilla\Firefox\Profiles\k9bv29fl.default\searchplugins\search-the-web.xml
[2010.06.14 23:01:15 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.05.13 14:46:06 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.04.24 09:28:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.05.09 19:21:39 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\quickstores@quickstores.de
[2010.04.24 09:28:24 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.04.01 18:51:34 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.04.01 18:51:34 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.04.01 18:51:34 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.04.01 18:51:34 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.04.01 18:51:34 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2010.06.14 21:03:39 | 000,000,808 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (WebTransBHO Class) - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\ProgramData\LangSoft\WebIE.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Programy\Ochrana PC\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Tealc\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll (Trend Media Group)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (WebTranslator) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\ProgramData\LangSoft\WebIE.dll ()
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-1799825571-120127457-2417961916-1001\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Programy\Uzitecny SW\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Programy\Uzitecny SW\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [CHotkey] C:\Windows\mHotkey.exe ()
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [ShowOSD] C:\Windows\OSDShow.exe (CHICONY)
O4 - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe ()
O4 - HKLM..\Run: [tsnpstd3] C:\Windows\tsnpstd3.exe (SONIX)
O4 - HKU\S-1-5-21-1799825571-120127457-2417961916-1001..\Run: [AutoStartNPSAgent] C:\Program Files\Programy\MT\Samsung PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKU\S-1-5-21-1799825571-120127457-2417961916-1001..\Run: [FlashGet 3] C:\Program Files\Programy\Internet\FlashGet\Flashget3.exe (Trend Media Corporation Limited)
O4 - HKU\S-1-5-21-1799825571-120127457-2417961916-1001..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
O4 - HKU\S-1-5-21-1799825571-120127457-2417961916-1001..\Run: [Nektra OEAPI] File not found
O4 - HKU\S-1-5-21-1799825571-120127457-2417961916-1001..\Run: [Nexus Radio] C:\Program Files\Programy\Internet\Nexus Radio\Nexus Radio.exe (Egisca Corporation)
O4 - HKU\S-1-5-21-1799825571-120127457-2417961916-1001..\Run: [OEXPRESS] File not found
O4 - HKU\S-1-5-21-1799825571-120127457-2417961916-1001..\Run: [SpybotSD TeaTimer] C:\Program Files\Programy\Ochrana PC\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-1799825571-120127457-2417961916-1001..\Run: [WEBTRAN] File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Tealc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_13.06.2010_11-39.lnk = C:\Users\Tealc\Desktop\Virus Removal Tool\setup_9.0.0.722_13.06.2010_11-39\startup.exe ()
O4 - Startup: C:\Users\Tealc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\Bin\resources\WebMenuImg.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Download all by FlashGet3 - C:\Users\Tealc\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O8 - Extra context menu item: Download by FlashGet3 - C:\Users\Tealc\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Převést do Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Připojit cíl vazby k existujícímu PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Připojit k existujícímu PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Stahnou vse FlashGet3 - C:\Users\Tealc\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O8 - Extra context menu item: Stahnout FlashGet3 - C:\Users\Tealc\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: 使用快车3下载 - C:\Users\Tealc\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: 使用快车3下载全部链接 - C:\Users\Tealc\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\Programy\Internet\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\Programy\Internet\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\ProgramData\LangSoft\WebIE.dll ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll ()
O9 - Extra 'Tools' menuitem : &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll ()
O9 - Extra 'Tools' menuitem : Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll ()
O9 - Extra 'Tools' menuitem : Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Programy\Ochrana PC\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1799825571-120127457-2417961916-1001\..Trusted Domains: kuaiche.com ([software] http in Trusted sites)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDow ... ab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.46.172.36 213.46.172.37
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2009.07.14 04:37:08 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

Drivers32: msacm.divxa32 - C:\Windows\System32\msaud32_divx.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

Tealc_EU · #43 Příspěvek od **Tealc_EU** » 17 čer 2010 08:22

2 část:

========== Files/Folders - Created Within 30 Days ==========

[2010.06.16 09:04:07 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Users\Tealc\Desktop\OTL.exe
[2010.06.15 13:01:29 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%USERPROFILE%
[2010.06.15 12:10:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2010.06.15 12:08:56 | 000,037,392 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\65090282.sys
[2010.06.15 12:08:55 | 000,311,312 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\6509028.sys
[2010.06.15 12:08:55 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\65090281.sys
[2010.06.15 12:08:53 | 000,000,000 | ---D | C] -- C:\Users\Tealc\Desktop\Virus Removal Tool
[2010.06.15 00:11:24 | 074,128,560 | ---- | C] ( ) -- C:\Users\Tealc\Desktop\setup_9.0.0.722_13.06.2010_11-39.exe
[2010.06.14 23:23:10 | 000,000,000 | ---D | C] -- C:\Users\Tealc\Desktop\gmer
[2010.06.14 23:19:46 | 000,697,328 | ---- | C] (Duplex Secure Ltd.) -- C:\Windows\System32\drivers\sptd.sys
[2010.06.14 23:16:40 | 000,882,672 | ---- | C] (Duplex Secure Ltd.) -- C:\Users\Tealc\Desktop\SPTDinst-v169-x86.exe
[2010.06.14 22:40:18 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010.06.14 22:40:17 | 000,164,048 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010.06.14 22:40:16 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010.06.14 22:40:14 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010.06.14 22:40:06 | 000,051,792 | ---- | C] (ALWIL Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010.06.14 22:39:44 | 000,165,032 | ---- | C] (ALWIL Software) -- C:\Windows\System32\aswBoot.exe
[2010.06.14 22:39:44 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\Windows\System32\avastSS.scr
[2010.06.14 22:39:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010.06.14 22:39:40 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010.06.14 21:58:30 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010.06.14 21:58:20 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010.06.14 21:57:13 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.06.14 21:20:17 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.06.14 21:20:16 | 000,000,000 | ---D | C] -- C:\rsit
[2010.06.14 19:51:26 | 001,304,576 | ---- | C] (Norman ASA) -- C:\Users\Tealc\Desktop\Norman_Sinowal_Cleaner.exe
[2010.06.14 19:14:03 | 000,000,000 | ---D | C] -- C:\Users\Tealc\DoctorWeb
[2010.06.14 13:16:22 | 000,000,000 | ---D | C] -- C:\Users\Tealc\Desktop\Irishs Folks Bands
[2010.06.14 13:15:57 | 000,000,000 | ---D | C] -- C:\Users\Tealc\Desktop\Fotky
[2010.06.13 20:46:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010.06.13 19:56:14 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2010.06.12 10:28:56 | 000,544,768 | ---- | C] (ComponentOne) -- C:\Windows\System32\vsflex8n.ocx
[2010.06.12 10:28:53 | 000,000,000 | ---D | C] -- C:\Program Files\Yamaha
[2010.06.12 10:19:36 | 000,000,000 | ---D | C] -- C:\Users\Tealc\AppData\Roaming\Thinstall
[2010.06.12 10:00:20 | 000,000,000 | ---D | C] -- C:\Ringtone
[2010.06.12 09:59:18 | 000,000,000 | ---D | C] -- C:\Zabava\Osobni slozka\RingTones
[2010.06.12 09:59:18 | 000,000,000 | ---D | C] -- C:\Users\Tealc\AppData\Roaming\Ringtone
[2010.06.11 10:19:53 | 000,000,000 | ---D | C] -- C:\Users\Tealc\Desktop\GPSport245_FW_V105 update time zone
[2010.06.09 18:08:10 | 000,000,000 | ---D | C] -- C:\Zabava\Osobni slozka\GPS Holux
[2010.06.09 17:58:09 | 000,000,000 | ---D | C] -- C:\Zabava\Osobni slozka\ezTour_Workspace
[2010.06.09 17:57:20 | 000,000,000 | ---D | C] -- C:\Program Files\Silabs
[2010.06.09 17:56:47 | 000,000,000 | ---D | C] -- C:\Windows\System32\Silabs
[2010.06.09 09:49:03 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.06.09 09:49:00 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.06.09 09:48:59 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.06.09 09:48:57 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.06.09 09:48:55 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2010.06.09 09:48:54 | 002,326,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.06.09 09:48:23 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010.06.09 09:48:22 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010.06.05 11:08:27 | 000,000,000 | ---D | C] -- C:\Program Files\Nexus Radio
[2010.06.05 11:08:27 | 000,000,000 | ---D | C] -- C:\My Saved Files
[2010.06.05 11:08:27 | 000,000,000 | ---D | C] -- C:\My Recorded Files
[2010.06.05 11:08:27 | 000,000,000 | ---D | C] -- C:\My Plugins
[2010.06.05 09:30:46 | 000,000,000 | ---D | C] -- C:\Users\Tealc\SystemRequirementsLab
[2010.06.03 12:39:59 | 000,000,000 | ---D | C] -- C:\Users\Tealc\Desktop\GPSport 245 V2.00 FW EN
[2010.06.02 11:21:09 | 000,000,000 | ---D | C] -- C:\Program Files\GNU
[2010.05.27 11:55:00 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2010.05.26 20:40:34 | 000,000,000 | ---D | C] -- C:\Users\Tealc\AppData\Roaming\SecondLife
[2010.05.26 20:40:34 | 000,000,000 | ---D | C] -- C:\Users\Tealc\AppData\Local\SecondLife
[2010.05.26 09:30:59 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.05.25 14:04:57 | 000,000,000 | ---D | C] -- C:\Users\Tealc\AppData\Local\Google
[2010.05.25 13:08:39 | 000,012,160 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bwhnt.sys
[2010.05.25 13:08:39 | 000,012,160 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bwh.sys
[2010.05.25 13:08:38 | 000,121,856 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bmdm.sys
[2010.05.25 13:08:38 | 000,014,976 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bmdfl.sys
[2010.05.25 13:08:37 | 000,090,112 | ---- | C] (MCCI) -- C:\Windows\System32\drivers\ss_bbus.sys
[2010.05.25 13:08:37 | 000,012,160 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bcmnt.sys
[2010.05.25 13:08:37 | 000,012,160 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\ss_bcm.sys
[2010.05.25 13:06:06 | 000,000,000 | ---D | C] -- C:\Program Files\SAMSUNG
[2010.05.25 13:06:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2010.05.25 13:05:14 | 000,238,952 | ---- | C] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
[2010.05.25 13:05:01 | 000,000,000 | ---D | C] -- C:\Users\Tealc\AppData\Roaming\Samsung
[2010.05.25 13:04:22 | 000,000,000 | ---D | C] -- C:\Program Files\MarkAny
[2010.05.25 12:51:31 | 000,000,000 | ---D | C] -- C:\Users\Tealc\AppData\Local\Downloaded Installations
[2010.05.21 15:55:08 | 000,000,000 | ---D | C] -- C:\Zabava\Osobni slozka\Nero
[2010.05.21 03:01:03 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat
[2010.05.13 16:08:06 | 000,172,032 | ---- | C] ( ) -- C:\Windows\System32\rsnpstd3.dll
[2010.05.13 16:08:06 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd3.dll
[2010.05.13 16:08:05 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnpstd3.dll
[2010.05.13 16:08:05 | 000,053,248 | ---- | C] ( ) -- C:\Windows\csnpstd3.dll

========== Files - Modified Within 30 Days ==========

[2010.06.16 09:06:19 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.06.16 09:06:19 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.06.16 09:04:34 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Users\Tealc\Desktop\OTL.exe
[2010.06.16 08:59:06 | 000,000,934 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.06.16 08:58:57 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.06.16 08:58:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.06.16 08:58:42 | 1610,059,776 | -HS- | M] () -- C:\hiberfil.sys
[2010.06.16 08:57:36 | 005,767,168 | -HS- | M] () -- C:\Users\Tealc\NTUSER.DAT
[2010.06.16 08:57:21 | 001,300,436 | -H-- | M] () -- C:\Users\Tealc\AppData\Local\IconCache.db
[2010.06.16 08:41:00 | 000,000,938 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.06.16 08:15:00 | 000,000,962 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1799825571-120127457-2417961916-1001UA.job
[2010.06.15 22:15:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1799825571-120127457-2417961916-1001Core.job
[2010.06.15 12:10:40 | 000,002,243 | ---- | M] () -- C:\Users\Tealc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_13.06.2010_11-39.lnk
[2010.06.15 00:14:57 | 074,128,560 | ---- | M] ( ) -- C:\Users\Tealc\Desktop\setup_9.0.0.722_13.06.2010_11-39.exe
[2010.06.14 23:54:19 | 044,280,760 | ---- | M] () -- C:\Users\Tealc\Desktop\cureit.exe
[2010.06.14 23:24:45 | 000,000,224 | ---- | M] () -- C:\Users\Tealc\defogger_reenable
[2010.06.14 23:19:46 | 000,697,328 | ---- | M] (Duplex Secure Ltd.) -- C:\Windows\System32\drivers\sptd.sys
[2010.06.14 23:19:01 | 000,000,674 | ---- | M] () -- C:\Zabava\Osobni slozka\ax_files.xml
[2010.06.14 23:18:14 | 000,284,915 | ---- | M] () -- C:\Users\Tealc\Desktop\gmer.zip
[2010.06.14 23:16:53 | 000,050,477 | ---- | M] () -- C:\Users\Tealc\Desktop\Defogger.exe
[2010.06.14 23:16:41 | 000,882,672 | ---- | M] (Duplex Secure Ltd.) -- C:\Users\Tealc\Desktop\SPTDinst-v169-x86.exe
[2010.06.14 23:10:19 | 000,077,312 | ---- | M] () -- C:\Users\Tealc\Desktop\mbr.exe
[2010.06.14 22:40:18 | 000,002,005 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010.06.14 22:40:06 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010.06.14 22:38:42 | 051,731,232 | ---- | M] () -- C:\Users\Tealc\Desktop\setup_av_free.exe
[2010.06.14 21:35:07 | 000,451,584 | ---- | M] () -- C:\Users\Tealc\Desktop\CKScanner.exe
[2010.06.14 21:33:28 | 003,707,714 | R--- | M] () -- C:\Users\Tealc\Desktop\ComboFix.exe
[2010.06.14 21:19:24 | 000,824,681 | ---- | M] () -- C:\Users\Tealc\Desktop\RSIT.exe
[2010.06.14 21:03:39 | 000,000,808 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010.06.14 19:51:30 | 001,304,576 | ---- | M] (Norman ASA) -- C:\Users\Tealc\Desktop\Norman_Sinowal_Cleaner.exe
[2010.06.14 19:13:18 | 044,270,640 | ---- | M] () -- C:\Users\Tealc\Desktop\62r52slp.exe
[2010.06.14 18:29:56 | 000,128,000 | ---- | M] () -- C:\Users\Tealc\Desktop\fixmebroot.exe
[2010.06.14 13:17:38 | 000,610,434 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.06.14 13:17:38 | 000,104,752 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.06.14 13:17:37 | 001,454,258 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.06.14 13:17:37 | 000,627,448 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2010.06.14 13:17:37 | 000,120,518 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2010.06.14 00:45:45 | 000,056,892 | ---- | M] () -- C:\Zabava\Osobni slozka\Reklamace GPSky.docx
[2010.06.13 20:46:20 | 000,001,514 | ---- | M] () -- C:\Users\Tealc\Desktop\Spybot - Search & Destroy (for blind users).lnk
[2010.06.13 20:46:20 | 000,001,492 | ---- | M] () -- C:\Users\Tealc\Desktop\Spybot - Search & Destroy.lnk
[2010.06.12 10:28:53 | 000,001,882 | ---- | M] () -- C:\Users\Public\Desktop\ATS-MA7-SMAF.lnk
[2010.06.12 00:56:28 | 000,022,528 | ---- | M] () -- C:\Users\Tealc\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.09 18:16:35 | 000,001,255 | ---- | M] () -- C:\Users\Tealc\Desktop\SmartMaps Home.lnk
[2010.06.09 18:00:49 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_silabser_01009.Wdf
[2010.06.09 17:56:08 | 000,001,152 | ---- | M] () -- C:\Users\Public\Desktop\HOLUX ezTour for Logger.lnk
[2010.06.09 09:57:55 | 000,414,304 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.06.05 11:08:41 | 000,002,165 | ---- | M] () -- C:\Users\Public\Desktop\Nexus Radio.lnk
[2010.06.03 14:00:20 | 000,000,129 | ---- | M] () -- C:\Users\Tealc\Desktop\Nový zástupce internetové adresy.url
[2010.05.27 13:08:47 | 000,000,156 | ---- | M] () -- C:\Users\Tealc\Desktop\Forum.url
[2010.05.27 12:38:11 | 000,002,242 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010.05.27 12:11:07 | 000,000,037 | -H-- | M] () -- C:\Zabava\Osobni slozka\.picasa.ini
[2010.05.27 11:09:22 | 000,000,675 | ---- | M] () -- C:\Users\Tealc\Desktop\Zabava.lnk
[2010.05.27 09:24:13 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010.05.27 05:49:37 | 000,293,888 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010.05.26 21:48:04 | 000,001,352 | ---- | M] () -- C:\Users\Public\Desktop\Second Life Viewer 2.lnk
[2010.05.26 20:38:58 | 024,099,296 | ---- | M] () -- C:\Users\Tealc\Desktop\Second_Life_2-0-1-203797_Setup.exe
[2010.05.25 13:37:56 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010.05.25 13:04:28 | 000,002,180 | ---- | M] () -- C:\Users\Public\Desktop\Samsung New PC Studio.lnk
[2010.05.21 14:14:28 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010.05.21 07:14:50 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.05.20 17:42:21 | 000,010,327 | ---- | M] () -- C:\Users\Tealc\Desktop\ČERNÁ.docx

========== Files Created - No Company Name ==========

[2010.06.15 12:10:40 | 000,002,243 | ---- | C] () -- C:\Users\Tealc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_13.06.2010_11-39.lnk
[2010.06.14 23:54:06 | 044,280,760 | ---- | C] () -- C:\Users\Tealc\Desktop\cureit.exe
[2010.06.14 23:24:22 | 000,000,224 | ---- | C] () -- C:\Users\Tealc\defogger_reenable
[2010.06.14 23:23:11 | 000,293,376 | ---- | C] () -- C:\Users\Tealc\Desktop\gmer.exe
[2010.06.14 23:18:13 | 000,284,915 | ---- | C] () -- C:\Users\Tealc\Desktop\gmer.zip
[2010.06.14 23:16:53 | 000,050,477 | ---- | C] () -- C:\Users\Tealc\Desktop\Defogger.exe
[2010.06.14 23:10:18 | 000,077,312 | ---- | C] () -- C:\Users\Tealc\Desktop\mbr.exe
[2010.06.14 22:40:18 | 000,002,005 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010.06.14 22:38:24 | 051,731,232 | ---- | C] () -- C:\Users\Tealc\Desktop\setup_av_free.exe
[2010.06.14 21:35:06 | 000,451,584 | ---- | C] () -- C:\Users\Tealc\Desktop\CKScanner.exe
[2010.06.14 21:32:33 | 003,707,714 | R--- | C] () -- C:\Users\Tealc\Desktop\ComboFix.exe
[2010.06.14 21:19:17 | 000,824,681 | ---- | C] () -- C:\Users\Tealc\Desktop\RSIT.exe
[2010.06.14 19:12:13 | 044,270,640 | ---- | C] () -- C:\Users\Tealc\Desktop\62r52slp.exe
[2010.06.14 18:29:55 | 000,128,000 | ---- | C] () -- C:\Users\Tealc\Desktop\fixmebroot.exe
[2010.06.14 00:29:46 | 000,056,892 | ---- | C] () -- C:\Zabava\Osobni slozka\Reklamace GPSky.docx
[2010.06.13 20:46:20 | 000,001,514 | ---- | C] () -- C:\Users\Tealc\Desktop\Spybot - Search & Destroy (for blind users).lnk
[2010.06.13 20:46:20 | 000,001,492 | ---- | C] () -- C:\Users\Tealc\Desktop\Spybot - Search & Destroy.lnk
[2010.06.12 10:28:53 | 000,001,882 | ---- | C] () -- C:\Users\Public\Desktop\ATS-MA7-SMAF.lnk
[2010.06.09 18:16:35 | 000,001,255 | ---- | C] () -- C:\Users\Tealc\Desktop\SmartMaps Home.lnk
[2010.06.09 18:11:54 | 001,268,736 | ---- | C] () -- C:\Windows\System32\plroutingdll.dll
[2010.06.09 18:11:54 | 000,561,664 | ---- | C] () -- C:\Windows\System32\plplacesystemdll.dll
[2010.06.09 18:11:54 | 000,065,536 | ---- | C] () -- C:\Windows\System32\psslib.dll
[2010.06.09 18:00:49 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_silabser_01009.Wdf
[2010.06.09 17:56:08 | 000,001,152 | ---- | C] () -- C:\Users\Public\Desktop\HOLUX ezTour for Logger.lnk
[2010.06.05 11:08:41 | 000,002,165 | ---- | C] () -- C:\Users\Public\Desktop\Nexus Radio.lnk
[2010.06.03 14:00:15 | 000,000,129 | ---- | C] () -- C:\Users\Tealc\Desktop\Nový zástupce internetové adresy.url
[2010.05.27 13:08:37 | 000,000,156 | ---- | C] () -- C:\Users\Tealc\Desktop\Forum.url
[2010.05.27 12:38:11 | 000,002,242 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010.05.27 12:36:15 | 000,000,938 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.05.27 12:36:13 | 000,000,934 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.05.27 12:11:07 | 000,000,037 | -H-- | C] () -- C:\Zabava\Osobni slozka\.picasa.ini
[2010.05.27 11:09:22 | 000,000,675 | ---- | C] () -- C:\Users\Tealc\Desktop\Zabava.lnk
[2010.05.26 20:40:30 | 000,001,352 | ---- | C] () -- C:\Users\Public\Desktop\Second Life Viewer 2.lnk
[2010.05.26 20:38:12 | 024,099,296 | ---- | C] () -- C:\Users\Tealc\Desktop\Second_Life_2-0-1-203797_Setup.exe
[2010.05.25 14:05:10 | 000,000,962 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1799825571-120127457-2417961916-1001UA.job
[2010.05.25 14:05:09 | 000,000,910 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1799825571-120127457-2417961916-1001Core.job
[2010.05.25 13:37:56 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010.05.25 13:05:14 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010.05.25 13:05:14 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010.05.25 13:04:28 | 000,002,180 | ---- | C] () -- C:\Users\Public\Desktop\Samsung New PC Studio.lnk
[2010.05.20 17:42:20 | 000,010,327 | ---- | C] () -- C:\Users\Tealc\Desktop\ČERNÁ.docx
[2010.05.13 16:08:11 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini
[2010.04.28 12:10:55 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010.04.28 09:59:22 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2010.04.27 19:09:33 | 000,000,071 | ---- | C] () -- C:\Windows\WTRDCTM.INI
[2010.04.27 12:38:54 | 000,011,136 | ---- | C] () -- C:\Windows\mhotkey_reg.ini
[2010.04.27 12:38:51 | 000,294,912 | ---- | C] () -- C:\Windows\PIC.dll
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2007.10.25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2005.06.18 17:00:52 | 000,070,018 | ---- | C] () -- C:\Windows\System32\akrip32.dll
[2004.08.13 09:56:20 | 000,005,810 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys

========== LOP Check ==========

[2010.06.03 16:48:16 | 000,000,000 | ---D | M] -- C:\Users\Tealc\AppData\Roaming\Azureus
[2010.06.15 14:27:42 | 000,000,000 | ---D | M] -- C:\Users\Tealc\AppData\Roaming\BITS
[2010.04.28 09:59:06 | 000,000,000 | ---D | M] -- C:\Users\Tealc\AppData\Roaming\FlashGet
[2010.04.28 09:59:00 | 000,000,000 | ---D | M] -- C:\Users\Tealc\AppData\Roaming\FlashGetBHO
[2010.06.12 04:57:43 | 000,000,000 | ---D | M] -- C:\Users\Tealc\AppData\Roaming\ICQ
[2010.04.27 19:15:13 | 000,000,000 | ---D | M] -- C:\Users\Tealc\AppData\Roaming\LangSoft
[2010.04.29 19:12:33 | 000,000,000 | ---D | M] -- C:\Users\Tealc\AppData\Roaming\Posta
[2010.05.10 15:42:05 | 000,000,000 | ---D | M] -- C:\Users\Tealc\AppData\Roaming\QuickStoresToolbar
[2010.06.12 10:15:28 | 000,000,000 | ---D | M] -- C:\Users\Tealc\AppData\Roaming\Ringtone
[2010.05.25 13:05:01 | 000,000,000 | ---D | M] -- C:\Users\Tealc\AppData\Roaming\Samsung
[2010.05.26 20:42:01 | 000,000,000 | ---D | M] -- C:\Users\Tealc\AppData\Roaming\SecondLife
[2010.06.12 10:19:36 | 000,000,000 | ---D | M] -- C:\Users\Tealc\AppData\Roaming\Thinstall
[2010.05.09 19:28:34 | 000,000,000 | ---D | M] -- C:\Users\Tealc\AppData\Roaming\Zoner
[2009.07.14 06:53:46 | 000,028,548 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Custom Scans ==========

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"IncrediMail" = C:\Program Files\IncrediMail\bin\IncMail.exe /c -- [2010.04.24 10:13:17 | 000,353,736 | ---- | M] (IncrediMail, Ltd.)
"Sidebar" = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun -- [2009.07.14 03:14:38 | 001,173,504 | ---- | M] (Microsoft Corporation)
"Nektra OEAPI" =
"OEXPRESS" =
"FlashGet 3" = "C:\Program Files\Programy\Internet\FlashGet\Flashget3.exe" -minimize -- [2009.12.22 10:48:32 | 002,127,408 | ---- | M] (Trend Media Corporation Limited)
"LightScribe Control Panel" = C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden -- [2009.06.17 12:13:36 | 002,363,392 | ---- | M] (Hewlett-Packard Company)
"WEBTRAN" =
"AutoStartNPSAgent" = C:\Program Files\Programy\MT\Samsung PC Studio\NPSAgent.exe -- [2009.12.17 18:43:24 | 000,116,056 | ---- | M] (Samsung Electronics Co., Ltd.)
"Google Update" = "C:\Users\Tealc\AppData\Local\Google\Update\GoogleUpdate.exe" /c -- [2010.05.25 14:04:57 | 000,136,176 | ---- | M] (Google Inc.)
"Nexus Radio" = C:\Program Files\Programy\Internet\Nexus Radio\Nexus Radio.exe -0 -- [2010.06.03 21:05:00 | 004,699,136 | ---- | M] (Egisca Corporation)
"SpybotSD TeaTimer" = C:\Program Files\Programy\Ochrana PC\Spybot - Search & Destroy\TeaTimer.exe -- [2009.03.05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.)

< c:\windows\*.* /U >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2010.04.26 21:20:35 | 000,000,000 | ---D | M] -- C:\Users\Tealc\AppData\Roaming\Adobe
[2010.06.03 16:48:16 | 000,000,000 | ---D | M] -- C:\Users\Tealc\AppData\Roaming\Azureus
[2010.06.15 14:27:42 | 000,000,000 | ---D | M] -- C:\Users\Tealc\AppData\Roaming\BITS
[2010.04.28 09:59:06 | 000,000,000 | ---D | M] -- C:\Users\Tealc\AppData\Roaming\FlashGet
[2010.04.28 09:59:00 | 000,000,000 | ---D | M] -- C:\Users\Tealc\AppData\Roaming\FlashGetBHO
[2010.05.03 23:31:19 | 000,000,000 | ---D | M] -- C:\Users\Tealc\AppData\Roaming\GRETECH
[2010.06.12 04:57:43 | 000,000,000 | ---D | M] -- C:\Users\Tealc\AppData\Roaming\ICQ
[2010.04.24 08:05:52 | 000,000,000 | ---D | M] -- C:\Users\Tealc\AppData\Roaming\Identities
[2010.04.27 12:38:30 | 000,000,000 | ---D | M] -- C:\Users\Tealc\AppData\Roaming\InstallShield
[2010.04.27 19:15:13 | 000,000,000 | ---D | M] -- C:\Users\Tealc\AppData\Roaming\LangSoft
[2010.04.24 08:24:10 | 000,000,000 | ---D | M] -- C:\Users\Tealc\AppData\Roaming\Macromedia
[2009.07.14 11:20:06 | 000,000,000 | ---D | M] -- C:\Users\Tealc\AppData\Roaming\Media Center Programs
[2010.05.10 15:43:59 | 000,000,000 | --SD | M] -- C:\Users\Tealc\AppData\Roaming\Microsoft
[2010.04.24 08:50:00 | 000,000,000 | ---D | M] -- C:\Users\Tealc\AppData\Roaming\Mozilla
[2010.04.28 14:01:59 | 000,000,000 | ---D | M] -- C:\Users\Tealc\AppData\Roaming\Nero
[2010.05.01 16:40:02 | 000,000,000 | ---D | M] -- C:\Users\Tealc\AppData\Roaming\NVIDIA
[2010.04.29 19:12:33 | 000,000,000 | ---D | M] -- C:\Users\Tealc\AppData\Roaming\Posta
[2010.05.10 15:42:05 | 000,000,000 | ---D | M] -- C:\Users\Tealc\AppData\Roaming\QuickStoresToolbar
[2010.06.12 10:15:28 | 000,000,000 | ---D | M] -- C:\Users\Tealc\AppData\Roaming\Ringtone
[2010.05.25 13:05:01 | 000,000,000 | ---D | M] -- C:\Users\Tealc\AppData\Roaming\Samsung
[2010.05.26 20:42:01 | 000,000,000 | ---D | M] -- C:\Users\Tealc\AppData\Roaming\SecondLife
[2010.06.10 16:44:12 | 000,000,000 | ---D | M] -- C:\Users\Tealc\AppData\Roaming\Skype
[2010.06.10 16:05:31 | 000,000,000 | ---D | M] -- C:\Users\Tealc\AppData\Roaming\skypePM
[2010.06.12 10:19:36 | 000,000,000 | ---D | M] -- C:\Users\Tealc\AppData\Roaming\Thinstall
[2010.04.24 09:11:51 | 000,000,000 | ---D | M] -- C:\Users\Tealc\AppData\Roaming\WinRAR
[2010.05.09 19:28:34 | 000,000,000 | ---D | M] -- C:\Users\Tealc\AppData\Roaming\Zoner

< %APPDATA%\*.exe /s >
[2010.04.18 14:33:56 | 000,307,200 | ---- | M] (Simon Tatham) -- C:\Users\Tealc\AppData\Roaming\Mozilla\Firefox\Profiles\k9bv29fl.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\psftp.exe
[2010.04.18 14:33:56 | 000,172,032 | ---- | M] (Simon Tatham) -- C:\Users\Tealc\AppData\Roaming\Mozilla\Firefox\Profiles\k9bv29fl.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\puttygen.exe
[2010.05.09 19:21:34 | 000,704,248 | ---- | M] () -- C:\Users\Tealc\AppData\Roaming\QuickStoresToolbar\unins000.exe
[2010.03.03 15:00:50 | 000,045,304 | ---- | M] (Andreas Breitschopp - Softwareentwicklung und -vertrieb) -- C:\Users\Tealc\AppData\Roaming\QuickStoresToolbar\Update.exe
[2010.06.12 10:19:41 | 000,023,040 | ---- | M] () -- C:\Users\Tealc\AppData\Roaming\Thinstall\MRConverter\4000005c200002i\MRConverter.exe

< MD5 for: AGP440.SYS >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2009.07.14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\System32\autochk.exe
[2009.07.14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe

< MD5 for: CDROM.SYS >
[2009.07.14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\drivers\cdrom.sys
[2009.07.14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_db87d184bc84f910\cdrom.sys
[2009.07.14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_5f7fb206051affbb\cdrom.sys

< MD5 for: CNGAUDIT.DLL >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

< MD5 for: CRYPTSVC.DLL >
[2009.07.14 03:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\System32\cryptsvc.dll
[2009.07.14 03:15:07 | 000,135,680 | ---- | M] (Microsoft Corporation) MD5=9C231178CE4FB385F4B54B0A9080B8A4 -- C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7600.16385_none_75d5ef87fc22e35a\cryptsvc.dll

< MD5 for: EXPLORER.EXE >
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: HAL.DLL >
[2009.07.14 03:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\System32\hal.dll
[2009.07.14 03:20:28 | 000,194,640 | ---- | M] (Microsoft Corporation) MD5=9A557EAE64ABAB3BA67A9BB035D24CB9 -- C:\Windows\winsxs\x86_microsoft-windows-hal_31bf3856ad364e35_6.1.7600.16385_none_aaff48c7bafdccc6\hal.dll

< MD5 for: IASTORV.SYS >
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

< MD5 for: ISAPNP.SYS >
[2009.07.14 03:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\System32\drivers\isapnp.sys
[2009.07.14 03:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\isapnp.sys
[2009.07.14 03:20:36 | 000,046,656 | ---- | M] (Microsoft Corporation) MD5=1F32BB6B38F62F7DF1A7AB7292638A35 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\isapnp.sys

< MD5 for: LSASS.EXE >
[2009.07.14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\System32\lsass.exe
[2009.07.14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_a620e0e5be1ecda7\lsass.exe
[2009.07.14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_a61fe281be1fb177\lsass.exe
[2009.07.14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_a69eaf60d7456d32\lsass.exe

< MD5 for: NDIS.SYS >
[2009.07.14 03:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\System32\drivers\ndis.sys
[2009.07.14 03:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_a79d81ea7d62a289\ndis.sys

< MD5 for: NETLOGON.DLL >
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NVRAID.SYS >
[2009.07.14 03:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\System32\drivers\nvraid.sys
[2009.07.14 03:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvraid.sys
[2009.07.14 03:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) MD5=3F3D04B1D08D43C16EA7963954EC768D -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvraid.sys

< MD5 for: NVSTOR.SYS >
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

< MD5 for: SMSS.EXE >
[2009.07.14 03:14:39 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=16742790895960690237A5143CEDEC8B -- C:\Windows\System32\smss.exe
[2009.07.14 03:14:39 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=16742790895960690237A5143CEDEC8B -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_ac10fe207a85352b\smss.exe

< MD5 for: SVCHOST.EXE >
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

< MD5 for: TCPIP.SYS >
[2009.07.14 03:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\System32\drivers\tcpip.sys
[2009.07.14 03:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_b2f46875c7b9d667\tcpip.sys

< MD5 for: USERINIT.EXE >
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< MD5 for: WS2_32.DLL >
[2009.07.14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll
[2009.07.14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7600.16385_none_f28e06e62fa99b35\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009.07.14 03:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\cryptbase.dll
[2009.07.14 03:15:07 | 000,078,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\cryptsp.dll
[2009.07.14 03:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009.07.14 03:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2009.07.14 03:15:33 | 000,103,936 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\IPHLPAPI.DLL
[2009.07.14 03:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\KernelBase.dll
[2009.07.14 03:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\netutils.dll
[2009.07.14 03:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\profapi.dll
[2009.07.14 03:16:12 | 000,325,120 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rasapi32.dll
[2009.07.14 03:16:12 | 000,076,800 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rasman.dll
[2009.07.14 03:16:13 | 000,045,568 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\RpcRtRemote.dll
[2009.07.14 03:17:54 | 000,242,936 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009.07.14 03:16:13 | 000,037,376 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rtutils.dll
[2009.07.14 03:16:13 | 000,017,408 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\schedcli.dll
[2009.07.14 03:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\sechost.dll
[2009.07.14 03:16:13 | 000,010,752 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SensApi.dll
[2009.07.14 03:16:15 | 000,090,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\srvcli.dll
[2009.07.14 03:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\sspicli.dll
[2009.07.14 03:16:15 | 000,380,416 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\sxs.dll
[2009.07.14 03:16:19 | 000,016,896 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\winnsi.dll
[2009.07.14 03:16:19 | 000,047,104 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\wkscli.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\*.dll /lockedfiles >
[2009.07.14 03:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\cryptbase.dll
[2009.07.14 03:15:07 | 000,078,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\cryptsp.dll
[2009.07.14 03:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009.07.14 03:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2009.07.14 03:15:28 | 000,186,368 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\iepeers.dll
[2009.07.14 03:15:33 | 000,103,936 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\IPHLPAPI.DLL
[2009.07.14 03:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\KernelBase.dll
[2009.07.14 03:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\netutils.dll
[2009.07.14 03:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\profapi.dll
[2009.07.14 03:16:12 | 000,325,120 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rasapi32.dll
[2009.07.14 03:16:12 | 000,076,800 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rasman.dll
[2009.07.14 03:16:13 | 000,045,568 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\RpcRtRemote.dll
[2009.07.14 03:17:54 | 000,242,936 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009.07.14 03:16:13 | 000,037,376 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rtutils.dll
[2009.07.14 03:16:13 | 000,017,408 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\schedcli.dll
[2009.07.14 03:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\sechost.dll
[2009.07.14 03:16:13 | 000,010,752 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SensApi.dll
[2009.07.14 03:16:15 | 000,090,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\srvcli.dll
[2009.07.14 03:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\sspicli.dll
[2009.07.14 03:16:15 | 000,380,416 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\sxs.dll
[2009.07.14 03:16:19 | 000,016,896 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\winnsi.dll
[2009.07.14 03:16:19 | 000,047,104 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\wkscli.dll

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\System32\svchost.exe -k netsvcs

< %systemroot%\system32\drivers\*.sys /3 >
[2010.06.14 23:19:46 | 000,697,328 | ---- | M] (Duplex Secure Ltd.) -- C:\Windows\System32\drivers\sptd.sys

< %systemroot%\system32\*.* /3 >
[2010.06.16 09:06:19 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.06.16 09:06:19 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.06.14 22:40:06 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010.06.14 13:17:37 | 000,120,518 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2010.06.14 13:17:38 | 000,104,752 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.06.14 13:17:37 | 000,627,448 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2010.06.14 13:17:38 | 000,610,434 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.06.14 13:17:37 | 001,454,258 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

========== Alternate Data Streams ==========

@Alternate Data Stream - 829 bytes -> C:\Zabava\Osobni slozka\Registrace ICQ.eml:OECustomProperty
@Alternate Data Stream - 167 bytes -> C:\ProgramData\TEMP:DF462FF6

< End of report >

Tealc_EU · #44 Příspěvek od **Tealc_EU** » 17 čer 2010 08:24

Extras:

OTL Extras logfile created on: 16.6.2010 9:05:47 - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\Tealc\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 47,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 66,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 596,07 Gb Total Space | 462,41 Gb Free Space | 77,58% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TEALC-PC
Current User Name: Tealc
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1799825571-120127457-2417961916-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Programy\Internet\FlashGet\FlashGet3.exe" = C:\Program Files\Programy\Internet\FlashGet\FlashGet3.exe:*:Enabled:Flashget3 -- (Trend Media Corporation Limited)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Prostředí Windows XP Mode
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{18DB3375-0649-4EA3-959A-44F1ACD278BA}" = IncrediMail
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{42C8B7DF-FEB0-4D51-B169-506B6BEC5797}" = Nero 10 Menu TemplatePack 1
"{43FBAB46-5969-4200-9958-1FF81FEE506F}" = Nero 10 Movie ThemePack 1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F896DE0-EF26-11D5-BBEC-00D0B740900A}" = Multimedia keyboard driver
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{55DD0FA2-22F0-4071-AC9B-32FE70BBE37D}" = PhotoMail Maker
"{59354E6C-B36F-49EF-9419-D904B86C9C57}" = USB Cockpit
"{5F548A02-80BC-404D-BAE6-F05F9BF6B449}" = Nero DiscCopyGadget 10 Help (CHM)
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6E15BBA7-CFFD-4983-9189-C4D86D3DDD0C}_is1" = Smarty Uninstaller Pro
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{70F19404-B96C-4EBB-AD2B-3574F8736197}" = Nero 10 Movie ThemePack 2
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{82EF29B1-9B60-4142-A155-0599216DD053}" = LightScribe System Software
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0015-0405-0000-0000000FF1CE}_OMUI.cs-cz_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}_OMUI.cs-cz_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0017-0405-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (Czech) 2007
"{90120000-0017-0405-0000-0000000FF1CE}_OMUI.cs-cz_{10545811-A0FE-4F20-AF19-7F85937E9E59}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}_OMUI.cs-cz_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}_OMUI.cs-cz_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}_OMUI.cs-cz_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}_OMUI.cs-cz_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}_OMUI.cs-cz_{294B4278-CF7B-40B9-86A1-2D3FF0C2C524}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.cs-cz_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.cs-cz_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-001F-041B-0000-0000000FF1CE}_OMUI.cs-cz_{10EC59E5-9BCE-4884-BB1A-E28627220232}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2007
"{90120000-0044-0405-0000-0000000FF1CE}_OMUI.cs-cz_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}_OMUI.cs-cz_{E12F9D31-4025-4BC6-B1B2-AB262C5580B0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}_OMUI.cs-cz_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2007
"{90120000-00BA-0405-0000-0000000FF1CE}_OMUI.cs-cz_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0100-0405-0000-0000000FF1CE}" = Microsoft Office O MUI (Czech) 2007
"{90120000-0100-0405-0000-0000000FF1CE}_OMUI.cs-cz_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0101-0405-0000-0000000FF1CE}" = Microsoft Office X MUI (Czech) 2007
"{90120000-0101-0405-0000-0000000FF1CE}_OMUI.cs-cz_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{92146419-AE44-4C8B-A48B-0ABB1B5EC026}" = Nero 10 Menu TemplatePack 3
"{92A10E9D-EA00-4A46-8F22-EEA660992D61}" = Nero 10 Sample Videos
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EC1A84-7FFC-42DF-A8F6-79C21C4765A5}" = Nero DiscCopy Gadget 10
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{96ED4B78-300E-4033-AE6C-C115CEB4DF07}" = Nero 10 ClipartPack
"{97F81AF1-0E47-DC99-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 ATL (x86) WinSXS MSM
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1029-4770-7760-000000000004}" = Adobe Acrobat 9 Pro - Czech, Hungarian, Polish, Slovak
"{AC76BA86-1029-4770-7760-000000000004}{AC76BA86-1029-4770-7760-000000000004}" = Adobe Acrobat 9 Pro - Czech, Hungarian, Polish, Slovak
"{ACD15FDF-FC42-4175-B477-576F92FF2256}" = Nero 10 Sample ImagePack
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BF6A2102-1833-43EF-B65F-AA331B44E105}" = Yamaha ATS-MA7-SMAF
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{DC754D8F-1D06-4016-BF57-8D21F97E1F0A}" = JunkFilterPlus
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E550F15F-1024-4FB6-8A76-5E9F77368B53}" = Nexus Radio
"{E712C273-7564-4C8E-AA59-0FA19BC35117}" = Nero 10 Menu TemplatePack 2
"{ECD03DA7-5952-406A-8156-5F0C93618D1F}" = MSI Star Cam 370i
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"8461-7759-5462-8226" = Vuze
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast5" = avast! Free Antivirus
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FlashGet 3.3" = FlashGet 3.3
"FormatFactory" = FormatFactory 2.30
"Formix SE_is1" = Formix SE - formuláře kanceláře
"GOM Player" = GOM Player
"HOLUX ezTour for Logger_HOLUX_DL" = HOLUX ezTour for Logger v1.02
"IncrediMail" = IncrediMail 2.0
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platforma Ovladače zařízení
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"JunkFilterPlus" = IncrediMail JunkFilter Plus
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MPEG2 Codec(libmpeg2/mad)" = MPEG2 Codec(libmpeg2/mad)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OMUI.cs-cz" = Microsoft Office Language Pack 2007 - Czech/èeština
"PC Translator" = PC Translator
"PhotoMail" = PhotoMail Maker
"Picasa 3" = Picasa 3
"Pošta & kancelář_is1" = Pošta & kancelář 2.6
"QuickStores-Toolbar_is1" = QuickStores-Toolbar 1.0.0
"SecondLifeViewer2" = SecondLifeViewer2 (remove only)
"Seznam DVD 2008_is1" = Seznam DVD 2008
"SLABCOMM&10C4&EA60" = Silicon Laboratories CP210x USB to UART Bridge (Driver Removal)
"SmartMaps Guide - Cykloturistický průvodce_is1" = SmartMaps Home verze 2.0.0.2
"SystemRequirementsLab" = System Requirements Lab
"Traktor Simulátor_is1" = Traktor Simulátor
"UK Truck Simulator" = UK Truck Simulator 1.02
"WinRAR archiver" = WinRAR
"ZonerPhotoStudio12_CZ_is1" = Zoner Photo Studio 12

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1799825571-120127457-2417961916-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 13.6.2010 16:21:03 | Computer Name = Tealc-PC | Source = SideBySide | ID = 16842815
Description = Generování kontextu aktivace pro c:\program files\Programy\Kancelar\seznam
dvd 2008\delzip179.dll se nezdařilo. Chyba v souboru manifestu nebo zásady c:\program
files\Programy\Kancelar\seznam dvd 2008\delzip179.dll na řádku 8. Hodnota * atributu
language v prvku assemblyIdentity je neplatná.

Error - 13.6.2010 16:21:52 | Computer Name = Tealc-PC | Source = SideBySide | ID = 16842815
Description = Generování kontextu aktivace pro c:\program files\Programy\ochrana
pc\spybot - search & destroy\DelZip179.dll se nezdařilo. Chyba v souboru manifestu
nebo zásady c:\program files\Programy\ochrana pc\spybot - search & destroy\DelZip179.dll
na řádku 8. Hodnota * atributu language v prvku assemblyIdentity je neplatná.

Error - 14.6.2010 4:52:20 | Computer Name = Tealc-PC | Source = SideBySide | ID = 16842815
Description = Generování kontextu aktivace pro c:\program files\Programy\Kancelar\seznam
dvd 2008\delzip179.dll se nezdařilo. Chyba v souboru manifestu nebo zásady c:\program
files\Programy\Kancelar\seznam dvd 2008\delzip179.dll na řádku 8. Hodnota * atributu
language v prvku assemblyIdentity je neplatná.

Error - 14.6.2010 4:52:52 | Computer Name = Tealc-PC | Source = SideBySide | ID = 16842815
Description = Generování kontextu aktivace pro c:\program files\Programy\ochrana
pc\spybot - search & destroy\DelZip179.dll se nezdařilo. Chyba v souboru manifestu
nebo zásady c:\program files\Programy\ochrana pc\spybot - search & destroy\DelZip179.dll
na řádku 8. Hodnota * atributu language v prvku assemblyIdentity je neplatná.

Error - 14.6.2010 14:10:07 | Computer Name = Tealc-PC | Source = Google Update | ID = 20
Description =

Error - 14.6.2010 17:19:31 | Computer Name = Tealc-PC | Source = VSS | ID = 8194
Description =

Error - 14.6.2010 18:17:00 | Computer Name = Tealc-PC | Source = Application Hang | ID = 1002
Description = Program lharrXP.exe verze 0.0.0.0 přestal spolupracovat se systémem
Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto
problému, vyhledejte historii problému v ovládacím panelu Centrum akcí. ID procesu:
16a4 Čas spuštění: 01cb0c0c51fc1940 Čas ukončení: 212 Cesta k aplikaci: C:\Users\Tealc\AppData\Local\Temp\RarSFX0\lharrXP.exe

ID
hlášení: 84a96d41-7802-11df-b518-002215bb86ee

Error - 15.6.2010 8:09:29 | Computer Name = Tealc-PC | Source = SideBySide | ID = 16842815
Description = Generování kontextu aktivace pro c:\program files\Programy\Kancelar\seznam
dvd 2008\delzip179.dll se nezdařilo. Chyba v souboru manifestu nebo zásady c:\program
files\Programy\Kancelar\seznam dvd 2008\delzip179.dll na řádku 8. Hodnota * atributu
language v prvku assemblyIdentity je neplatná.

Error - 15.6.2010 19:31:08 | Computer Name = Tealc-PC | Source = SideBySide | ID = 16842815
Description = Generování kontextu aktivace pro c:\program files\Programy\Kancelar\seznam
dvd 2008\delzip179.dll se nezdařilo. Chyba v souboru manifestu nebo zásady c:\program
files\Programy\Kancelar\seznam dvd 2008\delzip179.dll na řádku 8. Hodnota * atributu
language v prvku assemblyIdentity je neplatná.

Error - 15.6.2010 19:32:10 | Computer Name = Tealc-PC | Source = SideBySide | ID = 16842815
Description = Generování kontextu aktivace pro c:\program files\Programy\ochrana
pc\spybot - search & destroy\DelZip179.dll se nezdařilo. Chyba v souboru manifestu
nebo zásady c:\program files\Programy\ochrana pc\spybot - search & destroy\DelZip179.dll
na řádku 8. Hodnota * atributu language v prvku assemblyIdentity je neplatná.

[ System Events ]
Error - 16.6.2010 2:57:43 | Computer Name = Tealc-PC | Source = Service Control Manager | ID = 7016
Description = Služba NVIDIA Stereoscopic 3D Driver Service ohlásila neplatný současný
stav 0.

Error - 16.6.2010 2:59:06 | Computer Name = Tealc-PC | Source = Service Control Manager | ID = 7000
Description = Služba WinFast CX2388x WDM Video Capture. neuspěla při spuštění v
důsledku následující chyby: %%1058

Error - 16.6.2010 2:59:06 | Computer Name = Tealc-PC | Source = Application Popup | ID = 875
Description = Načtení ovladače CX88TUNE_IBV32.sys je blokováno.

Error - 16.6.2010 2:59:06 | Computer Name = Tealc-PC | Source = Service Control Manager | ID = 7000
Description = Služba Conexant 2388x Tuner neuspěla při spuštění v důsledku následující
chyby: %%1275

Error - 16.6.2010 3:05:05 | Computer Name = Tealc-PC | Source = Service Control Manager | ID = 7031
Description = Služba Zvuk systému Windows byla nečekaně ukončena. Stalo se to 1
krát. Následující opravná akce bude spuštěna za 60000 milisekund: Restartovat službu.

Error - 16.6.2010 3:05:05 | Computer Name = Tealc-PC | Source = Service Control Manager | ID = 7031
Description = Služba Klient DHCP byla nečekaně ukončena. Stalo se to 1 krát. Následující
opravná akce bude spuštěna za 120000 milisekund: Restartovat službu.

Error - 16.6.2010 3:05:05 | Computer Name = Tealc-PC | Source = Service Control Manager | ID = 7031
Description = Služba Protokol událostí systému Windows byla nečekaně ukončena. Stalo
se to 1 krát. Následující opravná akce bude spuštěna za 60000 milisekund: Restartovat
službu.

Error - 16.6.2010 3:05:05 | Computer Name = Tealc-PC | Source = Service Control Manager | ID = 7031
Description = Služba Zprostředkovatel domácích skupin byla nečekaně ukončena. Stalo
se to 1 krát. Následující opravná akce bude spuštěna za 60000 milisekund: Restartovat
službu.

Error - 16.6.2010 3:05:05 | Computer Name = Tealc-PC | Source = Service Control Manager | ID = 7031
Description = Služba Podpora rozhraní NetBIOS nad protokolem TCP/IP byla nečekaně
ukončena. Stalo se to 1 krát. Následující opravná akce bude spuštěna za 100 milisekund:
Restartovat službu.

Error - 16.6.2010 3:05:05 | Computer Name = Tealc-PC | Source = Service Control Manager | ID = 7031
Description = Služba Centrum zabezpečení byla nečekaně ukončena. Stalo se to 1 krát.
Následující opravná akce bude spuštěna za 120000 milisekund: Restartovat službu.

< End of report >

#45 Příspěvek od **motji** » 17 čer 2010 20:51

Záskok za kolegu

Spustte OTL
-do bílého okna dole skopírujte tento skript:

Kód: Vybrat vše

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
@Alternate Data Stream - 829 bytes -> C:\Zabava\Osobni slozka\Registrace ICQ.eml:OECustomProperty
@Alternate Data Stream - 167 bytes -> C:\ProgramData\TEMP:DF462FF6

:files
C:\WINDOWS\system32\*.tmp.dll /s
C:\WINDOWS\system32\SET*.tmp /s
C:\WINDOWS\*.tmp /s
c:\System Volume Information\Microsoft\services.exe 
C:\System Volume Information\Microsoft\smss.exe 

:commands
[resethosts]
[emptytemp]
[EMPTYFLASH]
[clearallrestorepoints]
[Reboot]

-klikněte na tlačítko opravit.
-Následně se pc restartuje.
- Log vložte zde

VIRY.CZ

Win32/Mebroot trojský kůň v operační paměti ve Win 7

Re: Win32/Mebroot trojský kůň v operační paměti ve Win 7

Re: Win32/Mebroot trojský kůň v operační paměti ve Win 7

Re: Win32/Mebroot trojský kůň v operační paměti ve Win 7

Re: Win32/Mebroot trojský kůň v operační paměti ve Win 7

Re: Win32/Mebroot trojský kůň v operační paměti ve Win 7

Re: Win32/Mebroot trojský kůň v operační paměti ve Win 7

Re: Win32/Mebroot trojský kůň v operační paměti ve Win 7

Re: Win32/Mebroot trojský kůň v operační paměti ve Win 7

Re: Win32/Mebroot trojský kůň v operační paměti ve Win 7

Re: Win32/Mebroot trojský kůň v operační paměti ve Win 7

Re: Win32/Mebroot trojský kůň v operační paměti ve Win 7

Re: Win32/Mebroot trojský kůň v operační paměti ve Win 7

Re: Win32/Mebroot trojský kůň v operační paměti ve Win 7

Re: Win32/Mebroot trojský kůň v operační paměti ve Win 7

Re: Win32/Mebroot trojský kůň v operační paměti ve Win 7