VIRY.CZ

Noťas mi asi 2 dny zamrzává, restartuji ho vždy. Asi by to chtělo něco jiného s tím udělat. Díky!

RSIT (1 month):

Logfile of random's system information tool 1.06 (written by random/random)
Run by User at 2010-06-10 23:09:11
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 46 GB (19%) free of 238 GB
Total RAM: 2039 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:09:18, on 10.6.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17055)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\UAService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\mmc.exe
C:\WINDOWS\system32\DfrgNtfs.exe
C:\WINDOWS\system32\DfrgNtfs.exe
C:\Documents and Settings\User\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\User\Local Settings\Data aplikací\Google\Google Talk Plugin\googletalkplugin.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\User\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\Documents and Settings\User\Dokumenty\Z Plochy pgms\RSIT.exe
C:\Program Files\HijackThis\User.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dvdcopyrip.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\User\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: PMB Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
O4 - Global Startup: AutorunsDisabled
O8 - Extra context menu item: &Stáhnout &vše FlashGetem - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Stáhnout FlashGetem - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: DeviceNP - C:\WINDOWS\SYSTEM32\DeviceNP.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - C:\WINDOWS\system32\flcdlock.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: RGService - Unknown owner - C:\Program Files\RadioGet\RGService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: STSService - Unknown owner - C:\Program Files\SoundTaxi Media Suite\STSService.exe
O23 - Service: SecuROM User Access Service (UserAccess) - Unknown owner - C:\WINDOWS\system32\UAService.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 12406 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-1935655697-725345543-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-1935655697-725345543-1003UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-04 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
FGCatchUrl - C:\Program Files\FlashGet\jccatch.dll [2007-06-29 94308]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-05-03 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-05-03 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
FlashGet GetFlash Class - C:\Program Files\FlashGet\getflash.dll [2007-05-16 163840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0BF43445-2F28-4351-9252-17FE6E806AA0}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"PTHOSTTR"=C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE [2007-01-09 145184]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2008-04-18 178712]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-03-27 1040384]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-05-22 141848]
"QlbCtrl.exe"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2008-05-14 177456]
"Cpqset"=C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe [2008-05-14 61440]
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2008-04-15 488752]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2009-01-08 1871872]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-09-28 185896]
"LogitechCommunicationsManager"=C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2008-08-14 565008]
"NBKeyScan"=C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe [2008-02-21 1647912]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2007-01-05 872448]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2006-07-13 729088]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2009-11-16 2054360]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-04-04 36272]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-03-24 952768]
"googletalk"=C:\Program Files\Google\Google Talk\googletalk.exe [2007-01-01 3739648]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-27 152872]
"Google Update"=C:\Documents and Settings\User\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2009-10-25 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [2006-10-11 75304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete]
C:\Program Files\PDF Complete\pdfsty.exe [2007-05-08 331552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^User^Nabídka Start^Programy^Po spuštění^Lingea Update Center.lnk]
C:\Program Files\Common Files\Lingea Shared\luc.exe [2008-07-10 197912]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
AutorunsDisabled

C:\Documents and Settings\User\Nabídka Start\Programy\Po spuštění
PMB Media Check Tool.lnk - C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\DeviceNP]
C:\WINDOWS\system32\DeviceNP.dll [2007-06-08 49152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-03-17 208896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoResolveSearch"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\CyberLink\PCM4Everio\PCM4Everio.exe"="C:\Program Files\CyberLink\PCM4Everio\PCM4Everio.exe:*:Enabled:CyberLink PowerCinema NE for Everio"
"C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"="C:\Program Files\CyberLink\PCM4Everio\EverioService.exe:*:Enabled:CyberLink PowerCinema NE for Everio Resident Program"
"C:\Program Files\CyberLink\PowerDirector Express\PDX.exe"="C:\Program Files\CyberLink\PowerDirector Express\PDX.exe:*:Enabled:CyberLink PowerDirector Express"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\Program Files\Java\jre6\launch4j-tmp\JDownloader.exe"="C:\Program Files\Java\jre6\launch4j-tmp\JDownloader.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\WINDOWS\system32\java.exe"="C:\WINDOWS\system32\java.exe:*:Disabled:Java(TM) Platform SE binary"
"C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe"="C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe"="C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"C:\Program Files\FlashGet\flashget.exe"="C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget"
"C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe"="C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe"="C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe:*:Enabled:umi"
"C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe"="C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe:*:Enabled:Pinnacle VideoSpin"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe:*:Enabled:Render Manager"
"C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe:*:Enabled:Studio"
"C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe"="C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe:*:Enabled:umi"
"C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe"="C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe:*:Enabled:Media Player Classic"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Google\Google Talk\googletalk.exe"="C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk"
"C:\Documents and Settings\User\Local Settings\Data aplikací\Google\Google Talk Plugin\googletalkplugin.exe"="C:\Documents and Settings\User\Local Settings\Data aplikací\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe"="C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe:*:Enabled:Managed Services Agent"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{54d65faf-e867-11dd-8196-002100766f35}]
shell\AutoRun\command - E:\AutoTransfer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9f8e57e8-de6f-11dd-8178-002100766f35}]
shell\AutoRun\command - E:\wd_windows_tools\WDSetup.exe

======List of files/folders created in the last 1 months======

2010-06-10 23:05:20 ----HDC---- C:\WINDOWS\$NtUninstallKB979559$
2010-06-10 23:02:56 ----D---- C:\WINDOWS\LastGood
2010-06-10 22:35:04 ----D---- C:\8f7a479fd56f80ef1a90e955ea4a0806
2010-06-10 22:34:59 ----HDC---- C:\WINDOWS\$NtUninstallKB978695_WM9$
2010-06-10 22:34:52 ----HDC---- C:\WINDOWS\$NtUninstallKB979482$
2010-06-10 22:34:40 ----HDC---- C:\WINDOWS\$NtUninstallKB975562$
2010-06-10 22:28:24 ----A---- C:\WINDOWS\imsins.BAK
2010-05-27 13:10:07 ----HDC---- C:\WINDOWS\$NtUninstallKB981793$
2010-05-21 14:27:11 ----A---- C:\WINDOWS\system32\javaws.exe
2010-05-21 14:27:11 ----A---- C:\WINDOWS\system32\javaw.exe
2010-05-21 14:27:11 ----A---- C:\WINDOWS\system32\java.exe
2010-05-21 14:27:11 ----A---- C:\WINDOWS\system32\deployJava1.dll
2010-05-15 20:41:03 ----D---- C:\Program Files\Gold Fish Animated Wallpaper
2010-05-15 08:19:24 ----D---- C:\32035472b4b7696dbd6229
2010-05-15 08:15:02 ----HDC---- C:\WINDOWS\$NtUninstallKB978542$
2010-05-12 13:45:25 ----D---- C:\Documents and Settings\User\Data aplikací\oald8

======List of files/folders modified in the last 1 months======

2010-06-10 23:09:15 ----D---- C:\Program Files\HijackThis
2010-06-10 23:09:13 ----D---- C:\WINDOWS\temp
2010-06-10 23:09:10 ----SHD---- C:\WINDOWS\Installer
2010-06-10 23:06:00 ----HD---- C:\WINDOWS\inf
2010-06-10 23:05:49 ----D---- C:\WINDOWS
2010-06-10 23:05:32 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-06-10 23:05:32 ----D---- C:\WINDOWS\system32
2010-06-10 23:02:39 ----D---- C:\WINDOWS\system32\CatRoot2
2010-06-10 22:42:28 ----D---- C:\WINDOWS\Microsoft.NET
2010-06-10 22:42:17 ----RSD---- C:\WINDOWS\assembly
2010-06-10 22:35:09 ----D---- C:\WINDOWS\Debug
2010-06-10 22:33:46 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-06-10 22:33:32 ----D---- C:\WINDOWS\WinSxS
2010-06-10 22:27:59 ----D---- C:\WINDOWS\system32\cs-cz
2010-06-10 22:27:59 ----D---- C:\Program Files\Internet Explorer
2010-06-09 18:50:21 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-06-09 18:49:26 ----HD---- C:\WINDOWS\$hf_mig$
2010-06-07 20:26:11 ----A---- C:\WINDOWS\NeroDigital.ini
2010-06-06 19:59:17 ----D---- C:\Program Files\Microsoft Silverlight
2010-06-03 20:36:42 ----D---- C:\Program Files\rajce
2010-06-03 08:30:27 ----D---- C:\Documents and Settings\User\Data aplikací\Skype
2010-06-02 09:29:57 ----D---- C:\Program Files\Avidemux 2.4
2010-06-02 00:23:16 ----D---- C:\Program Files\Unlocker
2010-06-02 00:21:28 ----RD---- C:\Program Files
2010-06-01 23:05:00 ----D---- C:\Documents and Settings\User\Data aplikací\Media Player Classic
2010-05-28 21:37:34 ----A---- C:\WINDOWS\system32\MRT.exe
2010-05-27 22:05:32 ----D---- C:\Program Files\CCleaner
2010-05-27 20:35:57 ----D---- C:\Documents and Settings\User\Data aplikací\Mozilla
2010-05-21 14:27:09 ----D---- C:\Program Files\Java
2010-05-18 07:23:56 ----D---- C:\Program Files\Google
2010-05-15 08:19:33 ----D---- C:\WINDOWS\Prefetch
2010-05-15 08:15:11 ----D---- C:\Program Files\Outlook Express
2010-05-15 08:13:06 ----D---- C:\Program Files\Opera
2010-05-14 21:38:23 ----HD---- C:\Program Files\InstallShield Installation Information
2010-05-12 13:42:08 ----D---- C:\Program Files\Oxford

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2009-11-16 108792]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2009-11-16 55768]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 Uim_IM;UIM Drive Backup Image Plugin; C:\WINDOWS\System32\Drivers\Uim_IM.sys [2008-12-13 129896]
R1 UimBus;Universal Image Mounter Controller; C:\WINDOWS\system32\DRIVERS\UimBus.sys [2008-12-13 32056]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2009-11-16 116520]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2009-11-16 135048]
R2 NPF;NetGroup Packet Filter Driver; C:\WINDOWS\system32\drivers\npf.sys [2009-10-21 50704]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2008-04-24 281600]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2007-07-13 94976]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2008-02-29 1202560]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2009-01-08 1287552]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2007-02-14 30459]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2007-02-14 868298]
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2007-04-12 250776]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2009-06-19 33096]
R3 HBtnKey;HBtnKey; C:\WINDOWS\system32\DRIVERS\cpqbttn.sys [2008-04-28 9344]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\WINDOWS\system32\DRIVERS\HpqKbFiltr.sys [2007-06-18 16768]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-03-17 5955872]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys [2008-07-26 25624]
R3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2005-09-23 171520]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-03-08 47360]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2008-03-27 224672]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]
S3 ASNDIS5;ASNDIS5 Protocol Driver; \??\C:\WINDOWS\system32\ASNDIS5.SYS []
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2007-02-14 67960]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 DAMDrv;DAMDrv; C:\WINDOWS\system32\DRIVERS\DAMDrv.sys [2007-06-08 30008]
S3 FilterService;UVC Filter Service; C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys [2008-07-26 23832]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 LVRS;Logitech RightSound Filter Driver; C:\WINDOWS\system32\DRIVERS\lvrs.sys [2008-07-26 627864]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys [2008-07-26 41752]
S3 LVUVC;Logitech QuickCam E3500(UVC); C:\WINDOWS\system32\DRIVERS\lvuvc.sys [2008-07-26 4658584]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-02-09 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-02-09 22016]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2009-03-19 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2009-03-19 8320]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\NSNDIS5.SYS []
S3 PalmUSBD;PalmUSBD; C:\WINDOWS\system32\drivers\PalmUSBD.sys [2007-12-04 16640]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2006-03-02 5888]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-02-09 7808]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-02-09 7808]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\WINDOWS\system32\agrsmsvc.exe [2007-12-11 12800]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2007-02-06 266295]
R2 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2009-11-16 735960]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2008-04-18 354840]
R2 IviRegMgr;IviRegMgr; C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe [2007-01-04 112152]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-04-12 153376]
R2 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2008-07-26 186904]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2008-07-26 150040]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 pdfcDispatcher;PDF Document Manager; C:\Program Files\PDF Complete\pdfsvc.exe [2007-05-08 540448]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2007-06-05 177704]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2006-12-20 272024]
R2 UserAccess;SecuROM User Access Service; C:\WINDOWS\system32\UAService.exe [2009-03-27 126976]
R2 wltrysvc;Broadcom Wireless LAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2009-01-08 24064]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 Com4QLBEx;Com4QLBEx; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2008-05-01 165192]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2009-11-16 20680]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing; C:\WINDOWS\system32\flcdlock.exe [2007-06-08 172131]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-01 136120]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2008-02-21 800040]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 RGService;RGService; C:\Program Files\RadioGet\RGService.exe [2009-09-28 335872]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe -d -f C:\Program Files\WinPcap\rpcapd.ini []
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-06-02 637952]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2008-03-24 74384]
S3 STSService;STSService; C:\Program Files\SoundTaxi Media Suite\STSService.exe [2009-09-29 335872]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-03-17 73728]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 RoxMediaDB10;RoxMediaDB10; C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-04-08 1112560]

-----------------EOF-----------------

Zdravim,

Zapojte do PC vsechny USB klice (flashky, ext. disky apod.)

Stahne a ulozte na plochu UsbFix http://pagesperso-orange.fr/NosTools/Ch ... UsbFix.exe
Spustte a kliknete na Deletion
Po dokonceni sem vlozte log, pokud na Vas nevyskoci, najdete jej zde C:\UsbFix.txt

Stahnete OTL (viz muj podpis) a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Zaskrtnete okenko Pro vsechny uzivatele
Zaskrtnete okenko Kontrola na havet "LOP"
Zaskrtnete okenko Kontrola na havet "Purity"
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

Kód: Vybrat vše

netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
tcpip.sys
cryptsvc.dll
Changer.sys
JakNDis.sys
isapnp.sys
cdrom.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
CREATERESTOREPOINT

Kliknete na tlacitko Prohledat
Po dokonceni skenu (cca 5min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte

Takže dříve než něco udělám, se ptám, jak bylo psáno. Byly mi doporučené dvě aktivity.

a) usb
Mám jen 3 usb porty. Nemohu tak zapojit najednou 4 ext. disky, které občas připojuji, telefon, a dvě flashky... Jak to mám napojit.
A co tam prosím s tím mám za problém? Je fakt, že uvolnuji na céčku místo a přesun souborů je dost pomalej.
Díky!

b)
Tamto OLT, to je v poho, na breberky použiju.

Jo - a nemám raději napřed defragmentovat (programem OO) ? Píše mi, že by to chtělo.

EDIT: už mám logy z OLT. Mohu je vložit anebo jsem měl NEJPRVE udělat ten usbfix?

Díky.

Zdravim,

ad USBFix - zapojte co muzete, spustte USBFix, pak vypojte a zapojte dalsi veci a opet USBFix - problem tam byt muze a nemusi (jinak neviditelna slozka Recycled, kde se rada drzi havet a pak soubor autorun.inf - hodne napada flesky - pokud tomu tam bude, USBFix ho smaze a naockuje flesku cistym autorunem takze se tam uz zapraskany autorun nedostane)

ad OTL - logy vlozte klidne hned, USBFix ho moc neovlivni. Jinak OTL breberky nemaze, jen udela sken podobne jako RSIT (jen podrobnejsi), pripadnou havet pak smazem skriptem ktery Vam samozrejme dam

ad defragmentace - i proto je mozna presun souboru pomaly, nevadi udelame jej na konci jak budeme uklizet po utilitach...

Děkuji Vám za psaní!

Já teda nemám nastavené automatické spouštění po zastrčení flash drivů. No nic, provedu dle pokynů. Bude tedy pak více logů z USBfixu, že?
A obsah dat se mi tam nezmění na těch usb zařízeních? Nemusím je smazat?

Dnes jsem odsunul dalších pár giga na jiný disk a rychlost už byla ok.

Dodávám ty dva logy:L OTL.txt (a každý nyní vidí, co mám na Ploše:)) Některé programy tam vůbec neužívám, jen nevím, které smazat, tak proto tak dlouhej seznam:

OTL logfile created on: 11.6.2010 12:56:57 - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\User\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 40,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 74,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 70,87 Gb Free Space | 30,43% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HP550
Current User Name: User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.06.11 12:54:44 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Plocha\OTL.exe
PRC - [2010.05.07 12:42:46 | 000,083,440 | ---- | M] (Google) -- C:\Documents and Settings\User\Local Settings\Data aplikací\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2010.04.02 08:19:01 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009.11.16 10:04:30 | 000,735,960 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2009.11.16 10:03:32 | 002,054,360 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2009.03.27 13:16:05 | 000,126,976 | ---- | M] () -- C:\WINDOWS\system32\UAService.exe
PRC - [2009.01.16 03:32:14 | 000,333,088 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
PRC - [2008.08.14 18:11:48 | 000,565,008 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
PRC - [2008.07.26 09:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008.07.26 09:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2008.04.18 15:54:02 | 000,354,840 | R--- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMON.EXE
PRC - [2008.04.18 15:53:58 | 000,178,712 | R--- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANOTIF.EXE
PRC - [2008.04.14 05:22:35 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Outlook Express\msimn.exe
PRC - [2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008.02.21 16:41:10 | 001,647,912 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe
PRC - [2007.12.11 13:15:04 | 000,012,800 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe
PRC - [2007.06.27 19:04:00 | 001,213,736 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007.06.27 19:03:40 | 000,152,872 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2007.06.05 14:20:32 | 000,177,704 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe
PRC - [2007.05.11 02:09:50 | 002,545,160 | ---- | M] (O&O Software GmbH) -- C:\Program Files\OO Software\Defrag Professional\oodcnt.exe
PRC - [2007.05.11 02:09:48 | 001,050,120 | ---- | M] (O&O Software GmbH) -- C:\WINDOWS\system32\oodag.exe
PRC - [2007.05.11 02:08:54 | 002,512,392 | ---- | M] (O&O Software GmbH) -- C:\WINDOWS\system32\oodtray.exe
PRC - [2007.05.08 09:38:46 | 000,540,448 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
PRC - [2007.01.05 18:36:48 | 000,872,448 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2007.01.04 20:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

========== Modules (SafeList) ==========

MOD - [2010.06.11 12:54:44 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Plocha\OTL.exe
MOD - [2008.07.26 09:25:24 | 000,109,080 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\temp\logishrd\LVPrcInj01.dll
MOD - [2008.04.14 05:19:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2009.11.16 10:12:54 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009.11.16 10:04:30 | 000,735,960 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2009.09.29 12:41:04 | 000,335,872 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\SoundTaxi Media Suite\STSService.exe -- (STSService)
SRV - [2009.09.28 16:13:04 | 000,335,872 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\RadioGet\RGService.exe -- (RGService)
SRV - [2009.06.02 10:10:08 | 000,637,952 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009.03.27 13:16:05 | 000,126,976 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\UAService.exe -- (UserAccess)
SRV - [2008.07.29 19:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008.07.26 09:25:36 | 000,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008.07.26 09:23:42 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)
SRV - [2008.04.18 15:54:02 | 000,354,840 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMON.EXE -- (IAANTMON) Intel(R)
SRV - [2008.04.08 14:12:50 | 001,112,560 | ---- | M] (Sonic Solutions) [Disabled | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2007.12.11 13:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2007.06.08 10:06:42 | 000,172,131 | R--- | M] (Hewlett-Packard Ltd) [On_Demand | Stopped] -- C:\WINDOWS\system32\flcdlock.exe -- (FLCDLOCK)
SRV - [2007.06.05 14:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2007.05.11 02:09:48 | 001,050,120 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\WINDOWS\system32\oodag.exe -- (O&O Defrag)
SRV - [2007.05.08 09:38:46 | 000,540,448 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2007.01.04 20:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)

========== Driver Services (SafeList) ==========

DRV - [2009.11.16 10:06:48 | 000,055,768 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdi.sys -- (epfwtdi)
DRV - [2009.11.16 10:06:44 | 000,135,048 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epfw.sys -- (epfw)
DRV - [2009.11.16 10:03:36 | 000,108,792 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009.11.16 09:56:12 | 000,116,520 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2009.10.21 03:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2009.06.19 09:10:40 | 000,033,096 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2009.03.19 14:48:18 | 000,136,704 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2009.03.19 14:48:12 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2009.02.09 08:37:56 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2009.02.09 08:37:48 | 000,007,808 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2009.02.09 08:37:46 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2009.02.09 08:37:46 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009.01.08 10:19:24 | 001,287,552 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008.12.13 14:47:38 | 000,129,896 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\Uim_IM.sys -- (Uim_IM)
DRV - [2008.12.13 14:47:38 | 000,032,056 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\UimBus.sys -- (UimBus)
DRV - [2008.12.01 13:47:00 | 000,040,368 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\hotcore3.sys -- (hotcore3)
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.07.26 17:26:56 | 000,023,832 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2008.07.26 17:26:44 | 004,658,584 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam E3500(UVC)
DRV - [2008.07.26 17:26:22 | 000,041,752 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2008.07.26 17:25:48 | 000,627,864 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2008.07.26 09:25:02 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008.04.28 16:22:10 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2008.04.24 15:28:08 | 000,281,600 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2008.04.15 19:53:44 | 000,312,344 | R--- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2008.04.13 20:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) Ovladač zvukové karty USB (WDM)
DRV - [2008.04.13 18:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008.03.27 20:14:06 | 000,224,672 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2008.03.17 10:45:50 | 005,955,872 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2008.02.29 17:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2007.12.04 18:10:30 | 000,016,640 | R--- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2007.06.18 18:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007.06.08 09:49:46 | 000,030,008 | R--- | M] (Hewlett-Packard Development Company L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DAMDrv.sys -- (DAMDrv)
DRV - [2007.04.12 10:26:08 | 000,250,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)
DRV - [2007.02.14 16:21:00 | 000,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2007.02.14 16:20:58 | 000,868,298 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2007.02.14 16:20:58 | 000,030,459 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2005.09.23 23:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2004.03.24 04:12:34 | 000,017,280 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\nsndis5.sys -- (NSNDIS5)
DRV - [2002.09.09 20:54:06 | 000,016,269 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\ASNDIS5.sys -- (ASNDIS5)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1202660629-1935655697-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dvdcopyrip.com
IE - HKU\S-1-5-21-1202660629-1935655697-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://centrum.cz/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: {C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51}:2.3.54
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:3.3
FF - prefs.js..extensions.enabledItems: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.80
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.22
FF - prefs.js..extensions.enabledItems: {70171e70-9057-11da-9562-00e08161165f}:1.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.81
FF - prefs.js..extensions.enabledItems: {B17C1C5A-04B1-11DB-9804-B622A1EF5492}:1.2
FF - prefs.js..extensions.enabledItems: {EF522540-89F5-46b9-B6FE-1829E2B572C6}:4.3
FF - prefs.js..extensions.enabledItems: secureLogin@blueimp.net:0.9.3
FF - prefs.js..extensions.enabledItems: {2e61e246-e640-4c56-b1ed-f146dbed48cd}:0.7.6
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.6.14
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.3
FF - prefs.js..extensions.enabledItems: {11483926-db67-4190-91b1-ef20fcec5f33}:0.4.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - HKLM\software\mozilla\Firefox\extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009.07.28 08:33:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.02 08:19:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.05.21 14:27:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.21\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009.03.31 16:07:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2010.02.21 22:04:17 | 000,000,000 | ---D | M]

[2010.02.15 16:03:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\Mozilla\Extensions
[2009.01.08 18:22:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\Mozilla\Extensions-BackupByFirefoxPortable
[2009.01.08 18:22:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Data aplikací\Mozilla\Extensions-BackupByFirefoxPortable\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010.01.09 00:12:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\Mozilla\Firefox\Profiles\8v0v2df1.Tom\extensions
[2009.09.13 15:07:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\User\Data aplikací\Mozilla\Firefox\Profiles\8v0v2df1.Tom\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.06.10 23:18:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\Mozilla\Firefox\Profiles\wp7yomqn.default\extensions
[2009.10.30 01:17:43 | 000,000,000 | ---D | M] (FireShot) -- C:\Documents and Settings\User\Data aplikací\Mozilla\Firefox\Profiles\wp7yomqn.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2010.04.17 17:09:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Data aplikací\Mozilla\Firefox\Profiles\wp7yomqn.default\extensions\{11483926-db67-4190-91b1-ef20fcec5f33}
[2010.05.21 14:22:41 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\User\Data aplikací\Mozilla\Firefox\Profiles\wp7yomqn.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010.05.03 09:09:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\User\Data aplikací\Mozilla\Firefox\Profiles\wp7yomqn.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.01.10 13:09:38 | 000,000,000 | ---D | M] (Stop Autoplay) -- C:\Documents and Settings\User\Data aplikací\Mozilla\Firefox\Profiles\wp7yomqn.default\extensions\{2e61e246-e640-4c56-b1ed-f146dbed48cd}
[2009.06.29 09:20:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Data aplikací\Mozilla\Firefox\Profiles\wp7yomqn.default\extensions\{70171e70-9057-11da-9562-00e08161165f}
[2010.06.01 12:44:55 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\User\Data aplikací\Mozilla\Firefox\Profiles\wp7yomqn.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009.10.26 22:33:35 | 000,000,000 | ---D | M] (Abduction!) -- C:\Documents and Settings\User\Data aplikací\Mozilla\Firefox\Profiles\wp7yomqn.default\extensions\{b0e1b4a6-2c6f-4e99-94f2-8e625d7ae255}
[2009.08.07 08:58:56 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Documents and Settings\User\Data aplikací\Mozilla\Firefox\Profiles\wp7yomqn.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}
[2010.05.21 14:22:37 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Documents and Settings\User\Data aplikací\Mozilla\Firefox\Profiles\wp7yomqn.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
[2010.02.15 18:03:58 | 000,000,000 | ---D | M] (Answers) -- C:\Documents and Settings\User\Data aplikací\Mozilla\Firefox\Profiles\wp7yomqn.default\extensions\{C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51}
[2010.05.03 09:09:07 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\User\Data aplikací\Mozilla\Firefox\Profiles\wp7yomqn.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.05.27 22:00:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Data aplikací\Mozilla\Firefox\Profiles\wp7yomqn.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2010.05.21 14:22:59 | 000,000,000 | ---D | M] (SearchPreview) -- C:\Documents and Settings\User\Data aplikací\Mozilla\Firefox\Profiles\wp7yomqn.default\extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
[2010.05.03 09:09:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\Mozilla\Firefox\Profiles\wp7yomqn.default\extensions\foxmarks@kei.com
[2009.03.17 20:49:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\Mozilla\Firefox\Profiles\wp7yomqn.default\extensions\secureLogin@blueimp.net
[2009.12.17 09:14:28 | 000,001,331 | ---- | M] () -- C:\Documents and Settings\User\Data aplikací\Mozilla\Firefox\Profiles\wp7yomqn.default\searchplugins\crawlersrch.xml
[2010.06.09 19:02:46 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.05.21 14:27:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.01.16 02:50:40 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.01.16 02:50:40 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.01.16 02:50:40 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.01.16 02:50:40 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.01.16 02:50:40 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2009.07.23 22:32:19 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll (www.flashget.com)
O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll (www.flashget.com)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKU\S-1-5-21-1202660629-1935655697-725345543-1003\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O4 - HKLM..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAANOTIF.EXE (Intel Corporation)
O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero 7\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe (O&O Software GmbH)
O4 - HKLM..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKU\S-1-5-21-1202660629-1935655697-725345543-1003..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\AutorunsDisabled [2009.11.02 21:46:07 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\User\Nabídka Start\Programy\Po spuštění\PMB Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 43 01 00 00 [binary data]
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 43 01 00 00 [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1202660629-1935655697-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1202660629-1935655697-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1202660629-1935655697-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O8 - Extra context menu item: &Stáhnout &vše FlashGetem - C:\Program Files\FlashGet\JC_ALL.HTM ()
O8 - Extra context menu item: &Stáhnout FlashGetem - C:\Program Files\FlashGet\JC_LINK.HTM ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found
O18 - Protocol\Handler\AutorunsDisabled\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - Reg Error: Key error. File not found
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\DeviceNP: DllName - DeviceNP.dll - C:\WINDOWS\System32\DeviceNP.dll (Hewlett-Packard Limited)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: E:\WD Sync Data\Jana\Data\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: E:\WD Sync Data\Jana\Data\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{54d65faf-e867-11dd-8196-002100766f35}\Shell\AutoRun\command - "" = E:\AutoTransfer.exe -- File not found
O33 - MountPoints2\{9f8e57e8-de6f-11dd-8178-002100766f35}\Shell\AutoRun\command - "" = E:\wd_windows_tools\WDSetup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (OODBS) - C:\WINDOWS\System32\OODBS.exe (O&O Software GmbH)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2009.01.08 10:41:28 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.ffds - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\IR41_32.DLL (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.mjpg - C:\WINDOWS\System32\pvmjpg30.dll (Pegasus Imaging Corporation)
Drivers32: VIDC.MP42 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: VIDC.MPG4 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (14368834563604480)

========== Files/Folders - Created Within 30 Days ==========

[2010.06.11 12:54:38 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\User\Plocha\OTL.exe
[2010.06.10 23:40:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oodag
[2010.06.10 23:32:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Dokumenty\O&O
[2010.06.10 23:26:54 | 000,000,000 | ---D | C] -- C:\Program Files\OO Software
[2010.06.10 22:35:04 | 000,000,000 | ---D | C] -- C:\8f7a479fd56f80ef1a90e955ea4a0806
[2010.06.06 13:23:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Plocha\cerven 10
[2010.06.01 22:57:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Data aplikací\ESET
[2010.05.21 14:27:11 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2010.05.21 14:27:11 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010.05.21 14:27:11 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010.05.21 14:27:11 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010.05.15 20:41:03 | 000,000,000 | ---D | C] -- C:\Program Files\Gold Fish Animated Wallpaper
[2010.05.15 08:19:24 | 000,000,000 | ---D | C] -- C:\32035472b4b7696dbd6229
[2010.05.12 13:45:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Data aplikací\oald8
[2010.05.12 13:45:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Data aplikací\oald8
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\User\Local Settings\Data aplikací\*.tmp files -> C:\Documents and Settings\User\Local Settings\Data aplikací\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.06.11 12:54:44 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\Plocha\OTL.exe
[2010.06.11 12:31:01 | 000,001,022 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-1935655697-725345543-1003UA.job
[2010.06.11 12:27:56 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.06.11 11:59:58 | 012,845,056 | -H-- | M] () -- C:\Documents and Settings\User\NTUSER.DAT
[2010.06.11 11:39:43 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.06.11 11:39:31 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.06.11 11:39:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.06.11 11:39:26 | 2138,361,856 | -HS- | M] () -- C:\hiberfil.sys
[2010.06.11 11:39:26 | 000,539,240 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.06.11 11:39:24 | 000,001,277 | ---- | M] () -- C:\WINDOWS\System32\oodbs.lor
[2010.06.11 00:37:47 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\User\ntuser.ini
[2010.06.11 00:35:39 | 000,000,000 | ---- | M] () -- C:\WINDOWS\oodcnt.INI
[2010.06.10 23:27:08 | 000,001,829 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\O&O Defrag.lnk
[2010.06.10 23:20:38 | 000,000,603 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.06.10 23:16:39 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010.06.10 22:33:47 | 000,441,458 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.06.10 22:33:47 | 000,438,070 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2010.06.10 22:33:47 | 000,082,750 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2010.06.10 22:33:47 | 000,071,394 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.06.10 22:33:46 | 001,006,218 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.06.10 22:14:58 | 000,049,152 | ---- | M] () -- C:\Documents and Settings\User\Plocha\Nejaky ftipy.doc
[2010.06.10 22:14:46 | 000,655,872 | ---- | M] () -- C:\Documents and Settings\User\Plocha\Maily od Jani.doc
[2010.06.10 07:31:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-1935655697-725345543-1003Core.job
[2010.06.09 12:36:33 | 000,110,080 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.09 12:31:56 | 000,002,250 | ---- | M] () -- C:\Documents and Settings\User\Plocha\Google Chrome.lnk
[2010.06.08 22:43:15 | 005,729,114 | ---- | M] () -- C:\Documents and Settings\User\Dokumenty\Majova-2.mp3
[2010.06.08 22:40:27 | 012,193,946 | ---- | M] () -- C:\Documents and Settings\User\Dokumenty\ThDr-Jaroslav-Broz-Evang-podle-Mk.mp3
[2010.06.08 22:17:47 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010.06.07 21:19:32 | 000,047,975 | ---- | M] () -- C:\Documents and Settings\User\Dokumenty\rob krejčí fb 2.jpg
[2010.06.07 21:19:16 | 000,018,501 | ---- | M] () -- C:\Documents and Settings\User\Dokumenty\robert krejčí fb.jpg
[2010.06.07 20:26:11 | 000,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.06.06 22:17:25 | 000,107,534 | ---- | M] () -- C:\Documents and Settings\User\Plocha\dalkove.jpg
[2010.06.06 21:21:13 | 000,061,156 | ---- | M] () -- C:\Documents and Settings\User\Plocha\c.p. 48.jpg
[2010.06.06 21:05:48 | 000,215,630 | ---- | M] () -- C:\Documents and Settings\User\Plocha\Pod Petrinem 3.jpg
[2010.06.06 21:03:11 | 000,213,278 | ---- | M] () -- C:\Documents and Settings\User\Plocha\Pod Petrinem 2.jpg
[2010.06.06 21:00:57 | 000,157,167 | ---- | M] () -- C:\Documents and Settings\User\Plocha\Pod Petrinem.jpg
[2010.06.06 20:58:18 | 000,252,334 | ---- | M] () -- C:\Documents and Settings\User\Plocha\na startu.jpg
[2010.06.06 20:56:35 | 000,154,336 | ---- | M] () -- C:\Documents and Settings\User\Plocha\se sneckem.jpg
[2010.06.06 15:10:04 | 004,227,072 | ---- | M] () -- C:\Documents and Settings\User\Plocha\DSC00331.JPG
[2010.06.05 19:09:39 | 000,460,099 | ---- | M] () -- C:\Documents and Settings\User\Plocha\Po zasahu strojku.JPG
[2010.06.05 13:27:54 | 000,011,740 | ---- | M] () -- C:\Documents and Settings\User\Plocha\4 tisice zhlednuti. cerven 10.jpg
[2010.06.05 13:24:44 | 000,034,788 | ---- | M] () -- C:\Documents and Settings\User\Plocha\3999 zhlednuti.jpg
[2010.06.03 09:27:08 | 000,051,582 | ---- | M] () -- C:\Documents and Settings\User\Plocha\pekna fotka porodni josef bouma.jpg
[2010.06.03 08:28:39 | 000,002,283 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Skype.lnk
[2010.06.02 21:24:03 | 000,628,348 | ---- | M] () -- C:\Documents and Settings\User\Plocha\DSC07996.JPG
[2010.06.02 14:33:17 | 000,036,864 | ---- | M] () -- C:\Documents and Settings\User\Plocha\Syntax 2010.doc
[2010.05.31 09:11:36 | 003,211,264 | ---- | M] () -- C:\Documents and Settings\User\Plocha\DSC09875.JPG
[2010.05.30 17:25:34 | 004,784,128 | ---- | M] () -- C:\Documents and Settings\User\Plocha\DSC09851.JPG
[2010.05.30 17:25:32 | 004,718,592 | ---- | M] () -- C:\Documents and Settings\User\Plocha\DSC09850.JPG
[2010.05.30 17:25:30 | 004,882,432 | ---- | M] () -- C:\Documents and Settings\User\Plocha\DSC09847.JPG
[2010.05.30 17:00:54 | 006,553,600 | ---- | M] () -- C:\Documents and Settings\User\Plocha\DSC09842.JPG
[2010.05.28 08:07:37 | 000,136,051 | ---- | M] () -- C:\Documents and Settings\User\Dokumenty\entrance_test filda_2009_A.pdf
[2010.05.27 22:05:36 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\User\Plocha\CCleaner.lnk
[2010.05.27 13:29:29 | 002,776,368 | ---- | M] () -- C:\Documents and Settings\User\Dokumenty\GENDER_PRIRUCKA.pdf
[2010.05.22 20:49:37 | 000,060,605 | ---- | M] () -- C:\Documents and Settings\User\Dokumenty\Sirovatka Jan Územní rozhodnutí a stavební povol.pdf
[2010.05.22 09:06:31 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2010.05.22 09:06:22 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2010.05.18 22:20:27 | 005,742,173 | ---- | M] () -- C:\Documents and Settings\User\Dokumenty\nokia 3110c rozebiraci manual.pdf
[2010.05.17 13:06:38 | 000,048,640 | ---- | M] () -- C:\Documents and Settings\User\Plocha\Zpravy EFF.II.2010.doc
[2010.05.15 08:13:23 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Opera.lnk
[2010.05.14 21:38:36 | 000,000,569 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Google SketchUp.lnk
[2010.05.12 23:33:49 | 000,027,648 | ---- | M] () -- C:\Documents and Settings\User\Dokumenty\Dopis kanc.sponce.doc
[2010.05.12 13:44:46 | 000,001,599 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Oxford Advanced Learner's Dictionary - 8th Edition.lnk
[2010.05.12 13:37:26 | 000,408,427 | ---- | M] () -- C:\AnalysisLog.sr0
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\User\Local Settings\Data aplikací\*.tmp files -> C:\Documents and Settings\User\Local Settings\Data aplikací\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.06.11 11:39:24 | 000,001,277 | ---- | C] () -- C:\WINDOWS\System32\oodbs.lor
[2010.06.11 00:35:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\oodcnt.INI
[2010.06.10 23:27:07 | 000,001,829 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\O&O Defrag.lnk
[2010.06.10 22:28:24 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010.06.08 22:42:46 | 005,729,114 | ---- | C] () -- C:\Documents and Settings\User\Dokumenty\Majova-2.mp3
[2010.06.08 22:40:23 | 012,193,946 | ---- | C] () -- C:\Documents and Settings\User\Dokumenty\ThDr-Jaroslav-Broz-Evang-podle-Mk.mp3
[2010.06.07 21:19:32 | 000,047,975 | ---- | C] () -- C:\Documents and Settings\User\Dokumenty\rob krejčí fb 2.jpg
[2010.06.07 21:19:15 | 000,018,501 | ---- | C] () -- C:\Documents and Settings\User\Dokumenty\robert krejčí fb.jpg
[2010.06.06 22:17:25 | 000,107,534 | ---- | C] () -- C:\Documents and Settings\User\Plocha\dalkove.jpg
[2010.06.06 22:13:55 | 004,227,072 | ---- | C] () -- C:\Documents and Settings\User\Plocha\DSC00331.JPG
[2010.06.06 21:21:13 | 000,061,156 | ---- | C] () -- C:\Documents and Settings\User\Plocha\c.p. 48.jpg
[2010.06.06 21:05:48 | 000,215,630 | ---- | C] () -- C:\Documents and Settings\User\Plocha\Pod Petrinem 3.jpg
[2010.06.06 21:03:11 | 000,213,278 | ---- | C] () -- C:\Documents and Settings\User\Plocha\Pod Petrinem 2.jpg
[2010.06.06 21:00:57 | 000,157,167 | ---- | C] () -- C:\Documents and Settings\User\Plocha\Pod Petrinem.jpg
[2010.06.06 20:58:17 | 000,252,334 | ---- | C] () -- C:\Documents and Settings\User\Plocha\na startu.jpg
[2010.06.06 20:56:35 | 000,154,336 | ---- | C] () -- C:\Documents and Settings\User\Plocha\se sneckem.jpg
[2010.06.06 20:54:41 | 003,211,264 | ---- | C] () -- C:\Documents and Settings\User\Plocha\DSC09875.JPG
[2010.06.06 20:53:49 | 006,553,600 | ---- | C] () -- C:\Documents and Settings\User\Plocha\DSC09842.JPG
[2010.06.06 20:53:08 | 004,882,432 | ---- | C] () -- C:\Documents and Settings\User\Plocha\DSC09847.JPG
[2010.06.06 20:52:51 | 004,718,592 | ---- | C] () -- C:\Documents and Settings\User\Plocha\DSC09850.JPG
[2010.06.06 20:52:46 | 004,784,128 | ---- | C] () -- C:\Documents and Settings\User\Plocha\DSC09851.JPG
[2010.06.05 19:08:09 | 000,460,099 | ---- | C] () -- C:\Documents and Settings\User\Plocha\Po zasahu strojku.JPG
[2010.06.05 13:27:54 | 000,011,740 | ---- | C] () -- C:\Documents and Settings\User\Plocha\4 tisice zhlednuti. cerven 10.jpg
[2010.06.05 13:24:44 | 000,034,788 | ---- | C] () -- C:\Documents and Settings\User\Plocha\3999 zhlednuti.jpg
[2010.06.03 09:27:08 | 000,051,582 | ---- | C] () -- C:\Documents and Settings\User\Plocha\pekna fotka porodni josef bouma.jpg
[2010.06.02 21:22:04 | 000,628,348 | ---- | C] () -- C:\Documents and Settings\User\Plocha\DSC07996.JPG
[2010.06.01 21:41:32 | 000,036,864 | ---- | C] () -- C:\Documents and Settings\User\Plocha\Syntax 2010.doc
[2010.05.28 08:07:37 | 000,136,051 | ---- | C] () -- C:\Documents and Settings\User\Dokumenty\entrance_test filda_2009_A.pdf
[2010.05.27 13:29:29 | 002,776,368 | ---- | C] () -- C:\Documents and Settings\User\Dokumenty\GENDER_PRIRUCKA.pdf
[2010.05.22 20:49:37 | 000,060,605 | ---- | C] () -- C:\Documents and Settings\User\Dokumenty\Sirovatka Jan Územní rozhodnutí a stavební povol.pdf
[2010.05.20 23:36:04 | 000,049,152 | ---- | C] () -- C:\Documents and Settings\User\Plocha\Nejaky ftipy.doc
[2010.05.18 22:20:25 | 005,742,173 | ---- | C] () -- C:\Documents and Settings\User\Dokumenty\nokia 3110c rozebiraci manual.pdf
[2010.05.17 13:06:38 | 000,048,640 | ---- | C] () -- C:\Documents and Settings\User\Plocha\Zpravy EFF.II.2010.doc
[2010.05.17 12:22:45 | 000,045,568 | ---- | C] () -- C:\Documents and Settings\User\Plocha\Zpravy EFF.I.2010 Final.doc
[2010.05.14 21:38:36 | 000,000,569 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Google SketchUp.lnk
[2010.05.12 23:33:16 | 000,027,648 | ---- | C] () -- C:\Documents and Settings\User\Dokumenty\Dopis kanc.sponce.doc
[2010.05.12 13:44:46 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Oxford Advanced Learner's Dictionary - 8th Edition.lnk
[2010.05.12 13:37:17 | 000,408,427 | ---- | C] () -- C:\AnalysisLog.sr0
[2010.02.22 08:56:38 | 000,000,219 | ---- | C] () -- C:\WINDOWS\SOED.INI
[2010.02.21 21:16:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\setup.INI
[2010.01.09 23:41:39 | 000,000,090 | ---- | C] () -- C:\WINDOWS\winDecrypt.INI
[2010.01.07 22:01:53 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2009.12.11 18:14:27 | 000,002,022 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009.11.29 00:02:35 | 000,000,952 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2009.10.12 08:16:55 | 000,000,390 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009.10.07 20:11:39 | 000,000,026 | ---- | C] () -- C:\WINDOWS\VideoCreator.INI
[2009.09.02 20:51:10 | 000,237,568 | R--- | C] () -- C:\WINDOWS\System32\qtmlClient.dll
[2009.09.02 20:51:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Graffiti5.2Pin.ini
[2009.06.04 13:55:14 | 000,013,576 | ---- | C] () -- C:\WINDOWS\System32\wnaspi32.dll
[2009.05.28 21:49:58 | 000,000,130 | ---- | C] () -- C:\WINDOWS\cfplogvw.INI
[2009.05.27 22:07:04 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2009.05.02 18:33:38 | 000,000,055 | ---- | C] () -- C:\WINDOWS\System32\version.ini
[2009.05.02 16:37:23 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009.05.02 16:37:23 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009.03.08 14:10:20 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009.03.03 13:59:22 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\09wutili.sys
[2009.02.25 12:14:01 | 000,000,192 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2009.02.17 16:17:12 | 000,000,136 | ---- | C] () -- C:\WINDOWS\CONTEXT.INI
[2009.02.09 12:30:54 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2009.01.13 21:41:29 | 000,066,482 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009.01.12 11:07:58 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.01.11 19:33:01 | 000,003,094 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2009.01.09 22:11:54 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009.01.09 21:50:53 | 000,036,363 | ---- | C] () -- C:\WINDOWS\CSTBox.INI
[2009.01.09 20:37:39 | 000,000,416 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2009.01.08 10:48:19 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2009.01.08 10:48:19 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2009.01.08 10:46:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\HPMProp.INI
[2009.01.08 10:40:24 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2009.01.08 10:40:24 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2009.01.08 10:40:24 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2009.01.08 10:40:24 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2009.01.08 10:40:24 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2009.01.08 10:40:23 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2009.01.08 10:26:22 | 000,029,132 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009.01.08 10:18:34 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4935.dll
[2008.07.26 09:25:02 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2007.06.08 10:05:38 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\flcdlmsg.dll
[2007.02.06 16:20:00 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2007.02.06 15:55:52 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2007.01.26 01:04:12 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\mase32.dll
[2007.01.26 01:04:12 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\ma32.dll
[2005.02.17 12:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005.02.17 12:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2004.09.10 15:36:12 | 000,327,680 | ---- | C] () -- C:\WINDOWS\System32\QFClient2.dll
[2003.04.09 15:38:04 | 000,005,664 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

[2010.02.15 16:22:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
[2009.01.21 12:14:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ashampoo
[2009.09.20 14:16:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Easy Flyer Creator
[2010.02.21 22:04:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ESET
[2009.10.29 22:53:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\HotSync
[2009.11.05 18:14:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Installations
[2009.10.31 10:16:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\IObit
[2009.01.09 23:51:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\LightScribe
[2009.04.03 21:48:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Nokia
[2009.04.05 08:06:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\PC Suite
[2009.02.04 15:19:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Pingotron.com
[2009.09.02 20:35:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Pinnacle
[2009.09.02 20:16:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Pinnacle Studio Plus
[2009.09.03 10:03:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Pinnacle Studio Ultimate
[2009.05.27 21:34:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Pinnacle VideoSpin
[2009.01.09 20:37:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ScanSoft
[2009.09.02 20:16:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Studio 12
[2010.01.22 06:59:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2009.01.08 10:39:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Uninstall
[2009.01.14 10:54:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\{148D8B8A-8F96-4822-81EC-D510B626B7D5}
[2009.05.06 12:53:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Data aplikací\Softland
[2009.03.25 21:14:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\Advanced Audio Recorder
[2010.01.07 22:01:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\Apowersoft
[2010.04.26 13:53:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\ArcticLine
[2009.01.21 12:24:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\Ashampoo
[2010.02.17 13:53:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\Audacity
[2009.04.18 20:15:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\Audio Editor Deluxe
[2009.09.26 13:56:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\Audio Recorder Titanium
[2009.10.04 11:43:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\Autoplay Menu Designer
[2009.05.27 23:02:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\avidemux
[2009.01.09 21:57:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\Canon
[2009.09.20 18:31:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009.10.30 22:44:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\Desktopicon
[2010.02.21 22:15:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\ESET
[2010.04.30 14:33:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\FILEminimizerPictures
[2010.02.23 15:58:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\FileZilla
[2009.03.20 10:47:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\FireShot
[2009.01.18 15:14:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\Genie-Soft
[2009.05.23 20:49:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\Gold Wave Editor Pro
[2009.05.20 20:28:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\gtk-2.0
[2009.10.29 22:53:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\HotSync
[2009.01.10 02:53:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\InfraRecorder
[2009.01.09 08:52:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\InterVideo
[2009.09.12 21:50:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\IObit
[2009.07.18 14:34:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\ldoce5
[2009.01.13 21:39:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\Leadertech
[2009.01.12 15:50:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\lpd
[2009.04.07 20:43:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\Mobipocket
[2009.06.10 20:47:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\Moyea
[2009.06.29 09:17:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\Nokia
[2009.03.27 13:16:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\oald7
[2010.05.12 13:45:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\oald8
[2009.10.20 20:09:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\ocoll2e
[2009.01.12 20:45:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\oess
[2009.01.12 20:05:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\olt1
[2009.01.08 23:18:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\OpenOffice.org
[2009.06.12 12:02:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\Opera
[2009.01.13 20:47:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\osd
[2009.04.05 21:51:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\PC Suite
[2009.02.04 15:40:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\Pingotron.com
[2009.09.02 20:51:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\proDAD
[2009.01.09 20:37:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\ScanSoft
[2009.06.18 09:01:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\Smart Audio Editor
[2010.01.10 08:32:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\Software Informer
[2009.12.19 18:58:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\SpellQuizzer
[2009.07.28 22:30:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\Systenance
[2009.03.31 16:07:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\Thunderbird
[2009.03.15 23:01:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\Uniblue
[2010.01.09 00:16:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\VitySoft
[2009.05.03 23:02:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\Vso
[2009.09.24 20:43:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\YCanPDF
[2010.02.07 00:00:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\Zoner

========== Purity Check ==========

Pokračování logu:

========== Custom Scans ==========

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"MSMSGS" = "C:\Program Files\Messenger\msmsgs.exe" /background -- [2008.04.14 05:22:36 | 001,695,232 | ---- | M] (Microsoft Corporation)
"ctfmon.exe" = C:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 05:22:17 | 000,015,360 | ---- | M] (Microsoft Corporation)
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" -- [2007.06.27 19:03:40 | 000,152,872 | ---- | M] (Nero AG)
"Google Update" = "C:\Documents and Settings\User\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c -- [2009.10.25 12:46:24 | 000,133,104 | ---- | M] (Google Inc.)
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\AutorunsDisabled]
"Google Update" = "C:\Documents and Settings\User\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c -- [2009.10.25 12:46:24 | 000,133,104 | ---- | M] (Google Inc.)

< c:\windows\*.* /U >
[6 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2009.12.11 18:09:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\AccurateRip
[2009.09.20 18:26:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\Adobe
[2009.03.25 21:14:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\Advanced Audio Recorder
[2009.12.01 16:18:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\Ahead
[2010.01.07 22:01:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\Apowersoft
[2009.01.16 15:46:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\Apple Computer
[2009.10.29 22:55:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\ArcSoft
[2010.04.26 13:53:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\ArcticLine
[2009.01.21 12:24:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\Ashampoo
[2010.02.17 13:53:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\Audacity
[2009.04.18 20:15:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\Audio Editor Deluxe
[2009.09.26 13:56:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\Audio Recorder Titanium
[2009.10.04 11:43:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\Autoplay Menu Designer
[2009.05.27 23:02:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\avidemux
[2009.01.09 21:57:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\Canon
[2009.09.20 18:31:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009.04.19 00:39:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\CyberLink
[2009.10.30 22:44:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\Desktopicon
[2009.05.27 21:22:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\Download Manager
[2010.02.02 16:11:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\dvdcss
[2010.02.21 22:15:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\ESET
[2010.04.30 14:33:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\FILEminimizerPictures
[2010.02.23 15:58:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\FileZilla
[2009.03.20 10:47:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\FireShot
[2009.01.18 15:14:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\Genie-Soft
[2009.05.23 20:49:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\Gold Wave Editor Pro
[2009.05.20 20:28:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\gtk-2.0
[2009.11.02 22:11:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\Help
[2009.10.29 22:53:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\HotSync
[2009.01.08 10:12:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\hpqLog
[2009.01.18 15:18:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\Identities
[2009.01.10 02:53:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\InfraRecorder
[2009.01.08 10:19:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\InstallShield
[2009.01.09 08:52:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\InterVideo
[2009.09.12 21:50:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\IObit
[2009.07.18 14:34:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\ldoce5
[2009.01.13 21:39:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\Leadertech
[2009.01.12 15:50:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\lpd
[2009.01.09 19:17:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\Macromedia
[2010.02.21 22:02:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\Malwarebytes
[2010.06.01 23:05:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\Media Player Classic
[2009.12.23 23:15:27 | 000,000,000 | --SD | M] -- C:\Documents and Settings\User\Data aplikací\Microsoft
[2009.04.07 20:43:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\Mobipocket
[2009.06.10 20:47:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\Moyea
[2010.05.27 20:35:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\Mozilla
[2009.06.29 09:17:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\Nokia
[2009.03.27 13:16:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\oald7
[2010.05.12 13:45:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\oald8
[2009.10.20 20:09:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\ocoll2e
[2009.01.12 20:45:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\oess
[2009.01.12 20:05:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\olt1
[2009.01.08 23:18:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\OpenOffice.org
[2009.06.12 12:02:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\Opera
[2009.01.13 20:47:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\osd
[2009.04.05 21:51:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\PC Suite
[2009.02.04 15:40:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\Pingotron.com
[2009.09.02 20:51:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\proDAD
[2009.11.06 16:12:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\PSpad
[2009.01.31 13:24:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\Real
[2009.01.10 01:44:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\Roxio
[2009.01.09 20:37:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\ScanSoft
[2009.01.12 20:16:09 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\User\Data aplikací\SecuROM
[2010.06.03 08:30:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\Skype
[2009.03.15 19:39:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\skypePM
[2009.06.18 09:01:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\Smart Audio Editor
[2010.01.10 08:32:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\Software Informer
[2010.06.02 00:17:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\Sony Corporation
[2009.12.19 18:58:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\SpellQuizzer
[2009.01.08 10:48:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\Sun
[2009.07.28 22:30:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\Systenance
[2009.03.31 16:07:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\Thunderbird
[2009.03.15 23:01:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\Uniblue
[2010.01.09 00:16:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\VitySoft
[2010.02.02 23:56:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\vlc
[2009.05.03 23:02:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\Vso
[2009.01.11 16:26:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\WinRAR
[2009.09.24 20:43:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\YCanPDF
[2010.02.07 00:00:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Data aplikací\Zoner

< %APPDATA%\*.exe /s >
[2009.03.08 14:10:34 | 000,081,920 | ---- | M] () -- C:\Documents and Settings\User\Data aplikací\ezpinst.exe
[2009.09.20 18:26:24 | 000,038,200 | ---- | M] () -- C:\Documents and Settings\User\Data aplikací\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2009.01.08 10:31:56 | 000,049,152 | R--- | M] (InstallShield Software Corp.) -- C:\Documents and Settings\User\Data aplikací\Microsoft\Installer\{082702D5-5DD8-4600-BCE5-48B15174687F}\ARPPRODUCTICON.exe
[2009.05.21 12:00:21 | 000,050,008 | R--- | M] () -- C:\Documents and Settings\User\Data aplikací\Microsoft\Installer\{342126E1-173C-4585-BFBE-3EBDD20E3E9E}\_6FEFF9B68218417F98F549.exe
[2009.01.08 10:31:27 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\User\Data aplikací\Microsoft\Installer\{4217C49A-545A-499E-9428-6D61B004A671}\ARPPRODUCTICON.exe
[2009.09.02 20:27:32 | 000,029,926 | R--- | M] () -- C:\Documents and Settings\User\Data aplikací\Microsoft\Installer\{5EB90C06-964F-4195-B83E-BD7E55C88415}\ARPPRODUCTICON.exe
[2010.06.01 12:45:26 | 000,188,152 | ---- | M] () -- C:\Documents and Settings\User\Data aplikací\Mozilla\Firefox\Profiles\wp7yomqn.default\FlashGot.exe
[2009.03.20 00:57:34 | 000,040,960 | ---- | M] () -- C:\Documents and Settings\User\Data aplikací\Mozilla\Firefox\Profiles\wp7yomqn.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fireshot-install.exe
[2010.02.03 14:46:19 | 007,052,368 | ---- | M] (ZONER software ) -- C:\Documents and Settings\User\Data aplikací\Zoner\NLMDB\product.0032\autoupdate.cz\ZPS12_Update_Build06.exe
[2010.02.15 22:26:27 | 007,058,472 | ---- | M] (ZONER software ) -- C:\Documents and Settings\User\Data aplikací\Zoner\NLMDB\product.0032\autoupdate.cz\ZPS12_Update_Build07.exe
[2010.04.30 14:30:46 | 007,372,128 | ---- | M] (ZONER software ) -- C:\Documents and Settings\User\Data aplikací\Zoner\NLMDB\product.0032\autoupdate.cz\ZPS12_Update_Build08.exe

< MD5 for: AGP440.SYS >
[2006.03.02 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010.02.15 17:13:00 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2010.02.15 17:13:00 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2006.03.02 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010.02.15 17:13:00 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2010.02.15 17:13:00 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys

< MD5 for: CDROM.SYS >
[2006.03.02 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2010.02.15 17:13:00 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2010.02.15 17:13:00 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2009.12.22 20:39:20 | 000,062,592 | ---- | M] (Microsoft Corporation) MD5=7B53584D94E9D8716B2DE91D5F1CB42D -- C:\WINDOWS\system32\dllcache\cdrom.sys
[2006.03.02 14:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys

< MD5 for: CRYPTSVC.DLL >
[2006.03.02 14:00:00 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll
[2008.04.14 05:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[2008.04.14 05:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2008.04.14 05:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 05:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll
[2006.03.02 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2006.03.02 14:00:00 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: HAL.DLL >
[2006.03.02 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2010.02.15 17:13:00 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2010.02.15 17:13:00 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll
[2008.04.13 20:31:28 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=4329EE7D502C9113EBA0F9570392F5EE -- C:\WINDOWS\system32\HAL.DLL
[2008.04.13 20:31:32 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll
[2005.09.29 01:35:25 | 000,134,272 | ---- | M] (Microsoft Corporation) MD5=A3961B9456DE472D2F152C9DE950FFA5 -- C:\WINDOWS\$NtServicePackUninstall$\hal.dll
[2006.03.02 14:00:00 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=DFCE51FD96909D1B97D4A1A72D060D77 -- C:\WINDOWS\$NtUninstallKB896256$\hal.dll

< MD5 for: CHANGER.SYS >
[2006.03.02 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2010.02.15 17:13:00 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
[2010.02.15 17:13:00 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Changer.sys
[2008.04.13 20:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\ServicePackFiles\i386\changer.sys

< MD5 for: IASTOR.SYS >
[2008.04.15 19:54:16 | 000,388,120 | R--- | M] (Intel Corporation) MD5=8D58627FEF3F8767665D9F4DC91CBD97 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IASTOR.SYS
[2008.04.15 19:53:44 | 000,312,344 | R--- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Documents and Settings\User\BackUp\Drivers\Intel(R) ICH8M-EM SATA AHCI Controller\iaStor.sys
[2008.04.15 19:53:44 | 000,312,344 | R--- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IASTOR.SYS
[2008.04.15 19:53:44 | 000,312,344 | R--- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\WINDOWS\system32\drivers\iaStor.sys
[2008.04.15 19:53:44 | 000,312,344 | R--- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\WINDOWS\system32\DRVSTORE\IAAHCI_E7EB69FF3449D216602D0D37A1D73969621673A9\iaStor.sys
[2008.04.16 00:53:44 | 000,312,344 | ---- | M] (Intel Corporation) MD5=DB0CC620B27A928D968C1A1E9CD9CB87 -- C:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\iaStor.sys

< MD5 for: ISAPNP.SYS >
[2010.02.15 17:13:00 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2010.02.15 17:13:00 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:isapnp.sys
[2001.10.24 12:44:12 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\$NtServicePackUninstall$\isapnp.sys
[2001.10.24 12:44:12 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\system32\ReinstallBackups\0012\DriverFiles\i386\isapnp.sys
[2008.04.14 04:27:53 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\ServicePackFiles\i386\isapnp.sys
[2008.04.14 04:27:53 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\drivers\isapnp.sys

< MD5 for: LSASS.EXE >
[2006.03.02 14:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
[2008.04.14 05:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[2008.04.14 05:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\lsass.exe

< MD5 for: NDIS.SYS >
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2006.03.02 14:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtUninstallKB912436$\ndis.sys
[2006.01.10 03:01:06 | 000,182,528 | ---- | M] (Microsoft Corporation) MD5=AA898F84D2B59129FB92E143A2C73434 -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

< MD5 for: NETLOGON.DLL >
[2009.02.06 20:47:20 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=1F43B8C0F4C767FBED89711C30E704D9 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2006.03.02 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\$NtUninstallKB968389_0$\netlogon.dll
[2008.04.14 05:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 05:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2006.03.02 14:00:00 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008.04.14 05:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 05:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SMSS.EXE >
[2006.03.02 14:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\$NtServicePackUninstall$\smss.exe
[2004.08.17 15:49:28 | 000,164,864 | ---- | M] (Microsoft Corporation) MD5=3C100B7FDB179B63829103DF6541337F -- C:\cmdcons\SYSTEM32\SMSS.EXE
[2008.04.14 05:22:47 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\ServicePackFiles\i386\smss.exe
[2008.04.14 05:22:47 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\smss.exe

< MD5 for: SVCHOST.EXE >
[2008.04.14 05:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008.04.14 05:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe
[2006.03.02 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: TCPIP.SYS >
[2008.06.20 12:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2008.06.20 12:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[2008.04.13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.04.13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2006.03.02 14:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe
[2006.03.02 14:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

< MD5 for: WINLOGON.EXE >
[2006.03.02 14:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 05:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 05:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WS2_32.DLL >
[2006.03.02 14:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
[2008.04.14 05:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008.04.14 05:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009.01.08 10:47:05 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009.01.08 10:47:05 | 000,663,552 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009.01.08 10:47:04 | 000,475,136 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2010.06.11 12:27:56 | 000,000,664 | ---- | M] () -- C:\WINDOWS\system32\d3d9caps.dat
[2010.06.11 11:39:26 | 000,539,240 | ---- | M] () -- C:\WINDOWS\system32\FNTCACHE.DAT
[2010.06.11 11:39:24 | 000,001,277 | ---- | M] () -- C:\WINDOWS\system32\oodbs.lor
[2010.06.10 22:33:47 | 000,082,750 | ---- | M] () -- C:\WINDOWS\system32\perfc005.dat
[2010.06.10 22:33:47 | 000,071,394 | ---- | M] () -- C:\WINDOWS\system32\perfc009.dat
[2010.06.10 22:33:47 | 000,438,070 | ---- | M] () -- C:\WINDOWS\system32\perfh005.dat
[2010.06.10 22:33:47 | 000,441,458 | ---- | M] () -- C:\WINDOWS\system32\perfh009.dat
[2010.06.10 22:33:46 | 001,006,218 | ---- | M] () -- C:\WINDOWS\system32\PerfStringBackup.INI
[2010.06.11 11:39:43 | 000,002,206 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

========== Alternate Data Streams ==========

@Alternate Data Stream - 162 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:DCE70D73
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:7FF78276
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:D1B5B4F1
< End of report >

A ten Extras.txt bude zase v dalším postu, nevešel se:

OTL Extras logfile created on: 11.6.2010 12:56:57 - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\User\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 40,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 74,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 70,87 Gb Free Space | 30,43% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HP550
Current User Name: User
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-1202660629-1935655697-725345543-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe" = C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe:*:Enabled:Managed Services Agent -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"C:\Program Files\CyberLink\PCM4Everio\PCM4Everio.exe" = C:\Program Files\CyberLink\PCM4Everio\PCM4Everio.exe:*:Enabled:CyberLink PowerCinema NE for Everio -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PCM4Everio\EverioService.exe" = C:\Program Files\CyberLink\PCM4Everio\EverioService.exe:*:Enabled:CyberLink PowerCinema NE for Everio Resident Program -- (CyberLink Corp.)
"C:\Program Files\CyberLink\PowerDirector Express\PDX.exe" = C:\Program Files\CyberLink\PowerDirector Express\PDX.exe:*:Enabled:CyberLink PowerDirector Express -- (CyberLink Corp.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\totalcmd\TOTALCMD.EXE" = C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows -- (C. Ghisler & Co.)
"C:\Program Files\Java\jre6\launch4j-tmp\JDownloader.exe" = C:\Program Files\Java\jre6\launch4j-tmp\JDownloader.exe:*:Enabled:Java(TM) Platform SE binary -- File not found
"C:\WINDOWS\system32\java.exe" = C:\WINDOWS\system32\java.exe:*:Disabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe" = C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater -- (Nokia Corporation)
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe" = C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process -- (Nokia Corporation)
"C:\Program Files\FlashGet\flashget.exe" = C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget -- (FlashGet.com)
"C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe" = C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe:*:Enabled:Render Manager -- (Pinnacle Systems)
"C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe" = C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe:*:Enabled:umi -- (Pinnacle Systems)
"C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe" = C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe:*:Enabled:Pinnacle VideoSpin -- (Pinnacle Systems)
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe" = C:\Program Files\Pinnacle\Studio 12\Programs\RM.exe:*:Enabled:Render Manager -- (Pinnacle Systems)
"C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe" = C:\Program Files\Pinnacle\Studio 12\Programs\Studio.exe:*:Enabled:Studio -- (Pinnacle Systems)
"C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe" = C:\Program Files\Pinnacle\Studio 12\Programs\umi.exe:*:Enabled:umi -- (Pinnacle Systems)
"C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe" = C:\Program Files\Real Alternative\Media Player Classic\mplayerc.exe:*:Enabled:Media Player Classic -- (Gabest)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\Documents and Settings\User\Local Settings\Data aplikací\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\User\Local Settings\Data aplikací\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004C5DA2-2051-4D25-94BA-51CF810C91EB}" = LightScribe System Software 1.12.37.1
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09348778-FDD7-4D5A-A518-583DB64D936E}" = Picture Collage Maker Full
"{0C973594-7DDF-4BD0-84ED-3517F7622037}" = PC Connectivity Solution
"{14B7A9EF-BB68-4529-9190-8CE164E0F548}" = ESET Smart Security
"{17849E30-6D35-40FC-BF1B-7E1AEA86BB75}" = Picture Collage Maker Pro Full
"{18A5DFF2-8A95-49F3-873F-743CB5549F3D}" = Canon ScanGear Starter
"{1A0D2EFC-C4FC-446A-8BC3-57A54CE5EADD}" = Opera 10.53
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{262BF2CD-601D-4F43-919C-4B00B1D1F338}" = Boris Graffiti
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 20
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2CD65167-671F-49A3-B6C7-3B919DF028E2}_is1" = Streaming Video Recorder V2.0.7
"{2DB165DC-DDB4-403F-B985-19F3EC7D0357}" = HP ProtectTools Security Manager
"{30283233-3BE6-473D-A47C-ED964A2F78B4}_is1" = Inpaint 2.0
"{30A2A953-DEB1-466A-B660-F4399C7C6B9D}" = Roxio MyDVD
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{334B6B44-2C7F-4AC0-A215-E780541CE033}" = Paragon Drive Copy 9.0 Personal Special Edition
"{342126E1-173C-4585-BFBE-3EBDD20E3E9E}" = Mobipocket Reader 6.2
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 E1
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{359FCAA7-B544-4147-AE3B-8C8A526E2427}" = Sony Image Data Suite
"{39CEE1F2-12B6-4C50-9131-04BFCA110578}" = PowerCinema NE for Everio
"{3AF8FCCD-F51A-4014-9002-F195E1CBC876}" = Logitech QuickCam
"{3C9D008D-3716-4C3F-90CD-38ED57568FAB}_is1" = Video Download Capture V2.3.2
"{3D39E775-DDDA-4327-B747-0BDC5F191331}" = Nokia PC Suite
"{4217C49A-545A-499E-9428-6D61B004A671}" = HP User Guides 0113
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C911A61-39EA-41CC-AB3C-FE3BFFDB5F78}" = Nokia Software Updater
"{52D02A2B-03D2-4E34-A358-DC5D951FD296}" = Nokia Connectivity Cable Driver
"{53480330-E1D1-41CA-B8F8-7F78644F7F50}" = O&O Defrag Professional Edition
"{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater
"{537940D6-28C0-4F19-9D8A-F8BD0585F816}" = Greeting Card Builder Full
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business
"{55B52830-024A-443E-AF61-61E1E71AFA1B}" = Device Access Manager for HP ProtectTools
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
"{5E65E94D-69F2-4850-9E93-6459C53A0F50}" = Microsoft .NET Framework 1.1 Czech Language Pack
"{5EB90C06-964F-4195-B83E-BD7E55C88415}" = Ovladače videa společnosti Pinnacle
"{6408565A-7F69-461A-B9F9-71DEEC31E985}_is1" = Audio Recorder 1.1
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{71ED4CA9-9AC5-48D9-A2AC-B1E4DFA84F62}" = ASUS Wireless Router WL-520GC Utilities
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{8186E1B9-DDC6-45B6-B9EB-C28947CBC4CF}" = Adobe Flash Player 9 ActiveX
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = HP Integrated Module with Bluetooth wireless technology
"{84D7FBB7-BC76-4A64-8D7F-805304E0DDEA}" = OpenOffice.org 3.0
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8E3F691A-4972-47FF-9E09-1981B62A5D5A}_is1" = Moyea FLV Editor Ultimate version: 1.0.1.0
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90110405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0405-0000-0000000FF1CE}" = Sada Compatibility Pack pro systém Office 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime
"{9604876E-6DF3-11D9-9526-CC60569E6209}" = DupDetector
"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{9DE3F260-B88E-42CE-90E7-73C78C37D95E}" = 32 Bit HP BiDi Channel Components Installer
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2010.03.11
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{AC76BA86-7AD7-2447-0000-900000000003}" = Chinese Simplified Fonts Support For Adobe Reader 9
"{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BEC30F97-90E2-406C-B267-E6B41F3F32F4}" = Advanced URL Catalog 2.14
"{BFB7485D-A200-33CA-A2E1-E1600CA76484}" = Google Talk Plugin
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1212AE3-DBB9-4365-8473-F8ABC7B06BBB}" = Pinnacle Instant DVD Recorder
"{C1E693A4-B1D5-4DCD-B68D-2087835B7184}" = ScanSoft OmniPage SE 4.0
"{C45EB9E5-7165-4FB0-8C31-77FC4743362F}" = Manual CanoScan LiDE 25
"{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}" = Canon CanoScan Toolbox 4.9
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF9CD37C-E29A-11D5-AE3D-005004B8E30C}" = Digital Photo Navigator 1.5
"{D041EB9E-890A-4098-8F94-51DA194AC72A}" = Pinnacle Studio 12
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D1860E6E-520E-4380-8433-E58E8F88B473}" = Pinnacle Studio 12 Ultimate Plugins
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{DF9F9A90-CEFD-4808-815F-E16932271029}" = Nero BackItUp 2 Essentials
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator Business v10
"{EDE721EC-870A-11D8-9D75-000129760D75}" = PowerDirector Express
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F26E95E5-CA0C-4A59-99CD-EC3B10D9CCD7}" = OpenOffice.org 3.0 Language Pack (Czech)
"{F6591A9D-A7EF-4FDF-8440-F42C725E37F4}" = Easy Flyer Creator 2.0
"{F6C84ED7-9CAC-423b-9E00-C9BFAFBD0593}_is1" = RadioGet 1.3.8
"{F8013DD1-574B-4921-A473-88A2F7A34D16}" = Paragon Drive Backup™ 9 Personal Edition
"{F91D702D-3DB1-11D3-B3A9-0020185257C4}" = SOED
"{FD6034A3-655C-49F0-B496-D4CBFD74D7A7}" = Palm Desktop by ACCESS
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"{FEB15887-0932-4D2D-BB85-6AC03FBF1AA8}" = Pinnacle VideoSpin
"3D Text Commander" = 3D Text Commander 2.0 by Insofta Development
"504244733D18C8F63FF584AEB290E3904E791693" = Balíček ovladače systému Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Audio Recorder_is1" = Advanced Audio Recorder v6.0.2
"Advanced Audio Titanium_is1" = Audio Recorder Titanium v6.0.2
"Advanced PDF to IMAGE converter_is1" = Advanced PDF to IMAGE converter 1.9.9.34
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"A-PDF Restrictions Remover_is1" = A-PDF Restrictions Remover 1.6
"Aplus DVD Copy_is1" = Aplus DVD Copy 8.79
"Aplus DVD Creator_is1" = Aplus DVD Creator 8.68
"Aplus DVD Ripper_is1" = Aplus DVD Ripper 8.59
"Ashampoo Burning Studio 2009_is1" = Ashampoo Burning Studio 2009
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.9 (Unicode)
"Audacity_is1" = Audacity 1.2.6
"Audio Editor Deluxe_is1" = Audio Editor Deluxe v9.5.1
"Autoplay Menu Designer_is1" = Autoplay Menu Designer 3.4
"Avidemux 2.4" = Avidemux 2.4
"AviSynth" = AviSynth 2.5
"Bonito_is1" = Bonito v1.49
"Broadcom 802.11 Application" = Bezdrátová služba Broadcom
"Broadcom 802.11b Network Adapter" = Bezdrátový adaptér Broadcom 802.11 LAN
"CCleaner" = CCleaner
"CDex" = CDex extraction audio
"Cleanse Uninstaller Pro 5" = Cleanse Uninstaller Pro 5
"Collins_is1" = Collins 1.0
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-09-21 16:18
"ConvertVid_is1" = Nuclear Coffee - ConvertVid
"doPDF 6 printer_is1" = doPDF 6.2 printer
"Driver Magician_is1" = Driver Magician 3.4
"DVD Shrink_is1" = DVD Shrink 3.2
"E8A6D621B6D3FC5D43C68C549D959DE76EEF5D84" = Balíček ovladače systému Windows - Nokia Modem (06/01/2009 4.1)
"EasyLex2" = Lingea EasyLex 2
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Exact Audio Copy" = Exact Audio Copy 0.99pb5
"Extra DVD Tools_is1" = Extra DVD Tools 6.4
"Extra Video Creator_is1" = Extra Video Creator 6.65
"F779F5541ABD99C95C03B0FD5E3C058B22DA0FF7" = Balíček ovladače systému Windows - Nokia Modem (06/01/2009 7.01.0.3)
"ffdshow_is1" = ffdshow [rev 1443] [2007-08-29]
"FileHippo.com" = FileHippo.com Update Checker
"FILEminimizer Pictures_is1" = FILEminimizer Pictures
"FileZilla Client" = FileZilla Client 3.3.2
"FlashGet" = FlashGet 1.9.0.1012
"Folder Marker_is1" = Folder Marker Home v 3.0
"Foxonic Professional 3.2 (build 0019)_is1" = Foxonic Professional 3.2 (build 0019)
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"Gifex_is1" = Gifex 2.1 beta
"Gold Fish Animated Wallpaper_is1" = Gold Fish Animated Wallpaper version 1.0
"Gold Wave Editor Pro_is1" = Gold Wave Editor Pro v10.2.2
"Harry's Filters 3" = Harry's Filters 3
"HDD Health_is1" = HDD Health v3.3 Beta
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Helper_is1" = Helper 5.3.6.25
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Incomedia WebSite X5 Smart" = Incomedia WebSite X5 Smart
"InfraRecorder" = InfraRecorder
"InstallShield_{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime
"InternetRadioFan_is1" = Internet RadioFan 1.3.0
"IrfanView" = IrfanView (remove only)
"Knight's Gambit_is1" = Knight's Gambit
"Lexicon 4.0" = Lingea Lexicon 2002
"lvdrivers_11.80" = Logitech QuickCam Driver Package
"MediaInfo" = MediaInfo 0.7.20
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Mozilla Thunderbird (2.0.0.21)" = Mozilla Thunderbird (2.0.0.21)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero OEM
"Network Stumbler" = Network Stumbler 0.4.0 (remove only)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Nokia PC Suite" = Nokia PC Suite
"NSIS_ldoce5" = Longman Dictionary of Contemporary English 5th Edition
"NSIS_lpd" = Longman Pronunciation Dictionary
"NSIS_oald8" = Oxford Advanced Learner's Dictionary - 8th Edition
"NSIS_ocoll2e" = Oxford Collocations Dictionary
"NSIS_olt1" = Oxford Learner's Thesaurus
"NSIS_osd" = Oxford Student's Dictionary
"OALD7" = Oxford Advanced Learner's Dictionary - 7th edition
"oess" = Oxford Essential
"Paragon Software SlovoEd 7" = Paragon Software SlovoEd 7
"PDF Complete" = PDF Complete
"PDF Password Remover v3.0_is1" = PDF Password Remover v3.0
"PDFZilla_is1" = PDFZilla V1.0.7
"PhotoFiltre" = PhotoFiltre
"PhotoScape" = PhotoScape
"Picasa 3" = Picasa 3
"proDAD-Vitascene-1.0" = proDAD Vitascene 1.0
"PROSet" = Intel(R) PRO Network Connections Drivers
"PSPad editor_is1" = PSPad editor
"QUICKfind" = QUICKfind server v1.1
"rajče.net_is1" = rajče beta50
"RealAlt_is1" = Real Alternative 1.9.0
"Recuva" = Recuva
"SC Video Cut and Split_is1" = SC Video Cut and Split 4.2.0.2
"Smart Audio Editor_is1" = Smart Audio Editor v7.7.1 Build 78
"Smart Tests" = Smart Tests - testy, které učí
"Software Informer_is1" = Software Informer 1.0 BETA
"SpellQuizzer_is1" = SpellQuizzer 1.3.3
"stax-Pinnacle_is1" = SureThing Express Labeler
"STMediaSuite" = SoundTaxi Media Suite 3.9.1
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Totalcmd" = Total Commander (Remove or Repair)
"Unlocker" = Unlocker 1.8.7
"VideoThang™_is1" = VideoThang™ 2.1.0
"virtualPhotographer_is1" = virtualPhotographer 1.5.6
"VLC media player" = VLC media player 1.0.2
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.6
"WinRAR archiver" = WinRAR
"WinUtilities" = WinUtilities 6.4
"WinX DVD Author_is1" = WinX DVD Author 5.5
"WinX DVD Copy_is1" = WinX DVD Copy
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wondershare Audio Converter_is1" = Wondershare Audio Converter(Build 4.2.0.56)
"Wondershare DVD Ripper Platinum_is1" = Wondershare DVD Ripper Platinum(Build 4.2.0.16)
"Wondershare Photo Collage Studio GAOTD Edition_is1" = Wondershare Photo Collage Studio 4.2.9.1
"Wondershare Photo Story Gold GAOTD Edition_is1" = Wondershare Photo Story Gold GAOTD Edition 3.4.2.0
"Word Manager" = Word Manager
"Wudf01007" = Microsoft User-Mode Driver Framework Feature Pack 1.7
"Zoner Photo Map - ČR 1:100 000_is1" = Zoner Photo Map - ČR 1:100 000
"ZonerPhotoStudio12_CZ_is1" = Zoner Photo Studio 12
"ZonerPhotoStudio12_EASTER_CZ_is1" = Zoner Photo Studio 12 - Velikonoční obálky

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1202660629-1935655697-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"RadioSure" = RadioSure

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8.6.2010 20:34:14 | Computer Name = HP550 | Source = Google Update | ID = 20
Description =

Error - 8.6.2010 21:34:14 | Computer Name = HP550 | Source = Google Update | ID = 20
Description =

Error - 8.6.2010 22:34:14 | Computer Name = HP550 | Source = Google Update | ID = 20
Description =

Error - 8.6.2010 23:34:14 | Computer Name = HP550 | Source = Google Update | ID = 20
Description =

Error - 9.6.2010 0:34:14 | Computer Name = HP550 | Source = Google Update | ID = 20
Description =

Error - 10.6.2010 17:12:54 | Computer Name = HP550 | Source = MsiInstaller | ID = 11500
Description = Product: O&O Defrag Professional Edition -- Error 1500.Another installation
is in progress. You must complete that installation before continuing this one.

Error - 10.6.2010 17:12:59 | Computer Name = HP550 | Source = MsiInstaller | ID = 11500
Description = Product: O&O Defrag Professional Edition -- Error 1500.Another installation
is in progress. You must complete that installation before continuing this one.

Error - 10.6.2010 17:13:00 | Computer Name = HP550 | Source = MsiInstaller | ID = 11500
Description = Product: O&O Defrag Professional Edition -- Error 1500.Another installation
is in progress. You must complete that installation before continuing this one.

Error - 10.6.2010 17:13:01 | Computer Name = HP550 | Source = MsiInstaller | ID = 11500
Description = Product: O&O Defrag Professional Edition -- Error 1500.Another installation
is in progress. You must complete that installation before continuing this one.

Error - 10.6.2010 17:26:04 | Computer Name = HP550 | Source = MsiInstaller | ID = 11500
Description = Product: O&O Defrag Professional Edition -- Error 1500.Another installation
is in progress. You must complete that installation before continuing this one.

[ System Events ]
Error - 8.6.2010 9:04:54 | Computer Name = HP550 | Source = ACPIEC | ID = 327681
Description = \Device\ACPIEC: Hardware vloženého řadiče (EC) neodpověděl v daném
časovém limitu. To může znamenat, že došlo k chybě v hardwaru řadiče nebo ve firmwaru
nebo že je nesprávně navržen systém BIOS, který k vloženému řadiči přistupuje nebezpečným
způsobem. Řadič EC v případě možnosti zopakuje transakci, která se nezdařila.

Error - 8.6.2010 15:20:05 | Computer Name = HP550 | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1058 při pokusu o spuštění služby upnphost
s argumenty za účelem spuštění serveru: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Error - 8.6.2010 16:07:21 | Computer Name = HP550 | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1058 při pokusu o spuštění služby upnphost
s argumenty za účelem spuštění serveru: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Error - 8.6.2010 17:26:48 | Computer Name = HP550 | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1058 při pokusu o spuštění služby upnphost
s argumenty za účelem spuštění serveru: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Error - 9.6.2010 6:36:31 | Computer Name = HP550 | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1058 při pokusu o spuštění služby upnphost
s argumenty za účelem spuštění serveru: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Error - 9.6.2010 15:34:20 | Computer Name = HP550 | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1058 při pokusu o spuštění služby upnphost
s argumenty za účelem spuštění serveru: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Error - 9.6.2010 15:35:40 | Computer Name = HP550 | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1058 při pokusu o spuštění služby upnphost
s argumenty za účelem spuštění serveru: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Error - 9.6.2010 15:36:44 | Computer Name = HP550 | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1058 při pokusu o spuštění služby upnphost
s argumenty za účelem spuštění serveru: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Error - 9.6.2010 15:38:31 | Computer Name = HP550 | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1058 při pokusu o spuštění služby upnphost
s argumenty za účelem spuštění serveru: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Error - 10.6.2010 2:39:04 | Computer Name = HP550 | Source = DCOM | ID = 10005
Description = Služba DCOM zjistila chybu %1058 při pokusu o spuštění služby upnphost
s argumenty za účelem spuštění serveru: {204810B9-73B2-11D4-BF42-00B0D0118B56}

< End of report >

Pekny vecer preji,

ano logu z USBFixu bude nekolik - dle poctu spusteni - po kazdem spusteni pak kazdy pak nekam presunte a pojmenujte treba log1.txt atd...Vsechny je pak zararujte a prilozte k Vasemu prispevku (nedavejte je do topicu jelikoz jich bude nekolik tak by to nebylo zrovna prehled a nejsou tak nezbytne aby tu musely byt, takze jen prilozit prosim

ja si je otevru a projedu

)

Ted kouknu na logy z OTL a napisu skript pro opravu...

Jeste pred mazanim si neco overim

Tohle znate C:\32035472b4b7696dbd6229

a tohle C:\Documents and Settings\All Users\Data aplikací\{148D8B8A-8F96-4822-81EC-D510B626B7D5}

Stahnete SytemLook (viz muj podpis) a ulozte jej na plochu

Do okna vlozte skript nize

Kód: Vybrat vše

:filefind
autochk*

:dir
C:\32035472b4b7696dbd6229
C:\Documents and Settings\All Users\Data aplikací\{148D8B8A-8F96-4822-81EC-D510B626B7D5}

Kliknete na Look
Tlacitko Look se zmeni na Scanning a zsedne
Pockejte pokud se tlacitko Scanning opet nezmeni na Look - tak poznate ze SystemLook dokoncil svou praci
Vyskoci na Vas log s nazvemSystemLook (pripadne bude ulozen na ploe), jeho obsah mi sem vlozte

Nasledujici soubory otestujte na VirusTotalu (viz muj podpis)

C:\WINDOWS\System32\drivers\logiflt.iad
C:\WINDOWS\System32\drivers\lvuvc.hs
Kliknete na Prochazet
Soubor nehledejte, jen vlozte cestu souboru, ktery chci otestovat
Pokud napise Soubor byl jiz testovan, dejte otestovat znovu
Kliknete na Otestovat soubor
Vysledek analyzy sem vlozte (jako odkaz)

Tak se nám to docela komplikuje:)
Mám tady co dělat:)

Ta první složka (C:\32035472b4b7696dbd6229) se podobá názvem složkám v posled. dnech vznikajících přímo na C.
Tato konkrétní obsahuje mrtstub.exe (malicious software removal) - asi nepotřebuji:..

A druhá věc: C:\Documents and Settings\All Users\Data aplikací\{148D8B8A-8F96-4822-81EC-D510B626B7D5}
je Prázdná složka. Nechápu, co tam dělá.

VirusTotal:

U obou souborů je toto:
http://www.virustotal.com/vt/en/recepcion
(0 bytes size received)
- zkusil jsem z podezření na poruchu VirusTotalu náhodně jiný soubor a ten výsledek měl normální......

Jdu na SystemLook...
SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 21:32 on 11/06/2010 by User (Administrator - Elevation successful)

========== filefind ==========

Searching for "autochk*"
C:\cmdcons\autochk.exe --a--- 601088 bytes [20:25 23/07/2009] [12:00 02/03/2006] CEA8636EC12F062C1ED8A7CB4E75324F
C:\WINDOWS\$NtServicePackUninstall$\autochk.exe -----c 601088 bytes [15:13 15/02/2010] [12:00 02/03/2006] CEA8636EC12F062C1ED8A7CB4E75324F
C:\WINDOWS\ServicePackFiles\i386\autochk.exe ------ 601088 bytes [03:22 14/04/2008] [03:22 14/04/2008] C7A9FF12C63E2E448722B02C71A8C431
C:\WINDOWS\system32\autochk.exe --a--- 601088 bytes [12:00 02/03/2006] [03:22 14/04/2008] C7A9FF12C63E2E448722B02C71A8C431

========== dir ==========

C:\32035472b4b7696dbd6229 - Parameters: "(none)"

---Files---
$shtdwn$.req --ah-- 788 bytes [06:19 15/05/2010] [06:19 15/05/2010]
mrt.exe._p --a--- 1198499 bytes [10:09 30/04/2010] [10:09 30/04/2010]
mrtstub.exe --a--- 58312 bytes [09:51 30/04/2010] [09:51 30/04/2010]

---Folders---
None found.

C:\Documents and Settings\All Users\Data aplikací\{148D8B8A-8F96-4822-81EC-D510B626B7D5} - Parameters: "(none)"

---Files---
None found.

---Folders---
None found.

-=End Of File=-

Ja bych to jako komplikace nebral, jen jistota a overovani...radeji trikrat overit nez odpalit neco co muze byt legitimni polozka winu...

mrtstub.exe je nastroj winu pro odstarneni skodliveho software, takze nechame, nejedna se o havet

C:\Documents and Settings\All Users\Data aplikací\{148D8B8A-8F96-4822-81EC-D510B626B7D5} uvidime co ukaze SystemLook, pripadne smaznem

VirusTotal - nejednalo se o chybu, jen je to soubor o nulove velikosti,takze nebylo co odesilat - pro nas znameni ze je cisty - nema data nemuze tam byt ani havet

Ahá, tak SystemLook zopakuji, dal jsem ho do prispevku jako Edit a Vy jste si toho uz nemohl vsimnout...sorry. Jste rychlejší než já:)

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 21:32 on 11/06/2010 by User (Administrator - Elevation successful)

========== filefind ==========

Searching for "autochk*"
C:\cmdcons\autochk.exe --a--- 601088 bytes [20:25 23/07/2009] [12:00 02/03/2006] CEA8636EC12F062C1ED8A7CB4E75324F
C:\WINDOWS\$NtServicePackUninstall$\autochk.exe -----c 601088 bytes [15:13 15/02/2010] [12:00 02/03/2006] CEA8636EC12F062C1ED8A7CB4E75324F
C:\WINDOWS\ServicePackFiles\i386\autochk.exe ------ 601088 bytes [03:22 14/04/2008] [03:22 14/04/2008] C7A9FF12C63E2E448722B02C71A8C431
C:\WINDOWS\system32\autochk.exe --a--- 601088 bytes [12:00 02/03/2006] [03:22 14/04/2008] C7A9FF12C63E2E448722B02C71A8C431

========== dir ==========

C:\32035472b4b7696dbd6229 - Parameters: "(none)"

---Files---
$shtdwn$.req --ah-- 788 bytes [06:19 15/05/2010] [06:19 15/05/2010]
mrt.exe._p --a--- 1198499 bytes [10:09 30/04/2010] [10:09 30/04/2010]
mrtstub.exe --a--- 58312 bytes [09:51 30/04/2010] [09:51 30/04/2010]

---Folders---
None found.

C:\Documents and Settings\All Users\Data aplikací\{148D8B8A-8F96-4822-81EC-D510B626B7D5} - Parameters: "(none)"

---Files---
None found.

---Folders---
None found.

-=End Of File=-

Zrovna jsem Vam chtel rict at needitujete

I tak jsem si toho vsiml, pac jsem si obnovoval Vas topic, ale pro priste prosim needitovat, jinak neuvidim ze jste neco "prispel"

Spustte znovu OTL

Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

Kód: Vybrat vše

:otl
IE - HKU\S-1-5-21-1202660629-1935655697-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dvdcopyrip.com
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKU\S-1-5-21-1202660629-1935655697-725345543-1003\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found
O18 - Protocol\Handler\AutorunsDisabled\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - Reg Error: Key error. File not found
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\User\Local Settings\Data aplikací\*.tmp files -> C:\Documents and Settings\User\Local Settings\Data aplikací\*.tmp -> ]
@Alternate Data Stream - 162 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:DCE70D73
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:7FF78276
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:D1B5B4F1

:reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9f8e57e8-de6f-11dd-8178-002100766f35}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{54d65faf-e867-11dd-8196-002100766f35}]

:files
C:\Documents and Settings\All Users\Data aplikací\{148D8B8A-8F96-4822-81EC-D510B626B7D5}

:commands
[EMPTYTEMP]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[CREATERESTOREPOINT]

Nasledne kliknete na Opravit
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

Usbfix.rar: (3.49 KiB) Staženo 91 x

ano, s tím Edit je mi to jasné:)
Jen jsem chtěl tam zeditovat a myslel, že to bude dříve, než si to přečtete. Ale Vy si to asi stahujete automaticky a tím pádem nevidíte pozdější změny:)

Mám tu jeden USBfix log, je to z nejčastěji používaných zařízení a u jednoho mám (Kingston) mám podezření, že ač je nejnovější, tak prošel na jedné akci 3 díry v cizích kompech, kde bylo hodně flešek a mohl tam něco chytit. Ta Nokia a Verbatim jsou spojený vždy jen s mým kompem.

Posílám ho v .rar přílohou, další zařízení nyní nemám k dispozici (jedno má u sebe manželka atd.) - věřím, že to, co posílám, chybu ukáže... Díky!

USBfix mě vyděsil tím, že zhasl monitor a všechno se mi zavřelo....a pak to dlouho stálo na 48%...
A ten Upload na konci vypadal divně, ta adresa se mi nelíbila...

VIRY.CZ

Prosím o kontrolu, noťas začal zamrzat

Prosím o kontrolu, noťas začal zamrzat

Re: Prosím o kontrolu, noťas začal zamrzat

Re: Prosím o kontrolu, noťas začal zamrzat

Re: Prosím o kontrolu, noťas začal zamrzat

Re: Prosím o kontrolu, noťas začal zamrzat

Re: Prosím o kontrolu, noťas začal zamrzat

Re: Prosím o kontrolu, noťas začal zamrzat

Re: Prosím o kontrolu, noťas začal zamrzat

Re: Prosím o kontrolu, noťas začal zamrzat

Re: Prosím o kontrolu, noťas začal zamrzat

Re: Prosím o kontrolu, noťas začal zamrzat

Re: Prosím o kontrolu, noťas začal zamrzat

Re: Prosím o kontrolu, noťas začal zamrzat

Re: Prosím o kontrolu, noťas začal zamrzat

Re: Prosím o kontrolu, noťas začal zamrzat