kontrola logu, neustale chybove hlasky

Zpráva

#31 Příspěvek od **vyosek** » 02 lis 2012 18:09

Ano, provedte to v nouzaku...

poli29 · #32 Příspěvek od **poli29** » 03 lis 2012 10:43

Tak zatím mi nejdou aktivovat rezidentní štíty u Avastu, nejde internet přes firefox ani chrome, nefunguje icq...

#33 Příspěvek od **vyosek** » 03 lis 2012 10:45

A pres co sem ted pisete??

Stahnete Farbar Service Scanner http://download.bleepingcomputer.com/farbar/FSS.exe

Ulozte nejlepe na Plochu
U vsech polozek udelejte zatrzitko (tim je oznacite pro skenovani)
Kliknete na Scan
Po dokonceni skenu se objevi log FSS.txt ten sem vlozte

poli29 · #34 Příspěvek od **poli29** » 03 lis 2012 10:48

explorer

poli29 · #35 Příspěvek od **poli29** » 03 lis 2012 10:51

Farbar Service Scanner Version: 27-10-2012
Ran by Jitka (administrator) on 03-11-2012 at 10:49:31
Running from "C:\Users\Jitka\Desktop"
Microsoft® Windows Vista™ Home Basic Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.

Other Services:
==============

File Check:
========
C:\windows\system32\nsisvc.dll => MD5 is legit
C:\windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\windows\system32\dhcpcsvc.dll => MD5 is legit
C:\windows\system32\Drivers\afd.sys => MD5 is legit
C:\windows\system32\Drivers\tdx.sys => MD5 is legit
C:\windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\windows\system32\dnsrslvr.dll => MD5 is legit
C:\windows\system32\mpssvc.dll => MD5 is legit
C:\windows\system32\bfe.dll => MD5 is legit
C:\windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\windows\system32\SDRSVC.dll => MD5 is legit
C:\windows\system32\vssvc.exe => MD5 is legit
C:\windows\system32\wscsvc.dll => MD5 is legit
C:\windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\windows\system32\wuaueng.dll => MD5 is legit
C:\windows\system32\qmgr.dll => MD5 is legit
C:\windows\system32\es.dll => MD5 is legit
C:\windows\system32\cryptsvc.dll
[2012-10-10 21:01] - [2012-06-02 01:02] - 0133120 ____A (Microsoft Corporation) F1E8C34892336D33EDDCDFE44E474F64

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\windows\system32\ipnathlp.dll
[2008-01-21 03:33] - [2008-01-21 03:33] - 0288256 ____A (Microsoft Corporation) E1499BD0FF76B1B2FBBF1AF339D91165

C:\windows\system32\svchost.exe => MD5 is legit
C:\windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

#36 Příspěvek od **vyosek** » 03 lis 2012 11:09

A kdyz zkusite Firefox preinstalovat

poli29 · #37 Příspěvek od **poli29** » 03 lis 2012 11:31

Ani přeinstalování nepomohlo. Navíc mi teď ani nešel explorer. Když jsem vypnul Avast, tak explorer znovu jde.

#38 Příspěvek od **vyosek** » 03 lis 2012 11:31

Tak Avast odinstalujte uplne a vyzkousejte

poli29 · #39 Příspěvek od **poli29** » 03 lis 2012 12:03

Avast odinstalovan, ale nepomohlo to. Porad funguje jen firefox

poli29 · #40 Příspěvek od **poli29** » 03 lis 2012 12:04

omlouvam se, chtel jsem rict explorer

#41 Příspěvek od **vyosek** » 03 lis 2012 12:34

Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
Zaskrtnete okenko Pro vsechny uzivatele
Zaskrtnete okenko Kontrola na havet "LOP"
Zaskrtnete okenko Kontrola na havet "Purity"
Stari souboru zmente z 30 dnu na 7 dnu
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

Kód: Vybrat vše

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
atapi.sys
autochk.exe
cdrom.sys
explorer.exe
hal.dll
scecli.dll
services.exe
svchost.exe
tcpip.sys
userinit.exe
winlogon.exe
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s

%PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5
%PROGRAMFILES%\Internet Explorer\iexplore.exe /md5
%PROGRAMFILES%\Opera\opera.exe /md5
%PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5

%SystemDrive%\PhysicalMBR.bin /md5 

*crack* /s
*keygen* /s
*loader* /s

Kliknete na tlacitko Prohledat
Po dokonceni skenu (cca 10 az 15 min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte
Pokud budou logy dlouhe (forum bude kricet o prekroceni maximalniho poctu znaku), tak je rozdelte do vice prispevku

poli29 · #42 Příspěvek od **poli29** » 03 lis 2012 14:18

OTL logfile created on: 3.11.2012 13:16:02 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jitka\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1,93 Gb Total Physical Memory | 0,83 Gb Available Physical Memory | 42,92% Memory free
4,09 Gb Paging File | 2,68 Gb Available in Paging File | 65,37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,88 Gb Total Space | 49,20 Gb Free Space | 22,07% Space Free | Partition Type: NTFS
Drive D: | 9,00 Gb Total Space | 1,96 Gb Free Space | 21,77% Space Free | Partition Type: NTFS
Drive E: | 1,21 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive F: | 1021,00 Mb Total Space | 1018,74 Mb Free Space | 99,78% Space Free | Partition Type: FAT32
Drive K: | 3,68 Gb Total Space | 2,80 Gb Free Space | 76,02% Space Free | Partition Type: FAT32

Computer Name: JITKA-NB | User Name: Jitka | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - [2012.11.03 13:14:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jitka\Desktop\OTL.exe
PRC - [2012.10.24 18:49:10 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012.10.08 17:30:08 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.exe
PRC - [2012.09.23 16:45:19 | 001,564,368 | ---- | M] () -- C:\Program Files\Guard-ICQ\GuardICQ.exe
PRC - [2012.09.23 16:44:18 | 000,127,040 | ---- | M] (ICQ, LLC.) -- C:\Program Files\ICQ7M\ICQ.exe
PRC - [2012.09.19 11:47:42 | 000,212,432 | ---- | M] (Google Inc.) -- C:\Users\Jitka\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe
PRC - [2012.07.16 16:28:43 | 002,416,040 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011.06.17 18:33:04 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
PRC - [2010.01.20 15:49:04 | 000,308,640 | ---- | M] (Panasonic Corporation) -- C:\Program Files\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.08.06 04:29:52 | 000,341,280 | ---- | M] () -- C:\Program Files\SiteAdvisor\6173\SAService.exe
PRC - [2008.05.21 01:47:18 | 000,065,296 | ---- | M] (Bioscrypt Inc.) -- c:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe
PRC - [2008.05.14 21:41:38 | 000,034,184 | ---- | M] (Hewlett-Packard Development Company, L.P) -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
PRC - [2008.05.14 01:35:40 | 000,256,512 | ---- | M] (SafeBoot International) -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
PRC - [2008.05.12 14:28:12 | 000,576,024 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
PRC - [2008.05.08 01:34:10 | 000,238,984 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
PRC - [2008.05.05 11:34:00 | 000,202,048 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
PRC - [2008.05.05 11:33:54 | 000,271,680 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtTry.exe
PRC - [2008.05.02 21:17:44 | 000,077,824 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe
PRC - [2008.05.02 21:17:02 | 010,244,096 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe
PRC - [2008.04.29 00:18:04 | 000,013,632 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe
PRC - [2008.04.18 14:54:02 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008.04.18 14:53:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008.03.31 22:41:22 | 000,091,440 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
PRC - [2008.03.25 03:32:44 | 000,218,496 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil9f.exe
PRC - [2008.02.03 13:58:17 | 000,116,064 | ---- | M] (AOL LLC) -- c:\Program Files\AOL\AOL Toolbar 5.0\AolTbServer.exe
PRC - [2008.01.16 16:56:50 | 001,624,616 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2008.01.16 16:56:50 | 000,727,592 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007.12.11 13:15:04 | 000,012,800 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2007.10.19 08:28:24 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE
PRC - [2007.08.28 21:07:32 | 000,036,640 | ---- | M] () -- C:\Program Files\SiteAdvisor\6173\SiteAdv.exe
PRC - [2007.06.15 11:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) -- C:\Windows\System32\bgsvcgen.exe
PRC - [2007.05.23 23:30:32 | 000,841,256 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe
PRC - [2007.05.16 00:08:40 | 000,182,576 | ---- | M] (ActivIdentity) -- c:\Program Files\ActivIdentity\ActivClient\accoca.exe
PRC - [2007.05.16 00:08:38 | 000,095,024 | ---- | M] (ActivIdentity) -- c:\Program Files\ActivIdentity\ActivClient\acevents.exe
PRC - [2007.05.16 00:08:08 | 000,293,168 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
PRC - [2007.02.13 20:09:12 | 000,540,776 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
PRC - [2007.01.05 03:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

========== Modules (No Company Name) ==========

MOD - [2012.10.24 18:49:23 | 002,295,264 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012.10.01 12:44:20 | 005,450,752 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012.10.01 12:42:11 | 007,953,408 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012.10.01 12:41:36 | 011,492,352 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2012.09.23 16:45:19 | 001,564,368 | ---- | M] () -- C:\Program Files\Guard-ICQ\GuardICQ.exe
MOD - [2009.09.24 17:26:19 | 000,360,448 | ---- | M] () -- C:\TRANSLAT\WEBIE.DLL
MOD - [2009.03.31 19:04:50 | 000,303,104 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_cs_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.03.31 19:04:50 | 000,159,744 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_cs_b77a5c561934e089\System.Xml.resources.dll
MOD - [2008.05.05 10:58:18 | 000,024,576 | ---- | M] () -- C:\Program Files\McAfee\Managed VirusScan\Agent\Res\0409\AgtRes_l.dll
MOD - [2008.03.30 15:22:42 | 000,070,144 | ---- | M] () -- C:\Program Files\PSPad editor\PSPadShell.dll
MOD - [2008.02.03 13:58:19 | 000,177,504 | ---- | M] () -- c:\Program Files\AOL\AOL Toolbar 5.0\apopup.dll
MOD - [2008.01.16 16:51:00 | 000,126,976 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2007.08.28 21:07:32 | 000,036,640 | ---- | M] () -- C:\Program Files\SiteAdvisor\6173\SiteAdv.exe
MOD - [2007.08.28 21:06:54 | 000,910,624 | ---- | M] () -- C:\Program Files\SiteAdvisor\6173\SiteAdv.dll
MOD - [2007.08.14 21:59:54 | 006,365,184 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2007.07.12 21:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2007.07.12 21:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll

========== Services (SafeList) ==========

SRV - [2012.10.29 12:37:53 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.10.08 17:30:08 | 000,058,288 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Windows\System32\rpcnet.exe -- (rpcnet)
SRV - [2012.09.23 16:45:19 | 001,564,368 | ---- | M] () [Auto | Running] -- C:\Program Files\Guard-ICQ\GuardICQ.exe -- (Guard.Mail.ru)
SRV - [2012.08.15 21:29:36 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.16 16:28:43 | 002,416,040 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.06.17 18:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)
SRV - [2008.08.06 04:29:52 | 000,341,280 | ---- | M] () [Auto | Running] -- C:\Program Files\SiteAdvisor\6173\SAService.exe -- (SiteAdvisor Service)
SRV - [2008.05.21 01:42:40 | 000,111,888 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll -- (ASBroker)
SRV - [2008.05.21 01:42:34 | 000,137,488 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll -- (ASChannel)
SRV - [2008.05.14 21:41:38 | 000,034,184 | ---- | M] (Hewlett-Packard Development Company, L.P) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe -- (HP ProtectTools Service)
SRV - [2008.05.14 01:35:40 | 000,256,512 | ---- | M] (SafeBoot International) [Auto | Running] -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService)
SRV - [2008.05.12 14:28:12 | 000,576,024 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2008.05.05 11:34:00 | 000,202,048 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe -- (myAgtSvc)
SRV - [2008.05.02 21:17:44 | 000,077,824 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe -- (HPFSService)
SRV - [2008.04.29 00:21:28 | 000,144,704 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\Managed VirusScan\VScan\McShield.exe -- (McShield)
SRV - [2008.04.29 00:18:04 | 000,013,632 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe -- (EngineServer)
SRV - [2008.04.18 14:54:02 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008.04.08 13:12:50 | 001,112,560 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2008.01.21 03:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.21 03:32:50 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008.01.21 03:32:50 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007.12.11 13:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2007.10.19 08:28:24 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)
SRV - [2007.06.15 11:57:42 | 000,145,504 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\Windows\System32\bgsvcgen.exe -- (bgsvcgen)
SRV - [2007.05.23 23:30:32 | 000,841,256 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MpfSrv.exe -- (MpfService)
SRV - [2007.05.16 00:08:40 | 000,182,576 | ---- | M] (ActivIdentity) [Auto | Running] -- c:\Program Files\ActivIdentity\ActivClient\accoca.exe -- (accoca)
SRV - [2007.02.13 20:09:12 | 000,540,776 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe -- (McAfee HackerWatch Service)
SRV - [2007.01.05 03:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\29858218.sys -- (29858218)
DRV - [2009.04.11 05:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2008.05.14 01:36:26 | 000,051,376 | ---- | M] (SafeBoot N.V.) [Kernel | Boot | Running] -- C:\windows\System32\drivers\SbAlg.sys -- (SbAlg)
DRV - [2008.05.14 01:36:22 | 000,012,928 | ---- | M] (SafeBoot International) [File_System | Boot | Running] -- C:\windows\System32\drivers\SbFsLock.sys -- (SbFsLock)
DRV - [2008.05.14 01:36:20 | 000,012,496 | ---- | M] (SafeBoot International) [Kernel | System | Running] -- C:\windows\System32\drivers\rsvlock.sys -- (RsvLock)
DRV - [2008.05.14 01:36:18 | 000,108,752 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\System32\drivers\SafeBoot.sys -- (SafeBoot)
DRV - [2008.04.29 00:25:00 | 000,055,112 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2008.04.29 00:23:22 | 000,034,088 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MfeRKDK.sys -- (MfeRKDK)
DRV - [2008.04.29 00:22:44 | 000,205,608 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2008.04.29 00:22:18 | 000,035,240 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MfeBOPK.sys -- (MfeBOPK)
DRV - [2008.04.29 00:22:10 | 000,079,560 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MfeAVFK.sys -- (MfeAVFK)
DRV - [2008.04.14 22:39:06 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2008.04.10 16:27:34 | 001,804,160 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC)
DRV - [2008.04.07 19:13:46 | 000,025,448 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hpdskflt.sys -- (hpdskflt)
DRV - [2008.04.07 19:13:42 | 000,034,664 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2008.02.29 17:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008.01.21 03:32:52 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2007.06.19 01:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007.03.02 22:17:34 | 000,120,360 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)
DRV - [2006.02.20 18:17:40 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\windows\System32\drivers\cdrbsdrv.sys -- (cdrbsdrv)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmnb
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{5DC23E92-E186-435B-AB44-6EF9280DC9F8}: "URL" = http://slirsredirect.search.aol.com/sli ... bie7-cs-cz

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-3858815830-4286555592-3916270694-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-3858815830-4286555592-3916270694-1004\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3858815830-4286555592-3916270694-1004\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-3858815830-4286555592-3916270694-1004\..\SearchScopes,DefaultScope = {5DC23E92-E186-435B-AB44-6EF9280DC9F8}
IE - HKU\S-1-5-21-3858815830-4286555592-3916270694-1004\..\SearchScopes\{5DC23E92-E186-435B-AB44-6EF9280DC9F8}: "URL" = http://slirsredirect.search.aol.com/sli ... bie7-cs-cz
IE - HKU\S-1-5-21-3858815830-4286555592-3916270694-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3789
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jitka\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jitka\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.03 11:10:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.06.10 17:04:05 | 000,000,000 | ---D | M]

[2009.08.11 13:54:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jitka\AppData\Roaming\Mozilla\Extensions
[2012.10.29 08:35:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jitka\AppData\Roaming\Mozilla\Firefox\Profiles\3ge17iur.default\extensions
[2010.12.05 14:37:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jitka\AppData\Roaming\Mozilla\Firefox\Profiles\3ge17iur.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.09.19 10:30:35 | 000,000,950 | ---- | M] () -- C:\Users\Jitka\AppData\Roaming\Mozilla\Firefox\Profiles\3ge17iur.default\searchplugins\icqplugin-10.xml
[2010.11.01 18:04:15 | 000,000,950 | ---- | M] () -- C:\Users\Jitka\AppData\Roaming\Mozilla\Firefox\Profiles\3ge17iur.default\searchplugins\icqplugin-11.xml
[2010.11.01 21:03:23 | 000,000,950 | ---- | M] () -- C:\Users\Jitka\AppData\Roaming\Mozilla\Firefox\Profiles\3ge17iur.default\searchplugins\icqplugin-12.xml
[2010.12.15 21:42:46 | 000,000,950 | ---- | M] () -- C:\Users\Jitka\AppData\Roaming\Mozilla\Firefox\Profiles\3ge17iur.default\searchplugins\icqplugin-13.xml
[2011.04.02 17:44:43 | 000,000,950 | ---- | M] () -- C:\Users\Jitka\AppData\Roaming\Mozilla\Firefox\Profiles\3ge17iur.default\searchplugins\icqplugin-14.xml
[2011.04.02 21:14:49 | 000,000,950 | ---- | M] () -- C:\Users\Jitka\AppData\Roaming\Mozilla\Firefox\Profiles\3ge17iur.default\searchplugins\icqplugin-15.xml
[2011.04.09 17:03:04 | 000,000,950 | ---- | M] () -- C:\Users\Jitka\AppData\Roaming\Mozilla\Firefox\Profiles\3ge17iur.default\searchplugins\icqplugin-16.xml
[2011.05.15 22:36:18 | 000,000,950 | ---- | M] () -- C:\Users\Jitka\AppData\Roaming\Mozilla\Firefox\Profiles\3ge17iur.default\searchplugins\icqplugin-17.xml
[2011.06.30 16:15:15 | 000,000,950 | ---- | M] () -- C:\Users\Jitka\AppData\Roaming\Mozilla\Firefox\Profiles\3ge17iur.default\searchplugins\icqplugin-18.xml
[2011.06.30 17:49:40 | 000,000,950 | ---- | M] () -- C:\Users\Jitka\AppData\Roaming\Mozilla\Firefox\Profiles\3ge17iur.default\searchplugins\icqplugin-19.xml
[2011.08.20 21:29:45 | 000,000,950 | ---- | M] () -- C:\Users\Jitka\AppData\Roaming\Mozilla\Firefox\Profiles\3ge17iur.default\searchplugins\icqplugin-20.xml
[2011.08.25 15:43:08 | 000,000,950 | ---- | M] () -- C:\Users\Jitka\AppData\Roaming\Mozilla\Firefox\Profiles\3ge17iur.default\searchplugins\icqplugin-21.xml
[2011.08.31 19:56:38 | 000,000,950 | ---- | M] () -- C:\Users\Jitka\AppData\Roaming\Mozilla\Firefox\Profiles\3ge17iur.default\searchplugins\icqplugin-22.xml
[2011.09.04 07:14:44 | 000,000,950 | ---- | M] () -- C:\Users\Jitka\AppData\Roaming\Mozilla\Firefox\Profiles\3ge17iur.default\searchplugins\icqplugin-23.xml
[2011.09.10 16:09:55 | 000,000,950 | ---- | M] () -- C:\Users\Jitka\AppData\Roaming\Mozilla\Firefox\Profiles\3ge17iur.default\searchplugins\icqplugin-24.xml
[2011.09.17 18:21:38 | 000,000,950 | ---- | M] () -- C:\Users\Jitka\AppData\Roaming\Mozilla\Firefox\Profiles\3ge17iur.default\searchplugins\icqplugin-25.xml
[2011.09.19 09:52:13 | 000,000,950 | ---- | M] () -- C:\Users\Jitka\AppData\Roaming\Mozilla\Firefox\Profiles\3ge17iur.default\searchplugins\icqplugin-26.xml
[2011.09.26 08:30:57 | 000,000,950 | ---- | M] () -- C:\Users\Jitka\AppData\Roaming\Mozilla\Firefox\Profiles\3ge17iur.default\searchplugins\icqplugin-27.xml
[2011.10.04 07:46:18 | 000,000,950 | ---- | M] () -- C:\Users\Jitka\AppData\Roaming\Mozilla\Firefox\Profiles\3ge17iur.default\searchplugins\icqplugin-28.xml
[2011.10.11 18:13:01 | 000,000,950 | ---- | M] () -- C:\Users\Jitka\AppData\Roaming\Mozilla\Firefox\Profiles\3ge17iur.default\searchplugins\icqplugin-29.xml
[2011.11.17 15:37:12 | 000,000,950 | ---- | M] () -- C:\Users\Jitka\AppData\Roaming\Mozilla\Firefox\Profiles\3ge17iur.default\searchplugins\icqplugin-30.xml
[2012.09.26 19:29:37 | 000,000,950 | ---- | M] () -- C:\Users\Jitka\AppData\Roaming\Mozilla\Firefox\Profiles\3ge17iur.default\searchplugins\icqplugin-31.xml
[2010.03.07 09:34:17 | 000,000,961 | ---- | M] () -- C:\Users\Jitka\AppData\Roaming\Mozilla\Firefox\Profiles\3ge17iur.default\searchplugins\icqplugin-4.xml
[2010.04.01 16:34:15 | 000,000,961 | ---- | M] () -- C:\Users\Jitka\AppData\Roaming\Mozilla\Firefox\Profiles\3ge17iur.default\searchplugins\icqplugin-5.xml
[2010.06.28 20:27:30 | 000,000,961 | ---- | M] () -- C:\Users\Jitka\AppData\Roaming\Mozilla\Firefox\Profiles\3ge17iur.default\searchplugins\icqplugin-6.xml
[2010.06.29 19:37:00 | 000,000,961 | ---- | M] () -- C:\Users\Jitka\AppData\Roaming\Mozilla\Firefox\Profiles\3ge17iur.default\searchplugins\icqplugin-7.xml
[2010.08.09 20:01:10 | 000,000,950 | ---- | M] () -- C:\Users\Jitka\AppData\Roaming\Mozilla\Firefox\Profiles\3ge17iur.default\searchplugins\icqplugin-8.xml
[2010.09.11 08:37:15 | 000,000,950 | ---- | M] () -- C:\Users\Jitka\AppData\Roaming\Mozilla\Firefox\Profiles\3ge17iur.default\searchplugins\icqplugin-9.xml
[2012.11.03 11:10:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009.09.24 11:11:57 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.10.24 18:50:04 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.10.25 01:03:24 | 000,002,208 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\heureka-cz.xml
[2012.10.25 01:03:25 | 000,000,638 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
[2012.10.25 01:03:25 | 000,001,367 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml
[2012.10.25 01:03:25 | 000,000,654 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml
[2012.10.25 01:03:25 | 000,001,179 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-cz.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: ICQ Search (Enabled)
CHR - default_search_provider: search_url = http://www.icq.com/search/results/?q={s ... cq-fx-plug
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Jitka\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Jitka\AppData\Local\Google\Chrome\Application\22.0.1229.94\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Jitka\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Jitka\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Google Update (Enabled) = C:\Users\Jitka\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Users\Jitka\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: avast! WebRep = C:\Users\Jitka\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\
CHR - Extension: avast! WebRep = C:\Users\Jitka\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
CHR - Extension: Poppit = C:\Users\Jitka\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2012.10.29 15:19:04 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Podpora odkazu pro Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Reg Error: Value error.) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6173\SiteAdv.dll ()
O2 - BHO: (WebTransBHO Class) - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\TRANSLAT\WEBIE.DLL ()
O2 - BHO: (BHO_Startup Class) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6173\SiteAdv.dll ()
O3 - HKLM\..\Toolbar: (WebTranslator) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\TRANSLAT\WEBIE.DLL ()
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKU\S-1-5-21-3858815830-4286555592-3916270694-1004\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [accrdsub] c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4 - HKLM..\Run: [CognizanceTS] c:\Program Files\Hewlett-Packard\IAM\Bin\ASTSVCC.dll (Bioscrypt Inc.)
O4 - HKLM..\Run: [File Sanitizer] C:\Program Files\Hewlett-Packard\File Sanitizer\CoreShredder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Guard.Mail.ru.gui] C:\Program Files\Guard-ICQ\GuardICQ.exe ()
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [McAfee Managed Services Tray] C:\Program Files\McAfee\Managed VirusScan\Agent\StartMyAgtTry.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MVS Splash] C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.Exe (McAfee, Inc.)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [PTHOSTTR] c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6173\SiteAdv.exe ()
O4 - HKLM..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe (InterVideo Inc.)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3858815830-4286555592-3916270694-1004..\Run: [ICQ] C:\Program Files\ICQ7M\ICQ.exe (ICQ, LLC.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3858815830-4286555592-3916270694-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3858815830-4286555592-3916270694-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Hledání panelu &AOL Toolbar - C:\ProgramData\AOL\ieToolbar\resources\cs-CZ\local\search.html ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\TRANSLAT\WEBIE.DLL ()
O9 - Extra 'Tools' menuitem : &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLAT\WEBIE.DLL ()
O9 - Extra 'Tools' menuitem : Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\TRANSLAT\WEBIE.DLL ()
O9 - Extra 'Tools' menuitem : Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLAT\WEBIE.DLL ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 10.4.1)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_04)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 10.4.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.133.140.129 10.0.0.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{43F62E1E-32C3-4FE6-8D63-5006F893B207}: DhcpNameServer = 10.133.140.129 10.0.0.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{59956646-556B-4FF2-BF01-43CA48891E87}: DhcpNameServer = 192.168.88.1
O18 - Protocol\Handler\myrm {4D034FC3-013F-4b95-B544-44D49ABE3E76} - C:\Program Files\McAfee\Managed VirusScan\Agent\myRmProt4.9.0.295.dll (McAfee, Inc.)
O18 - Protocol\Handler\siteadvisor {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6173\SiteAdv.dll ()
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\Windows\System32\APSHook.dll) - C:\Windows\System32\APSHook.dll (Bioscrypt Inc.)
O20 - AppInit_DLLs: (C:\Windows\System32\APSHook.dll) - C:\Windows\System32\APSHook.dll (Bioscrypt Inc.)
O20 - AppInit_DLLs: (APSHook.dll) - C:\windows\System32\APSHook.dll (Bioscrypt Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Jitka\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta galerie Windows Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Jitka\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta galerie Windows Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

CREATERESTOREPOINT
System Restore Service not available.

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 7 Days ==========

[2012.11.03 13:14:32 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jitka\Desktop\OTL.exe
[2012.11.03 10:20:18 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012.11.02 15:37:46 | 000,329,088 | ---- | C] (AVAST Software) -- C:\Users\Jitka\Desktop\aswclear.exe
[2012.11.01 18:38:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012.11.01 18:24:39 | 000,000,000 | ---D | C] -- C:\Users\Jitka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CleanUp!
[2012.11.01 18:24:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CleanUp!
[2012.11.01 18:24:36 | 000,000,000 | ---D | C] -- C:\Program Files\CleanUp!
[2012.10.29 18:20:54 | 000,000,000 | ---D | C] -- C:\Users\Jitka\Desktop\Nová složka
[2012.10.29 18:19:35 | 000,000,000 | ---D | C] -- C:\Users\Jitka\Desktop\nebezpecne
[2012.10.29 15:49:39 | 000,000,000 | ---D | C] -- C:\Users\Jitka\AppData\Local\temp
[2012.10.29 15:19:30 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.10.29 14:48:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012.10.29 14:48:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012.10.29 14:48:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012.10.29 14:48:09 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012.10.29 14:47:45 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.10.29 14:47:14 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2012.10.29 14:42:25 | 004,989,699 | R--- | C] (Swearware) -- C:\Users\Jitka\Desktop\ComboFix.exe
[2012.10.29 13:27:28 | 001,678,240 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Jitka\Desktop\iExplore.exe
[2012.10.29 12:46:28 | 001,678,240 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Jitka\Desktop\rkill.com
[2012.10.29 12:12:09 | 000,687,724 | R--- | C] (Swearware) -- C:\Users\Jitka\Desktop\dds.exe
[2012.10.27 19:44:06 | 000,694,375 | ---- | C] (Farbar) -- C:\Users\Jitka\Desktop\FSS.exe
[1 C:\Users\Jitka\Desktop\*.tmp files -> C:\Users\Jitka\Desktop\*.tmp -> ]

========== Files - Modified Within 7 Days ==========

[2012.11.03 13:22:57 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2012.11.03 13:14:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jitka\Desktop\OTL.exe
[2012.11.03 12:53:04 | 000,000,910 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3858815830-4286555592-3916270694-1004Core.job
[2012.11.03 12:53:03 | 000,000,962 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3858815830-4286555592-3916270694-1004UA.job
[2012.11.03 12:28:16 | 000,000,914 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012.11.03 12:02:52 | 000,644,626 | ---- | M] () -- C:\windows\System32\perfh005.dat
[2012.11.03 12:02:52 | 000,634,400 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012.11.03 12:02:52 | 000,119,964 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012.11.03 12:02:51 | 000,137,892 | ---- | M] () -- C:\windows\System32\perfc005.dat
[2012.11.03 11:57:08 | 000,011,337 | ---- | M] () -- C:\windows\System32\Config.MPF
[2012.11.03 11:55:46 | 000,017,408 | ---- | M] () -- C:\windows\System32\rpcnetp.exe
[2012.11.03 11:55:42 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\windows\System32\rpcnet.dll
[2012.11.03 11:55:42 | 000,017,408 | ---- | M] () -- C:\windows\System32\rpcnetp.dll
[2012.11.03 11:55:40 | 000,003,216 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.03 11:55:40 | 000,003,216 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.03 11:55:34 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012.11.03 11:55:32 | 2072,264,704 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.03 11:53:49 | 000,002,577 | ---- | M] () -- C:\windows\System32\config.nt
[2012.11.03 11:50:33 | 000,003,204 | ---- | M] () -- C:\windows\bthservsdp.dat
[2012.11.03 11:11:04 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.11.02 15:40:47 | 000,022,111 | ---- | M] () -- C:\Users\Jitka\Desktop\avast.jpg
[2012.11.02 15:37:51 | 000,329,088 | ---- | M] (AVAST Software) -- C:\Users\Jitka\Desktop\aswclear.exe
[2012.11.01 22:41:41 | 000,881,833 | ---- | M] () -- C:\Users\Jitka\Desktop\SecurityCheck.exe
[2012.11.01 18:22:17 | 000,339,257 | ---- | M] () -- C:\Users\Jitka\Desktop\CleanUp452.exe
[2012.10.30 23:51:07 | 000,041,224 | ---- | M] (AVAST Software) -- C:\windows\avastSS.scr
[2012.10.29 15:19:04 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
[2012.10.29 14:43:45 | 004,989,699 | R--- | M] (Swearware) -- C:\Users\Jitka\Desktop\ComboFix.exe
[2012.10.29 13:27:29 | 001,678,240 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Jitka\Desktop\iExplore.exe
[2012.10.29 12:46:28 | 001,678,240 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Jitka\Desktop\rkill.com
[2012.10.29 12:12:12 | 000,687,724 | R--- | M] (Swearware) -- C:\Users\Jitka\Desktop\dds.exe
[2012.10.27 19:44:07 | 000,694,375 | ---- | M] (Farbar) -- C:\Users\Jitka\Desktop\FSS.exe
[2012.10.27 19:43:40 | 000,538,941 | ---- | M] () -- C:\Users\Jitka\Desktop\adwcleaner.exe
[1 C:\Users\Jitka\Desktop\*.tmp files -> C:\Users\Jitka\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.11.03 13:22:57 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2012.11.03 11:55:32 | 2072,264,704 | -HS- | C] () -- C:\hiberfil.sys
[2012.11.02 15:40:47 | 000,022,111 | ---- | C] () -- C:\Users\Jitka\Desktop\avast.jpg
[2012.11.01 22:41:41 | 000,881,833 | ---- | C] () -- C:\Users\Jitka\Desktop\SecurityCheck.exe
[2012.11.01 18:22:17 | 000,339,257 | ---- | C] () -- C:\Users\Jitka\Desktop\CleanUp452.exe
[2012.10.29 14:48:26 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012.10.29 14:48:26 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012.10.29 14:48:26 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012.10.29 14:48:26 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012.10.29 14:48:26 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012.10.27 19:43:31 | 000,538,941 | ---- | C] () -- C:\Users\Jitka\Desktop\adwcleaner.exe
[2009.08.12 20:58:00 | 000,000,680 | ---- | C] () -- C:\Users\Jitka\AppData\Local\d3d9caps.dat
[2009.08.12 18:24:14 | 000,077,824 | ---- | C] () -- C:\Users\Jitka\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006.11.02 13:51:16 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2009.09.28 11:48:42 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\GHISLER
[2011.06.12 12:35:41 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\ICQ
[2009.08.18 20:49:59 | 000,000,000 | ---D | M] -- C:\Users\Jirka\AppData\Roaming\InterVideo
[2009.08.11 14:00:40 | 000,000,000 | ---D | M] -- C:\Users\Jitka\AppData\Roaming\GHISLER
[2012.11.03 11:58:32 | 000,000,000 | ---D | M] -- C:\Users\Jitka\AppData\Roaming\ICQ
[2012.09.23 16:45:33 | 000,000,000 | ---D | M] -- C:\Users\Jitka\AppData\Roaming\ICQ Search
[2009.08.11 15:54:44 | 000,000,000 | ---D | M] -- C:\Users\Jitka\AppData\Roaming\InterVideo
[2012.09.23 16:41:28 | 000,000,000 | ---D | M] -- C:\Users\Jitka\AppData\Roaming\Miranda
[2012.10.08 16:54:18 | 000,000,000 | ---D | M] -- C:\Users\Jitka\AppData\Roaming\TeamViewer

========== Purity Check ==========

========== Custom Scans ==========

< >
[2006.11.02 13:58:10 | 000,000,006 | -H-- | C] () -- C:\windows\Tasks\SA.DAT
[2006.11.02 13:58:10 | 000,032,570 | ---- | C] () -- C:\windows\Tasks\SCHEDLGU.TXT
[2010.04.01 18:01:43 | 000,000,910 | ---- | C] () -- C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3858815830-4286555592-3916270694-1004Core.job
[2010.04.01 18:01:44 | 000,000,962 | ---- | C] () -- C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3858815830-4286555592-3916270694-1004UA.job
[2012.07.20 20:30:29 | 000,000,914 | ---- | C] () -- C:\windows\Tasks\Adobe Flash Player Updater.job

< >

< MD5 for: ATAPI.SYS >
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 03:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008.01.21 03:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 03:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2009.04.11 07:27:20 | 000,643,072 | ---- | M] () MD5=61A0DED560FA02B9C77E90D694B1729F -- C:\Windows\System32\autochk.exe
[2009.04.11 07:27:20 | 000,643,072 | ---- | M] () MD5=61A0DED560FA02B9C77E90D694B1729F -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6002.18005_none_e3df6655bee2ee3b\autochk.exe
[2008.01.19 07:33:02 | 000,642,560 | ---- | M] () Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6001.18000_none_e1f3ed49c1c122ef\autochk.exe

< MD5 for: CDROM.SYS >
[2008.01.21 03:32:23 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_a29e71c6\cdrom.sys
[2008.01.21 03:32:23 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=1EC25CEA0DE6AC4718BF89F9E1778B57 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6001.18000_none_5fa95be2a3c76a4a\cdrom.sys
[2009.04.11 05:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\System32\drivers\cdrom.sys
[2009.04.11 05:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_c949a5b6\cdrom.sys
[2009.04.11 05:39:17 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=6B4BFFB9BECD728097024276430DB314 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.0.6002.18005_none_6194d4eea0e93596\cdrom.sys
[2006.11.02 09:51:44 | 000,067,072 | ---- | M] (Microsoft Corporation) MD5=8D1866E61AF096AE8B582454F5E4D303 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_e487f727\cdrom.sys

< MD5 for: EXPLORER.EXE >
[2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 03:34:05 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: HAL.DLL >
[2009.04.11 07:32:46 | 000,177,128 | ---- | M] (Microsoft Corporation) MD5=B8D52005181A15D7D1470CBF2AF214DD -- C:\Windows\System32\hal.dll

< MD5 for: SCECLI.DLL >
[2008.01.21 03:34:39 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< MD5 for: SERVICES.EXE >
[2008.01.21 03:34:36 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2009.04.11 07:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\System32\services.exe
[2009.04.11 07:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

< MD5 for: SVCHOST.EXE >
[2008.01.21 03:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008.01.21 03:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe

< MD5 for: TCPIP.SYS >
[2008.04.26 09:08:16 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=01EC1E92595F839BEE70D439C46796E3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22167_none_b36dd19b7fae39c7\tcpip.sys
[2009.04.11 07:33:02 | 000,897,000 | ---- | M] (Microsoft Corporation) MD5=0E6B0885C3D5E4643ED2D043DE3433D8 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18005_none_b5098b5e63880c42\tcpip.sys
[2009.12.08 21:52:30 | 000,897,624 | ---- | M] (Microsoft Corporation) MD5=1ACBB7A47E78F4CC82D2EFFB72901528 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18377_none_b2d96a966698ad63\tcpip.sys
[2009.08.15 22:30:53 | 000,816,640 | ---- | M] (Microsoft Corporation) MD5=2512B4D1353370D6688B1AF1F5AFA1CF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_6030d425ab49af00\tcpip.sys
[2009.08.14 18:01:55 | 000,900,168 | ---- | M] (Microsoft Corporation) MD5=2608E71AAD54564647D4BB984E1925AA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys
[2012.03.30 13:39:11 | 000,905,600 | ---- | M] (Microsoft Corporation) MD5=27D470DABC77BC60D0A3B0E4DEB6CB91 -- C:\Windows\System32\drivers\tcpip.sys
[2012.03.30 13:39:11 | 000,905,600 | ---- | M] (Microsoft Corporation) MD5=27D470DABC77BC60D0A3B0E4DEB6CB91 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18604_none_b50896786388e1d5\tcpip.sys
[2010.02.18 12:51:51 | 000,818,688 | ---- | M] (Microsoft Corporation) MD5=2C1F7005AA3B62721BFDB307BD5F5010 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21226_none_6019359fab5bb15b\tcpip.sys
[2010.02.18 15:49:38 | 000,898,952 | ---- | M] (Microsoft Corporation) MD5=2EAE4500984C2F8DACFB977060300A15 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18427_none_b30f7c1866701ed5\tcpip.sys
[2009.08.14 15:24:47 | 000,813,568 | ---- | M] (Microsoft Corporation) MD5=300208927321066EA53761FDC98747C6 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16908_none_5fa75f38922bdbf4\tcpip.sys
[2009.12.08 21:15:00 | 000,907,832 | ---- | M] (Microsoft Corporation) MD5=46E6685F3E92AEC743773ADD4CD54F57 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22283_none_b53aaa1b7ce8560d\tcpip.sys
[2010.02.18 15:07:16 | 000,904,576 | ---- | M] (Microsoft Corporation) MD5=48CBE6D53632D0067C2D6B20F90D84CA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18209_none_b50d905263846bec\tcpip.sys
[2010.02.18 13:05:37 | 000,815,104 | ---- | M] (Microsoft Corporation) MD5=4A82FA8F0DF67AA354580C3FAAF8BDE3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.17021_none_5f8a957c924295b7\tcpip.sys
[2009.12.08 21:37:09 | 000,900,696 | ---- | M] (Microsoft Corporation) MD5=5653230D480A9C54D169E1B080B72CF5 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22577_none_b36309477fb64a54\tcpip.sys
[2010.06.16 16:55:58 | 000,902,032 | ---- | M] (Microsoft Corporation) MD5=6216A954ED7045B62880A92D6C9B9FC7 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys
[2009.08.14 17:27:34 | 000,904,776 | ---- | M] (Microsoft Corporation) MD5=65877AA1B6A7CB797488E831698973E9 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18091_none_b4a43aea63d4a25f\tcpip.sys
[2010.06.16 17:39:32 | 000,912,776 | ---- | M] (Microsoft Corporation) MD5=6A10AFCE0B38371064BE41C1FBFD3C6B -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22425_none_b57d8e037cb5db63\tcpip.sys
[2010.06.16 16:59:54 | 000,898,952 | ---- | M] (Microsoft Corporation) MD5=782568AB6A43160A159B6215B70BCCE9 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18493_none_b2bfcb7c66ac7d10\tcpip.sys
[2008.04.26 09:26:49 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=82E266BEE5F0167E41C6ECFDD2A79C02 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys
[2009.12.08 18:58:13 | 000,813,568 | ---- | M] (Microsoft Corporation) MD5=8734BD051FFDCBF8425CF222141C3741 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16973_none_5f56ae52926920d8\tcpip.sys
[2009.08.14 18:07:56 | 000,897,608 | ---- | M] (Microsoft Corporation) MD5=8A7AD2A214233F684242F289ED83EBC3 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_b3144862666d6db3\tcpip.sys
[2008.08.06 04:04:56 | 000,890,936 | ---- | M] (Microsoft Corporation) MD5=9081EBA4184E7EB87C55E18C089283A5 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22144_none_b38070957fa0b5e0\tcpip.sys
[2010.02.18 18:36:50 | 000,902,024 | ---- | M] (Microsoft Corporation) MD5=93A5655CD9CD2F080EF1CB71A3666215 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys
[2010.06.16 17:04:57 | 000,905,088 | ---- | M] (Microsoft Corporation) MD5=A474879AFA4A596B3A531F3E69730DBF -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18272_none_b4baded863c37e22\tcpip.sys
[2009.12.08 18:45:32 | 000,816,640 | ---- | M] (Microsoft Corporation) MD5=CA3A5756672013A66BB9D547A5A62DCA -- C:\Windows\winsxs\x86_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21175_none_5fe223d3ab852692\tcpip.sys
[2010.02.18 15:22:11 | 000,910,216 | ---- | M] (Microsoft Corporation) MD5=D9F5DD5BBC8348E8F8220CCBF14C022E -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22341_none_b563eb1d7cc9b0c2\tcpip.sys
[2009.12.08 21:01:08 | 000,904,776 | ---- | M] (Microsoft Corporation) MD5=DA467E7619AE5F4588E6262C13C8940A -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18160_none_b4c3ac4a63bd325c\tcpip.sys
[2012.03.30 13:39:11 | 000,914,304 | ---- | M] (Microsoft Corporation) MD5=EE7E10BED85C312C1D5D30C435BDDA9F -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22828_none_b58096797cb31c04\tcpip.sys
[2008.01.21 03:34:55 | 000,891,448 | ---- | M] (Microsoft Corporation) MD5=FC6E2835D667774D409C7C7021EAF9C4 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_b31e1252666640f6\tcpip.sys
[2009.08.14 17:33:50 | 000,905,784 | ---- | M] (Microsoft Corporation) MD5=FF71856BD4CD6D4367F9FD84BE79A874 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_b58e289d7caa2a80\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.01.21 03:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 03:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 03:34:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< >

< %systemroot%*.* /U /s >
[12 C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[7 C:\windows\Installer\*.tmp files -> C:\windows\Installer\*.tmp -> ]
[1 C:\windows\Temp\*.tmp files -> C:\windows\Temp\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2010.09.08 16:26:07 | 000,000,000 | ---D | M] -- C:\Users\Jitka\AppData\Roaming\Adobe
[2009.08.11 14:00:40 | 000,000,000 | ---D | M] -- C:\Users\Jitka\AppData\Roaming\GHISLER
[2009.08.11 13:38:48 | 000,000,000 | ---D | M] -- C:\Users\Jitka\AppData\Roaming\Hewlett-Packard
[2009.08.26 19:59:18 | 000,000,000 | ---D | M] -- C:\Users\Jitka\AppData\Roaming\HPQLOG
[2011.05.05 22:04:27 | 000,000,000 | ---D | M] -- C:\Users\Jitka\AppData\Roaming\HpUpdate
[2012.11.03 11:58:32 | 000,000,000 | ---D | M] -- C:\Users\Jitka\AppData\Roaming\ICQ
[2012.09.23 16:45:33 | 000,000,000 | ---D | M] -- C:\Users\Jitka\AppData\Roaming\ICQ Search
[2009.08.11 13:41:53 | 000,000,000 | ---D | M] -- C:\Users\Jitka\AppData\Roaming\Identities
[2009.08.11 13:29:05 | 000,000,000 | ---D | M] -- C:\Users\Jitka\AppData\Roaming\InstallShield
[2009.08.11 15:54:44 | 000,000,000 | ---D | M] -- C:\Users\Jitka\AppData\Roaming\InterVideo
[2009.08.11 13:39:05 | 000,000,000 | ---D | M] -- C:\Users\Jitka\AppData\Roaming\Macromedia
[2012.07.21 15:25:27 | 000,000,000 | --SD | M] -- C:\Users\Jitka\AppData\Roaming\Microsoft
[2012.09.23 16:41:28 | 000,000,000 | ---D | M] -- C:\Users\Jitka\AppData\Roaming\Miranda
[2009.08.11 13:54:58 | 000,000,000 | ---D | M] -- C:\Users\Jitka\AppData\Roaming\Mozilla
[2009.09.23 20:28:20 | 000,000,000 | ---D | M] -- C:\Users\Jitka\AppData\Roaming\PSpad
[2012.11.03 11:20:06 | 000,000,000 | ---D | M] -- C:\Users\Jitka\AppData\Roaming\SiteAdvisor
[2012.09.30 16:41:45 | 000,000,000 | ---D | M] -- C:\Users\Jitka\AppData\Roaming\Skype
[2012.10.08 16:54:18 | 000,000,000 | ---D | M] -- C:\Users\Jitka\AppData\Roaming\TeamViewer
[2010.09.28 18:11:16 | 000,000,000 | ---D | M] -- C:\Users\Jitka\AppData\Roaming\U3
[2012.04.09 21:27:07 | 000,000,000 | ---D | M] -- C:\Users\Jitka\AppData\Roaming\vlc
[2009.08.14 19:52:22 | 000,000,000 | ---D | M] -- C:\Users\Jitka\AppData\Roaming\Winamp

< %APPDATA%\*.exe /s >
[2011.10.09 08:22:02 | 008,188,064 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Jitka\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
[2007.10.23 08:27:20 | 000,110,592 | ---- | M] () -- C:\Users\Jitka\AppData\Roaming\U3\temp\cleanup.exe
[2007.10.23 08:22:56 | 003,350,528 | -H-- | M] (SanDisk Corporation) -- C:\Users\Jitka\AppData\Roaming\U3\temp\Launchpad Removal.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job >
[2012.11.03 13:28:05 | 000,000,914 | ---- | M] () -- C:\windows\Tasks\Adobe Flash Player Updater.job
[2012.11.03 12:53:04 | 000,000,910 | ---- | M] () -- C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3858815830-4286555592-3916270694-1004Core.job
[2012.11.03 13:53:09 | 000,000,962 | ---- | M] () -- C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3858815830-4286555592-3916270694-1004UA.job

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2008.05.14 01:36:18 | 000,108,752 | ---- | M] () Unable to obtain MD5 -- C:\windows\system32\drivers\SafeBoot.sys

< %systemroot%\System32\config\*.sav >
[2008.01.21 04:31:11 | 015,716,352 | ---- | M] () -- C:\windows\System32\config\COMPONENTS.SAV
[2008.01.21 04:31:01 | 000,102,400 | ---- | M] () -- C:\windows\System32\config\DEFAULT.SAV
[2008.01.21 04:31:12 | 000,020,480 | ---- | M] () -- C:\windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2012.11.03 13:55:36 | 000,003,216 | -H-- | M] () -- C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.03 13:55:36 | 000,003,216 | -H-- | M] () -- C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.03 11:57:08 | 000,011,337 | ---- | M] () -- C:\windows\system32\Config.MPF
[2012.11.03 11:53:49 | 000,002,577 | ---- | M] () -- C:\windows\system32\config.nt
[2012.11.03 12:02:51 | 000,137,892 | ---- | M] () -- C:\windows\system32\perfc005.dat
[2012.11.03 12:02:52 | 000,119,964 | ---- | M] () -- C:\windows\system32\perfc009.dat
[2012.11.03 12:02:52 | 000,644,626 | ---- | M] () -- C:\windows\system32\perfh005.dat
[2012.11.03 12:02:52 | 000,634,400 | ---- | M] () -- C:\windows\system32\perfh009.dat
[2012.11.03 12:02:51 | 001,532,486 | ---- | M] () -- C:\windows\system32\PerfStringBackup.INI
[2012.11.03 11:55:42 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\windows\system32\rpcnet.dll
[2012.11.03 11:55:42 | 000,017,408 | ---- | M] () -- C:\windows\system32\rpcnetp.dll
[2012.11.03 11:55:46 | 000,017,408 | ---- | M] () -- C:\windows\system32\rpcnetp.exe

< %SYSTEMDRIVE%\*.exe >

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Sidebar" = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun -- [2009.04.11 07:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation)
"LightScribe Control Panel" = C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden -- [2008.03.18 01:59:40 | 002,289,664 | ---- | M] (Hewlett-Packard Company)
"ICQ" = "C:\Program Files\ICQ7M\ICQ.exe" silent loginmode=4 -- [2012.09.23 16:44:18 | 000,127,040 | ---- | M] (ICQ, LLC.)

poli29 · #43 Příspěvek od **poli29** » 03 lis 2012 14:19

< >

< %PROGRAMFILES%\Mozilla Firefox\firefox.exe /md5 >
[2012.10.24 18:49:10 | 000,917,984 | ---- | M] (Mozilla Corporation) MD5=E60E9D5F229CB8DA347D48ADD6E8DC47 -- C:\Program Files\Mozilla Firefox\firefox.exe

< %PROGRAMFILES%\Internet Explorer\iexplore.exe /md5 >
[2012.10.01 11:18:30 | 000,748,680 | ---- | M] (Microsoft Corporation) MD5=22CC6CDBA678790046693654C3B212E4 -- C:\Program Files\Internet Explorer\iexplore.exe

< %PROGRAMFILES%\Opera\opera.exe /md5 >

< %PROGRAMFILES%\Google\Chrome\Application\chrome.exe /md5 >

< >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2012.11.03 13:22:57 | 000,000,512 | ---- | M] () MD5=D7B0E82A1AFB7D5A77C59A40B76F1D32 -- C:\PhysicalMBR.bin

< >

< *crack* /s >
[2011.11.17 15:09:34 | 103,478,857 | ---- | M] () -- \Install files\avast!-5Pro-crack-licence+cz-návod.rar
[2011.11.17 15:27:41 | 000,000,162 | -H-- | M] () -- \Install files\~$ast!-5Pro-crack-licence+cz-návod.rar
[2011.11.17 15:29:09 | 000,000,815 | ---- | M] () -- \Users\Jitka\AppData\Roaming\Microsoft\Windows\Recent\avast!-5Pro-crack-licence+cz-návod.lnk

< *keygen* /s >

< *loader* /s >
[2006.09.11 03:16:26 | 005,038,080 | ---- | M] () -- \Program Files\Adobe\Adobe Premiere Elements 3.0\APD\Photo Downloader\Photodownloader.exe
[2006.09.11 03:16:32 | 000,000,299 | ---- | M] () -- \Program Files\Adobe\Adobe Premiere Elements 3.0\APD\Photo Downloader\Photodownloader.ini
[2006.09.11 03:16:28 | 000,011,161 | ---- | M] () -- \Program Files\Adobe\Adobe Premiere Elements 3.0\APD\shared_assets\bitmaps\main_window\C_LoadError.png
[2006.10.26 21:40:34 | 000,057,344 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VS7DEBUG\coloader.dll
[2006.10.26 21:40:34 | 000,005,120 | ---- | M] () -- \Program Files\Common Files\microsoft shared\VS7DEBUG\coloader.tlb
[2008.04.08 10:47:54 | 000,053,511 | R--- | M] () -- \Program Files\Common Files\Roxio Shared\10.0\Common Resources\Shared\Generic\Images\themeloader_default_chapter.jpg
[2008.04.08 10:47:54 | 000,053,511 | R--- | M] () -- \Program Files\Common Files\Roxio Shared\10.0\Common Resources\Shared\Generic\Images\themeloader_default_menu.jpg
[2008.04.17 17:29:48 | 000,007,307 | R--- | M] () -- \Program Files\Common Files\Roxio Shared\10.0\Common Resources\Shared\Locale\1025\Strings\RCMFormatLoaderStrings.xml
[2008.04.17 17:29:48 | 000,007,270 | R--- | M] () -- \Program Files\Common Files\Roxio Shared\10.0\Common Resources\Shared\Locale\1028\Strings\RCMFormatLoaderStrings.xml
[2008.04.17 17:29:50 | 000,007,610 | R--- | M] () -- \Program Files\Common Files\Roxio Shared\10.0\Common Resources\Shared\Locale\1029\Strings\RCMFormatLoaderStrings.xml
[2008.04.17 17:29:52 | 000,007,281 | R--- | M] () -- \Program Files\Common Files\Roxio Shared\10.0\Common Resources\Shared\Locale\1030\Strings\RCMFormatLoaderStrings.xml
[2008.04.17 17:29:54 | 000,007,323 | R--- | M] () -- \Program Files\Common Files\Roxio Shared\10.0\Common Resources\Shared\Locale\1031\Strings\RCMFormatLoaderStrings.xml
[2008.04.17 17:29:56 | 000,007,778 | R--- | M] () -- \Program Files\Common Files\Roxio Shared\10.0\Common Resources\Shared\Locale\1032\Strings\RCMFormatLoaderStrings.xml
[2008.04.17 17:29:56 | 000,007,283 | R--- | M] () -- \Program Files\Common Files\Roxio Shared\10.0\Common Resources\Shared\Locale\1033\Strings\RCMFormatLoaderStrings.xml
[2008.04.17 17:29:58 | 000,007,410 | R--- | M] () -- \Program Files\Common Files\Roxio Shared\10.0\Common Resources\Shared\Locale\1035\Strings\RCMFormatLoaderStrings.xml
[2008.04.17 17:30:00 | 000,007,262 | R--- | M] () -- \Program Files\Common Files\Roxio Shared\10.0\Common Resources\Shared\Locale\1036\Strings\RCMFormatLoaderStrings.xml
[2008.04.17 17:30:02 | 000,007,307 | R--- | M] () -- \Program Files\Common Files\Roxio Shared\10.0\Common Resources\Shared\Locale\1037\Strings\RCMFormatLoaderStrings.xml
[2008.04.17 17:30:04 | 000,007,409 | R--- | M] () -- \Program Files\Common Files\Roxio Shared\10.0\Common Resources\Shared\Locale\1038\Strings\RCMFormatLoaderStrings.xml
[2008.04.17 17:30:04 | 000,007,305 | R--- | M] () -- \Program Files\Common Files\Roxio Shared\10.0\Common Resources\Shared\Locale\1040\Strings\RCMFormatLoaderStrings.xml
[2008.04.17 17:30:06 | 000,007,846 | R--- | M] () -- \Program Files\Common Files\Roxio Shared\10.0\Common Resources\Shared\Locale\1041\Strings\RCMFormatLoaderStrings.xml
[2008.04.17 17:30:08 | 000,007,427 | R--- | M] () -- \Program Files\Common Files\Roxio Shared\10.0\Common Resources\Shared\Locale\1042\Strings\RCMFormatLoaderStrings.xml
[2008.04.17 17:30:10 | 000,007,400 | R--- | M] () -- \Program Files\Common Files\Roxio Shared\10.0\Common Resources\Shared\Locale\1043\Strings\RCMFormatLoaderStrings.xml
[2008.04.17 17:30:10 | 000,007,329 | R--- | M] () -- \Program Files\Common Files\Roxio Shared\10.0\Common Resources\Shared\Locale\1044\Strings\RCMFormatLoaderStrings.xml
[2008.04.17 17:30:12 | 000,007,397 | R--- | M] () -- \Program Files\Common Files\Roxio Shared\10.0\Common Resources\Shared\Locale\1045\Strings\RCMFormatLoaderStrings.xml
[2008.04.17 17:30:14 | 000,007,525 | R--- | M] () -- \Program Files\Common Files\Roxio Shared\10.0\Common Resources\Shared\Locale\1046\Strings\RCMFormatLoaderStrings.xml
[2008.04.17 17:30:16 | 000,007,914 | R--- | M] () -- \Program Files\Common Files\Roxio Shared\10.0\Common Resources\Shared\Locale\1049\Strings\RCMFormatLoaderStrings.xml
[2008.04.17 17:30:16 | 000,007,290 | R--- | M] () -- \Program Files\Common Files\Roxio Shared\10.0\Common Resources\Shared\Locale\1053\Strings\RCMFormatLoaderStrings.xml
[2008.04.17 17:30:18 | 000,007,474 | R--- | M] () -- \Program Files\Common Files\Roxio Shared\10.0\Common Resources\Shared\Locale\1055\Strings\RCMFormatLoaderStrings.xml
[2008.04.17 17:30:20 | 000,007,227 | R--- | M] () -- \Program Files\Common Files\Roxio Shared\10.0\Common Resources\Shared\Locale\2052\Strings\RCMFormatLoaderStrings.xml
[2008.04.17 17:30:22 | 000,007,584 | R--- | M] () -- \Program Files\Common Files\Roxio Shared\10.0\Common Resources\Shared\Locale\2070\Strings\RCMFormatLoaderStrings.xml
[2008.04.17 17:30:22 | 000,007,654 | R--- | M] () -- \Program Files\Common Files\Roxio Shared\10.0\Common Resources\Shared\Locale\3082\Strings\RCMFormatLoaderStrings.xml
[2008.04.08 13:11:52 | 000,215,536 | ---- | M] () -- \Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSFileLoader.dll
[2008.04.08 13:11:54 | 000,084,464 | ---- | M] () -- \Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSFormatLoaderBMP.dll
[2008.04.08 13:11:56 | 000,072,176 | ---- | M] () -- \Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSFormatLoaderECDC.dll
[2008.04.08 13:11:58 | 000,092,656 | ---- | M] () -- \Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSFormatLoaderGIF.dll
[2008.04.08 13:12:00 | 000,207,344 | ---- | M] () -- \Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSFormatLoaderJPG2.dll
[2008.04.08 13:13:14 | 000,072,176 | ---- | M] () -- \Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSFormatLoaderMDC.dll
[2008.04.08 13:12:02 | 000,133,616 | ---- | M] () -- \Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSFormatLoaderPNG.dll
[2008.04.08 13:12:04 | 000,104,944 | ---- | M] () -- \Program Files\Common Files\Roxio Shared\10.0\SharedCOM\CPSFormatLoaderTIFF.dll
[2008.04.08 13:12:42 | 000,154,096 | ---- | M] () -- \Program Files\Common Files\Roxio Shared\10.0\SharedCOM\LeResourceLoader.dll
[2012.09.20 08:26:10 | 000,001,538 | ---- | M] () -- \Program Files\HF Designer\Loader.elf
[2012.09.20 08:26:02 | 000,778,904 | ---- | M] () -- \Program Files\HF Designer\Loader.exe
[2012.09.23 16:44:08 | 000,005,795 | ---- | M] () -- \Program Files\ICQ7M\imApp\theme\IMAGES\XtraPreloader\loader.jpg
[2012.09.23 16:44:11 | 000,004,180 | ---- | M] () -- \Program Files\ICQ7M\imApp\theme\IMAGES\XtraPreloader\zlango-preloader.png
[2012.09.23 16:44:06 | 000,005,520 | ---- | M] () -- \Program Files\ICQ7M\imApp\theme\MUICoreLib\xtraLoader.swf
[2010.01.20 15:49:10 | 000,054,688 | ---- | M] () -- \Program Files\Panasonic\HD Writer AE 2.0\YouTubeUploaderMain.exe
[2010.01.20 15:40:38 | 003,361,792 | ---- | M] () -- \Program Files\Panasonic\HD Writer AE 2.0\YTUploader.dll
[2009.11.26 09:56:24 | 000,000,112 | ---- | M] () -- \Program Files\Panasonic\HD Writer AE 2.0\YTUploader.ini
[2010.01.19 21:09:38 | 000,150,016 | ---- | M] () -- \Program Files\Panasonic\HD Writer AE 2.0\Core\Spec\AVCHD\BDCore\MediaLoader.dll
[2009.07.07 14:53:36 | 000,131,072 | ---- | M] () -- \Program Files\Panasonic\HD Writer AE 2.0\MICS\MicsLoader.dll
[2008.03.31 19:10:30 | 000,141,808 | ---- | M] () -- \Program Files\Roxio\VideoCore 10\VOBLoader.ax
[2008.04.01 20:01:32 | 000,170,480 | ---- | M] () -- \Program Files\Roxio\VideoUI 10\DSThemeLoader.dll
[2008.04.01 20:01:50 | 000,113,136 | ---- | M] () -- \Program Files\Roxio\VideoUI 10\DVDFormatLoaderPlugIn.dll
[2008.04.01 19:26:34 | 000,053,511 | R--- | M] () -- \Program Files\Roxio\VideoUI 10\Skins\Default\Generic\Images\themeloader_default_chapter.jpg
[2008.04.01 19:26:34 | 000,053,511 | R--- | M] () -- \Program Files\Roxio\VideoUI 10\Skins\Default\Generic\Images\themeloader_default_menu.jpg
[2008.04.01 19:26:34 | 000,040,000 | R--- | M] () -- \Program Files\Roxio\VideoUI 10\Skins\Default\Generic\Images\themeloader_hourglass.jpg
[2012.06.18 11:39:40 | 000,072,638 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\loader.gif
[2012.06.18 11:39:40 | 000,003,032 | ---- | M] () -- \ProgramData\Skype\Apps\login\images\loader.png
[2008.04.08 10:47:54 | 000,053,511 | R--- | M] () -- \Swsetup\Roxio\EMC_HP_101\Common\Roxio Shared\10.0\Common Resources\Shared\Generic\Images\themeloader_default_chapter.jpg
[2008.04.08 10:47:54 | 000,053,511 | R--- | M] () -- \Swsetup\Roxio\EMC_HP_101\Common\Roxio Shared\10.0\Common Resources\Shared\Generic\Images\themeloader_default_menu.jpg
[2008.04.17 17:29:48 | 000,007,307 | R--- | M] () -- \Swsetup\Roxio\EMC_HP_101\Common\Roxio Shared\10.0\Common Resources\Shared\Locale\1025\Strings\RCMFormatLoaderStrings.xml
[2008.04.17 17:29:48 | 000,007,270 | R--- | M] () -- \Swsetup\Roxio\EMC_HP_101\Common\Roxio Shared\10.0\Common Resources\Shared\Locale\1028\Strings\RCMFormatLoaderStrings.xml
[2008.04.17 17:29:50 | 000,007,610 | R--- | M] () -- \Swsetup\Roxio\EMC_HP_101\Common\Roxio Shared\10.0\Common Resources\Shared\Locale\1029\Strings\RCMFormatLoaderStrings.xml
[2008.04.17 17:29:52 | 000,007,281 | R--- | M] () -- \Swsetup\Roxio\EMC_HP_101\Common\Roxio Shared\10.0\Common Resources\Shared\Locale\1030\Strings\RCMFormatLoaderStrings.xml
[2008.04.17 17:29:54 | 000,007,323 | R--- | M] () -- \Swsetup\Roxio\EMC_HP_101\Common\Roxio Shared\10.0\Common Resources\Shared\Locale\1031\Strings\RCMFormatLoaderStrings.xml
[2008.04.17 17:29:56 | 000,007,778 | R--- | M] () -- \Swsetup\Roxio\EMC_HP_101\Common\Roxio Shared\10.0\Common Resources\Shared\Locale\1032\Strings\RCMFormatLoaderStrings.xml
[2008.04.17 17:29:56 | 000,007,283 | R--- | M] () -- \Swsetup\Roxio\EMC_HP_101\Common\Roxio Shared\10.0\Common Resources\Shared\Locale\1033\Strings\RCMFormatLoaderStrings.xml
[2008.04.17 17:29:58 | 000,007,410 | R--- | M] () -- \Swsetup\Roxio\EMC_HP_101\Common\Roxio Shared\10.0\Common Resources\Shared\Locale\1035\Strings\RCMFormatLoaderStrings.xml
[2008.04.17 17:30:00 | 000,007,262 | R--- | M] () -- \Swsetup\Roxio\EMC_HP_101\Common\Roxio Shared\10.0\Common Resources\Shared\Locale\1036\Strings\RCMFormatLoaderStrings.xml
[2008.04.17 17:30:02 | 000,007,307 | R--- | M] () -- \Swsetup\Roxio\EMC_HP_101\Common\Roxio Shared\10.0\Common Resources\Shared\Locale\1037\Strings\RCMFormatLoaderStrings.xml
[2008.04.17 17:30:04 | 000,007,409 | R--- | M] () -- \Swsetup\Roxio\EMC_HP_101\Common\Roxio Shared\10.0\Common Resources\Shared\Locale\1038\Strings\RCMFormatLoaderStrings.xml
[2008.04.17 17:30:04 | 000,007,305 | R--- | M] () -- \Swsetup\Roxio\EMC_HP_101\Common\Roxio Shared\10.0\Common Resources\Shared\Locale\1040\Strings\RCMFormatLoaderStrings.xml
[2008.04.17 17:30:06 | 000,007,846 | R--- | M] () -- \Swsetup\Roxio\EMC_HP_101\Common\Roxio Shared\10.0\Common Resources\Shared\Locale\1041\Strings\RCMFormatLoaderStrings.xml
[2008.04.17 17:30:08 | 000,007,427 | R--- | M] () -- \Swsetup\Roxio\EMC_HP_101\Common\Roxio Shared\10.0\Common Resources\Shared\Locale\1042\Strings\RCMFormatLoaderStrings.xml
[2008.04.17 17:30:10 | 000,007,400 | R--- | M] () -- \Swsetup\Roxio\EMC_HP_101\Common\Roxio Shared\10.0\Common Resources\Shared\Locale\1043\Strings\RCMFormatLoaderStrings.xml
[2008.04.17 17:30:10 | 000,007,329 | R--- | M] () -- \Swsetup\Roxio\EMC_HP_101\Common\Roxio Shared\10.0\Common Resources\Shared\Locale\1044\Strings\RCMFormatLoaderStrings.xml
[2008.04.17 17:30:12 | 000,007,397 | R--- | M] () -- \Swsetup\Roxio\EMC_HP_101\Common\Roxio Shared\10.0\Common Resources\Shared\Locale\1045\Strings\RCMFormatLoaderStrings.xml
[2008.04.17 17:30:14 | 000,007,525 | R--- | M] () -- \Swsetup\Roxio\EMC_HP_101\Common\Roxio Shared\10.0\Common Resources\Shared\Locale\1046\Strings\RCMFormatLoaderStrings.xml
[2008.04.17 17:30:16 | 000,007,914 | R--- | M] () -- \Swsetup\Roxio\EMC_HP_101\Common\Roxio Shared\10.0\Common Resources\Shared\Locale\1049\Strings\RCMFormatLoaderStrings.xml
[2008.04.17 17:30:16 | 000,007,290 | R--- | M] () -- \Swsetup\Roxio\EMC_HP_101\Common\Roxio Shared\10.0\Common Resources\Shared\Locale\1053\Strings\RCMFormatLoaderStrings.xml
[2008.04.17 17:30:18 | 000,007,474 | R--- | M] () -- \Swsetup\Roxio\EMC_HP_101\Common\Roxio Shared\10.0\Common Resources\Shared\Locale\1055\Strings\RCMFormatLoaderStrings.xml
[2008.04.17 17:30:20 | 000,007,227 | R--- | M] () -- \Swsetup\Roxio\EMC_HP_101\Common\Roxio Shared\10.0\Common Resources\Shared\Locale\2052\Strings\RCMFormatLoaderStrings.xml
[2008.04.17 17:30:22 | 000,007,584 | R--- | M] () -- \Swsetup\Roxio\EMC_HP_101\Common\Roxio Shared\10.0\Common Resources\Shared\Locale\2070\Strings\RCMFormatLoaderStrings.xml
[2008.04.17 17:30:22 | 000,007,654 | R--- | M] () -- \Swsetup\Roxio\EMC_HP_101\Common\Roxio Shared\10.0\Common Resources\Shared\Locale\3082\Strings\RCMFormatLoaderStrings.xml
[2008.04.08 13:11:52 | 000,215,536 | ---- | M] () -- \Swsetup\Roxio\EMC_HP_101\Common\Roxio Shared\10.0\SharedCOM\CPSFileLoader.dll
[2008.04.08 13:11:54 | 000,084,464 | ---- | M] () -- \Swsetup\Roxio\EMC_HP_101\Common\Roxio Shared\10.0\SharedCOM\CPSFormatLoaderBMP.dll
[2008.04.08 13:11:56 | 000,072,176 | ---- | M] () -- \Swsetup\Roxio\EMC_HP_101\Common\Roxio Shared\10.0\SharedCOM\CPSFormatLoaderECDC.dll
[2008.04.08 13:11:58 | 000,092,656 | ---- | M] () -- \Swsetup\Roxio\EMC_HP_101\Common\Roxio Shared\10.0\SharedCOM\CPSFormatLoaderGIF.dll
[2008.04.08 13:12:00 | 000,207,344 | ---- | M] () -- \Swsetup\Roxio\EMC_HP_101\Common\Roxio Shared\10.0\SharedCOM\CPSFormatLoaderJPG2.dll
[2008.04.08 13:13:14 | 000,072,176 | ---- | M] () -- \Swsetup\Roxio\EMC_HP_101\Common\Roxio Shared\10.0\SharedCOM\CPSFormatLoaderMDC.dll
[2008.04.08 13:12:02 | 000,133,616 | ---- | M] () -- \Swsetup\Roxio\EMC_HP_101\Common\Roxio Shared\10.0\SharedCOM\CPSFormatLoaderPNG.dll
[2008.04.08 13:12:04 | 000,104,944 | ---- | M] () -- \Swsetup\Roxio\EMC_HP_101\Common\Roxio Shared\10.0\SharedCOM\CPSFormatLoaderTIFF.dll
[2008.04.08 13:12:42 | 000,154,096 | ---- | M] () -- \Swsetup\Roxio\EMC_HP_101\Common\Roxio Shared\10.0\SharedCOM\LeResourceLoader.dll
[2008.03.31 19:10:30 | 000,141,808 | ---- | M] () -- \Swsetup\Roxio\EMC_HP_101\program files\Roxio\VideoCore 10\VOBLoader.ax
[2008.04.01 20:01:32 | 000,170,480 | ---- | M] () -- \Swsetup\Roxio\EMC_HP_101\program files\Roxio\VideoUI 10\DSThemeLoader.dll
[2008.04.01 20:01:50 | 000,113,136 | ---- | M] () -- \Swsetup\Roxio\EMC_HP_101\program files\Roxio\VideoUI 10\DVDFormatLoaderPlugIn.dll
[2008.04.01 19:26:34 | 000,053,511 | R--- | M] () -- \Swsetup\Roxio\EMC_HP_101\program files\Roxio\VideoUI 10\Skins\Default\Generic\Images\themeloader_default_chapter.jpg
[2008.04.01 19:26:34 | 000,053,511 | R--- | M] () -- \Swsetup\Roxio\EMC_HP_101\program files\Roxio\VideoUI 10\Skins\Default\Generic\Images\themeloader_default_menu.jpg
[2008.04.01 19:26:34 | 000,040,000 | R--- | M] () -- \Swsetup\Roxio\EMC_HP_101\program files\Roxio\VideoUI 10\Skins\Default\Generic\Images\themeloader_hourglass.jpg
[2012.06.18 11:39:40 | 000,072,638 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\loader.gif
[2012.06.18 11:39:40 | 000,003,032 | ---- | M] () -- \Users\All Users\Skype\Apps\login\images\loader.png
[2012.09.20 08:45:12 | 000,002,756 | ---- | M] () -- \Users\Jirka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4FFH9AEG\RmsLoader[1].js
[2012.09.20 08:47:05 | 000,001,485 | ---- | M] () -- \Users\Jirka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4FFH9AEG\scriptloader[1].htm
[2012.09.20 08:47:15 | 000,001,485 | ---- | M] () -- \Users\Jirka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\4FFH9AEG\scriptloader[2].htm
[2012.09.20 08:47:04 | 000,000,505 | ---- | M] () -- \Users\Jirka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BNW5QHOY\productloader[1].htm
[2012.09.20 08:48:51 | 000,001,485 | ---- | M] () -- \Users\Jirka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BNW5QHOY\scriptloader[1].htm
[2012.09.20 08:47:19 | 000,001,485 | ---- | M] () -- \Users\Jirka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PUYN5BIS\scriptloader[1].htm
[2012.09.20 08:52:19 | 000,001,485 | ---- | M] () -- \Users\Jirka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\PUYN5BIS\scriptloader[2].htm
[2012.09.20 08:52:11 | 000,001,485 | ---- | M] () -- \Users\Jirka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TBSAZB9L\scriptloader[1].htm
[2011.10.08 09:00:08 | 000,000,673 | ---- | M] () -- \Users\Jitka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\53Y6TB3W\loader.white[1].gif
[2011.10.08 09:00:41 | 000,000,673 | ---- | M] () -- \Users\Jitka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\53Y6TB3W\loader.white[2].gif
[2012.11.03 11:40:23 | 000,023,237 | ---- | M] () -- \Users\Jitka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AOYGJZ37\block-loader-7[1].png
[2012.11.03 11:33:31 | 000,003,815 | ---- | M] () -- \Users\Jitka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AOYGJZ37\loader[1].js
[2012.11.03 10:14:14 | 000,003,705 | ---- | M] () -- \Users\Jitka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O6CAW019\lang_loader[1].gif
[2012.11.03 11:40:23 | 000,001,870 | ---- | M] () -- \Users\Jitka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O6CAW019\preloader-1[1].gif
[2012.11.03 11:30:47 | 000,027,779 | ---- | M] () -- \Users\Jitka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\O6CAW019\yuiloader-min[1].js
[2009.11.03 19:18:41 | 000,000,054 | ---- | M] () -- \Users\Jitka\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\WK9YVM75\media.mtvnservices.com\player\loader\loaderLogging.sol
[2009.08.14 20:07:27 | 000,082,784 | ---- | M] () -- \Windows\assembly\GAC\IALoader\1.7.6223.0__31bf3856ad364e35\IALoader.dll
[2012.10.01 14:43:52 | 000,149,504 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\YouTubeUploaderMain\f02a73757435bf1d55e4b9c4ae325646\YouTubeUploaderMain.ni.exe
[2012.10.01 14:43:53 | 003,770,368 | ---- | M] () -- \Windows\assembly\NativeImages_v2.0.50727_32\YTUploader\78aee60a91af8490be55174caec5e708\YTUploader.ni.dll
[2008.01.21 03:33:05 | 000,038,400 | ---- | M] () -- \Windows\System32\dmloader.dll
[2009.08.12 13:37:57 | 000,003,208 | ---- | M] () -- \Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FOM77UGM\ajax-loader[1].gif
[2008.04.17 10:59:57 | 000,003,402 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6001.18000_cs-cz_33426ea9fd097a15.manifest
[2008.04.17 10:59:57 | 000,027,648 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6001.18000_cs-cz_33426ea9fd097a15_winload.exe.mui_3bc5b827
[2008.04.17 10:59:57 | 000,019,968 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6001.18000_cs-cz_33426ea9fd097a15_winresume.exe.mui_ff8b5358
[2012.09.30 15:23:40 | 000,004,864 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6002.18005_none_5d12333e69c8ab94.manifest
[2012.09.30 15:23:41 | 000,986,600 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6002.18005_none_5d12333e69c8ab94_winload.exe_75835076
[2012.09.30 15:23:41 | 000,926,184 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6002.18005_none_5d12333e69c8ab94_winresume.exe_85cd1215
[2008.01.21 03:36:35 | 000,003,885 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.0.6001.18000_none_6b332839511be4b2.manifest
[2008.01.21 03:36:35 | 000,021,048 | ---- | M] () -- \Windows\winsxs\Backup\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.0.6001.18000_none_6b332839511be4b2_spldr.sys_98bd87a0
[2008.02.29 08:26:23 | 000,003,414 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.16646_de-de_cb9c6772f81a418b.manifest
[2008.02.29 08:19:08 | 000,003,414 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.16646_en-us_748d3d6be6f84d50.manifest
[2008.02.29 11:05:29 | 000,003,414 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.16646_es-es_74589a4fe71f3ef5.manifest
[2008.02.29 11:07:01 | 000,003,414 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.16646_fr-fr_1710104ed9f15557.manifest
[2008.02.29 11:05:17 | 000,003,414 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.16646_it-it_01380695b1233ad5.manifest
[2008.02.29 09:14:00 | 000,003,414 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.16646_ja-jp_a35d85a2a43e4cb0.manifest
[2008.02.29 11:02:51 | 000,003,414 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.16646_nl-nl_2d992eca70004957.manifest
[2008.02.29 08:19:24 | 000,003,414 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.20782_de-de_cbf6c366115bebbd.manifest
[2008.02.29 08:21:05 | 000,003,414 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.20782_en-us_74e7995f0039f782.manifest
[2008.02.29 10:56:53 | 000,003,414 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.20782_es-es_74b2f6430060e927.manifest
[2008.02.29 11:12:24 | 000,003,414 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.20782_fr-fr_176a6c41f332ff89.manifest
[2008.02.29 11:01:15 | 000,003,414 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.20782_it-it_01926288ca64e507.manifest
[2008.02.29 08:46:06 | 000,003,414 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.20782_ja-jp_a3b7e195bd7ff6e2.manifest
[2008.02.29 10:17:45 | 000,003,414 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6000.20782_nl-nl_2df38abd8941f389.manifest
[2008.04.17 10:46:13 | 000,003,402 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..os-loader.resources_31bf3856ad364e35_6.0.6001.18000_cs-cz_33426ea9fd097a15.manifest
[2008.02.29 08:17:27 | 000,004,858 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6000.16646_none_591b3d986f9b5725.manifest
[2008.02.29 08:13:09 | 000,004,858 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6000.20782_none_5975998b88dd0157.manifest
[2008.01.21 03:29:34 | 000,004,864 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6001.18000_none_5b26ba326ca6e048.manifest
[2008.02.29 09:08:07 | 000,004,864 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6001.18027_none_5b181c606cb0c98b.manifest
[2008.02.29 08:37:27 | 000,004,864 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6001.22125_none_5b9fb89785d036a7.manifest
[2009.04.10 23:12:44 | 000,004,864 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-b..vironment-os-loader_31bf3856ad364e35_6.0.6002.18005_none_5d12333e69c8ab94.manifest
[2006.11.02 11:13:06 | 000,003,970 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.0.6000.16386_none_68fc663d5430d3de.manifest
[2008.01.21 03:27:10 | 000,003,885 | ---- | M] () -- \Windows\winsxs\Manifests\x86_microsoft-windows-s..ive-blackbox-loader_31bf3856ad364e35_6.0.6001.18000_none_6b332839511be4b2.manifest
[2008.01.21 03:33:05 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.0.6001.18000_none_45f41bf18fa2cf5a\dmloader.dll
[2008.01.21 03:33:05 | 000,038,400 | ---- | M] () -- \Windows\winsxs\x86_microsoft-windows-audio-dmusic_31bf3856ad364e35_6.0.6002.18005_none_47df94fd8cc49aa6\dmloader.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Jitka\Desktop\Vypravej-03x09-Prvni-polibek.avi:TOC.WMV

< End of report >

poli29 · #44 Příspěvek od **poli29** » 03 lis 2012 14:20

OTL Extras logfile created on: 3.11.2012 13:16:02 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jitka\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1,93 Gb Total Physical Memory | 0,83 Gb Available Physical Memory | 42,92% Memory free
4,09 Gb Paging File | 2,68 Gb Available in Paging File | 65,37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,88 Gb Total Space | 49,20 Gb Free Space | 22,07% Space Free | Partition Type: NTFS
Drive D: | 9,00 Gb Total Space | 1,96 Gb Free Space | 21,77% Space Free | Partition Type: NTFS
Drive E: | 1,21 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive F: | 1021,00 Mb Total Space | 1018,74 Mb Free Space | 99,78% Space Free | Partition Type: FAT32
Drive K: | 3,68 Gb Total Space | 2,80 Gb Free Space | 76,02% Space Free | Partition Type: FAT32

Computer Name: JITKA-NB | User Name: Jitka | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3858815830-4286555592-3916270694-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 1
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F9E91DC-EF5D-4406-836C-7945C5306EDF}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{10D7E402-B59A-4E23-BC0E-98C9950F9FB9}" = lport=138 | protocol=17 | dir=in | app=system |
"{2A31FDCA-0B78-4BB3-95AA-63AA4FBA1E5F}" = rport=445 | protocol=6 | dir=out | app=system |
"{3CF2F3A1-8EFB-4748-ACC0-68D97D9579CF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4CFCF81A-1F70-45BA-BC3C-83C066F398E4}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{50826AF4-9EE0-4960-9958-1F5C45EDD06F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{557047E8-4C7F-4800-9A8F-AEEA3CF42648}" = rport=138 | protocol=17 | dir=out | app=system |
"{73A78535-A2F3-4695-BFF7-D056F3F1C8EC}" = lport=445 | protocol=6 | dir=in | app=system |
"{95C972E7-9FA4-4E69-B07A-9303FFB99CEA}" = rport=139 | protocol=6 | dir=out | app=system |
"{A61DF602-9734-4451-A04E-4734ECB1631C}" = lport=139 | protocol=6 | dir=in | app=system |
"{A7FCB031-3DD9-4A21-A82B-A2814E0519BB}" = rport=137 | protocol=17 | dir=out | app=system |
"{BE5CA2E6-830F-4849-AB75-C2083256FF7D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{C5D28011-A6F3-4C06-B1C5-5E370F600577}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{DAC94BB3-1356-4F27-9D5A-8BD37F98F431}" = lport=137 | protocol=17 | dir=in | app=system |
"{E9CC06A8-3A90-4E1B-82BC-7F1E16338C2E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{EA67DE59-183A-4F66-9F29-A2C602298199}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{EDCF1483-0A19-438A-B6B4-635DD99902A4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DF58AA3-F231-4144-BB61-C21927E7366B}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{0FA453EF-2410-47FB-8ACB-1E4560F765A5}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{22840A1B-DC93-4EF2-851B-B588F1EC6FA0}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe |
"{2861D9C3-3C48-468D-BC74-31F3ECD9B030}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{33EEEC8E-FC37-4D9C-9F48-61567A13C7BD}" = protocol=17 | dir=in | app=c:\program files\icq7m\icq.exe |
"{480FB2F5-1D9E-471B-9EF6-D5A01F817C2C}" = dir=in | app=c:\program files\msn messenger\livecall.exe |
"{621DB34E-6EA6-4109-ABAA-F0D09311591A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{62DE7EB8-654D-45A4-A5C1-176E9BDACD9A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6DD891C6-A16D-448A-9E91-9F9A77A51893}" = protocol=6 | dir=in | app=c:\program files\icq7m\icq.exe |
"{7B5AA26E-35D2-430F-914A-2C76E9D91975}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{805A5A13-39DA-40BF-BAE4-8CBBAB9A596E}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{9A5AA06C-ACC1-4F51-A931-933F3A1E30A7}" = protocol=6 | dir=in | app=c:\program files\mcafee\managed virusscan\agent\myagtsvc.exe |
"{9B487B93-024B-4612-8BA4-D5145A905D5E}" = protocol=17 | dir=in | app=c:\program files\mcafee\managed virusscan\agent\myagtsvc.exe |
"{9D87B57C-F843-49D6-B69A-E689A8564D03}" = protocol=17 | dir=in | app=c:\program files\icq7m\icq.exe |
"{AC5AE046-E01F-4D2E-B489-978C3A5B38DD}" = protocol=6 | dir=in | app=c:\program files\mcafee\managed virusscan\agent\myagtsvc.exe |
"{ADA1C8BC-1735-478D-ADEB-BF75DF489603}" = protocol=6 | dir=in | app=c:\program files\icq7m\icq.exe |
"{BB9257D3-A5F5-4D53-85A7-D7D1B7EFAB72}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{BFD4BAA8-23BD-40CD-AD76-800AA97EA91C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C85C5744-E180-4840-BC38-CAA4A6DBBC31}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe |
"{CC290851-134D-496D-B83E-CFC88ED6A1F3}" = protocol=17 | dir=in | app=c:\program files\mcafee\managed virusscan\agent\myagtsvc.exe |
"{D6FF261C-3F8B-4EE8-9C87-3425EC6ED85D}" = dir=in | app=c:\program files\msn messenger\msnmsgr.exe |
"{DF138295-1FC5-4C7B-94D1-6835586C7085}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{FF750053-AAA6-4F76-B8DF-A97C9B327C7C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"TCP Query User{4CEAA083-4E85-4A52-9867-5E66C162B67C}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{69D73CE4-9A1C-4C39-9871-E1E60FC4E0E8}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{DD67A8D1-A096-41FB-950E-2B36A5A2E000}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{EDCC4007-7BF2-438E-A8D7-FE8F78F55DD7}C:\program files\teamviewer\version4\teamviewer.exe" = protocol=6 | dir=in | app=c:\program files\teamviewer\version4\teamviewer.exe |
"TCP Query User{FB1EB2A8-AFB4-438A-9609-63254A913CA0}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{FD9BC595-3A10-4D3C-8FD7-64708FBCB5BE}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{2600327D-CD5A-4957-A638-28119E01A450}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{48E30DBE-8FB9-4083-9C44-1062CB549905}C:\program files\teamviewer\version4\teamviewer.exe" = protocol=17 | dir=in | app=c:\program files\teamviewer\version4\teamviewer.exe |
"UDP Query User{8E94B689-6FBC-4280-9F49-F2E220CBA282}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{95E59983-5A28-4D2C-9BFD-6DBFAF9379BE}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{B97A2F14-0DE0-4EBE-8AA9-D0A5D5122F23}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{ED54D174-D482-412A-BA1B-FA4571AB536B}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CleanUp!" = CleanUp!
"Mozilla Firefox 16.0.2 (x86 cs)" = Mozilla Firefox 16.0.2 (x86 cs)
"MozillaMaintenanceService" = Mozilla Maintenance Service

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3858815830-4286555592-3916270694-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 27.5.2011 11:04:02 | Computer Name = Jitka-NB | Source = Application Hang | ID = 1002
Description = Program firefox.exe verze 2.0.1.4120 přestal spolupracovat se systémem
Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto
problému, vyhledejte historii problému v ovládacím panelu Oznámení a řešení problémů.
ID
procesu: 1728 Čas zahájení: 01cc1c7ddd855b07 Čas ukončení: 13

Error - 27.5.2011 11:05:22 | Computer Name = Jitka-NB | Source = Application Hang | ID = 1002
Description = Program firefox.exe verze 2.0.1.4120 přestal spolupracovat se systémem
Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto
problému, vyhledejte historii problému v ovládacím panelu Oznámení a řešení problémů.
ID
procesu: f84 Čas zahájení: 01cc1c7f5a4441cf Čas ukončení: 35

Error - 27.5.2011 11:16:47 | Computer Name = Jitka-NB | Source = Application Hang | ID = 1002
Description = Program firefox.exe verze 2.0.1.4120 přestal spolupracovat se systémem
Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto
problému, vyhledejte historii problému v ovládacím panelu Oznámení a řešení problémů.
ID
procesu: da4 Čas zahájení: 01cc1c7f8ebbb307 Čas ukončení: 35

Error - 28.5.2011 11:11:52 | Computer Name = Jitka-NB | Source = WinMgmt | ID = 10
Description =

Error - 29.5.2011 4:42:49 | Computer Name = Jitka-NB | Source = Application Hang | ID = 1002
Description = Program firefox.exe verze 2.0.1.4120 přestal spolupracovat se systémem
Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto
problému, vyhledejte historii problému v ovládacím panelu Oznámení a řešení problémů.
ID
procesu: 1fdc Čas zahájení: 01cc1ddab44ca660 Čas ukončení: 1271

Error - 29.5.2011 4:55:45 | Computer Name = Jitka-NB | Source = EventSystem | ID = 4621
Description =

Error - 29.5.2011 4:58:40 | Computer Name = Jitka-NB | Source = WinMgmt | ID = 10
Description =

Error - 29.5.2011 5:19:58 | Computer Name = Jitka-NB | Source = Application Error | ID = 1000
Description = Chybující aplikace SynTPEnh.exe, verze 11.0.7.0, časové razítko 0x47ec49d3,
chybující modul SynTPEnh.exe, verze 11.0.7.0, časové razítko 0x47ec49d3, kód výjimky
0xc0000409, posun chyby 0x0002bc4c, ID procesu 0xacc, čas spuštění aplikace 0x01cc1ddff09e4a32.

Error - 29.5.2011 5:56:39 | Computer Name = Jitka-NB | Source = Application Hang | ID = 1002
Description = Program firefox.exe verze 2.0.1.4120 přestal spolupracovat se systémem
Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto
problému, vyhledejte historii problému v ovládacím panelu Oznámení a řešení problémů.
ID
procesu: 177c Čas zahájení: 01cc1de661dcdd02 Čas ukončení: 23

Error - 30.5.2011 17:03:23 | Computer Name = Jitka-NB | Source = WinMgmt | ID = 10
Description =

[ Credential Manager Events ]
Error - 11.9.2012 3:10:11 | Computer Name = Jitka-NB | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. User:
Jirka@JITKA-NB Client GUID: {Password} Error: 0xC516020B Client Host: localhost Client
Address: 127.0.0.1 Authority: HP Server Host: localhost Protocol: HTTP

Error - 11.9.2012 3:10:11 | Computer Name = Jitka-NB | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: Jirka@JITKA-NB Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 15.9.2012 13:17:27 | Computer Name = Jitka-NB | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. User:
Jirka@JITKA-NB Client GUID: {Password} Error: 0xC516020B Client Host: localhost Client
Address: 127.0.0.1 Authority: HP Server Host: localhost Protocol: HTTP

Error - 15.9.2012 13:17:27 | Computer Name = Jitka-NB | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: Jirka@JITKA-NB Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 29.9.2012 14:25:29 | Computer Name = Jitka-NB | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: Jitka@JITKA-NB Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 29.9.2012 14:25:29 | Computer Name = Jitka-NB | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. User:
Jitka@JITKA-NB Client GUID: {Password} Error: 0xC516020B Client Host: localhost Client
Address: 127.0.0.1 Authority: HP Server Host: localhost Protocol: HTTP

Error - 3.10.2012 15:06:16 | Computer Name = Jitka-NB | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. User:
Jitka@JITKA-NB Client GUID: {Password} Error: 0xC516020B Client Host: localhost Client
Address: 127.0.0.1 Authority: HP Server Host: localhost Protocol: HTTP

Error - 3.10.2012 15:06:16 | Computer Name = Jitka-NB | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: Jitka@JITKA-NB Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

Error - 2.11.2012 10:37:08 | Computer Name = Jitka-NB | Source = AuthServer | ID = 100811779
Description = The system failed to authenticate the submitted user credentials. User:
Jitka@JITKA-NB Client GUID: {Password} Error: 0xC516020B Client Host: localhost Client
Address: 127.0.0.1 Authority: HP Server Host: localhost Protocol: HTTP

Error - 2.11.2012 10:37:08 | Computer Name = Jitka-NB | Source = AuthWiz | ID = 100796068
Description = The submitted credentials were rejected. User: Jitka@JITKA-NB Credentials:
Password Error: (0xC516020B) The system could not log you on. Verify your user
name and domain are correct and then type your password again. Letters in passwords
must be typed using the correct case. Verify that Caps Lock is off.

[ OSession Events ]
Error - 15.5.2010 17:28:32 | Computer Name = Jitka-NB | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 104426
seconds with 22320 seconds of active time. This session ended with a crash.

Error - 31.7.2010 9:26:33 | Computer Name = Jitka-NB | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 24696
seconds with 0 seconds of active time. This session ended with a crash.

Error - 7.3.2011 18:30:08 | Computer Name = Jitka-NB | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 14149
seconds with 60 seconds of active time. This session ended with a crash.

Error - 19.5.2011 11:26:00 | Computer Name = Jitka-NB | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 188
seconds with 180 seconds of active time. This session ended with a crash.

Error - 26.7.2011 9:39:49 | Computer Name = Jitka-NB | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 669
seconds with 540 seconds of active time. This session ended with a crash.

Error - 12.10.2011 17:25:17 | Computer Name = Jitka-NB | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 8630
seconds with 60 seconds of active time. This session ended with a crash.

Error - 23.10.2011 13:25:20 | Computer Name = Jitka-NB | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 21155
seconds with 0 seconds of active time. This session ended with a crash.

Error - 24.10.2011 8:22:37 | Computer Name = Jitka-NB | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 5192
seconds with 120 seconds of active time. This session ended with a crash.

Error - 10.11.2011 17:42:25 | Computer Name = Jitka-NB | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 40320
seconds with 360 seconds of active time. This session ended with a crash.

Error - 8.2.2012 16:10:37 | Computer Name = Jitka-NB | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 22646
seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 11.11.2009 12:54:46 | Computer Name = Jitka-NB | Source = Service Control Manager | ID = 7000
Description =

Error - 12.11.2009 11:10:29 | Computer Name = Jitka-NB | Source = HTTP | ID = 15016
Description =

Error - 12.11.2009 11:10:56 | Computer Name = Jitka-NB | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =

Error - 12.11.2009 11:11:43 | Computer Name = Jitka-NB | Source = Service Control Manager | ID = 7000
Description =

Error - 12.11.2009 11:32:22 | Computer Name = Jitka-NB | Source = HTTP | ID = 15016
Description =

Error - 12.11.2009 11:32:54 | Computer Name = Jitka-NB | Source = Service Control Manager | ID = 7000
Description =

Error - 12.11.2009 11:33:36 | Computer Name = Jitka-NB | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =

Error - 12.11.2009 15:34:57 | Computer Name = Jitka-NB | Source = DCOM | ID = 10010
Description =

Error - 13.11.2009 11:04:42 | Computer Name = Jitka-NB | Source = BTHUSB | ID = 327697
Description = Místní adaptér Bluetooth selhal. Důvod selhaní nebylo možno určit
a adaptér nebude používán. Ovladač vysílače byl vyjmut z paměti.

Error - 14.11.2009 18:06:04 | Computer Name = Jitka-NB | Source = BTHUSB | ID = 327697
Description = Místní adaptér Bluetooth selhal. Důvod selhaní nebylo možno určit
a adaptér nebude používán. Ovladač vysílače byl vyjmut z paměti.

< End of report >

#45 Příspěvek od **vyosek** » 03 lis 2012 16:31

Spustte znovu OTL

Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

Kód: Vybrat vše

:otl
MOD - [2012.09.23 16:45:19 | 001,564,368 | ---- | M] () -- C:\Program Files\Guard-ICQ\GuardICQ.exe
SRV - [2012.09.23 16:45:19 | 001,564,368 | ---- | M] () [Auto | Running] -- C:\Program Files\Guard-ICQ\GuardICQ.exe -- (Guard.Mail.ru)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\29858218.sys -- (29858218)
DRV - [2008.05.14 01:36:18 | 000,108,752 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\System32\drivers\SafeBoot.sys -- (SafeBoot)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmnb
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{5DC23E92-E186-435B-AB44-6EF9280DC9F8}: "URL" = http://slirsredirect.search.aol.com/sli ... 632&query={searchTerms}&invocationType=tb50hpcmnbie7-cs-cz
IE - HKU\S-1-5-21-3858815830-4286555592-3916270694-1004\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-3858815830-4286555592-3916270694-1004\..\SearchScopes,DefaultScope = {5DC23E92-E186-435B-AB44-6EF9280DC9F8}
IE - HKU\S-1-5-21-3858815830-4286555592-3916270694-1004\..\SearchScopes\{5DC23E92-E186-435B-AB44-6EF9280DC9F8}: "URL" = http://slirsredirect.search.aol.com/sli ... 632&query={searchTerms}&invocationType=tb50hpcmnbie7-cs-cz
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"§
[2009.09.24 11:11:57 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
CHR - default_search_provider: ICQ Search (Enabled)
CHR - default_search_provider: search_url = http://www.icq.com/search/results/?q={searchTerms}&ch_id=icq-fx-plug
CHR - default_search_provider: suggest_url = 
O2 - BHO: (Reg Error: Value error.) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6173\SiteAdv.dll ()
SRV - [2008.08.06 04:29:52 | 000,341,280 | ---- | M] () [Auto | Running] -- C:\Program Files\SiteAdvisor\6173\SAService.exe -- (SiteAdvisor Service)
O4 - HKLM..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6173\SiteAdv.exe ()
O4 - HKLM..\Run: [Guard.Mail.ru.gui] C:\Program Files\Guard-ICQ\GuardICQ.exe ()
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6173\SiteAdv.dll ()
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O18 - Protocol\Handler\siteadvisor {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6173\SiteAdv.dll ()
[12 C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[7 C:\windows\Installer\*.tmp files -> C:\windows\Installer\*.tmp -> ]
[1 C:\windows\Temp\*.tmp files -> C:\windows\Temp\*.tmp -> ]
[2012.11.03 13:28:05 | 000,000,914 | ---- | M] () -- C:\windows\Tasks\Adobe Flash Player Updater.job
[2012.11.03 12:53:04 | 000,000,910 | ---- | M] () -- C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3858815830-4286555592-3916270694-1004Core.job
[2012.11.03 13:53:09 | 000,000,962 | ---- | M] () -- C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3858815830-4286555592-3916270694-1004UA.job
@Alternate Data Stream - 64 bytes -> C:\Users\Jitka\Desktop\Vypravej-03x09-Prvni-polibek.avi:TOC.WMV

:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
""=-
"CognizanceTS"=-
"PDF Complete"=-
"HP Health Check Scheduler"=-
"MVS Splash"=-
"McAfee Managed Services Tray"=-
"SiteAdvisor"=-
"WatchDog"=C-
"HP Software Update"=-
"Guard.Mail.ru.gui"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"WEBTRAN"=-
"Google Update"=-
"ICQ"=-

:files
ipconfig /flusdns /c
C:\Users\Jitka\AppData\Roaming\Mozilla\Firefox\Profiles\3ge17iur.default\searchplugins\icqplugin-*.xml
C:\Program Files\SiteAdvisor
C:\Program Files\Guard-ICQ
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]
[EMPTYJAVA]

Nasledne kliknete na Opravit
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

VIRY.CZ

kontrola logu, neustale chybove hlasky

Re: kontrola logu, neustale chybove hlasky

Re: kontrola logu, neustale chybove hlasky

Re: kontrola logu, neustale chybove hlasky

Re: kontrola logu, neustale chybove hlasky

Re: kontrola logu, neustale chybove hlasky

Re: kontrola logu, neustale chybove hlasky

Re: kontrola logu, neustale chybove hlasky

Re: kontrola logu, neustale chybove hlasky

Re: kontrola logu, neustale chybove hlasky

Re: kontrola logu, neustale chybove hlasky

Re: kontrola logu, neustale chybove hlasky

Re: kontrola logu, neustale chybove hlasky

Re: kontrola logu, neustale chybove hlasky

Re: kontrola logu, neustale chybove hlasky

Re: kontrola logu, neustale chybove hlasky