Google přesměrování na jiné stránky

[motji]

Nemusíte

[monty1]

OTL logfile created on: 30. 4. 2012 10:28:34 - Run 1
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Documents and Settings\UserXP\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d. M. yyyy

759,36 Mb Total Physical Memory | 274,28 Mb Available Physical Memory | 36,12% Memory free
1,81 Gb Paging File | 1,27 Gb Available in Paging File | 69,96% Paging File free
Paging file location(s): C:\pagefile.sys 1140 2280 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 37,25 Gb Total Space | 9,73 Gb Free Space | 26,11% Space Free | Partition Type: NTFS

Computer Name: PRIVE-8790F49A2 | User Name: UserXP | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.04.30 10:22:35 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\UserXP\Plocha\OTL.exe
PRC - [2012.01.10 16:16:10 | 000,491,040 | ---- | M] () -- C:\Documents and Settings\UserXP\Local Settings\Data aplikací\Seznam.cz\bin\postak.exe
PRC - [2011.10.05 18:55:53 | 000,127,040 | ---- | M] (ICQ, LLC.) -- C:\Program Files\ICQ7.6\ICQ.exe
PRC - [2011.09.03 14:28:25 | 001,017,912 | ---- | M] (Google Inc.) -- C:\Documents and Settings\UserXP\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
PRC - [2011.01.23 21:47:40 | 000,247,296 | ---- | M] (SE-SOFT.COM) -- C:\Program Files\SE-SOFT.COM\SE-DesktopConstructor\SE-DesktopConstructor.exe
PRC - [2009.09.17 18:56:58 | 002,477,304 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2009.09.17 18:38:02 | 001,864,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
PRC - [2009.09.17 18:27:26 | 001,455,432 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
PRC - [2009.07.08 20:14:40 | 000,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2009.07.08 20:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2009.02.19 22:10:54 | 000,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2008.04.14 15:00:00 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.11.14 22:46:00 | 000,131,072 | ---- | M] (Brio) -- C:\Program Files\FolderSize\FolderSizeSvc.exe
PRC - [2007.10.16 21:04:12 | 001,094,936 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2007.02.03 19:38:24 | 000,274,432 | ---- | M] (SillySot Software) -- C:\Program Files\Iconoid\iconoid.exe
PRC - [2006.11.29 17:28:54 | 000,262,144 | ---- | M] (SONIX) -- C:\WINDOWS\tsnpstd3.exe
PRC - [2006.09.18 15:12:12 | 000,843,776 | ---- | M] () -- C:\WINDOWS\vsnpstd3.exe
PRC - [2005.11.09 18:00:43 | 000,110,592 | ---- | M] () -- C:\Program Files\iVol\iVol.exe
PRC - [2005.01.19 12:05:48 | 000,221,184 | ---- | M] (Labtec Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE
PRC - [2004.12.03 14:24:20 | 000,290,816 | ---- | M] (Hewlett-Packard ) -- C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe
PRC - [2004.09.18 09:31:31 | 000,524,288 | ---- | M] (Chaos Software Group, Inc., překlad: gvg@atlas.cz) -- C:\Program Files\Atomic Clock Sync\Atomic.exe
PRC - [2004.03.31 18:13:32 | 001,151,060 | ---- | M] (WIDCOMM, Inc.) -- C:\Program Files\MSI\Bluetooth Software\BTStackServer.exe
PRC - [2004.03.31 18:13:32 | 000,507,965 | ---- | M] (WIDCOMM, Inc.) -- C:\Program Files\MSI\Bluetooth Software\BTTray.exe
PRC - [2004.03.31 18:13:32 | 000,135,168 | ---- | M] (WIDCOMM, Inc.) -- C:\Program Files\MSI\Bluetooth Software\bin\btwdins.exe


========== Modules (No Company Name) ==========

MOD - [2012.04.11 20:00:00 | 006,618,321 | ---- | M] () -- C:\Program Files\K-Lite Codec Pack\Filters\LAV\avcodec-lav-54.dll
MOD - [2012.04.11 20:00:00 | 003,515,392 | ---- | M] () -- C:\Program Files\K-Lite Codec Pack\ffdshow\ffdshow.ax
MOD - [2012.04.11 20:00:00 | 001,187,774 | ---- | M] () -- C:\Program Files\K-Lite Codec Pack\Filters\LAV\avformat-lav-54.dll
MOD - [2012.04.11 20:00:00 | 000,207,835 | ---- | M] () -- C:\Program Files\K-Lite Codec Pack\Filters\LAV\avutil-lav-51.dll
MOD - [2012.04.11 20:00:00 | 000,172,032 | ---- | M] () -- C:\Program Files\K-Lite Codec Pack\Filters\LAV\libbluray.dll
MOD - [2012.01.10 16:16:10 | 000,491,040 | ---- | M] () -- C:\Documents and Settings\UserXP\Local Settings\Data aplikací\Seznam.cz\bin\postak.exe
MOD - [2012.01.10 14:51:40 | 000,822,816 | ---- | M] () -- C:\Documents and Settings\UserXP\Local Settings\Data aplikací\Seznam.cz\bin\email.4.dll
MOD - [2012.01.10 14:51:14 | 001,151,520 | ---- | M] () -- C:\Documents and Settings\UserXP\Local Settings\Data aplikací\Seznam.cz\bin\core.4.dll
MOD - [2011.09.03 14:28:23 | 000,400,440 | ---- | M] () -- C:\Documents and Settings\UserXP\Local Settings\Data aplikací\Google\Chrome\Application\13.0.782.220\ppgooglenaclpluginchrome.dll
MOD - [2011.09.03 14:28:22 | 004,118,072 | ---- | M] () -- C:\Documents and Settings\UserXP\Local Settings\Data aplikací\Google\Chrome\Application\13.0.782.220\pdf.dll
MOD - [2011.09.03 14:27:11 | 000,327,736 | ---- | M] () -- C:\Documents and Settings\UserXP\Local Settings\Data aplikací\Google\Chrome\Application\13.0.782.220\Locales\cs.dll
MOD - [2011.09.03 14:26:51 | 000,104,520 | ---- | M] () -- C:\Documents and Settings\UserXP\Local Settings\Data aplikací\Google\Chrome\Application\13.0.782.220\avutil-50.dll
MOD - [2011.09.03 14:26:49 | 000,203,848 | ---- | M] () -- C:\Documents and Settings\UserXP\Local Settings\Data aplikací\Google\Chrome\Application\13.0.782.220\avformat-52.dll
MOD - [2011.09.03 14:26:48 | 001,846,344 | ---- | M] () -- C:\Documents and Settings\UserXP\Local Settings\Data aplikací\Google\Chrome\Application\13.0.782.220\avcodec-52.dll
MOD - [2011.07.06 21:44:26 | 000,060,416 | ---- | M] () -- C:\WINDOWS\system32\antiwpa.dll
MOD - [2010.01.05 19:42:16 | 005,449,728 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\36f3953f24d4f0b767bf172331ad6f3e\System.Xml.ni.dll
MOD - [2010.01.05 19:42:09 | 012,428,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\9a254c455892c02355ab0ab0f0727c5b\System.Windows.Forms.ni.dll
MOD - [2010.01.05 19:41:51 | 001,587,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6978f2e90f13bc720d57fa6895c911e2\System.Drawing.ni.dll
MOD - [2010.01.05 19:39:13 | 007,867,392 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\aa7926460a336408c8041330ad90929d\System.ni.dll
MOD - [2010.01.05 19:39:04 | 011,485,184 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9adb89fa22fd5b4ce433b5aca7fb1b07\mscorlib.ni.dll
MOD - [2009.12.20 19:46:40 | 000,327,680 | ---- | M] () -- C:\Program Files\WinRAR\rarlng.dll
MOD - [2009.12.12 16:12:04 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2008.10.15 16:10:12 | 000,105,472 | ---- | M] () -- C:\Program Files\Easy CD-DA Extractor 12\ezcddax32.dll
MOD - [2008.04.14 15:00:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2007.02.03 19:38:18 | 000,045,056 | ---- | M] () -- C:\Program Files\Iconoid\tr3dll.dll
MOD - [2006.09.18 15:12:12 | 000,843,776 | ---- | M] () -- C:\WINDOWS\vsnpstd3.exe
MOD - [2006.05.14 16:44:00 | 000,070,144 | ---- | M] () -- C:\Program Files\PSPad editor\PSPadShell.dll
MOD - [2006.01.16 16:06:16 | 000,557,056 | ---- | M] () -- C:\Program Files\Kristanix\Right Click Image Converter\extRCIC.dll
MOD - [2005.11.09 18:00:43 | 000,110,592 | ---- | M] () -- C:\Program Files\iVol\iVol.exe
MOD - [2005.07.30 21:44:39 | 000,028,672 | ---- | M] () -- C:\Program Files\iVol\iVolHook.dll
MOD - [2004.03.31 18:13:30 | 000,053,248 | ---- | M] () -- C:\Program Files\MSI\Bluetooth Software\BTKeyInd.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012.04.14 10:56:21 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.02.29 09:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.06.08 13:02:00 | 000,633,856 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009.09.17 18:56:58 | 002,477,304 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2009.09.17 18:38:02 | 001,864,888 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2009.09.17 17:21:10 | 000,341,320 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2009.07.08 20:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2009.07.08 20:14:20 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2009.02.19 22:10:54 | 000,238,968 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2009.02.19 22:09:53 | 003,220,856 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2007.11.14 22:46:00 | 000,131,072 | ---- | M] (Brio) [Auto | Running] -- C:\Program Files\FolderSize\FolderSizeSvc.exe -- (FolderSize)
SRV - [2007.10.16 21:04:12 | 001,094,936 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2004.03.31 18:13:32 | 000,135,168 | ---- | M] (WIDCOMM, Inc.) [Auto | Running] -- C:\Program Files\MSI\Bluetooth Software\bin\btwdins.exe -- (btwdins)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\UserXP\LOCALS~1\Temp\CFcatchme.sys -- (CFcatchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (ats844k9)
DRV - [2012.04.28 22:08:53 | 000,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012.03.15 12:46:48 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20120429.009\NAVEX15.SYS -- (NAVEX15)
DRV - [2012.03.15 12:46:48 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012.03.15 12:46:48 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20120429.009\NAVENG.SYS -- (NAVENG)
DRV - [2012.02.03 11:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011.08.20 13:22:11 | 000,443,448 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2011.06.22 19:05:28 | 000,167,936 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wpshelper.sys -- (WpsHelper)
DRV - [2011.05.18 10:12:38 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2011.05.18 10:12:36 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011.05.18 10:12:32 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2011.05.18 10:12:28 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010.01.27 04:09:02 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (npf)
DRV - [2009.09.17 18:38:10 | 000,092,488 | ---- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\SysPlant.sys -- (SysPlant)
DRV - [2009.09.17 18:31:50 | 000,042,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2009.09.03 16:03:48 | 000,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2009.09.03 16:03:48 | 000,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [2009.08.26 11:54:38 | 000,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2009.08.25 20:05:44 | 000,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2009.08.25 20:05:42 | 000,320,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2009.08.25 20:05:42 | 000,281,648 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP)
DRV - [2009.05.27 14:31:18 | 000,050,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Teefer2.sys -- (Teefer2)
DRV - [2008.11.18 19:17:08 | 000,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007.01.02 16:14:20 | 010,180,096 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3)
DRV - [2006.12.13 11:00:22 | 000,019,072 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ManyCam.sys -- (ManyCam)
DRV - [2006.04.01 07:33:16 | 000,045,312 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006.03.17 18:03:32 | 000,027,904 | ---- | M] (ELANTECH Devices Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ktp.sys -- (Ktp)
DRV - [2005.11.16 15:12:46 | 001,066,278 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004.04.14 08:36:50 | 000,007,432 | ---- | M] (Hewlett-Packard Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2004.03.31 18:13:34 | 000,016,640 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2004.03.31 18:13:32 | 000,146,684 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2004.03.31 18:13:32 | 000,052,856 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2004.03.31 18:13:32 | 000,030,235 | ---- | M] (WIDCOMM, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2004.03.31 18:13:30 | 001,260,106 | ---- | M] (WIDCOMM, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2004.03.22 13:16:26 | 000,338,176 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2003.06.06 12:46:16 | 000,005,220 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={ ... rer:source?}
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?sr ... 4510D8D2D4}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-725345543-1229272821-1606980848-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKU\S-1-5-21-725345543-1229272821-1606980848-1003\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-725345543-1229272821-1606980848-1003\..\SearchScopes,DefaultScope = {63707615-F83A-43B8-8791-FCBB7323D94B}
IE - HKU\S-1-5-21-725345543-1229272821-1606980848-1003\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKU\S-1-5-21-725345543-1229272821-1606980848-1003\..\SearchScopes\{63707615-F83A-43B8-8791-FCBB7323D94B}: "URL" = http://www.google.cz/search?q={searchTe ... {startPage}
IE - HKU\S-1-5-21-725345543-1229272821-1606980848-1003\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.ph ... earchTerms}
IE - HKU\S-1-5-21-725345543-1229272821-1606980848-1003\..\SearchScopes\{7AFA25AC-BA2C-4D60-A4E3-A0F3B77906B6}: "URL" = http://search.yahoo.com/search?fr=chr-g ... earchTerms}
IE - HKU\S-1-5-21-725345543-1229272821-1606980848-1003\..\SearchScopes\{C1BC07C4-9810-4560-89F9-437188B39226}: "URL" = http://websearch.ask.com/redirect?clien ... 0DA0BC0E8F
IE - HKU\S-1-5-21-725345543-1229272821-1606980848-1003\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?sr ... 4510D8D2D4}
IE - HKU\S-1-5-21-725345543-1229272821-1606980848-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: tyre@tyre.tk:5.3
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\UserXP\Local Settings\Data aplikací\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\UserXP\Local Settings\Data aplikací\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2011.07.11 09:04:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011.07.11 09:04:17 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}: C:\Program Files\PriceGong\2.5.1\FF [2011.09.20 19:19:42 | 000,000,000 | ---D | M]

[2010.07.07 12:28:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\UserXP\Data aplikací\Mozilla\Extensions
[2010.07.07 12:28:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\UserXP\Data aplikací\Mozilla\Extensions\home2@tomtom.com
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\USERXP\DATA APLIKACĂ­\TOMTOM\HOME\PROFILES\ELHJI59B.DEFAULT\EXTENSIONS\TYRE@TYRE.TK

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\UserXP\Local Settings\Data aplikac\u00ED\Google\Chrome\Application\13.0.782.220\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.2 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.170.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java(TM) Platform SE 6 U17 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\UserXP\Local Settings\Data aplikac\u00ED\Google\Chrome\Application\13.0.782.220\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Documents and Settings\UserXP\Local Settings\Data aplikac\u00ED\Google\Chrome\Application\13.0.782.220\gears.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\UserXP\Local Settings\Data aplikac\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Weather (extension) = C:\Documents and Settings\UserXP\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\beapnbfmjmjhhfpaoajfhjbbfnnlfpnc\0.8.0.4_0\

O1 HOSTS File: ([2012.04.29 23:48:18 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Ukazatel S-Rank) - {EA837F48-5AD1-443E-AE34-FFE03CBF3099} - C:\Program Files\Seznam.cz\core.2.dll ()
O3 - HKLM\..\Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No CLSID value found.
O4 - HKLM..\Run: [Atomic.exe] C:\Program Files\Atomic Clock Sync\Atomic.exe (Chaos Software Group, Inc., překlad: gvg@atlas.cz)
O4 - HKLM..\Run: [BIH] C:\windows\System32\bih.dll (Thomas Michel eMail: support.batteryinfo@arcor.de Web: http://www.batteryinfo.de.vu or http://home.arcor.de/batteryinfo)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Labtec Inc.)
O4 - HKLM..\Run: [SE-DesktopConstructor] C:\Program Files\SE-SOFT.COM\SE-DesktopConstructor\SE-DesktopConstructor.exe (SE-SOFT.COM)
O4 - HKLM..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe ()
O4 - HKLM..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe (SONIX)
O4 - HKU\S-1-5-21-725345543-1229272821-1606980848-1003..\Run: [chromium] C:\Documents and Settings\UserXP\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKU\S-1-5-21-725345543-1229272821-1606980848-1003..\Run: [Iconoid] C:\Program Files\Iconoid\iconoid.exe (SillySot Software)
O4 - HKU\S-1-5-21-725345543-1229272821-1606980848-1003..\Run: [iVolStartup] C:\Program Files\iVol\iVol.exe ()
O4 - HKU\S-1-5-21-725345543-1229272821-1606980848-1003..\Run: [Seznam Postak] C:\Documents and Settings\UserXP\Local Settings\Data aplikací\Seznam.cz\bin\postak.exe ()
O4 - HKU\S-1-5-21-725345543-1229272821-1606980848-1003..\Run: [TClockEx] C:\Program Files\TClockEx\TCLOCKEX.EXE (Dale Nurden)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\BTTray.lnk = C:\Program Files\MSI\Bluetooth Software\BTTray.exe (WIDCOMM, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 181
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = E0 FF FF 03 [binary data]
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 181
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = E0 FF FF 03 [binary data]
O7 - HKU\S-1-5-21-725345543-1229272821-1606980848-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-725345543-1229272821-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-725345543-1229272821-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-725345543-1229272821-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: MaxRecentDocs = 0
O7 - HKU\S-1-5-21-725345543-1229272821-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\MSI\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files\ICQ7.6\ICQ.exe (ICQ, LLC.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.46.172.36 213.46.172.37
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AF853723-77A1-4292-A1BA-780E3B227318}: DhcpNameServer = 213.46.172.36 213.46.172.37
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\Antiwpa: DllName - (antiwpa.dll) - C:\windows\System32\antiwpa.dll ()
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\UserXP\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\UserXP\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.01.05 19:11:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\windows\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\windows\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\windows\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\windows\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\windows\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\windows\System32\ir50_32.dll (Intel Corporation)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2012.04.30 10:22:45 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\UserXP\Plocha\OTL.exe
[2012.04.30 02:58:13 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\UserXP\Recent
[2012.04.30 02:38:05 | 000,310,784 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\WgaTray.exe
[2012.04.30 02:29:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserXP\Plocha\legalizator-aktivator-winxp-sp3-NOVÝ-2012!
[2012.04.30 00:54:22 | 000,000,000 | ---D | C] -- C:\windows\CSC
[2012.04.30 00:25:58 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012.04.30 00:03:16 | 000,000,000 | ---D | C] -- C:\windows\temp
[2012.04.29 21:53:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserXP\Plocha\tdsskiller
[2012.04.29 16:51:53 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012.04.29 16:51:53 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012.04.29 16:51:53 | 000,212,480 | ---- | C] (SteelWerX) -- C:\windows\SWXCACLS.exe
[2012.04.29 16:51:53 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012.04.29 16:51:35 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2012.04.29 16:47:51 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.04.29 16:45:49 | 004,479,463 | R--- | C] (Swearware) -- C:\Documents and Settings\UserXP\Plocha\ComboFix.exe
[2012.04.29 16:21:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserXP\Plocha\RK_Quarantine
[2012.04.29 15:31:19 | 000,000,000 | ---D | C] -- C:\rsit
[2012.04.29 12:43:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserXP\Local Settings\Data aplikací\Seznam.cz
[2012.04.28 21:55:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserXP\Plocha\Symantec.Endpoint.Protection.v11.0.5002.333.x32-ZWT
[2012.04.28 11:20:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012.04.26 08:54:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Data aplikací\Ad-Aware Antivirus
[2012.04.26 08:41:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Lavasoft
[2012.04.26 08:39:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserXP\Data aplikací\Ad-Aware Antivirus
[2012.04.14 11:02:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\K-Lite Codec Pack
[2012.04.14 11:02:15 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2012.04.14 10:56:21 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe
[2012.04.13 10:50:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Moto assistant
[2012.04.13 10:50:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserXP\Data aplikací\Moto assistant
[2012.04.13 10:49:36 | 000,000,000 | ---D | C] -- C:\Program Files\Moto asistant
[2012.04.01 00:51:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\UserXP\Plocha\Nová složka (2)
[3 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
[1 C:\Documents and Settings\UserXP\Data aplikací\*.tmp files -> C:\Documents and Settings\UserXP\Data aplikací\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.04.30 10:39:00 | 003,145,782 | ---- | M] () -- C:\windows\System32\seDesktopConstructor.bmp
[2012.04.30 10:31:55 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2012.04.30 10:25:00 | 000,000,914 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012.04.30 10:22:35 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\UserXP\Plocha\OTL.exe
[2012.04.30 10:18:00 | 000,000,940 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.04.30 02:40:11 | 000,000,936 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.04.30 02:39:38 | 000,002,048 | --S- | M] () -- C:\windows\bootstat.dat
[2012.04.30 01:51:08 | 000,002,278 | ---- | M] () -- C:\windows\System32\wpa.dbl
[2012.04.30 01:27:50 | 000,493,388 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012.04.30 01:27:50 | 000,488,316 | ---- | M] () -- C:\windows\System32\perfh005.dat
[2012.04.30 01:27:50 | 000,097,754 | ---- | M] () -- C:\windows\System32\perfc005.dat
[2012.04.30 01:27:50 | 000,083,932 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012.04.29 23:48:18 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
[2012.04.29 23:08:35 | 000,001,204 | ---- | M] () -- C:\CF-Submit.htm
[2012.04.29 22:23:30 | 004,479,463 | R--- | M] (Swearware) -- C:\Documents and Settings\UserXP\Plocha\ComboFix.exe
[2012.04.29 16:14:43 | 001,280,512 | ---- | M] () -- C:\Documents and Settings\UserXP\Plocha\RogueKiller.exe
[2012.04.29 15:30:03 | 000,781,383 | ---- | M] () -- C:\Documents and Settings\UserXP\Plocha\RSIT.exe
[2012.04.28 22:13:09 | 000,079,872 | ---- | M] () -- C:\Documents and Settings\UserXP\Data aplikací\Ygsisg.exe
[2012.04.28 22:08:53 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\windows\System32\drivers\SYMEVENT.SYS
[2012.04.28 22:08:53 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\windows\System32\S32EVNT1.DLL
[2012.04.28 22:08:53 | 000,007,456 | ---- | M] () -- C:\windows\System32\drivers\SYMEVENT.CAT
[2012.04.28 22:08:53 | 000,000,806 | ---- | M] () -- C:\windows\System32\drivers\SYMEVENT.INF
[2012.04.25 19:36:11 | 000,000,083 | ---- | M] () -- C:\windows\System32\SE-ScreenSavers.scr.Options
[2012.04.21 15:21:38 | 000,103,936 | ---- | M] () -- C:\Documents and Settings\UserXP\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.04.14 10:56:21 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe
[2012.04.14 10:56:21 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2012.04.13 10:51:07 | 000,000,817 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Moto assistant.lnk
[2012.04.08 07:01:09 | 000,000,116 | ---- | M] () -- C:\windows\NeroDigital.ini
[2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[3 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
[1 C:\Documents and Settings\UserXP\Data aplikací\*.tmp files -> C:\Documents and Settings\UserXP\Data aplikací\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.04.30 10:31:55 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2012.04.30 02:37:59 | 000,676,224 | ---- | C] () -- C:\windows\System32\OGACheckControl.dll
[2012.04.30 02:32:45 | 000,060,416 | ---- | C] () -- C:\windows\System32\antiwpa.dll
[2012.04.29 23:08:35 | 000,001,204 | ---- | C] () -- C:\CF-Submit.htm
[2012.04.29 16:51:53 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012.04.29 16:51:53 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012.04.29 16:51:53 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012.04.29 16:51:53 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012.04.29 16:51:53 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012.04.29 16:14:45 | 001,280,512 | ---- | C] () -- C:\Documents and Settings\UserXP\Plocha\RogueKiller.exe
[2012.04.29 15:30:07 | 000,781,383 | ---- | C] () -- C:\Documents and Settings\UserXP\Plocha\RSIT.exe
[2012.04.28 22:13:18 | 000,079,872 | ---- | C] () -- C:\Documents and Settings\UserXP\Data aplikací\Ygsisg.exe
[2012.04.14 11:02:23 | 000,175,616 | ---- | C] () -- C:\windows\System32\unrar.dll
[2012.04.14 10:56:22 | 000,000,914 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012.04.13 10:50:39 | 000,000,817 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Moto assistant.lnk
[2012.03.12 10:29:47 | 000,000,043 | ---- | C] () -- C:\windows\gswin32.ini
[2012.01.02 17:46:23 | 000,000,223 | ---- | C] () -- C:\windows\slx_cube.ini
[2011.10.09 14:40:57 | 000,000,092 | ---- | C] () -- C:\windows\pslabeler3.ini
[2011.10.09 14:40:52 | 000,000,025 | ---- | C] () -- C:\windows\calcpslab3.ini
[2011.08.20 13:33:47 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\UserXP\Data aplikací\$_hpcst$.hpc
[2011.07.08 19:21:41 | 000,006,634 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\LUUnInstall.LiveUpdate
[2011.04.10 14:24:04 | 000,000,063 | ---- | C] () -- C:\Documents and Settings\UserXP\Local Settings\Data aplikací\Images.fl
[2011.02.26 01:00:58 | 000,237,568 | ---- | C] () -- C:\windows\System32\lame_enc.dll
[2010.11.17 22:28:04 | 000,001,160 | ---- | C] () -- C:\Documents and Settings\UserXP\Local Settings\Data aplikací\SRDownloader.nast
[2010.11.17 22:27:33 | 000,005,324 | ---- | C] () -- C:\Documents and Settings\UserXP\Local Settings\Data aplikací\SRDownloader.err

========== LOP Check ==========

[monty1]

[2010.01.06 14:26:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\CanonBJ
[2011.08.20 13:20:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
[2010.01.05 22:31:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Diskeeper Corporation
[2010.01.05 22:58:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Easy CD-DA Extractor
[2011.10.28 17:00:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ICQ
[2011.07.11 11:55:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Installations
[2011.05.24 18:27:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\IsolatedStorage
[2010.06.24 09:17:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Monotea
[2011.12.27 22:47:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\MSScanAppDataDir
[2011.08.21 09:28:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Nokia
[2011.10.29 21:12:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\NokiaInstallerCache
[2010.01.06 13:59:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\PC Suite
[2010.01.05 22:25:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\PDF Writer
[2011.09.18 10:58:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\SiComponents
[2011.05.11 18:06:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2010.07.07 12:35:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TomTom
[2012.02.25 19:52:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Tyre
[2012.04.26 08:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Data aplikací\Ad-Aware Antivirus
[2010.01.05 22:39:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Data aplikací\Acronis
[2012.04.26 08:53:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Data aplikací\Ad-Aware Antivirus
[2012.03.05 00:23:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Data aplikací\avidemux
[2012.03.19 20:45:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Data aplikací\Canon
[2011.08.20 15:08:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Data aplikací\DAEMON Tools Lite
[2011.07.10 22:11:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Data aplikací\DVDFab
[2011.10.30 14:35:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Data aplikací\esmska
[2010.01.09 10:37:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Data aplikací\Expert SoftWorks
[2012.02.19 09:22:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Data aplikací\facemoods.com
[2010.01.05 19:29:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Data aplikací\GHISLER
[2012.04.28 19:08:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Data aplikací\Iconoid
[2012.04.30 10:24:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Data aplikací\ICQ
[2010.01.17 09:36:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Data aplikací\InterVideo
[2010.01.12 20:35:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Data aplikací\Jpeg Resampler
[2010.02.01 11:36:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Data aplikací\LogoManager
[2010.06.23 19:45:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Data aplikací\Monotea
[2012.04.13 10:51:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Data aplikací\Moto assistant
[2011.07.11 10:31:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Data aplikací\Nokia
[2011.07.11 10:31:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Data aplikací\Nokia Ovi Suite
[2011.10.05 19:15:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Data aplikací\OCS
[2010.01.05 20:46:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Data aplikací\Opera
[2010.10.13 08:58:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Data aplikací\PC Suite
[2011.01.30 16:10:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Data aplikací\PDF reDirect
[2010.01.05 22:25:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Data aplikací\PDF Writer
[2012.04.29 16:12:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Data aplikací\PriceGong
[2011.05.24 18:26:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Data aplikací\SMS posílač Treca
[2010.07.07 12:28:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Data aplikací\TomTom
[2012.02.25 19:57:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Data aplikací\Tyre
[2010.01.17 21:28:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Data aplikací\VitySoft
[2012.03.04 23:58:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Data aplikací\Vso
[2012.02.14 09:11:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Data aplikací\xrecode2
[2010.01.05 23:02:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Data aplikací\Zoner

========== Purity Check ==========



========== Custom Scans ==========

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"TClockEx" = C:\Program Files\TClockEx\TCLOCKEX.EXE -- [2000.03.09 02:15:18 | 000,089,088 | ---- | M] (Dale Nurden)
"iVolStartup" = C:\Program Files\iVol\iVol.exe -- [2005.11.09 18:00:43 | 000,110,592 | ---- | M] ()
"Iconoid" = "C:\Program Files\Iconoid\iconoid.exe" -- [2007.02.03 19:38:24 | 000,274,432 | ---- | M] (SillySot Software)
"chromium" = C:\Documents and Settings\UserXP\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe --no-startup-window -- [2011.09.03 14:28:25 | 001,017,912 | ---- | M] (Google Inc.)
"Seznam Postak" = "C:\Documents and Settings\UserXP\Local Settings\Data aplikací\Seznam.cz\bin\postak.exe" -s -- [2012.01.10 16:16:10 | 000,491,040 | ---- | M] ()
"ctfmon.exe" = C:\windows\system32\ctfmon.exe -- [2008.04.14 15:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation)

< >

< MD5 for: AGP440.SYS >
[2008.04.14 15:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys

< MD5 for: ATAPI.SYS >
[2008.04.14 15:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008.04.14 01:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008.04.14 15:00:00 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2008.04.14 15:00:00 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\system32\autochk.exe
[2008.04.14 15:00:00 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\system32\dllcache\autochk.exe

< MD5 for: CDROM.SYS >
[2008.04.14 15:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008.04.14 15:00:00 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys

< MD5 for: CRYPTSVC.DLL >
[2008.04.14 15:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\ERDNT\cache\cryptsvc.dll
[2008.04.14 15:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\cryptsvc.dll
[2008.04.14 15:00:00 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\dllcache\cryptsvc.dll

< MD5 for: CSRSS.EXE >
[2008.04.14 15:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=628CE66E3FD35BFC7969DBAC245DC069 -- C:\WINDOWS\system32\csrss.exe
[2008.04.14 15:00:00 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=628CE66E3FD35BFC7969DBAC245DC069 -- C:\WINDOWS\system32\dllcache\csrss.exe

< MD5 for: EVENTLOG.DLL >
[2008.04.14 15:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008.04.14 15:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008.04.14 15:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008.04.14 15:00:00 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008.04.14 15:00:00 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 15:00:00 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: FASTFAT.SYS >
[2008.04.14 15:00:00 | 000,143,744 | ---- | M] (Microsoft Corporation) MD5=38D332A6D56AF32635675F132548343E -- C:\WINDOWS\system32\dllcache\fastfat.sys
[2008.04.14 15:00:00 | 000,143,744 | ---- | M] (Microsoft Corporation) MD5=38D332A6D56AF32635675F132548343E -- C:\WINDOWS\system32\drivers\fastfat.sys

< MD5 for: HAL.DLL >
[2008.04.14 15:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2008.04.14 15:00:00 | 000,131,840 | ---- | M] (Microsoft Corporation) MD5=6F61D3287A6A15A08A9433222C09D17F -- C:\WINDOWS\system32\hal.dll

< MD5 for: CHANGER.SYS >
[2008.04.14 15:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys

< MD5 for: ISAPNP.SYS >
[2008.04.14 15:00:00 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2008.04.14 08:57:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\dllcache\isapnp.sys
[2008.04.14 08:57:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\drivers\isapnp.sys
[2008.04.14 15:00:00 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\isapnp.sys

< MD5 for: LSASS.EXE >
[2008.04.14 15:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\ERDNT\cache\lsass.exe
[2008.04.14 15:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\dllcache\lsass.exe
[2008.04.14 15:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\lsass.exe

< MD5 for: NDIS.SYS >
[2008.04.14 15:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ERDNT\cache\ndis.sys
[2008.04.14 15:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\ndis.sys
[2008.04.14 15:00:00 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys

< MD5 for: NETLOGON.DLL >
[2008.04.14 15:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008.04.14 15:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008.04.14 15:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: NTFS.SYS >
[2008.04.14 15:00:00 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\ERDNT\cache\ntfs.sys
[2008.04.14 15:00:00 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\system32\dllcache\ntfs.sys
[2008.04.14 15:00:00 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\system32\drivers\ntfs.sys

< MD5 for: SCECLI.DLL >
[2008.04.14 15:00:00 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008.04.14 15:00:00 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008.04.14 15:00:00 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SERVICES.EXE >
[2008.04.14 15:00:00 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=F0D2AE69035092BF22DAD6B50FAB85C2 -- C:\WINDOWS\ERDNT\cache\services.exe
[2008.04.14 15:00:00 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=F0D2AE69035092BF22DAD6B50FAB85C2 -- C:\WINDOWS\system32\dllcache\services.exe
[2008.04.14 15:00:00 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=F0D2AE69035092BF22DAD6B50FAB85C2 -- C:\WINDOWS\system32\services.exe

< MD5 for: SMSS.EXE >
[2008.04.14 15:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\dllcache\smss.exe
[2008.04.14 15:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\smss.exe

< MD5 for: SPOOLSV.EXE >
[2008.04.14 15:00:00 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=CB1090BCA0E7B40D0B5B4E4D66531809 -- C:\WINDOWS\ERDNT\cache\spoolsv.exe
[2008.04.14 15:00:00 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=CB1090BCA0E7B40D0B5B4E4D66531809 -- C:\WINDOWS\system32\dllcache\spoolsv.exe
[2008.04.14 15:00:00 | 000,057,856 | ---- | M] (Microsoft Corporation) MD5=CB1090BCA0E7B40D0B5B4E4D66531809 -- C:\WINDOWS\system32\spoolsv.exe

< MD5 for: SVCHOST.EXE >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2008.04.14 15:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008.04.14 15:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008.04.14 15:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: TCPIP.SYS >
[2008.04.14 15:00:00 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ERDNT\cache\tcpip.sys
[2008.04.14 15:00:00 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.04.14 15:00:00 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\system32\drivers\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.04.14 15:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008.04.14 15:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008.04.14 15:00:00 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2004.08.17 17:49:28 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\system32\winlogon.exe
[2008.04.14 15:00:00 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ERDNT\cache\winlogon.exe

< MD5 for: WS2_32.DLL >
[2008.04.14 15:00:00 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\ERDNT\cache\ws2_32.dll
[2008.04.14 15:00:00 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\dllcache\ws2_32.dll
[2008.04.14 15:00:00 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\ws2_32.dll

< >

< C:\windows\system32\spool\prtprocs|dll;true;true;true /FP >
[2005.05.06 22:00:00 | 000,020,992 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD7J.DLL
[2005.05.06 22:00:00 | 000,059,392 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP7J.DLL
[2008.07.06 14:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2003.06.19 02:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008.07.06 14:06:10 | 000,147,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\x64\filterpipelineprintproc.dll

< %systemroot%\system32\drivers\*.sys /5 >
[2012.04.28 22:08:53 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\windows\system32\drivers\SYMEVENT.SYS

< %systemroot%\system32\drivers\*.sys /X >
[2008.11.18 19:01:38 | 000,010,537 | ---- | M] () -- C:\windows\system32\drivers\coh_mon.cat
[2008.11.18 19:01:38 | 000,000,706 | ---- | M] () -- C:\windows\system32\drivers\COH_Mon.inf
[2008.04.14 15:00:00 | 003,440,660 | ---- | M] () -- C:\windows\system32\drivers\gm.dls
[2008.04.14 15:00:00 | 000,000,646 | ---- | M] () -- C:\windows\system32\drivers\gmreadme.txt
[2010.01.05 20:38:50 | 000,000,000 | -H-- | M] () -- C:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2011.01.04 19:28:26 | 000,000,000 | -H-- | M] () -- C:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2010.01.06 13:59:52 | 000,000,000 | -H-- | M] () -- C:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
[2010.11.20 19:34:44 | 000,000,000 | -H-- | M] () -- C:\windows\system32\drivers\MsftWdf_user_01_09_00.Wdf
[2010.01.06 14:01:18 | 000,000,000 | -H-- | M] () -- C:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
[2011.01.04 19:28:27 | 000,000,000 | -H-- | M] () -- C:\windows\system32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2010.01.05 20:38:53 | 000,000,000 | -H-- | M] () -- C:\windows\system32\drivers\Msft_Kernel_SynTP_01007.Wdf
[2010.01.06 13:59:59 | 000,000,000 | -H-- | M] () -- C:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
[2010.11.20 19:34:49 | 000,000,000 | -H-- | M] () -- C:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
[2009.08.25 20:06:24 | 000,007,425 | ---- | M] () -- C:\windows\system32\drivers\srtsp.cat
[2009.08.25 20:06:24 | 000,001,416 | ---- | M] () -- C:\windows\system32\drivers\srtsp.inf
[2009.08.25 20:06:24 | 000,007,442 | ---- | M] () -- C:\windows\system32\drivers\srtspl.cat
[2009.08.25 20:06:24 | 000,001,431 | ---- | M] () -- C:\windows\system32\drivers\srtspl.inf
[2009.08.25 20:06:24 | 000,007,442 | ---- | M] () -- C:\windows\system32\drivers\srtspx.cat
[2009.08.25 20:06:24 | 000,001,422 | ---- | M] () -- C:\windows\system32\drivers\srtspx.inf
[2012.04.28 22:08:53 | 000,007,456 | ---- | M] () -- C:\windows\system32\drivers\SYMEVENT.CAT
[2012.04.28 22:08:53 | 000,000,806 | ---- | M] () -- C:\windows\system32\drivers\SYMEVENT.INF
[2009.09.03 16:04:46 | 000,009,892 | ---- | M] () -- C:\windows\system32\drivers\SymRedir.cat
[2009.09.03 16:04:46 | 000,001,356 | ---- | M] () -- C:\windows\system32\drivers\SymRedir.inf

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2011.08.20 13:22:11 | 000,443,448 | ---- | M] () Unable to obtain MD5 -- C:\windows\system32\drivers\sptd.sys

< %systemroot%\system32\*.* /5 >
[2012.04.30 01:27:50 | 000,097,754 | ---- | M] () -- C:\windows\system32\perfc005.dat
[2012.04.30 01:27:50 | 000,083,932 | ---- | M] () -- C:\windows\system32\perfc009.dat
[2012.04.30 01:27:50 | 000,488,316 | ---- | M] () -- C:\windows\system32\perfh005.dat
[2012.04.30 01:27:50 | 000,493,388 | ---- | M] () -- C:\windows\system32\perfh009.dat
[2012.04.30 01:27:50 | 001,179,890 | ---- | M] () -- C:\windows\system32\PerfStringBackup.INI
[2012.04.28 22:08:53 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\windows\system32\S32EVNT1.DLL
[2012.04.25 19:36:11 | 000,000,083 | ---- | M] () -- C:\windows\system32\SE-ScreenSavers.scr.Options
[2012.04.30 10:43:59 | 003,145,782 | ---- | M] () -- C:\windows\system32\seDesktopConstructor.bmp
[2012.04.30 01:51:08 | 000,002,278 | ---- | M] () -- C:\windows\system32\wpa.dbl
[1 C:\windows\system32\*.tmp files -> C:\windows\system32\*.tmp -> ]

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\windows\system32\*.tmp files -> C:\windows\system32\*.tmp -> ]

< %systemroot%\system32\config\*.sav >
[2010.01.05 20:00:54 | 000,094,208 | ---- | M] () -- C:\windows\system32\config\default.sav
[2010.01.05 20:00:54 | 001,093,632 | ---- | M] () -- C:\windows\system32\config\software.sav
[2010.01.05 20:00:54 | 000,483,328 | ---- | M] () -- C:\windows\system32\config\system.sav

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\*.* /U /s >
[3 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[1 C:\windows\Installer\*.tmp files -> C:\windows\Installer\*.tmp -> ]
[1 C:\windows\system32\*.tmp files -> C:\windows\system32\*.tmp -> ]
[17 C:\windows\system32\config\systemprofile\Data aplikací\Application Updater\temp\*.tmp files -> C:\windows\system32\config\systemprofile\Data aplikací\Application Updater\temp\*.tmp -> ]

< %systemroot%\*. /mp /s >

< %ALLUSERSPROFILE%\Data Aplikací\*.* >
[2010.01.05 20:02:12 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Data Aplikací\desktop.ini
[2011.07.08 19:21:57 | 000,006,634 | ---- | M] () -- C:\Documents and Settings\All Users\Data Aplikací\LUUnInstall.LiveUpdate

< %ALLUSERSPROFILE%\Data Aplikací\*.exe /s >
[2010.01.06 13:39:42 | 034,698,816 | ---- | M] () -- C:\Documents and Settings\All Users\Data Aplikací\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Nokia_PC_Suite_7_1_40_1_cze_web.exe
[2010.01.06 13:41:45 | 000,095,232 | ---- | M] () -- C:\Documents and Settings\All Users\Data Aplikací\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\pcswpcsi.exe
[2010.01.06 13:41:45 | 000,008,192 | ---- | M] () -- C:\Documents and Settings\All Users\Data Aplikací\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstCCD.exe
[2010.01.06 13:41:45 | 000,010,240 | ---- | M] (Nokia) -- C:\Documents and Settings\All Users\Data Aplikací\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCS.exe
[2010.01.06 13:41:45 | 000,061,440 | ---- | M] () -- C:\Documents and Settings\All Users\Data Aplikací\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
[2011.07.11 11:55:56 | 042,310,952 | ---- | M] () -- C:\Documents and Settings\All Users\Data Aplikací\Installations\{D0D14551-3A2D-433B-861F-F4DCE5422759}\Nokia_PC_Suite_cze.exe
[2011.07.11 11:56:34 | 000,095,616 | ---- | M] () -- C:\Documents and Settings\All Users\Data Aplikací\Installations\{D0D14551-3A2D-433B-861F-F4DCE5422759}\Installer\CommonCustomActions\pcswpcsi.exe
[2011.07.11 11:56:34 | 000,008,192 | ---- | M] () -- C:\Documents and Settings\All Users\Data Aplikací\Installations\{D0D14551-3A2D-433B-861F-F4DCE5422759}\Installer\CommonCustomActions\UninstCCD.exe
[2011.07.11 11:56:34 | 000,010,240 | ---- | M] (Nokia) -- C:\Documents and Settings\All Users\Data Aplikací\Installations\{D0D14551-3A2D-433B-861F-F4DCE5422759}\Installer\CommonCustomActions\UninstPCS.exe
[2011.07.11 11:56:34 | 000,061,440 | ---- | M] () -- C:\Documents and Settings\All Users\Data Aplikací\Installations\{D0D14551-3A2D-433B-861F-F4DCE5422759}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
[2011.06.10 07:48:51 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\All Users\Data Aplikací\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
[2010.06.23 19:47:04 | 003,829,957 | ---- | M] (David Kořínek ) -- C:\Documents and Settings\All Users\Data Aplikací\Monotea\All Users\SMSS3\Update\226\update.exe
[2010.11.20 19:19:36 | 102,913,480 | ---- | M] () -- C:\Documents and Settings\All Users\Data Aplikací\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer.exe
[2011.08.09 12:46:37 | 072,595,352 | ---- | M] () -- C:\Documents and Settings\All Users\Data Aplikací\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{07D77970-B205-460C-84E4-263F30455597}\Installer.exe
[2011.08.21 09:19:03 | 000,119,296 | ---- | M] () -- C:\Documents and Settings\All Users\Data Aplikací\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{07D77970-B205-460C-84E4-263F30455597}\Installer\InstallerService.exe
[2011.08.21 09:19:03 | 000,053,760 | ---- | M] () -- C:\Documents and Settings\All Users\Data Aplikací\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{07D77970-B205-460C-84E4-263F30455597}\Installer\InstallerServiceExec.exe
[2011.08.21 09:19:04 | 000,054,272 | ---- | M] () -- C:\Documents and Settings\All Users\Data Aplikací\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{07D77970-B205-460C-84E4-263F30455597}\Installer\IsPinned.exe
[2011.10.29 21:13:03 | 000,094,720 | ---- | M] () -- C:\Documents and Settings\All Users\Data Aplikací\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{07D77970-B205-460C-84E4-263F30455597}\Installer\CommonCustomActions\pcswpc.exe
[2011.10.29 21:13:03 | 000,077,824 | ---- | M] () -- C:\Documents and Settings\All Users\Data Aplikací\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\{07D77970-B205-460C-84E4-263F30455597}\Installer\CommonCustomActions\Run_XML6_SP1.exe
[2010.11.20 19:21:16 | 000,050,000 | ---- | M] () -- C:\Documents and Settings\All Users\Data Aplikací\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\pcswpc.exe
[2010.11.20 19:21:16 | 000,077,824 | ---- | M] () -- C:\Documents and Settings\All Users\Data Aplikací\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\Run_XML6_SP1.exe
[2010.11.20 19:21:16 | 000,038,912 | ---- | M] () -- C:\Documents and Settings\All Users\Data Aplikací\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\WMF11Runx64.exe
[2010.11.20 19:21:16 | 000,038,912 | ---- | M] () -- C:\Documents and Settings\All Users\Data Aplikací\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\WMF11Runx86.exe
[2010.11.20 19:21:22 | 013,930,312 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Data Aplikací\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X64-ENU.exe
[2010.11.20 19:21:27 | 012,212,040 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Data Aplikací\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X86-ENU.exe
[2009.07.16 02:21:28 | 000,927,096 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\All Users\Data Aplikací\Symantec\Cached Installs\{2EFCC193-D915-4CCB-9201-31773A27BC06}\LuCheck.exe
[2009.07.16 02:21:30 | 003,557,096 | ---- | M] () -- C:\Documents and Settings\All Users\Data Aplikací\Symantec\Cached Installs\{2EFCC193-D915-4CCB-9201-31773A27BC06}\LUSETUP.EXE
[2009.09.18 01:54:50 | 000,300,432 | ---- | M] (Symantec Corporation ) -- C:\Documents and Settings\All Users\Data Aplikací\Symantec\Cached Installs\{2EFCC193-D915-4CCB-9201-31773A27BC06}\Setup.exe
[2009.09.17 18:27:32 | 000,669,000 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\All Users\Data Aplikací\Symantec\Cached Installs\{2EFCC193-D915-4CCB-9201-31773A27BC06}\smcinst.exe
[2006.05.16 12:58:00 | 002,584,848 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Data Aplikací\Symantec\Cached Installs\{2EFCC193-D915-4CCB-9201-31773A27BC06}\WindowsInstaller-KB893803-x86.exe
[2006.12.01 10:13:48 | 000,040,960 | ---- | M] () -- C:\Documents and Settings\All Users\Data Aplikací\Tyre\appstop.exe

< %ALLUSERSPROFILE%\Dáta aplikácií\*.* >

< %ALLUSERSPROFILE%\Dáta aplikácií\*.exe /s >

< %APPDATA%\*. >
[2010.01.05 22:39:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Data aplikací\Acronis
[2012.04.26 08:53:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Data aplikací\Ad-Aware Antivirus
[2010.01.05 23:25:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Data aplikací\Adobe
[2010.01.05 20:57:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Data aplikací\Apple Computer
[2012.03.05 00:23:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Data aplikací\avidemux
[2012.03.19 20:45:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Data aplikací\Canon
[2011.08.20 15:08:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Data aplikací\DAEMON Tools Lite
[2011.07.10 22:11:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Data aplikací\DVDFab
[2011.10.30 14:35:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Data aplikací\esmska
[2010.01.09 10:37:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Data aplikací\Expert SoftWorks
[2012.02.19 09:22:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Data aplikací\facemoods.com
[2010.01.05 19:29:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Data aplikací\GHISLER
[2011.08.10 21:47:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Data aplikací\Google
[2011.10.09 14:54:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Data aplikací\Help
[2012.04.28 19:08:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Data aplikací\Iconoid
[2012.04.30 10:24:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Data aplikací\ICQ
[2010.01.05 19:16:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Data aplikací\Identities
[2010.01.06 21:17:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Data aplikací\InstallShield
[2010.01.17 09:36:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Data aplikací\InterVideo
[2010.01.12 20:35:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Data aplikací\Jpeg Resampler
[2010.02.01 11:36:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Data aplikací\LogoManager
[2010.01.05 23:25:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Data aplikací\Macromedia
[2010.01.05 21:49:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Data aplikací\Malwarebytes
[2011.07.23 17:26:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Data aplikací\Media Player Classic
[2010.09.18 17:57:30 | 000,000,000 | --SD | M] -- C:\Documents and Settings\UserXP\Data aplikací\Microsoft
[2010.06.23 19:45:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Data aplikací\Monotea
[2012.04.13 10:51:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Data aplikací\Moto assistant
[2011.10.28 17:00:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Data aplikací\Mozilla
[2011.07.11 10:31:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Data aplikací\Nokia
[2011.07.11 10:31:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Data aplikací\Nokia Ovi Suite
[2011.10.05 19:15:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Data aplikací\OCS
[2010.01.05 20:46:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Data aplikací\Opera
[2010.10.13 08:58:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Data aplikací\PC Suite
[2011.01.30 16:10:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Data aplikací\PDF reDirect
[2010.01.05 22:25:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Data aplikací\PDF Writer
[2012.04.29 16:12:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Data aplikací\PriceGong
[2010.01.05 21:06:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Data aplikací\PSpad
[2012.04.29 09:34:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Data aplikací\Skype
[2012.01.29 08:40:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Data aplikací\skypePM
[2011.05.24 18:26:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Data aplikací\SMS posílač Treca
[2010.01.05 20:50:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Data aplikací\Sun
[2010.07.07 12:28:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Data aplikací\TomTom
[2012.02.25 19:57:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Data aplikací\Tyre
[2010.01.17 21:28:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Data aplikací\VitySoft
[2012.03.04 23:58:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Data aplikací\Vso
[2010.01.05 22:53:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Data aplikací\WinRAR
[2012.02.14 09:11:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Data aplikací\xrecode2
[2010.01.05 23:02:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Data aplikací\Zoner
[2011.12.28 11:55:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\UserXP\Data aplikací\ZoomBrowser EX

< %APPDATA%\*.* >
[2011.08.20 13:33:47 | 000,002,528 | ---- | M] () -- C:\Documents and Settings\UserXP\Data aplikací\$_hpcst$.hpc
[2010.01.05 20:02:12 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\UserXP\Data aplikací\desktop.ini
[2011.10.22 10:25:49 | 000,000,728 | ---- | M] () -- C:\Documents and Settings\UserXP\Data aplikací\EggTimeCounter_Prefs.plist
[2010.01.05 21:07:10 | 000,087,608 | ---- | M] () -- C:\Documents and Settings\UserXP\Data aplikací\inst.exe
[2010.01.05 21:07:10 | 000,007,887 | ---- | M] () -- C:\Documents and Settings\UserXP\Data aplikací\pcouffin.cat
[2010.01.05 21:07:10 | 000,001,144 | ---- | M] () -- C:\Documents and Settings\UserXP\Data aplikací\pcouffin.inf
[2010.01.05 21:07:15 | 000,000,034 | ---- | M] () -- C:\Documents and Settings\UserXP\Data aplikací\pcouffin.log
[2010.01.05 21:07:10 | 000,047,360 | ---- | M] (VSO Software) -- C:\Documents and Settings\UserXP\Data aplikací\pcouffin.sys
[2012.03.04 23:58:38 | 000,001,173 | ---- | M] () -- C:\Documents and Settings\UserXP\Data aplikací\vso_ts_preview.xml
[2012.04.28 22:13:09 | 000,079,872 | ---- | M] () -- C:\Documents and Settings\UserXP\Data aplikací\Ygsisg.exe
[1 C:\Documents and Settings\UserXP\Data aplikací\*.tmp files -> C:\Documents and Settings\UserXP\Data aplikací\*.tmp -> ]

< %APPDATA%\*.exe /s >
[2010.01.05 21:07:10 | 000,087,608 | ---- | M] () -- C:\Documents and Settings\UserXP\Data aplikací\inst.exe
[2012.04.28 22:13:09 | 000,079,872 | ---- | M] () -- C:\Documents and Settings\UserXP\Data aplikací\Ygsisg.exe
[1 C:\Documents and Settings\UserXP\Data aplikací\*.tmp files -> C:\Documents and Settings\UserXP\Data aplikací\*.tmp -> ]
[2011.10.05 19:20:37 | 000,106,496 | ---- | M] (OCS) -- C:\Documents and Settings\UserXP\Data aplikací\OCS\SM\SearchAnonymizer.exe
[2011.10.05 19:20:37 | 000,040,960 | ---- | M] () -- C:\Documents and Settings\UserXP\Data aplikací\OCS\SM\SearchAnonymizerHelper.exe
[2011.05.24 18:26:55 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\UserXP\Data aplikací\SMS posílač Treca\SMSposilac.exe
[2006.12.01 10:13:48 | 000,040,960 | ---- | M] () -- C:\Documents and Settings\UserXP\Data aplikací\Tyre\appstop.exe
[2010.07.19 08:22:39 | 007,377,592 | ---- | M] (ZONER software ) -- C:\Documents and Settings\UserXP\Data aplikací\Zoner\NLMDB\product.0032\autoupdate.cz\ZPS12_Update_Build09.exe

< %SYSTEMDRIVE%\*.exe >

< >

< >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS /s >
"StateIndex" = 1

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager" /v BootExecute /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\SESSION MANAGER
BOOTEXECUTE REG_MULTI_SZ autocheck autochk *\0\0

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager" /v "PendingFileRenameOperations" /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\CONTROL\SESSION MANAGER

< >

< type c:\boot.ini >> test.txt /c >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2012.04.30 10:31:55 | 000,000,512 | ---- | M] () MD5=42424D2C146821BC48BBB50192A3B197 -- C:\PhysicalMBR.bin

========== Alternate Data Streams ==========

@Alternate Data Stream - 193 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:DD4DD9B9

< End of report >

[monty1]

OTL Extras logfile created on: 30. 4. 2012 10:28:34 - Run 1
OTL by OldTimer - Version 3.2.42.2 Folder = C:\Documents and Settings\UserXP\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d. M. yyyy

759,36 Mb Total Physical Memory | 274,28 Mb Available Physical Memory | 36,12% Memory free
1,81 Gb Paging File | 1,27 Gb Available in Paging File | 69,96% Paging File free
Paging file location(s): C:\pagefile.sys 1140 2280 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 37,25 Gb Total Space | 9,73 Gb Free Space | 26,11% Space Free | Partition Type: NTFS

Computer Name: PRIVE-8790F49A2 | User Name: UserXP | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-725345543-1229272821-1606980848-1003\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
https [open] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Command Prompt Here] -- cmd.exe /k cd %1 (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\ICQ7.6\ICQ.exe" = C:\Program Files\ICQ7.6\ICQ.exe:*:Enabled:ICQ7.6 -- (ICQ, LLC.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe" = C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service -- (Symantec Corporation)
"C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE" = C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE:*:Enabled:SNAC Service -- (Symantec Corporation)
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe" = C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email -- (Symantec Corporation)
"C:\Program Files\ICQ7.6\ICQ.exe" = C:\Program Files\ICQ7.6\ICQ.exe:*:Enabled:ICQ7.6 -- (ICQ, LLC.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07D77970-B205-460C-84E4-263F30455597}" = Nokia Ovi Suite
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1" = ICQ 7.6 Build #5618 Banner Remover 1.0
"{12451AF7-EFF8-4B5B-8255-282D7CC7CAEE}" = OviMPlatform
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 26
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2CC53A53-44F4-4667-8584-2FFC9ACB2242}" = Ovi Desktop Sync Engine
"{2D99A593-C841-43A7-B7C9-D6F3AE70B756}" = Nokia Connectivity Cable Driver
"{2EFCC193-D915-4CCB-9201-31773A27BC06}" = Symantec Endpoint Protection
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{491A580E-C3A0-4CA5-BD27-738CDDD123E6}_is1" = SE-DesktopConstructor 1.3.1.20
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{6200C0CC-2B1F-450A-A0B7-A6E138FABF7A}_is1" = Spořič obrazovky Hodiny 1.1
"{67A48ED5-0B6A-470A-995C-B8F1942E8AB9}" = Diskeeper 2008 Pro Premier
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{7036A6F4-5DAD-3908-956D-1752CD7F7E5A}" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6
"{8969CD6F-5B75-40B9-8701-86ECA4C1F263}_is1" = VSO Image Resizer 4.0.0.54
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver for Mobile
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90110405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91110405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91175441-4E5D-4e13-B116-828FD352CDB2}" = Canon MP170
"{93293322-B694-4270-B7FE-DDE1A681ACCA}" = linguatec Voice Reader
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD 4
"{A2DE62D8-EF1B-36CB-B461-B1E221ED8608}" = Microsoft .NET Framework 4 Extended CSY Language Pack
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A8F7FCEF-3CA6-4CE9-8FEA-8BB18F8686F0}" = Nokia Ovi Suite Software Updater
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1029-7B44-A92000000001}" = Adobe Reader 9.2 - Czech
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AFE83615-88BE-47F6-B3E4-A3FEF8B7B57F}_is1" = xrecode II 1.0.0.185
"{B80CC46C-5839-4A48-B051-3CACF23A2718}_is1" = Eraser 5.82
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C373F7C4-05D2-4047-96D1-6AF30661C6AA}" = PC Connectivity Solution
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CD046DF7-9A10-4C3F-B2A1-E5A02FFC0476}_is1" = SE-ScreenSavers 1.10.1.60
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEB326EC-8F40-47B2-BA22-BB092565D66F}" = Quick Launch Buttons 5.10 B5
"{D0D14551-3A2D-433B-861F-F4DCE5422759}" = Nokia PC Suite
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.9.322
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{E98D6792-FC51-4187-9448-CA9BF893384E}" = MicroStar Bluetooth Software
"{ECD03DA7-5952-406A-8156-5F0C93618D1F}" = V-Gear TalkCam Messenger Pro
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{FC8D21C8-7B29-4104-ADB0-FEE9CA1C7922}" = Folder Size for Windows
"2B77EDB2643AA62CA7DD23F4E52CA138F61AF7B8" = Windows Driver Package - Intel net (02/25/2007 11.1.0.86)
"504244733D18C8F63FF584AEB290E3904E791693" = Balíček ovladače systému Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"5513-1208-7298-9440" = JDownloader 0.9
"72A50F48CC5601190B9C4E74D81161693133E7F7" = Balíček ovladače systému Windows - Nokia Modem (02/25/2011 7.01.0.9)
"A5F682C869AF68EB8EDD49BDADFC08B7DF1C11C3" = Windows Driver Package - Intel (NETw4x32) net (02/25/2007 11.1.0.86)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"Atomic Clock Sync" = Atomic Clock Sync
"Audacity_is1" = Audacity 1.2.6
"Avidemux 2.5" = Avidemux 2.5 (32-bit)
"BatteryInfo" = Notebook BatteryInfo
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"BSPlayer1" = BSPlayer
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 7.1.0.1007
"CCleaner" = CCleaner
"D1E8C9A9258DD7BF813A3525430A4EB3576736EA" = Windows Driver Package - Intel net (02/25/2007 11.1.0.86)
"DreamCom SE_is1" = DreamCom SE 1.3
"DVDFab 6_is1" = DVDFab 6.1.2.0 (23/10/2009)
"E0AC723A3DE3A04256288CADBBB011B112AED454" = Balíček ovladače systému Windows - Nokia Modem (02/25/2011 4.7)
"Easy CD-DA Extractor 12" = Easy CD-DA Extractor 12
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.01
"FC9E80E6E67400E836A009325C6E1CF5D77EFB1D" = Windows Driver Package - Intel (w29n51) net (02/08/2007 9.0.4.33)
"FormatFactory" = FormatFactory 2.90
"Foxit PDF Editor" = Foxit PDF Editor
"Free Mp3/Wma/Ogg Converter_is1" = Free Mp3/Wma/Ogg Converter 4.0.1
"GPL Ghostscript 8.70" = GPL Ghostscript 8.70
"HijackThis" = HijackThis 2.0.2
"Iconoid_is1" = Iconoid Version 3.8.5
"ie8" = Windows Internet Explorer 8
"IrfanView" = IrfanView (remove only)
"iVol" = iVol
"JPEG Resampler_is1" = JPEG Resampler Vs 5.0
"KLiteCodecPack_is1" = K-Lite Codec Pack 8.6.6 (Full)
"Kristanix Right Click Image Converter" = Right Click Image Converter
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware verze 1.61.0.1400
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile CSY Language Pack" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended CSY Language Pack" = Microsoft .NET Framework 4 Extended CSY Language Pack
"MP Navigator 2.0" = Canon MP Navigator 2.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero 6 Enterprise Edition
"Nokia Ovi Suite" = Nokia Ovi Suite
"Nokia PC Suite" = Nokia PC Suite
"PhotoFiltre" = PhotoFiltre
"Popisovač CD/DVD 3.0_is1" = Popisovač CD/DVD 3.00
"PriceGong" = PriceGong 2.5.1
"Print Envelope_is1" = Print Envelope 1.0.0.1
"ProFact 3.0_is1" = ProFact 3.0
"PSPad editor_is1" = PSPad editor
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"QcDrv" = ##CAMERADRIVERNAME##
"SMS Zdarma 2_is1" = SMS Zdarma 2.08
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"szn-software-postak" = Seznam Pošťák 2 (Všichni uživatelé tohoto počítače.)
"TClockEx_is1" = TClockEx
"TomTom HOME" = TomTom HOME 2.5.2.60
"Totalcmd" = Total Commander (Remove or Repair)
"Tweak UI 2.10" = Tweak UI
"Tyre_is1" = Tyre
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinPcapInst" = WinPcap 4.1.1
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9
"ZonerPhotoStudio12_CZ_is1" = Zoner Photo Studio 12

========== HKEY_USERS Uninstall List ==========

[monty1]

[HKEY_USERS\S-1-5-21-725345543-1229272821-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"szn-software-postak" = Seznam Pošťák 2 (Pouze já.)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 29. 4. 2012 17:10:22 | Computer Name = PRIVE-8790F49A2 | Source = crypt32 | ID = 131080
Description = Načtení automatické aktualizace pořadového čísla kořenového seznamu
jiného výrobce z: <http://www.download.windowsupdate.com/m ... ootseq.txt>
se nezdařilo. Chyba: Takové síťové připojení neexistuje.

Error - 29. 4. 2012 17:10:22 | Computer Name = PRIVE-8790F49A2 | Source = crypt32 | ID = 131080
Description = Načtení automatické aktualizace pořadového čísla kořenového seznamu
jiného výrobce z: <http://www.download.windowsupdate.com/m ... ootseq.txt>
se nezdařilo. Chyba: Takové síťové připojení neexistuje.

Error - 29. 4. 2012 17:10:22 | Computer Name = PRIVE-8790F49A2 | Source = crypt32 | ID = 131080
Description = Načtení automatické aktualizace pořadového čísla kořenového seznamu
jiného výrobce z: <http://www.download.windowsupdate.com/m ... ootseq.txt>
se nezdařilo. Chyba: Takové síťové připojení neexistuje.

Error - 29. 4. 2012 17:10:22 | Computer Name = PRIVE-8790F49A2 | Source = crypt32 | ID = 131080
Description = Načtení automatické aktualizace pořadového čísla kořenového seznamu
jiného výrobce z: <http://www.download.windowsupdate.com/m ... ootseq.txt>
se nezdařilo. Chyba: Takové síťové připojení neexistuje.

Error - 29. 4. 2012 17:10:22 | Computer Name = PRIVE-8790F49A2 | Source = crypt32 | ID = 131080
Description = Načtení automatické aktualizace pořadového čísla kořenového seznamu
jiného výrobce z: <http://www.download.windowsupdate.com/m ... ootseq.txt>
se nezdařilo. Chyba: Takové síťové připojení neexistuje.

Error - 29. 4. 2012 17:10:22 | Computer Name = PRIVE-8790F49A2 | Source = crypt32 | ID = 131080
Description = Načtení automatické aktualizace pořadového čísla kořenového seznamu
jiného výrobce z: <http://www.download.windowsupdate.com/m ... ootseq.txt>
se nezdařilo. Chyba: Takové síťové připojení neexistuje.

Error - 29. 4. 2012 17:14:52 | Computer Name = PRIVE-8790F49A2 | Source = crypt32 | ID = 131080
Description = Načtení automatické aktualizace pořadového čísla kořenového seznamu
jiného výrobce z: <http://www.download.windowsupdate.com/m ... ootseq.txt>
se nezdařilo. Chyba: The server name or address could not be resolved

Error - 29. 4. 2012 19:52:17 | Computer Name = PRIVE-8790F49A2 | Source = PerfNet | ID = 2004
Description = Nelze otevřít službu serveru. Data o výkonu serveru nejsou k dispozici.
Vrácený chybový kód je v datech DWORD 0.

Error - 29. 4. 2012 20:25:24 | Computer Name = PRIVE-8790F49A2 | Source = Symantec AntiVirus | ID = 16711731
Description =

Error - 29. 4. 2012 20:26:29 | Computer Name = PRIVE-8790F49A2 | Source = Symantec AntiVirus | ID = 16711731
Description =

[ Application Events ]
Error - 29. 4. 2012 17:10:22 | Computer Name = PRIVE-8790F49A2 | Source = crypt32 | ID = 131080
Description = Načtení automatické aktualizace pořadového čísla kořenového seznamu
jiného výrobce z: <http://www.download.windowsupdate.com/m ... ootseq.txt>
se nezdařilo. Chyba: Takové síťové připojení neexistuje.

Error - 29. 4. 2012 17:10:22 | Computer Name = PRIVE-8790F49A2 | Source = crypt32 | ID = 131080
Description = Načtení automatické aktualizace pořadového čísla kořenového seznamu
jiného výrobce z: <http://www.download.windowsupdate.com/m ... ootseq.txt>
se nezdařilo. Chyba: Takové síťové připojení neexistuje.

Error - 29. 4. 2012 17:10:22 | Computer Name = PRIVE-8790F49A2 | Source = crypt32 | ID = 131080
Description = Načtení automatické aktualizace pořadového čísla kořenového seznamu
jiného výrobce z: <http://www.download.windowsupdate.com/m ... ootseq.txt>
se nezdařilo. Chyba: Takové síťové připojení neexistuje.

Error - 29. 4. 2012 17:10:22 | Computer Name = PRIVE-8790F49A2 | Source = crypt32 | ID = 131080
Description = Načtení automatické aktualizace pořadového čísla kořenového seznamu
jiného výrobce z: <http://www.download.windowsupdate.com/m ... ootseq.txt>
se nezdařilo. Chyba: Takové síťové připojení neexistuje.

Error - 29. 4. 2012 17:10:22 | Computer Name = PRIVE-8790F49A2 | Source = crypt32 | ID = 131080
Description = Načtení automatické aktualizace pořadového čísla kořenového seznamu
jiného výrobce z: <http://www.download.windowsupdate.com/m ... ootseq.txt>
se nezdařilo. Chyba: Takové síťové připojení neexistuje.

Error - 29. 4. 2012 17:10:22 | Computer Name = PRIVE-8790F49A2 | Source = crypt32 | ID = 131080
Description = Načtení automatické aktualizace pořadového čísla kořenového seznamu
jiného výrobce z: <http://www.download.windowsupdate.com/m ... ootseq.txt>
se nezdařilo. Chyba: Takové síťové připojení neexistuje.

Error - 29. 4. 2012 17:14:52 | Computer Name = PRIVE-8790F49A2 | Source = crypt32 | ID = 131080
Description = Načtení automatické aktualizace pořadového čísla kořenového seznamu
jiného výrobce z: <http://www.download.windowsupdate.com/m ... ootseq.txt>
se nezdařilo. Chyba: The server name or address could not be resolved

Error - 29. 4. 2012 19:52:17 | Computer Name = PRIVE-8790F49A2 | Source = PerfNet | ID = 2004
Description = Nelze otevřít službu serveru. Data o výkonu serveru nejsou k dispozici.
Vrácený chybový kód je v datech DWORD 0.

Error - 29. 4. 2012 20:25:24 | Computer Name = PRIVE-8790F49A2 | Source = Symantec AntiVirus | ID = 16711731
Description =

Error - 29. 4. 2012 20:26:29 | Computer Name = PRIVE-8790F49A2 | Source = Symantec AntiVirus | ID = 16711731
Description =

[ System Events ]
Error - 29. 4. 2012 18:58:04 | Computer Name = PRIVE-8790F49A2 | Source = Service Control Manager | ID = 7001
Description = Služba Klient DNS závisí na službě Ovladač protokolu TCP/IP, která
neuspěla při spuštění v důsledku následující chyby: %%31

Error - 29. 4. 2012 18:58:04 | Computer Name = PRIVE-8790F49A2 | Source = Service Control Manager | ID = 7001
Description = Služba Podpora rozhraní NetBIOS nad protokolem TCP/IP závisí na službě
AFD, která neuspěla při spuštění v důsledku následující chyby: %%31

Error - 29. 4. 2012 18:58:04 | Computer Name = PRIVE-8790F49A2 | Source = Service Control Manager | ID = 7001
Description = Služba Služby IPSEC závisí na službě Ovladač IPSEC, která neuspěla
při spuštění v důsledku následující chyby: %%31

Error - 29. 4. 2012 18:58:04 | Computer Name = PRIVE-8790F49A2 | Source = Service Control Manager | ID = 7026
Description = Zavedení následujícího ovladače pro spouštění počítače nebo systému
se nezdařilo: AFD eabfiltr eeCtrl Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SPBBCDrv
sptd
SRTSP
SRTSPX
SYMTDI
Tcpip
WPS
WS2IFSL

Error - 29. 4. 2012 19:13:01 | Computer Name = PRIVE-8790F49A2 | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1084 při pokusu o spuštění služby StiSvc
s argumenty za účelem spuštění serveru: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 29. 4. 2012 19:14:18 | Computer Name = PRIVE-8790F49A2 | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1084 při pokusu o spuštění služby StiSvc
s argumenty za účelem spuštění serveru: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 29. 4. 2012 19:15:32 | Computer Name = PRIVE-8790F49A2 | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1084 při pokusu o spuštění služby StiSvc
s argumenty za účelem spuštění serveru: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 29. 4. 2012 19:17:21 | Computer Name = PRIVE-8790F49A2 | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1084 při pokusu o spuštění služby StiSvc
s argumenty za účelem spuštění serveru: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 29. 4. 2012 19:20:48 | Computer Name = PRIVE-8790F49A2 | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1084 při pokusu o spuštění služby EventSystem
s argumenty za účelem spuštění serveru: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 30. 4. 2012 2:00:28 | Computer Name = PRIVE-8790F49A2 | Source = Dhcp | ID = 1000
Description = Zapůjčení adresy IP počítače 78.45.241.174 pro síťovou kartu se síťovou
adresou 001560B2D871 byla ukončena.


< End of report >

[motji]

Otestujte na www.virustotal.com
C:\Documents and Settings\UserXP\Local Settings\Data aplikací\Seznam.cz\bin\email.4.dll

[monty1]

SHA256: d44515fe2f702b417607b8d6b95a4072626445ca91b57dc64c3c3fcb30ca376f
File name: email.4.dll
Detection ratio: 0 / 42
Analysis date: 2012-04-30 09:24:43 UTC ( 0 minut ago )
00
More details
Antivirus Result Update
AhnLab-V3 - 20120429
AntiVir - 20120430
Antiy-AVL - 20120430
Avast - 20120430
AVG - 20120429
BitDefender - 20120430
ByteHero - 20120424
CAT-QuickHeal - 20120430
ClamAV - 20120430
Commtouch - 20120430
Comodo - 20120430
DrWeb - 20120430
Emsisoft - 20120430
eSafe - 20120425
eTrust-Vet - 20120427
F-Prot - 20120429
F-Secure - 20120430
Fortinet - 20120430
GData - 20120430
Ikarus - 20120430
Jiangmin - 20120430
K7AntiVirus - 20120427
Kaspersky - 20120430
McAfee - 20120430
McAfee-GW-Edition - 20120430
Microsoft - 20120430
NOD32 - 20120430
Norman - 20120430
nProtect - 20120430
Panda - 20120429
PCTools - 20120424
Rising - 20120428
Sophos - 20120430
SUPERAntiSpyware - 20120402
Symantec - 20120430
TheHacker - 20120428
TrendMicro - 20120430
TrendMicro-HouseCall - 20120429
VBA32 - 20120430
VIPRE - 20120430
ViRobot - 20120430
VirusBuster - 20120429

[motji]

Stáhněte SystemLook
http://jpshortstuff.247fixes.com/SystemLook.exe

-uložte ho na plochu a spustte.
-do okénka skopírujte

Kód: Vybrat vše

:filefind
winlogon.ex*

-klikněte na Look, proběhne sken, na konci se zobrazí log, jehož obsah zkopírujete sem

[monty1]

SystemLook 30.07.11 by jpshortstuff
Log created at 11:40 on 30/04/2012 by UserXP
Administrator - Elevation successful

========== filefind ==========

Searching for "winlogon.ex*"
C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe --a---- 199240 bytes [07:00 15/04/2012] [13:56 04/04/2012] 097D0E812D7A9A3101CE46CB2BE0474D
C:\Qoobox\Quarantine\C\WINDOWS\system32\winlogon.exe.vir --a---- 507904 bytes [17:07 05/01/2010] [18:40 05/01/2010] B1C66D7B244FC4E2B034D50E86E4E991
C:\WINDOWS\ERDNT\cache\winlogon.exe --a---- 507904 bytes [21:55 29/04/2012] [13:00 14/04/2008] CDDB1F8E1AEA356F3AD106F2CF9B7FEA
C:\WINDOWS\system32\winlogon.exe --a---- 502272 bytes [17:07 05/01/2010] [15:49 17/08/2004] 221C29AE1B4CC61D11D8B27DE78B2307

-= EOF =-

[motji]

Stahněte si soubor a odpojte se od internetu a pc nechte i potom dopojený. Log přeneste do druhého pc přes flešku.
Stahněte si z přílohy soubor a rozbalte přímo na disk C, tak aby cesta byla C/winlogon.exe.



Spustte OTL
-do bílého okna dole skopírujte tento skript:

Kód: Vybrat vše

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
@Alternate Data Stream - 193 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:DD4DD9B9
IE - HKU\S-1-5-21-725345543-1229272821-1606980848-1003\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-725345543-1229272821-1606980848-1003\..\SearchScopes,DefaultScope = {63707615-F83A-43B8-8791-FCBB7323D94B}
IE - HKU\S-1-5-21-725345543-1229272821-1606980848-1003\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
E - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&st=1&q={searchTerms}&barid={E947347C-1CC4-439A-A914-484510D8D2D4}
IE - HKU\S-1-5-21-725345543-1229272821-1606980848-1003\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?ch_id=em&q={searchTerms}
IE - HKU\S-1-5-21-725345543-1229272821-1606980848-1003\..\SearchScopes\{7AFA25AC-BA2C-4D60-A4E3-A0F3B77906B6}: "URL" = http://search.yahoo.com/search?fr=chr-g ... =937811&p={searchTerms}
IE - HKU\S-1-5-21-725345543-1229272821-1606980848-1003\..\SearchScopes\{C1BC07C4-9810-4560-89F9-437188B39226}: "URL" = http://websearch.ask.com/redirect?clien ... src=crm&q={searchTerms}&locale=en_EU&apn_ptnrs=VX&apn_dtid=YYYYYYYYCZ&apn_uid=15B8A6DD-DEE5-487A-94E4-F5CA26270109&apn_sauid=C83FC1C0-28C9-4E73-AC13-590DA0BC0E8F
IE - HKU\S-1-5-21-725345543-1229272821-1606980848-1003\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&st=1&q={searchTerms}&barid={E947347C-1CC4-439A-A914-484510D8D2D4}

:files
C:\WINDOWS\system32\winlogon.exe | C:\winlogon.exe /replace
C:\WINDOWS\system32\*.tmp.dll /s
C:\WINDOWS\system32\SET*.tmp /s
C:\WINDOWS\*.tmp /s
C:\Documents and Settings\UserXP\Data aplikací\inst.exe
C:\Documents and Settings\UserXP\Data aplikací\Ygsisg.exe
C:\Documents and Settings\UserXP\Plocha\RogueKiller.exe
C:\CF-Submit.htm
C:\windows\System32\antiwpa.dll
C:\windows\System32\OGACheckControl.dll

:commands
[resethosts]
[emptytemp]
[EMPTYFLASH]
[Reboot]

-klikněte na tlačítko opravit.
-Následně se pc restartuje.
- Log vložte zde


Pokud by opět běžný režim nenaběhl, jete do nouzového.

[monty1]

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:DD4DD9B9 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-725345543-1229272821-1606980848-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
HKEY_USERS\S-1-5-21-725345543-1229272821-1606980848-1003\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-725345543-1229272821-1606980848-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0D7562AE-8EF6-416d-A838-AB665251703A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
Registry key HKEY_USERS\S-1-5-21-725345543-1229272821-1606980848-1003\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_USERS\S-1-5-21-725345543-1229272821-1606980848-1003\Software\Microsoft\Internet Explorer\SearchScopes\{7AFA25AC-BA2C-4D60-A4E3-A0F3B77906B6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7AFA25AC-BA2C-4D60-A4E3-A0F3B77906B6}\ not found.
Registry key HKEY_USERS\S-1-5-21-725345543-1229272821-1606980848-1003\Software\Microsoft\Internet Explorer\SearchScopes\{C1BC07C4-9810-4560-89F9-437188B39226}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C1BC07C4-9810-4560-89F9-437188B39226}\ not found.
Registry key HKEY_USERS\S-1-5-21-725345543-1229272821-1606980848-1003\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
========== FILES ==========
Unable to replace file: C:\WINDOWS\system32\winlogon.exe with C:\winlogon.exe without a reboot.
File\Folder C:\WINDOWS\system32\*.tmp.dll not found.
File\Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\SET3.tmp moved successfully.
C:\WINDOWS\SET4.tmp moved successfully.
C:\WINDOWS\SET8.tmp moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP17C.tmp folder moved successfully.
C:\WINDOWS\Installer\MSI59.tmp moved successfully.
C:\WINDOWS\system32\CONFIG.TMP moved successfully.
C:\WINDOWS\system32\config\systemprofile\Data aplikací\Application Updater\temp\~wt11A5.tmp moved successfully.
C:\WINDOWS\system32\config\systemprofile\Data aplikací\Application Updater\temp\~wt14.tmp moved successfully.
C:\WINDOWS\system32\config\systemprofile\Data aplikací\Application Updater\temp\~wt16.tmp moved successfully.
C:\WINDOWS\system32\config\systemprofile\Data aplikací\Application Updater\temp\~wt17E.tmp moved successfully.
C:\WINDOWS\system32\config\systemprofile\Data aplikací\Application Updater\temp\~wt19D.tmp moved successfully.
C:\WINDOWS\system32\config\systemprofile\Data aplikací\Application Updater\temp\~wt1E7.tmp moved successfully.
C:\WINDOWS\system32\config\systemprofile\Data aplikací\Application Updater\temp\~wt27.tmp moved successfully.
C:\WINDOWS\system32\config\systemprofile\Data aplikací\Application Updater\temp\~wt2C6.tmp moved successfully.
C:\WINDOWS\system32\config\systemprofile\Data aplikací\Application Updater\temp\~wt46D.tmp moved successfully.
C:\WINDOWS\system32\config\systemprofile\Data aplikací\Application Updater\temp\~wt556.tmp moved successfully.
C:\WINDOWS\system32\config\systemprofile\Data aplikací\Application Updater\temp\~wt7C0.tmp moved successfully.
C:\WINDOWS\system32\config\systemprofile\Data aplikací\Application Updater\temp\~wt8.tmp moved successfully.
C:\WINDOWS\system32\config\systemprofile\Data aplikací\Application Updater\temp\~wt80.tmp moved successfully.
C:\WINDOWS\system32\config\systemprofile\Data aplikací\Application Updater\temp\~wtB0B.tmp moved successfully.
C:\WINDOWS\system32\config\systemprofile\Data aplikací\Application Updater\temp\~wtD3F.tmp moved successfully.
C:\WINDOWS\system32\config\systemprofile\Data aplikací\Application Updater\temp\~wtEB7.tmp moved successfully.
C:\WINDOWS\system32\config\systemprofile\Data aplikací\Application Updater\temp\~wtF.tmp moved successfully.
C:\Documents and Settings\UserXP\Data aplikací\inst.exe moved successfully.
C:\Documents and Settings\UserXP\Data aplikací\Ygsisg.exe moved successfully.
C:\Documents and Settings\UserXP\Plocha\RogueKiller.exe moved successfully.
C:\CF-Submit.htm moved successfully.
C:\windows\System32\antiwpa.dll moved successfully.
C:\windows\System32\OGACheckControl.dll moved successfully.
========== COMMANDS ==========
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: UserXP
->Temp folder emptied: 21485589 bytes
->Temporary Internet Files folder emptied: 5810991 bytes
->Java cache emptied: 81721 bytes
->Google Chrome cache emptied: 232641621 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 2626 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 248,00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: UserXP
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.42.2 log created on 04302012_133955

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

[motji]

Spusťte znovu combofix, log vložte zde

[monty1]

už pracuje

[motji]

Dobře, tak ještě 15minut počkám, ale pak musím pryč.

[monty1]

combo skončil log nevyjel a na c taky není