VIRY.CZ

Dobrý večer,
dle Vaší instruce zakládám nové téma kvůli kontrole tátového počítače.
S Win XP se po přihlášení uživatele ještě cca 3 minuty nedá pracovat.

info.txt logfile of random's system information tool 1.09 2011-11-26 19:16:52

======Uninstall list======

${ADD_ON_NAME}-->"C:\Program Files\SuperFish\uninstall.exe"
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10t_Plugin.exe -maintain plugin
Adobe Photoshop 6.0.1 CE-->C:\WINDOWS\ISUN0405.EXE -fc:\adobe\Uninst.isu -cc:\adobe\Uninst.dll
Adobe Reader 9.4.5 - Czech-->MsiExec.exe /I{AC76BA86-7AD7-1029-7B44-A94000000001}
Adobe SVG Viewer-->C:\WINDOWS\IsUninst.exe -f"C:\WINDOWS\System32\Adobe\SVG Viewer\Uninst.isu"
Aktualizace systému Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"
Aktualizace systému Windows Internet Explorer 8 (KB982664)-->"C:\WINDOWS\ie8updates\KB982664-IE8\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB2183461)-->"C:\WINDOWS\ie7updates\KB2183461-IE7\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2183461)-->"C:\WINDOWS\ie8updates\KB2183461-IE8\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2360131)-->"C:\WINDOWS\ie8updates\KB2360131-IE8\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2416400)-->"C:\WINDOWS\ie8updates\KB2416400-IE8\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2482017)-->"C:\WINDOWS\ie8updates\KB2482017-IE8\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2497640)-->"C:\WINDOWS\ie8updates\KB2497640-IE8\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2510531)-->"C:\WINDOWS\ie8updates\KB2510531-IE8\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2530548)-->"C:\WINDOWS\ie8updates\KB2530548-IE8\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2544521)-->"C:\WINDOWS\ie8updates\KB2544521-IE8\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2559049)-->"C:\WINDOWS\ie8updates\KB2559049-IE8\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB2586448)-->"C:\WINDOWS\ie8updates\KB2586448-IE8\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB981332)-->"C:\WINDOWS\ie8updates\KB981332-IE8\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows Internet Explorer 8 (KB982381)-->"C:\WINDOWS\ie8updates\KB982381-IE8\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2567053)-->"C:\WINDOWS\$NtUninstallKB2567053$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB2592799)-->"C:\WINDOWS\$NtUninstallKB2592799$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Angry Birds Rio-->MsiExec.exe /I{D7B3493D-766C-40AA-9AA9-053B896D76DE}
Aspi Installer-->C:\TEMP\UNWISE.EXE C:\TEMP\INSTALL.LOG
AVG 2012-->"C:\Program Files\AVG\AVG2012\avgmfapx.exe" /AppMode=SETUP /Uninstall
AVG 2012-->MsiExec.exe /I{41F4B3D2-3CC8-41B5-99B8-3A9C1BCDEA0A}
AVG 2012-->MsiExec.exe /I{80F28669-97B7-4CC9-B256-1F1BCFB7FDCF}
AVG Security Toolbar-->C:\Program Files\AVG Secure Search\UNINSTALL.exe /UNINSTALL
BBSAK-->MsiExec.exe /I{E2B4FE1C-2CFA-47EE-A88C-A14D0FF1F0B0}
BlackBerry Desktop Software 5.0.1-->MsiExec.exe /I{F11E0BBC-5CB9-4D64-A942-6B64043BED97}
BlackBerry Desktop Software 5.0.1-->MsiExec.exe /i{F11E0BBC-5CB9-4D64-A942-6B64043BED97}
BlackBerry Device Software Updater-->MsiExec.exe /X{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}
BlackBerry JDE 4.2.1-->MsiExec.exe /X{9CE87FC6-D94B-43A4-A171-F06009C8D810}
BlackBerry USB and Modem Drivers 6.1-->MsiExec.exe /X{3E79F719-BE4A-4579-9FFF-559EF7A81AB4}
BlackBerry USB and Modem Drivers 6.1-->MsiExec.exe /X{3E79F719-BE4A-4579-9FFF-559EF7A81AB4}
BlackBerry® Media Sync-->MsiExec.exe /X{40A594D0-1490-4979-9382-D2B764F949C6}
bProtector for Windows-->"C:\Documents and Settings\All Users\Data aplikací\bProtector\component_71.decrpt" /{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}
BT878 WDM Mini-Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B1C1A080-3FCD-11D5-BC0B-0000E8870AD3}\Setup.exe" -uninst
Canon Camera Access Library-->"C:\Program Files\Common Files\Canon\UIW\1.7.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"
Canon MovieEdit Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.7.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini"
Canon Utilities CameraWindow DC 8-->"C:\Program Files\Common Files\Canon\UIW\1.7.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDC8\Uninst.ini"
Canon Utilities CameraWindow-->"C:\Program Files\Common Files\Canon\UIW\1.7.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowLauncher\Uninst.ini"
Canon Utilities Movie Uploader for YouTube-->"C:\Program Files\Common Files\Canon\UIW\1.7.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\Movie Uploader for YouTube\Uninst.ini"
Canon Utilities MyCamera-->"C:\Program Files\Common Files\Canon\UIW\1.7.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\MyCamera\Uninst.ini"
Canon Utilities ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.7.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
Canon ZoomBrowser EX Memory Card Utility-->"C:\Program Files\Common Files\Canon\UIW\1.7.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX MCU\Uninst.ini"
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
CDBurnerXP-->"C:\Program Files\CDBurnerXP\unins000.exe"
COMODO Internet Security-->MsiExec.exe /I{FD8E178D-8B4E-42DA-B434-EFF270329B1C}
Crawler Toolbar-->C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe uninst
DipTrace Language Suite-->C:\Program Files\DipTrace\UnInstall_12345.exe
DjVu Web Browser Plug-in-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B3230613-BE9A-4B90-810A-5042496C02D8}\setup.exe"
eJuice Me Up-->MsiExec.exe /I{DC6A0C39-7ECD-45B1-94DF-4480082939F6}
EVEREST Ultimate Edition v5.01-->"C:\Program Files\Lavalys\EVEREST Ultimate Edition\unins000.exe"
File2LinkIB-->C:\Program Files\file2linkib\uninstall.exe
FLV Player 1.3.3-->"C:\Program Files\FLVPlayer\uninstall.exe"
Free PDF to Word Doc Converter v1.1-->"C:\Program Files\Free PDF to Word Doc Converter\unins000.exe"
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Inbox Toolbar-->"C:\Program Files\Inbox Toolbar\unins000.exe"
InstallBrain Updater Service-->"C:\Program Files\InstallBrainService\InstallBrainService.exe" /UNINSTALL
J2SE Development Kit 5.0 Update 22-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0150220}
J2SE Runtime Environment 5.0 Update 22-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150220}
Java(TM) 6 Update 26-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216026FF}
Jewel Mine-->"d:\Program Files\MyRealGames.com\Jewel Mine\unins000.exe"
Jpeg Resampler Vs 6+-->"C:\Program Files\JpegResampler2010\unins000.exe"
MediaBar-->C:\Program Files\BearShare Applications\MediaBar\uninstall.exe
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - CSY-->MsiExec.exe /I{A2C9CD1B-2551-3AED-B244-6698FB929FA6}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - CSY-->MsiExec.exe /I{546C143E-68DC-314D-97BC-1E454E3BA429}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 Language Pack SP1 - csy-->MsiExec.exe /I{DD73CA82-EA82-38AA-863D-9A24A018DC96}
Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack SP1 - csy\setup.exe
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Bootvis-->MsiExec.exe /I{0F9196C6-58B4-445B-B56E-B1200FECC151}
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9-->"C:\WINDOWS\$NtUninstallWdf01009$\spuninst\spuninst.exe"
Microsoft Office XP Professional s aplikací FrontPage-->MsiExec.exe /I{90280405-6000-11D3-8CFE-0050048383C9}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Miranda IM 0.8.9-->C:\Program Files\Miranda IM\Uninstall.exe
Neuro-Programmer 3.1.1-->"d:\Program Files\Neuro-Programmer 3\unins000.exe"
Novarm DipTrace-->C:\Program Files\DipTrace\UnInstall_15033.exe
Opera 11.52-->"C:\Program Files\Opera\Opera.exe" /uninstall
PCLab-->"C:\Program Files\PCLab\uninstall.exe"
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0
Regino v5.0-->"C:\Program Files\Regino v5.0\unins000.exe"
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A8894F19-59C8-38D2-8A75-36C0CCE56A5B} /qb+ REBOOTPROMPT=""
Skype™ 4.2-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
STDU Viewer version 1.4.13.0-->"C:\Program Files\STDU Viewer\unins000.exe"
The KMPlayer (remove only)-->"C:\Program Files\The KMPlayer\uninstall.exe"
TV-FM Tuner Player-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4892703A-E7C3-462D-A72C-BD1C18E3CB08}\Setup.exe" -uninst
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Výpočet transformátoru -->d:\Program Files\Výpočet transformátoru v.2.1.3\Uninstal.exe
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
WinRAR-->C:\Program Files\WinRAR\uninstall.exe
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
xp-AntiSpy 3.97-9-->C:\Program Files\xp-AntiSpy\Uninstall.exe
YouTube Video Downloader V1.1.0-->"C:\Program Files\YouTube Video Downloader\unins000.exe"
Zoner Media Explorer 5-->MsiExec.exe /X{B48F9C44-C904-4FA3-984D-F65AE4C49745}

======Hosts File======

127.0.0.1 mpa.one.microsoft.com
127.0.0.1 http://www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 http://www.008k.com
127.0.0.1 008k.com
127.0.0.1 http://www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 http://www.032439.com

======Security center information======

AV: AVG Anti-Virus Free Edition 2012
FW: COMODO Firewall

======System event log======

Computer Name: DOLNI
Event Code: 1003
Message: Nebylo možno obnovit adresu počítače ze sítě (ze serveru
DHCP) pro síťovou kartu s adresou 00112F66EB8B. Došlo k následující
chybě:
Časový limit semaforu vypršel.
.
Počítač se bude pokoušet získat síťovou adresu samostatně ze serveru
DHCP.

Record Number: 65140
Source Name: Dhcp
Time Written: 20111102143816.000000+060
Event Type: Upozornění
User:

Computer Name: DOLNI
Event Code: 7036
Message: Stav služby Správce vzdáleného přístupu byl změněn na: Spuštěno

Record Number: 65139
Source Name: Service Control Manager
Time Written: 20111102140812.000000+060
Event Type: Informace
User:

Computer Name: DOLNI
Event Code: 7035
Message: Řídící příkaz Spuštěno byl službě Správce vzdáleného přístupu úspěšně odeslán.

Record Number: 65138
Source Name: Service Control Manager
Time Written: 20111102140811.000000+060
Event Type: Informace
User: DOLNI\Cernopolak

Computer Name: DOLNI
Event Code: 7036
Message: Stav služby Telefonní subsystém byl změněn na: Spuštěno

Record Number: 65137
Source Name: Service Control Manager
Time Written: 20111102140811.000000+060
Event Type: Informace
User:

Computer Name: DOLNI
Event Code: 7036
Message: Stav služby Služba modelu COM pro zápis na disk CD (IMAPI) byl změněn na: Zastaveno

Record Number: 65136
Source Name: Service Control Manager
Time Written: 20111102140600.000000+060
Event Type: Informace
User:

=====Application event log=====

Computer Name: DOLNI
Event Code: 1800
Message: Služba Centrum zabezpečení systému Windows byla spuštěna.

Record Number: 9613
Source Name: SecurityCenter
Time Written: 20110101213243.000000+060
Event Type: Informace
User:

Computer Name: DOLNI
Event Code: 1
Message:
Record Number: 9612
Source Name: avg8emc
Time Written: 20110101213239.000000+060
Event Type: Informace
User:

Computer Name: DOLNI
Event Code: 0
Message:
Record Number: 9611
Source Name: gupdate1ca7c0167f49858
Time Written: 20110101213224.000000+060
Event Type: Informace
User:

Computer Name: DOLNI
Event Code: 0
Message:
Record Number: 9610
Source Name: gupdate1ca7c0167f49858
Time Written: 20110101213147.000000+060
Event Type: Informace
User:

Computer Name: DOLNI
Event Code: 1
Message:
Record Number: 9609
Source Name: avg8emc
Time Written: 20110101121122.000000+060
Event Type: Informace
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------
_______________________________________________________________________________

Logfile of random's system information tool 1.09 (written by random/random)
Run by Dolní at 2011-11-26 19:21:56
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 2 GB (8%) free of 20 GB
Total RAM: 768 MB (46% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:22:22, on 26.11.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Documents and Settings\All Users\Data aplikací\bProtector\bProtect.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Documents and Settings\All Users\Data aplikací\bProtector\bProtect.exe
C:\Program Files\InstallBrainService\InstallBrainService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\DATAMN~1.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\Dolní\Plocha\Testování\RSIT.exe
C:\Program Files\trend micro\Dolní.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox.com/search/dispatc ... &%language
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: QIPBHO Class - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\Dolní\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: Inbox Toolbar - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~1\INBOXT~1\Inbox.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: &Crawler Toolbar Helper - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll
O2 - BHO: WindowShopper - {74F475FA-6C75-43BD-AAB9-ECDA6184F600} - C:\Program Files\SuperFish\Superfish.dll
O2 - BHO: QIPBHO - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\Dolní\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll
O2 - BHO: File2LinkIB - {c23b756a-bd9f-4ca6-aded-17ab8ccf3e8b} - C:\Program Files\file2linkib\file2linkibX.dll
O2 - BHO: MediaBar - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~1\BEARSH~1\MediaBar\ToolBar\bsdtxmltbpi.dll
O2 - BHO: Inbox Toolbar - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~1\INBOXT~1\Inbox.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~1\INBOXT~1\Inbox.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: MediaBar - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~1\BEARSH~1\MediaBar\ToolBar\bsdtxmltbpi.dll
O3 - Toolbar: PandoraTV Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll
O3 - Toolbar: File2LinkIB - {c23b756a-bd9f-4ca6-aded-17ab8ccf3e8b} - C:\Program Files\file2linkib\file2linkibX.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\DATAMN~1.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: WindowShopper - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - C:\Program Files\SuperFish\Superfish.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Click here to support the xp-AntiSpy project. - {0e921e80-267a-42aa-aee4-60b9a1222a44} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O9 - Extra 'Tools' menuitem: Support for xp-AntiSpy - {0e921e80-267a-42aa-aee4-60b9a1222a44} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O18 - Protocol: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~1\INBOXT~1\Inbox.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll
O20 - AppInit_DLLs: protector.dll c:\progra~1\bearsh~1\mediabar\datamngr\iebho.dll winmm.dll c:\windows\system32\guard32.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: bProtector - bProtector - C:\Documents and Settings\All Users\Data aplikací\bProtector\bProtect.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: InstallBrain Updater Service (InstallBrainService) - Unknown owner - C:\Program Files\InstallBrainService\InstallBrainService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: vToolbarUpdater - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe

--
End of file - 11428 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
&Crawler Toolbar Helper - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2011-03-11 1215224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2009-12-13 329312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG2012\avgssie.dll [2011-11-11 1378144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
UrlHelper Class - C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\IEBHO.dll [2011-02-08 721840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}]
WindowShopper - C:\Program Files\SuperFish\Superfish.dll [2011-11-17 279472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955}]
QIPBHO Class - C:\Documents and Settings\Dolní\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll [2009-06-17 119808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
AVG Security Toolbar - C:\Program Files\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll [2011-11-11 1451336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c23b756a-bd9f-4ca6-aded-17ab8ccf3e8b}]
File2LinkIB - C:\Program Files\file2linkib\file2linkibX.dll [2011-10-25 85288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c}]
MediaBar - C:\PROGRA~1\BEARSH~1\MediaBar\ToolBar\bsdtxmltbpi.dll [2011-01-18 87480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}]
Inbox Toolbar - C:\PROGRA~1\INBOXT~1\Inbox.dll [2011-02-10 871928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
PandoraTV Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2011-02-01 1487240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-08-17 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-08-17 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D7E97865-918F-41E4-9CD0-25AB1C574CE8} - &Inbox Toolbar - C:\PROGRA~1\INBOXT~1\Inbox.dll [2011-02-10 871928]
{4B3803EA-5230-4DC3-A7FC-33638F3D3542} - &Crawler lišta - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll [2011-03-11 1215224]
{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - MediaBar - C:\PROGRA~1\BEARSH~1\MediaBar\ToolBar\bsdtxmltbpi.dll [2011-01-18 87480]
{D4027C7F-154A-4066-A1AD-4243D8127440} - PandoraTV Toolbar - C:\Program Files\Ask.com\GenericAskToolbar.dll [2011-02-01 1487240]
{95B7759C-8C7F-4BF1-B163-73684A933233} - AVG Security Toolbar - C:\Program Files\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll [2011-11-11 1451336]
{c23b756a-bd9f-4ca6-aded-17ab8ccf3e8b} - File2LinkIB - C:\Program Files\file2linkib\file2linkibX.dll [2011-10-25 85288]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Smapp"=C:\Program Files\Analog Devices\SoundMAX\SMTray.exe [2003-05-05 143360]
"DATAMNGR"=C:\PROGRA~1\BEARSH~1\MediaBar\Datamngr\DATAMN~1.EXE [2011-02-08 1114040]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-12-13 198160]
"AVG_TRAY"=C:\Program Files\AVG\AVG2012\avgtray.exe [2011-10-24 2415456]
"vProt"=C:\Program Files\AVG Secure Search\vprot.exe [2011-10-28 218440]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2011-10-20 2497352]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\53110717]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-06-08 37296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate]
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe [2010-10-27 648536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\M5T8QL3YW3]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RIMBBLaunchAgent.exe]
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [2011-02-18 79192]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2010-03-09 26100520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2009-12-13 198160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~1\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="protector.dll c:\progra~1\bearsh~1\mediabar\datamngr\iebho.dll winmm.dll c:\windows\system32\guard32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll [2008-05-19 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoAutoUpdate"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Miranda IM\miranda32.exe"="C:\Program Files\Miranda IM\miranda32.exe:*:Enabled:Miranda IM"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\AVG\AVG2012\avgmfapx.exe"="C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:Instalátor AVG"
"C:\Program Files\AVG\AVG2012\avgnsx.exe"="C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Webový štít"
"C:\Program Files\AVG\AVG2012\avgdiagex.exe"="C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostika 2012"
"C:\Program Files\AVG\AVG2012\avgemcx.exe"="C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:Obecná kontrola pošty"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"MIDI2"=wdmaud.drv
"vidc.VP60"=C:\WINDOWS\system32\vp6vfw.dll
"vidc.VP61"=C:\WINDOWS\system32\vp6vfw.dll
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux"=wdmaud.drv
"wave"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer"=wdmaud.drv
"midi"=wdmaud.drv
"midi9"=wdmaud.drv

======List of files/folders created in the last 1 month======

2011-11-26 19:16:07 ----D---- C:\Program Files\trend micro
2011-11-26 19:16:02 ----D---- C:\rsit
2011-11-23 21:43:44 ----D---- C:\Program Files\Microsoft Bootvis
2011-11-23 21:32:31 ----D---- C:\Documents and Settings\Dolní\Data aplikací\PerformerSoft
2011-11-23 21:32:15 ----A---- C:\WINDOWS\system32\roboot.exe
2011-11-23 21:31:46 ----D---- C:\WINDOWS\system32\Extensions
2011-11-23 21:31:27 ----A---- C:\WINDOWS\system32\protector.dll
2011-11-23 21:31:23 ----D---- C:\Documents and Settings\All Users\Data aplikací\bProtector
2011-11-23 21:30:28 ----D---- C:\Program Files\SuperFish
2011-11-23 21:30:01 ----D---- C:\Documents and Settings\Dolní\Data aplikací\file2linkib
2011-11-23 21:29:56 ----D---- C:\Program Files\file2linkib
2011-11-23 21:29:26 ----D---- C:\Program Files\InstallBrainService
2011-11-18 18:27:33 ----D---- C:\Documents and Settings\All Users\Data aplikací\ZoomBrowser
2011-11-11 19:51:56 ----D---- C:\WINDOWS\system32\cache
2011-11-11 17:53:53 ----A---- C:\WINDOWS\system32\cmdcsr.dll
2011-11-05 20:04:25 ----D---- C:\Documents and Settings\All Users\Data aplikací\Comodo Downloader
2011-11-03 07:58:31 ----HDC---- C:\WINDOWS\$NtUninstallKB2567053$
2011-11-03 07:58:18 ----HDC---- C:\WINDOWS\$NtUninstallKB2592799$
2011-11-01 22:05:46 ----D---- C:\Documents and Settings\Dolní\Data aplikací\Comodo
2011-11-01 20:28:08 ----D---- C:\Documents and Settings\All Users\Data aplikací\Comodo
2011-11-01 20:24:54 ----D---- C:\Program Files\Comodo
2011-10-30 21:04:31 ----D---- C:\Documents and Settings\Dolní\Data aplikací\AVG
2011-10-28 18:47:27 ----HD---- C:\$AVG
2011-10-28 18:16:17 ----D---- C:\Documents and Settings\Dolní\Data aplikací\AVG2012
2011-10-28 18:13:26 ----D---- C:\Documents and Settings\Dolní\Data aplikací\AVG Secure Search
2011-10-28 18:13:18 ----D---- C:\Program Files\Common Files\AVG Secure Search
2011-10-28 18:13:17 ----D---- C:\Program Files\AVG Secure Search
2011-10-28 18:13:13 ----HD---- C:\Documents and Settings\All Users\Data aplikací\Common Files
2011-10-28 18:10:55 ----D---- C:\WINDOWS\system32\drivers\AVG
2011-10-28 18:10:55 ----D---- C:\Documents and Settings\All Users\Data aplikací\AVG2012
2011-10-28 18:04:23 ----D---- C:\Documents and Settings\All Users\Data aplikací\MFAData

======List of files/folders modified in the last 1 month======

2011-11-26 19:17:15 ----D---- C:\WINDOWS\Prefetch
2011-11-26 19:16:07 ----RD---- C:\Program Files
2011-11-26 19:00:48 ----D---- C:\WINDOWS\system32\CatRoot2
2011-11-26 19:00:20 ----D---- C:\WINDOWS\Temp
2011-11-26 18:14:17 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-11-24 19:20:09 ----D---- C:\Program Files\Opera
2011-11-23 21:46:03 ----SD---- C:\WINDOWS\Tasks
2011-11-23 21:43:50 ----SHD---- C:\WINDOWS\Installer
2011-11-23 21:32:15 ----D---- C:\WINDOWS\system32
2011-11-22 13:48:12 ----RSHD---- C:\WINDOWS\system32\dllcache
2011-11-18 18:47:38 ----D---- C:\WINDOWS\system32\ReinstallBackups
2011-11-18 18:46:47 ----HD---- C:\WINDOWS\inf
2011-11-18 18:29:03 ----D---- C:\Program Files\Canon
2011-11-18 18:00:08 ----A---- C:\WINDOWS\ULead32.ini
2011-11-18 11:58:52 ----D---- C:\Program Files\DeadDiskDoctor
2011-11-12 14:08:47 ----A---- C:\WINDOWS\WTRAN32.INI
2011-11-12 13:43:07 ----D---- C:\WINDOWS
2011-11-11 17:28:03 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2011-11-11 09:33:22 ----HD---- C:\WINDOWS\$hf_mig$
2011-11-10 22:36:38 ----D---- C:\Program Files\DVDIdle
2011-11-09 16:00:11 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-11-07 20:18:27 ----ASH---- C:\boot.ini
2011-11-07 20:18:27 ----A---- C:\WINDOWS\win.ini
2011-11-07 20:18:27 ----A---- C:\WINDOWS\system.ini
2011-11-05 20:54:47 ----D---- C:\WINDOWS\system32\drivers
2011-11-05 15:17:16 ----D---- C:\Program Files\AVG
2011-11-03 07:58:22 ----A---- C:\WINDOWS\imsins.BAK
2011-11-03 07:57:19 ----D---- C:\Program Files\Internet Explorer
2011-11-03 07:56:33 ----D---- C:\WINDOWS\ie8updates
2011-11-01 22:10:56 ----D---- C:\Program Files\Rozpisy pro Sportku - free verze 107
2011-11-01 20:53:41 ----D---- C:\WINDOWS\system32\drivers\etc
2011-10-28 19:40:02 ----D---- C:\Adobe
2011-10-28 18:13:18 ----RAD---- C:\Program Files\Common Files
2011-10-28 18:05:33 ----D---- C:\WINDOWS\WinSxS
2011-10-28 17:52:49 ----SD---- C:\Documents and Settings\Dolní\Data aplikací\Microsoft

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AVGIDSEH;AVGIDSEH; C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys [2011-07-11 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver; C:\WINDOWS\system32\DRIVERS\avgrkx86.sys [2011-09-13 32592]
R0 Inspect;COMODO Internet Security Firewall Driver; C:\WINDOWS\System32\DRIVERS\inspect.sys [2011-10-07 97760]
R0 sisagp;SiS AGP Filter; C:\WINDOWS\system32\DRIVERS\SISAGPX.sys [2003-07-18 36992]
R1 Avgldx86;AVG AVI Loader Driver; C:\WINDOWS\system32\DRIVERS\avgldx86.sys [2011-10-07 230608]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield; C:\WINDOWS\system32\DRIVERS\avgmfx86.sys [2011-08-08 40016]
R1 Avgtdix;AVG TDI Driver; C:\WINDOWS\system32\DRIVERS\avgtdix.sys [2011-07-11 295248]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2011-10-07 492768]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2011-10-07 31704]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R2 Aspi32;Aspi32; C:\WINDOWS\system32\drivers\Aspi32.sys [2002-07-17 16877]
R2 Pv848;ProVideo, PV-956 WDM Video Capture; C:\WINDOWS\system32\drivers\Pv848.sys [2003-10-28 71151]
R2 PVTUNER;ProVideo, PV-956 WDM TvTuner; C:\WINDOWS\system32\drivers\PvTUNER.sys [2003-10-28 32930]
R2 PVXBAR;ProVideo, PV-956 WDM Crossbar; C:\WINDOWS\system32\drivers\PvXBAR.sys [2003-10-28 14352]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 AVGIDSDriver;AVGIDSDriver; C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys [2011-07-11 134608]
R3 AVGIDSFilter;AVGIDSFilter; C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys [2011-07-11 24272]
R3 AVGIDSShim;AVGIDSShim; C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys [2011-10-04 16720]
R3 Dot4;Ovladač MS IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-13 206976]
R3 Dot4Print;Ovladač třídy tiskárny standardu IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-04-13 1897408]
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2009-01-09 27136]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-10-25 5888]
R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\system32\DRIVERS\sisnic.sys [2008-04-13 32768]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-08-29 578304]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 RimUsb;zařízení BlackBerry Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys [2011-02-16 64000]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2009-11-12 7168]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-05-19 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-05-19 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog; C:\Program Files\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
R2 bProtector;bProtector; C:\Documents and Settings\All Users\Data aplikací\bProtector\bProtect.exe [2011-11-23 803328]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2009-09-08 96334]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2011-10-07 1883328]
R2 InstallBrainService;InstallBrain Updater Service; C:\Program Files\InstallBrainService\InstallBrainService.exe [2011-11-23 273912]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-08-17 153376]
R2 NMSAccess;NMSAccess; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2010-03-04 71096]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 vToolbarUpdater;vToolbarUpdater; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe [2011-10-28 246600]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Dobré ranko

Máte tam málo místa na disku. Odinstalujte Všechny zbytečné toolbary.

Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe
-uložte ho na plochu a spustte soubor OTL.exe.
-do bílého okna dole skopírujte tento skript:

Kód: Vybrat vše

netsvcs
drivers32
savembr:0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s

/md5start
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
hal.dll
logevent.dll
netlogon.dll
ntelogon.dll
scecli.dll
sceclt.dll
ws2_32.dll
autochk.exe
csrss.exe
explorer.exe
lsass.exe
services.exe
smss.exe
spoolsv.exe
svchost.exe
userinit.exe
winlogon.exe
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
cdrom.sys
Changer.sys
fastfat.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys
JakNDis.sys
KR10N.sys
mv61xx.sys
ndis.sys
ntfs.sys
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys
nvrd32.sys
nvstor.sys
nvstor32.sys
symmpi.sys
tcpip.sys
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
/md5stop

C:\windows\system32\spool\prtprocs|dll;true;true;true /FP
%systemroot%\system32\drivers\*.sys /5
%systemroot%\system32\drivers\*.sys /X
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\*.* /5
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\config\*.sav
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\*.* /U /s
%systemroot%\*. /mp /s
%ALLUSERSPROFILE%\Data Aplikací\*.*
%ALLUSERSPROFILE%\Data Aplikací\*.exe /s
%ALLUSERSPROFILE%\Dáta aplikácií\*.*
%ALLUSERSPROFILE%\Dáta aplikácií\*.exe /s
%APPDATA%\*.
%APPDATA%\*.*
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe


HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS /s
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager" /v BootExecute /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager" /v "PendingFileRenameOperations" /c

type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5

- zaškrtněte okénko Pro všechny uživatele.
-označte okénka Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
- Klikněte na tlačítko Prohledat
-po dokončení skenu se objeví logy OTL.Txt a Extras.txt, vložte je zde

OTL logfile created on: 27.11.2011 18:40:45 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = F:\Nové nástroje
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

767,53 Mb Total Physical Memory | 458,18 Mb Available Physical Memory | 59,69% Memory free
1,71 Gb Paging File | 1,21 Gb Available in Paging File | 71,06% Paging File free
Paging file location(s): D:\pagefile.sys 1024 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19,53 Gb Total Space | 2,69 Gb Free Space | 13,77% Space Free | Partition Type: NTFS
Drive D: | 11,95 Gb Total Space | 3,98 Gb Free Space | 33,34% Space Free | Partition Type: FAT32
Drive F: | 963,70 Mb Total Space | 167,06 Mb Free Space | 17,34% Space Free | Partition Type: FAT

Computer Name: DOLNI | User Name: Dolní | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.11.23 21:31:27 | 000,803,328 | ---- | M] (bProtector) -- C:\Documents and Settings\All Users\Data aplikací\bProtector\bProtect.exe
PRC - [2011.11.23 21:21:16 | 000,273,912 | ---- | M] () -- C:\Program Files\InstallBrainService\InstallBrainService.exe
PRC - [2011.11.22 16:03:02 | 000,584,192 | ---- | M] (OldTimer Tools) -- F:\Nové nástroje\OTL.exe
PRC - [2011.10.28 18:13:21 | 000,246,600 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe
PRC - [2011.10.28 18:13:17 | 000,218,440 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2011.10.24 20:29:16 | 002,415,456 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
PRC - [2011.10.20 12:58:40 | 002,497,352 | ---- | M] (COMODO) -- C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
PRC - [2011.10.18 06:14:54 | 001,229,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
PRC - [2011.10.12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011.10.10 06:23:34 | 000,973,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
PRC - [2011.10.07 18:47:13 | 001,883,328 | ---- | M] (COMODO) -- C:\Program Files\Comodo\COMODO Internet Security\cmdagent.exe
PRC - [2011.09.08 19:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011.08.15 05:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2011.08.02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
PRC - [2011.02.08 18:21:52 | 001,114,040 | ---- | M] (MusicLab, LLC) -- C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe
PRC - [2010.03.04 21:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009.12.13 14:37:00 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009.09.08 17:25:52 | 000,096,334 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2008.04.14 05:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003.05.05 07:57:30 | 000,143,360 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
PRC - [2002.09.20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

========== Modules (No Company Name) ==========

MOD - [2011.11.23 21:31:27 | 000,748,544 | ---- | M] () -- C:\WINDOWS\system32\protector.dll
MOD - [2011.11.23 21:21:16 | 000,273,912 | ---- | M] () -- C:\Program Files\InstallBrainService\InstallBrainService.exe
MOD - [2011.10.28 18:13:21 | 000,246,600 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe
MOD - [2011.10.28 18:13:17 | 000,218,440 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2010.03.04 21:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011.11.23 21:31:27 | 000,803,328 | ---- | M] (bProtector) [Auto | Running] -- C:\Documents and Settings\All Users\Data aplikací\bProtector\bProtect.exe -- (bProtector)
SRV - [2011.11.23 21:21:16 | 000,273,912 | ---- | M] () [Auto | Running] -- C:\Program Files\InstallBrainService\InstallBrainService.exe -- (InstallBrainService)
SRV - [2011.10.28 18:13:21 | 000,246,600 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe -- (vToolbarUpdater)
SRV - [2011.10.12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011.10.07 18:47:13 | 001,883,328 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2011.08.02 05:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2010.03.04 21:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2009.09.08 17:25:52 | 000,096,334 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2002.09.20 15:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))

========== Driver Services (SafeList) ==========

DRV - [2011.10.07 18:48:02 | 000,097,760 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect)
DRV - [2011.10.07 18:48:01 | 000,031,704 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2011.10.07 18:48:00 | 000,492,768 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2011.10.07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011.10.04 06:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011.09.13 05:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011.08.08 05:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011.07.11 00:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011.07.11 00:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011.07.11 00:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011.07.11 00:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2009.11.12 12:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2008.04.14 06:10:02 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008.04.13 21:05:40 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2003.10.28 15:06:16 | 000,014,352 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PvXBAR.sys -- (PVXBAR)
DRV - [2003.10.28 15:05:26 | 000,071,151 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Pv848.sys -- (Pv848)
DRV - [2003.10.28 15:04:18 | 000,032,930 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PvTUNER.sys -- (PVTUNER)
DRV - [2003.07.18 02:58:20 | 000,036,992 | R--- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys -- (sisagp)
DRV - [2002.07.17 07:53:02 | 000,016,877 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\aspi32.BAK -- (Aspi32)
DRV - [2001.08.17 21:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.goonsearch.com/?source=IBR-IB-PDP-INS-HP

IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1078081533-492894223-1606980848-1003\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.goonsearch.com/?source=IBR-IB-PDP-INS-HP
IE - HKU\S-1-5-21-1078081533-492894223-1606980848-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
IE - HKU\S-1-5-21-1078081533-492894223-1606980848-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
IE - HKU\S-1-5-21-1078081533-492894223-1606980848-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox.com/search/dispatc ... &%language
IE - HKU\S-1-5-21-1078081533-492894223-1606980848-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
IE - HKU\S-1-5-21-1078081533-492894223-1606980848-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKU\S-1-5-21-1078081533-492894223-1606980848-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
IE - HKU\S-1-5-21-1078081533-492894223-1606980848-1003\..\URLSearchHook: {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\Dolní\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
IE - HKU\S-1-5-21-1078081533-492894223-1606980848-1003\..\URLSearchHook: {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
IE - HKU\S-1-5-21-1078081533-492894223-1606980848-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG2012\Firefox\ [2011.11.05 20:53:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011.11.22 13:42:05 | 000,000,000 | ---D | M]

========== Chrome ==========

O1 HOSTS File: ([2011.11.01 20:53:41 | 000,437,882 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15062 more lines...
O2 - BHO: (&Crawler Toolbar Helper) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (UrlHelper Class) - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\MediaBar\Datamngr\IEBHO.dll (MusicLab, LLC)
O2 - BHO: (WindowShopper) - {74F475FA-6C75-43BD-AAB9-ECDA6184F600} - C:\Program Files\SuperFish\Superfish.dll (Superfish)
O2 - BHO: (QIPBHO Class) - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\Dolní\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll ()
O2 - BHO: (File2LinkIB) - {c23b756a-bd9f-4ca6-aded-17ab8ccf3e8b} - C:\Program Files\file2linkib\file2linkibX.dll ()
O2 - BHO: (MediaBar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\Program Files\BearShare Applications\MediaBar\ToolBar\bsdtxmltbpi.dll ()
O2 - BHO: (Inbox Toolbar) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O2 - BHO: (PandoraTV Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (&Crawler lišta) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (File2LinkIB) - {c23b756a-bd9f-4ca6-aded-17ab8ccf3e8b} - C:\Program Files\file2linkib\file2linkibX.dll ()
O3 - HKLM\..\Toolbar: (MediaBar) - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\Program Files\BearShare Applications\MediaBar\ToolBar\bsdtxmltbpi.dll ()
O3 - HKLM\..\Toolbar: (PandoraTV Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-1078081533-492894223-1606980848-1003\..\Toolbar\WebBrowser: (&Crawler lišta) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O3 - HKU\S-1-5-21-1078081533-492894223-1606980848-1003\..\Toolbar\WebBrowser: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\BearShare Applications\MediaBar\Datamngr\datamngrUI.exe (MusicLab, LLC)
O4 - HKLM..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKU\.DEFAULT..\Run: [jusched] %APPDATA%\jusched.exe File not found
O4 - HKU\S-1-5-18..\Run: [jusched] %APPDATA%\jusched.exe File not found
O4 - HKU\.DEFAULT..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe File not found
O4 - HKU\S-1-5-18..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found
O4 - HKU\S-1-5-20..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1078081533-492894223-1606980848-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1078081533-492894223-1606980848-1003\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-1078081533-492894223-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1078081533-492894223-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoUpdate = 1
O8 - Extra context menu item: Crawler Search - tbr:iemenu File not found
O9 - Extra Button: WindowShopper - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - C:\Program Files\SuperFish\Superfish.dll (Superfish)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - mswsock.dll File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8862CCCC-5EBE-4341-A372-BCF758AA33EE}: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Program Files\Crawler\Toolbar\ctbr.dll (Crawler.com)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll ()
O20 - AppInit_DLLs: (protector.dll) -C:\WINDOWS\System32\protector.dll ()
O20 - AppInit_DLLs: (c:\progra~1\bearsh~1\mediabar\datamngr\iebho.dll) -c:\Program Files\BearShare Applications\MediaBar\Datamngr\IEBHO.dll (MusicLab, LLC)
O20 - AppInit_DLLs: (c:\windows\system32\guard32.dll) -C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Dolní\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dolní\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.05.24 20:05:44 | 000,000,141 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008.02.02 15:14:36 | 000,000,170 | -HS- | M] () - C:\AUTOEXEC.DOS -- [ NTFS ]
O32 - AutoRun File - [2008.02.02 16:08:08 | 000,000,170 | ---- | M] () - C:\AUTOEXEC.NU4 -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: SSHNAS - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2011.11.26 23:34:52 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Dolní\Recent
[2011.11.26 19:16:07 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011.11.26 19:16:02 | 000,000,000 | ---D | C] -- C:\rsit
[2011.11.23 21:43:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dolní\Nabídka Start\Programy\Microsoft Bootvis
[2011.11.23 21:43:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Bootvis
[2011.11.23 21:32:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dolní\Data aplikací\PerformerSoft
[2011.11.23 21:32:15 | 000,017,456 | ---- | C] (PerformerSoft LLC) -- C:\WINDOWS\System32\roboot.exe
[2011.11.23 21:31:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Extensions
[2011.11.23 21:31:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\bProtector
[2011.11.23 21:30:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dolní\Nabídka Start\Programy\SpecialSavings
[2011.11.23 21:30:28 | 000,000,000 | ---D | C] -- C:\Program Files\SuperFish
[2011.11.23 21:30:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dolní\Data aplikací\file2linkib
[2011.11.23 21:29:56 | 000,000,000 | ---D | C] -- C:\Program Files\file2linkib
[2011.11.23 21:29:26 | 000,000,000 | ---D | C] -- C:\Program Files\InstallBrainService
[2011.11.20 19:52:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dolní\Plocha\Testování
[2011.11.18 18:27:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\ZoomBrowser
[2011.11.18 18:27:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Canon Utilities
[2011.11.11 19:51:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\cache
[2011.11.11 17:53:53 | 000,033,984 | ---- | C] (COMODO) -- C:\WINDOWS\System32\cmdcsr.dll
[2011.11.05 20:20:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\COMODO
[2011.11.05 20:04:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Comodo Downloader
[2011.11.01 22:05:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dolní\Data aplikací\Comodo
[2011.11.01 20:28:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Comodo
[2011.11.01 20:24:54 | 000,000,000 | ---D | C] -- C:\Program Files\Comodo
[2011.10.30 21:04:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dolní\Data aplikací\AVG
[2011.10.28 18:47:27 | 000,000,000 | -H-D | C] -- C:\$AVG
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.11.27 18:43:40 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2011.11.27 18:18:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.11.27 18:18:23 | 804,884,480 | -HS- | M] () -- C:\hiberfil.sys
[2011.11.27 17:50:07 | 110,885,427 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011.11.26 15:37:13 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.11.23 21:32:28 | 000,001,661 | ---- | M] () -- C:\Documents and Settings\All Users\Data aplikací\repository.xml
[2011.11.23 21:31:27 | 000,748,544 | ---- | M] () -- C:\WINDOWS\System32\protector.dll
[2011.11.22 13:42:06 | 000,000,720 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\AVG 2012.lnk
[2011.11.18 18:56:28 | 000,114,933 | -H-- | M] () -- C:\ZbThumbnail.info
[2011.11.18 18:27:33 | 000,000,929 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\ZoomBrowser EX.lnk
[2011.11.18 18:00:08 | 000,000,410 | ---- | M] () -- C:\WINDOWS\ULead32.ini
[2011.11.12 14:08:47 | 000,004,692 | ---- | M] () -- C:\WINDOWS\WTRAN32.INI
[2011.11.12 14:08:47 | 000,000,000 | ---- | M] () -- C:\WINDOWS\XXLGSC
[2011.11.11 17:46:24 | 001,775,842 | ---- | M] () -- C:\Documents and Settings\Dolní\Plocha\Geologické epochy.psd
[2011.11.09 16:00:12 | 000,432,928 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.11.09 16:00:12 | 000,429,454 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2011.11.09 16:00:12 | 000,078,466 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2011.11.09 16:00:12 | 000,067,884 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.11.07 20:18:27 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2011.11.05 20:20:18 | 000,001,653 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\COMODO Firewall.lnk
[2011.11.03 12:20:08 | 000,114,968 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.11.02 15:16:08 | 000,017,456 | ---- | M] (PerformerSoft LLC) -- C:\WINDOWS\System32\roboot.exe
[2011.11.01 20:53:41 | 000,437,882 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011.10.31 17:40:19 | 000,018,405 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.11.27 18:43:40 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2011.11.23 21:32:27 | 000,001,661 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\repository.xml
[2011.11.23 21:31:27 | 000,748,544 | ---- | C] () -- C:\WINDOWS\System32\protector.dll
[2011.11.18 18:27:33 | 000,000,929 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\ZoomBrowser EX.lnk
[2011.11.05 20:20:18 | 000,001,653 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\COMODO Firewall.lnk
[2011.11.01 20:26:03 | 000,000,211 | ---- | C] () -- C:\boot.ini.comodofirewall
[2011.07.19 19:34:29 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2011.01.02 20:10:55 | 000,473,384 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\FontCache3.0.0.0.dat
[2010.10.01 11:18:28 | 000,000,067 | ---- | C] () -- C:\WINDOWS\DVDIdle.INI
[2010.06.27 20:19:10 | 000,000,041 | -HS- | C] () -- C:\Documents and Settings\All Users\Data aplikací\.zreglib
[2010.04.01 12:48:57 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010.01.22 22:07:15 | 000,000,057 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009.12.30 13:06:29 | 000,135,168 | ---- | C] () -- C:\WINDOWS\AmCap5a.exe
[2009.12.30 13:06:29 | 000,004,604 | ---- | C] () -- C:\WINDOWS\ALIAS.INI
[2009.12.30 13:06:29 | 000,003,977 | ---- | C] () -- C:\WINDOWS\PV_Tuner.ini
[2009.12.30 13:06:29 | 000,003,450 | ---- | C] () -- C:\WINDOWS\FINETUNE.INI
[2009.12.30 13:06:29 | 000,003,107 | ---- | C] () -- C:\WINDOWS\REMAP.INI
[2009.12.30 13:06:29 | 000,003,073 | ---- | C] () -- C:\WINDOWS\frequency.ini
[2009.12.30 13:06:29 | 000,001,571 | ---- | C] () -- C:\WINDOWS\HOL.INI
[2009.12.30 13:06:29 | 000,001,115 | ---- | C] () -- C:\WINDOWS\AUS.INI
[2009.12.30 13:06:29 | 000,000,895 | ---- | C] () -- C:\WINDOWS\TAIWAN.INI
[2009.12.30 13:06:29 | 000,000,881 | ---- | C] () -- C:\WINDOWS\US.INI
[2009.12.30 13:06:29 | 000,000,875 | ---- | C] () -- C:\WINDOWS\ROMANIA-MSDN.INI
[2009.12.30 13:06:29 | 000,000,868 | ---- | C] () -- C:\WINDOWS\FRANCE.INI
[2009.12.30 13:06:29 | 000,000,817 | ---- | C] () -- C:\WINDOWS\OIRT.INI
[2009.12.30 13:06:29 | 000,000,751 | ---- | C] () -- C:\WINDOWS\IC.INI
[2009.12.30 13:06:29 | 000,000,711 | ---- | C] () -- C:\WINDOWS\FOT.INI
[2009.12.30 13:06:29 | 000,000,651 | ---- | C] () -- C:\WINDOWS\ANGOLA.INI
[2009.12.30 13:06:29 | 000,000,648 | ---- | C] () -- C:\WINDOWS\UK.INI
[2009.12.30 13:06:29 | 000,000,648 | ---- | C] () -- C:\WINDOWS\CCIR.INI
[2009.12.30 13:06:29 | 000,000,641 | ---- | C] () -- C:\WINDOWS\CHINA.INI
[2009.12.30 13:06:29 | 000,000,625 | ---- | C] () -- C:\WINDOWS\SA.INI
[2009.12.30 13:06:29 | 000,000,618 | ---- | C] () -- C:\WINDOWS\IR.INI
[2009.12.30 13:06:29 | 000,000,616 | ---- | C] () -- C:\WINDOWS\MO.INI
[2009.12.30 13:06:29 | 000,000,615 | ---- | C] () -- C:\WINDOWS\NZ.INI
[2009.12.30 13:06:29 | 000,000,615 | ---- | C] () -- C:\WINDOWS\NE.INI
[2009.12.30 13:06:29 | 000,000,607 | ---- | C] () -- C:\WINDOWS\IN.INI
[2009.12.30 13:06:29 | 000,000,602 | ---- | C] () -- C:\WINDOWS\ROMANIA.INI
[2009.12.30 13:06:29 | 000,000,587 | ---- | C] () -- C:\WINDOWS\JAPAN.INI
[2009.12.30 13:06:29 | 000,000,567 | ---- | C] () -- C:\WINDOWS\IT.INI
[2009.12.30 13:06:29 | 000,000,555 | ---- | C] () -- C:\WINDOWS\ISR.INI
[2009.12.30 13:06:29 | 000,000,481 | ---- | C] () -- C:\WINDOWS\RUSSIA.INI
[2009.12.13 14:43:18 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009.06.06 21:38:04 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009.06.02 19:19:18 | 000,001,123 | ---- | C] () -- C:\WINDOWS\mgreg.ini
[2009.06.02 19:19:04 | 000,000,030 | ---- | C] () -- C:\WINDOWS\mgwin.ini
[2009.05.31 12:40:38 | 000,000,390 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009.05.30 15:51:05 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2009.05.30 15:49:59 | 000,003,021 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009.05.30 15:49:53 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009.05.30 14:46:36 | 000,004,692 | ---- | C] () -- C:\WINDOWS\WTRAN32.INI
[2009.05.30 12:18:08 | 000,000,410 | ---- | C] () -- C:\WINDOWS\ULead32.ini
[2009.05.30 10:41:08 | 000,010,240 | ---- | C] () -- C:\Documents and Settings\Dolní\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.05.30 10:22:24 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009.05.30 10:09:51 | 000,022,916 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009.05.30 10:02:36 | 000,004,249 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009.05.30 10:01:11 | 000,114,968 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008.08.19 16:39:57 | 000,000,016 | ---- | C] () -- C:\Program Files\Common Files\dht342126
[2008.04.14 06:16:08 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008.02.02 13:52:23 | 000,011,253 | -H-- | C] () -- C:\Program Files\folder.htt
[2006.12.31 04:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004.12.31 18:35:42 | 000,000,237 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2001.10.25 15:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001.10.25 15:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001.10.25 15:00:00 | 000,432,928 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001.10.25 15:00:00 | 000,429,454 | ---- | C] () -- C:\WINDOWS\System32\perfh005.dat
[2001.10.25 15:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001.10.25 15:00:00 | 000,269,162 | ---- | C] () -- C:\WINDOWS\System32\perfi005.dat
[2001.10.25 15:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001.10.25 15:00:00 | 000,078,466 | ---- | C] () -- C:\WINDOWS\System32\perfc005.dat
[2001.10.25 15:00:00 | 000,067,884 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001.10.25 15:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001.10.25 15:00:00 | 000,032,072 | ---- | C] () -- C:\WINDOWS\System32\perfd005.dat
[2001.10.25 15:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001.10.25 15:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001.10.25 15:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2009.11.10 23:19:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\22718222
[2011.04.05 16:23:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\34186
[2010.04.14 00:02:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\53110717
[2011.11.05 19:42:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\AVG2012
[2011.11.23 21:31:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\bProtector
[2010.04.01 12:49:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Canneverbe Limited
[2011.10.28 18:13:13 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\Common Files
[2011.09.01 19:54:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Kristanix Games
[2011.11.27 17:50:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\MFAData
[2011.06.12 16:13:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\PhotoStitch
[2011.07.19 19:33:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Research In Motion
[2011.11.11 17:28:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2011.01.23 17:58:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cernopolak\Data aplikací\aAvgApi
[2011.11.06 10:52:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cernopolak\Data aplikací\AVG Secure Search
[2011.10.28 21:28:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cernopolak\Data aplikací\AVG2012
[2011.07.03 16:29:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cernopolak\Data aplikací\bsbandmltbpi
[2011.09.04 19:06:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cernopolak\Data aplikací\Canneverbe Limited
[2011.11.23 22:17:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cernopolak\Data aplikací\file2linkib
[2011.10.13 20:26:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cernopolak\Data aplikací\Inbox Toolbar
[2011.01.09 15:30:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cernopolak\Data aplikací\Jpeg Resampler
[2011.11.06 10:52:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cernopolak\Data aplikací\mediabarbs
[2011.05.22 12:56:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cernopolak\Data aplikací\Opera
[2011.07.25 13:11:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cernopolak\Data aplikací\Research In Motion
[2011.02.06 16:51:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Cernopolak\Data aplikací\Zoner
[2010.04.05 11:03:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dolní\Data aplikací\aAvgApi
[2011.10.30 21:11:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dolní\Data aplikací\AVG
[2011.10.28 18:13:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dolní\Data aplikací\AVG Secure Search
[2011.10.28 18:16:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dolní\Data aplikací\AVG2012
[2011.05.07 11:07:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dolní\Data aplikací\bsbandmltbpi
[2010.04.01 12:49:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dolní\Data aplikací\Canneverbe Limited
[2011.11.23 21:30:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dolní\Data aplikací\file2linkib
[2010.11.07 15:07:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dolní\Data aplikací\Inbox Toolbar
[2011.06.25 16:00:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dolní\Data aplikací\mediabarbs
[2011.10.03 19:42:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dolní\Data aplikací\NeuroProgrammer3
[2009.05.30 10:48:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dolní\Data aplikací\Opera
[2011.11.23 21:45:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dolní\Data aplikací\PerformerSoft
[2009.05.30 12:11:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dolní\Data aplikací\ProfiCAD
[2009.06.28 16:10:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dolní\Data aplikací\QIP
[2011.09.02 23:26:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dolní\Data aplikací\Research In Motion
[2011.09.01 19:50:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dolní\Data aplikací\Rovio
[2009.07.12 19:24:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dolní\Data aplikací\Zoner
[2011.10.30 22:05:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Data aplikací\AVG2012
[2011.07.28 13:55:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Data aplikací\Opera

========== Purity Check ==========

========== Custom Scans ==========

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"CTFMON.EXE" = C:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 05:52:18 | 000,015,360 | ---- | M] (Microsoft Corporation)
"MSMSGS" = "C:\Program Files\Messenger\msmsgs.exe" /background -- [2008.04.14 07:52:38 | 001,695,232 | ---- | M] (Microsoft Corporation)

< >

< MD5 for: AGP440.SYS >
[2008.04.14 06:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.04.14 06:10:02 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2008.04.14 06:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.04.13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2008.04.14 05:52:12 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\system32\autochk.exe
[2008.04.14 05:52:12 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\system32\dllcache\autochk.exe

< MD5 for: CDROM.SYS >
[2008.04.14 06:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2008.04.13 21:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys

< MD5 for: CRYPTSVC.DLL >
[2008.04.14 05:51:40 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\cryptsvc.dll
[2008.04.14 05:51:40 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\dllcache\cryptsvc.dll

< MD5 for: CSRSS.EXE >
[2008.04.14 05:52:18 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=628CE66E3FD35BFC7969DBAC245DC069 -- C:\WINDOWS\system32\csrss.exe
[2008.04.14 05:52:18 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=628CE66E3FD35BFC7969DBAC245DC069 -- C:\WINDOWS\system32\dllcache\csrss.exe

< MD5 for: EVENTLOG.DLL >
[2008.04.14 05:51:42 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008.04.14 05:51:42 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008.04.14 05:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 05:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: FASTFAT.SYS >
[2008.04.13 21:44:30 | 000,143,744 | ---- | M] (Microsoft Corporation) MD5=38D332A6D56AF32635675F132548343E -- C:\WINDOWS\system32\dllcache\fastfat.sys
[2008.04.13 21:44:30 | 000,143,744 | ---- | M] (Microsoft Corporation) MD5=38D332A6D56AF32635675F132548343E -- C:\WINDOWS\system32\drivers\fastfat.sys

< MD5 for: HAL.DLL >
[2008.04.14 06:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2008.04.13 21:01:30 | 000,131,840 | ---- | M] (Microsoft Corporation) MD5=6F61D3287A6A15A08A9433222C09D17F -- C:\WINDOWS\system32\hal.dll

< MD5 for: CHANGER.SYS >
[2008.04.14 06:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys

< MD5 for: IASTOR.SYS >
[2008.06.23 11:12:16 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\WINDOWS\NLDRV\001\iastor.sys

< MD5 for: ISAPNP.SYS >
[2008.04.14 06:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2008.04.14 04:57:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\drivers\isapnp.sys

< MD5 for: LSASS.EXE >
[2008.04.14 05:52:30 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\dllcache\lsass.exe
[2008.04.14 05:52:30 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\lsass.exe

< MD5 for: NDIS.SYS >
[2008.04.13 21:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\dllcache\ndis.sys
[2008.04.13 21:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys

< MD5 for: NETLOGON.DLL >
[2008.04.14 05:51:52 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008.04.14 05:51:52 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: NTFS.SYS >
[2008.04.13 21:45:54 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\system32\dllcache\ntfs.sys
[2008.04.13 21:45:54 | 000,574,976 | ---- | M] (Microsoft Corporation) MD5=78A08DD6A8D65E697C18E1DB01C5CDCA -- C:\WINDOWS\system32\drivers\ntfs.sys

< MD5 for: SCECLI.DLL >
[2008.04.14 05:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008.04.14 05:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SERVICES.EXE >
[2009.02.09 11:18:56 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=3D107D45CCFDB266E91D84B52CD7F430 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2009.02.09 11:25:58 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=9EF697AF07BB8DD82C3B02CA953A95B7 -- C:\WINDOWS\system32\dllcache\services.exe
[2009.02.09 11:25:58 | 000,111,104 | ---- | M] (Microsoft Corporation) MD5=9EF697AF07BB8DD82C3B02CA953A95B7 -- C:\WINDOWS\system32\services.exe

< MD5 for: SMSS.EXE >
[2008.04.14 05:52:48 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\dllcache\smss.exe
[2008.04.14 05:52:48 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\smss.exe

< MD5 for: SPOOLSV.EXE >
[2010.08.17 14:19:36 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=258DD5D4283FD9F9A7166BE9AE45CE73 -- C:\WINDOWS\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[2010.08.17 14:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\system32\dllcache\spoolsv.exe
[2010.08.17 14:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) MD5=60784F891563FB1B767F70117FC2428F -- C:\WINDOWS\system32\spoolsv.exe

< MD5 for: SVCHOST.EXE >
[2008.04.14 05:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\dllcache\svchost.exe
[2008.04.14 05:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe

< MD5 for: TCPIP.SYS >
[2008.06.20 11:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 11:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2008.06.20 12:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[2008.06.20 11:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.04.14 05:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008.04.14 05:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2008.04.14 05:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008.04.14 05:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WS2_32.DLL >
[2008.04.14 05:52:08 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\dllcache\ws2_32.dll
[2008.04.14 05:52:08 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\ws2_32.dll

< >

< C:\windows\system32\spool\prtprocs|dll;true;true;true /FP >
[2008.07.06 12:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2008.07.06 12:06:10 | 000,147,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\x64\filterpipelineprintproc.dll

< %systemroot%\system32\drivers\*.sys /5 >

< %systemroot%\system32\drivers\*.sys /X >
[2002.07.17 07:53:02 | 000,016,877 | ---- | M] (Adaptec) -- C:\WINDOWS\system32\drivers\aspi32.BAK
[2001.10.25 15:00:00 | 003,440,660 | ---- | M] () -- C:\WINDOWS\system32\drivers\gm.dls
[2001.10.25 15:00:00 | 000,000,646 | ---- | M] () -- C:\WINDOWS\system32\drivers\gmreadme.txt
[2011.07.19 19:16:36 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2011.07.19 19:16:38 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\system32\drivers\Msft_Kernel_RimUsb_01009.Wdf

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\*.* /5 >
[2011.11.23 21:31:27 | 000,748,544 | ---- | M] () -- C:\WINDOWS\system32\protector.dll
[2011.11.26 15:37:13 | 000,002,206 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\config\*.sav >
[2010.02.04 17:27:16 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010.02.04 17:17:18 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav
[2010.02.04 17:27:16 | 019,136,512 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010.02.04 17:27:18 | 004,718,592 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\*.* /U /s >
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[15 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[11 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]
[1 C:\WINDOWS\Installer\{FD8E178D-8B4E-42DA-B434-EFF270329B1C}\*.tmp files -> C:\WINDOWS\Installer\{FD8E178D-8B4E-42DA-B434-EFF270329B1C}\*.tmp -> ]
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
[10 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> ]

< %systemroot%\*. /mp /s >

< %ALLUSERSPROFILE%\Data Aplikací\*.* >
[2010.06.27 20:19:12 | 000,000,041 | -HS- | M] () -- C:\Documents and Settings\All Users\Data Aplikací\.zreglib
[2010.02.04 17:29:22 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Data Aplikací\desktop.ini
[2011.11.23 21:32:28 | 000,001,661 | ---- | M] () -- C:\Documents and Settings\All Users\Data Aplikací\repository.xml

< %ALLUSERSPROFILE%\Data Aplikací\*.exe /s >
[2011.10.28 20:18:38 | 005,595,488 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\All Users\Data Aplikací\AVG2012\update\backup\avgmfapx.exe
[2011.11.23 21:31:27 | 000,803,328 | ---- | M] (bProtector) -- C:\Documents and Settings\All Users\Data Aplikací\bProtector\bProtect.exe
[2011.06.30 09:37:06 | 000,198,984 | ---- | M] () -- C:\Documents and Settings\All Users\Data Aplikací\Comodo\Installer\ComodoCleanup.exe
[5 C:\Documents and Settings\All Users\Data Aplikací\Comodo\Installer\*.tmp files -> C:\Documents and Settings\All Users\Data Aplikací\Comodo\Installer\*.tmp -> ]

< %ALLUSERSPROFILE%\Dáta aplikácií\*.* >

< %ALLUSERSPROFILE%\Dáta aplikácií\*.exe /s >

< %APPDATA%\*. >
[2010.04.05 11:03:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dolní\Data aplikací\aAvgApi
[2009.05.30 10:44:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dolní\Data aplikací\Adobe
[2009.05.30 10:44:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dolní\Data aplikací\AdobeUM
[2011.10.30 21:11:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dolní\Data aplikací\AVG
[2011.10.28 18:13:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dolní\Data aplikací\AVG Secure Search
[2011.10.28 18:16:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dolní\Data aplikací\AVG2012
[2010.02.04 18:32:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dolní\Data aplikací\AVG8
[2011.05.07 11:07:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dolní\Data aplikací\bsbandmltbpi
[2010.04.01 12:49:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dolní\Data aplikací\Canneverbe Limited
[2011.01.02 18:03:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dolní\Data aplikací\CANON INC
[2011.11.01 22:05:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dolní\Data aplikací\Comodo
[2011.11.23 21:30:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dolní\Data aplikací\file2linkib
[2011.05.07 11:05:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dolní\Data aplikací\Google
[2010.01.29 13:27:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dolní\Data aplikací\Help
[2009.05.30 10:27:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dolní\Data aplikací\Identities
[2010.11.07 15:07:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dolní\Data aplikací\Inbox Toolbar
[2009.05.30 11:28:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dolní\Data aplikací\Macromedia
[2011.06.25 16:00:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dolní\Data aplikací\mediabarbs
[2011.10.28 17:52:49 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Dolní\Data aplikací\Microsoft
[2011.10.03 19:42:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dolní\Data aplikací\NeuroProgrammer3
[2010.07.24 19:17:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dolní\Data aplikací\Norton Utilities 14
[2009.05.30 10:48:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dolní\Data aplikací\Opera
[2011.11.23 21:45:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dolní\Data aplikací\PerformerSoft
[2009.05.30 12:11:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dolní\Data aplikací\ProfiCAD
[2009.06.28 16:10:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dolní\Data aplikací\QIP
[2009.12.13 14:36:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dolní\Data aplikací\Real
[2011.09.02 23:26:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dolní\Data aplikací\Research In Motion
[2011.09.01 19:50:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dolní\Data aplikací\Rovio
[2009.08.13 12:26:18 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Dolní\Data aplikací\SecuROM
[2011.08.09 22:22:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dolní\Data aplikací\Skype
[2010.01.23 11:42:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dolní\Data aplikací\SkypeMate
[2011.08.08 20:46:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dolní\Data aplikací\skypePM
[2011.08.17 20:26:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dolní\Data aplikací\Sun
[2009.06.20 13:09:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dolní\Data aplikací\WinRAR
[2009.07.12 19:24:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dolní\Data aplikací\Zoner
[2010.12.07 16:13:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dolní\Data aplikací\ZoomBrowser EX

< %APPDATA%\*.* >
[2011.09.02 23:27:18 | 000,000,954 | ---- | M] () -- C:\Documents and Settings\Dolní\Data aplikací\BBMS_EXCEPTION.txt
[2009.05.30 10:02:02 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Dolní\Data aplikací\desktop.ini
[2010.05.18 20:05:40 | 000,016,688 | ---- | M] () -- C:\Documents and Settings\Dolní\Data aplikací\GDIPFONTCACHEV1.DAT

< %APPDATA%\*.exe /s >
[2011.11.23 21:43:49 | 000,001,078 | R--- | M] () -- C:\Documents and Settings\Dolní\Data aplikací\Microsoft\Installer\{0F9196C6-58B4-445B-B56E-B1200FECC151}\_18be6784.exe
[2011.11.23 21:43:49 | 000,001,078 | R--- | M] () -- C:\Documents and Settings\Dolní\Data aplikací\Microsoft\Installer\{0F9196C6-58B4-445B-B56E-B1200FECC151}\_294823.exe
[2011.11.23 21:43:49 | 000,001,078 | R--- | M] () -- C:\Documents and Settings\Dolní\Data aplikací\Microsoft\Installer\{0F9196C6-58B4-445B-B56E-B1200FECC151}\_2cd672ae.exe
[2011.11.23 21:43:49 | 000,001,078 | R--- | M] () -- C:\Documents and Settings\Dolní\Data aplikací\Microsoft\Installer\{0F9196C6-58B4-445B-B56E-B1200FECC151}\_4ae13d6c.exe
[2011.07.19 20:20:39 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Documents and Settings\Dolní\Data aplikací\Microsoft\Installer\{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}\ARPPRODUCTICON.exe
[2011.07.19 19:15:56 | 000,413,696 | R--- | M] (Acresso Software Inc.) -- C:\Documents and Settings\Dolní\Data aplikací\Microsoft\Installer\{3E79F719-BE4A-4579-9FFF-559EF7A81AB4}\ARPPRODUCTICON.exe
[2011.07.19 19:15:56 | 000,069,632 | R--- | M] (Acresso Software Inc.) -- C:\Documents and Settings\Dolní\Data aplikací\Microsoft\Installer\{3E79F719-BE4A-4579-9FFF-559EF7A81AB4}\NewShortcut60_C6ABA3677F944B9FBB00F060701B0B5A.exe
[2011.08.18 21:00:24 | 000,099,678 | R--- | M] () -- C:\Documents and Settings\Dolní\Data aplikací\Microsoft\Installer\{E2B4FE1C-2CFA-47EE-A88C-A14D0FF1F0B0}\_FA1973C448F0CDEF5FD499.exe
[2011.07.19 19:32:50 | 000,069,632 | R--- | M] (Acresso Software Inc.) -- C:\Documents and Settings\Dolní\Data aplikací\Microsoft\Installer\{F11E0BBC-5CB9-4D64-A942-6B64043BED97}\DesktopMgr.exe
[2011.07.19 19:32:50 | 000,069,632 | R--- | M] (Acresso Software Inc.) -- C:\Documents and Settings\Dolní\Data aplikací\Microsoft\Installer\{F11E0BBC-5CB9-4D64-A942-6B64043BED97}\NewShortcut12_C6ABA3677F944B9FBB00F060701B0B5A.exe
[2011.07.19 19:32:51 | 000,069,632 | R--- | M] (Acresso Software Inc.) -- C:\Documents and Settings\Dolní\Data aplikací\Microsoft\Installer\{F11E0BBC-5CB9-4D64-A942-6B64043BED97}\NewShortcut3_C6ABA3677F944B9FBB00F060701B0B5A.exe
[2011.07.19 19:32:51 | 000,069,632 | R--- | M] (Acresso Software Inc.) -- C:\Documents and Settings\Dolní\Data aplikací\Microsoft\Installer\{F11E0BBC-5CB9-4D64-A942-6B64043BED97}\NewShortcut4_C6ABA3677F944B9FBB00F060701B0B5A.exe
[2011.07.19 19:32:51 | 000,069,632 | R--- | M] (Acresso Software Inc.) -- C:\Documents and Settings\Dolní\Data aplikací\Microsoft\Installer\{F11E0BBC-5CB9-4D64-A942-6B64043BED97}\NewShortcut5_C6ABA3677F944B9FBB00F060701B0B5A.exe
[2011.07.19 19:32:51 | 000,069,632 | R--- | M] (Acresso Software Inc.) -- C:\Documents and Settings\Dolní\Data aplikací\Microsoft\Installer\{F11E0BBC-5CB9-4D64-A942-6B64043BED97}\NewShortcut600_C6ABA3677F944B9FBB00F060701B0B5A.exe
[2011.07.19 19:32:51 | 000,069,632 | R--- | M] (Acresso Software Inc.) -- C:\Documents and Settings\Dolní\Data aplikací\Microsoft\Installer\{F11E0BBC-5CB9-4D64-A942-6B64043BED97}\NewShortcut60_C6ABA3677F944B9FBB00F060701B0B5A.exe
[2011.07.19 19:32:51 | 000,069,632 | R--- | M] (Acresso Software Inc.) -- C:\Documents and Settings\Dolní\Data aplikací\Microsoft\Installer\{F11E0BBC-5CB9-4D64-A942-6B64043BED97}\NewShortcut6_C6ABA3677F944B9FBB00F060701B0B5A.exe
[2011.07.19 19:32:50 | 000,049,152 | R--- | M] (Acresso Software Inc.) -- C:\Documents and Settings\Dolní\Data aplikací\Microsoft\Installer\{F11E0BBC-5CB9-4D64-A942-6B64043BED97}\RedirectorEXE1_770DFD1204C24F4DA163D64FACCB5CBD.exe
[2011.07.19 19:32:51 | 000,049,152 | R--- | M] (Acresso Software Inc.) -- C:\Documents and Settings\Dolní\Data aplikací\Microsoft\Installer\{F11E0BBC-5CB9-4D64-A942-6B64043BED97}\RedirectorEXE2_770DFD1204C24F4DA163D64FACCB5CBD.exe
[2011.07.19 19:32:50 | 000,049,152 | R--- | M] (Acresso Software Inc.) -- C:\Documents and Settings\Dolní\Data aplikací\Microsoft\Installer\{F11E0BBC-5CB9-4D64-A942-6B64043BED97}\RedirectorEXE_770DFD1204C24F4DA163D64FACCB5CBD.exe
[2010.05.27 20:58:48 | 000,439,816 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\Dolní\Data aplikací\Real\Update\setup3.10\setup.exe
[2011.11.20 19:46:46 | 000,315,512 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\Dolní\Data aplikací\Real\Update\UpgradeHelper\RealPlayer\9.00\rnupgagent.exe

< %SYSTEMDRIVE%\*.exe >

< >

< >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /s >
"AUPowerManagement" = 0
"IncludeRecommendedUpdates" = 0
"AutoInstallMinorUpdates" = 0
"DetectionFrequencyEnabled" = 0
"NoAUAsDefaultShutdownOption" = 0
"NoAUShutdownOption" = 1

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-11-03 07:01:33

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS /s >
"StateIndex" = 1

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
No captured output from command...

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
No captured output from command...

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
No captured output from command...

< reg query "HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager" /v BootExecute /c >
No captured output from command...

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager" /v "PendingFileRenameOperations" /c >
No captured output from command...

< >

< type c:\boot.ini >> test.txt /c >
No captured output from command...

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2011.11.27 18:43:40 | 000,000,512 | ---- | M] () MD5=21954C6A813125BBE683D3259A510EAC -- C:\PhysicalMBR.bin

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\$NtUninstallKB43594$] -> Error: Cannot create file handle -> Unknown point type

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Dolní\Plocha\Geologické epochy.psd:SummaryInformation
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:D287FACF
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:157E1AD3
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:0B4227B4

< End of report >

OTL Extras logfile created on: 27.11.2011 18:40:45 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = F:\Nové nástroje
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

767,53 Mb Total Physical Memory | 458,18 Mb Available Physical Memory | 59,69% Memory free
1,71 Gb Paging File | 1,21 Gb Available in Paging File | 71,06% Paging File free
Paging file location(s): D:\pagefile.sys 1024 2304 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 19,53 Gb Total Space | 2,69 Gb Free Space | 13,77% Space Free | Partition Type: NTFS
Drive D: | 11,95 Gb Total Space | 3,98 Gb Free Space | 33,34% Space Free | Partition Type: FAT32
Drive F: | 963,70 Mb Total Space | 167,06 Mb Free Space | 17,34% Space Free | Partition Type: FAT

Computer Name: DOLNI | User Name: Dolní | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

[HKEY_USERS\S-1-5-21-1078081533-492894223-1606980848-1003\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Miranda IM\miranda32.exe" = C:\Program Files\Miranda IM\miranda32.exe:*:Enabled:Miranda IM -- ( )
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\AVG\AVG2012\avgmfapx.exe" = C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:Instalátor AVG -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgnsx.exe" = C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Webový štít -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgdiagex.exe" = C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostika 2012 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2012\avgemcx.exe" = C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:Obecná kontrola pošty -- (AVG Technologies CZ, s.r.o.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0F9196C6-58B4-445B-B56E-B1200FECC151}" = Microsoft Bootvis
"{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}" = BlackBerry Device Software Updater
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = bProtector for Windows
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{3248F0A8-6813-11D6-A77B-00B0D0150220}" = J2SE Runtime Environment 5.0 Update 22
"{32A3A4F4-B792-11D6-A78A-00B0D0150220}" = J2SE Development Kit 5.0 Update 22
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3E79F719-BE4A-4579-9FFF-559EF7A81AB4}" = BlackBerry USB and Modem Drivers 6.1
"{40A594D0-1490-4979-9382-D2B764F949C6}" = BlackBerry® Media Sync
"{41F4B3D2-3CC8-41B5-99B8-3A9C1BCDEA0A}" = AVG 2012
"{4892703A-E7C3-462D-A72C-BD1C18E3CB08}" = TV-FM Tuner Player
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{546C143E-68DC-314D-97BC-1E454E3BA429}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - CSY
"{612AD33D-9824-4E87-8396-92374E91C4BB}_is1" = Inbox Toolbar
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{80F28669-97B7-4CC9-B256-1F1BCFB7FDCF}" = AVG 2012
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader Extreme
"{90280405-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional s aplikací FrontPage
"{9CE87FC6-D94B-43A4-A171-F06009C8D810}" = BlackBerry JDE 4.2.1
"{A2C9CD1B-2551-3AED-B244-6698FB929FA6}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - CSY
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1029-7B44-A94000000001}" = Adobe Reader 9.4.5 - Czech
"{B1C1A080-3FCD-11D5-BC0B-0000E8870AD3}" = BT878 WDM Mini-Driver
"{B3230613-BE9A-4B90-810A-5042496C02D8}" = DjVu Web Browser Plug-in
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B48F9C44-C904-4FA3-984D-F65AE4C49745}" = Zoner Media Explorer 5
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D7B3493D-766C-40AA-9AA9-053B896D76DE}" = Angry Birds Rio
"{DC6A0C39-7ECD-45B1-94DF-4480082939F6}" = eJuice Me Up
"{DD73CA82-EA82-38AA-863D-9A24A018DC96}" = Microsoft .NET Framework 3.5 Language Pack SP1 - csy
"{E2B4FE1C-2CFA-47EE-A88C-A14D0FF1F0B0}" = BBSAK
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F11E0BBC-5CB9-4D64-A942-6B64043BED97}" = BlackBerry Desktop Software 5.0.1
"{FD8E178D-8B4E-42DA-B434-EFF270329B1C}" = COMODO Internet Security
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 6.0.1 CE" = Adobe Photoshop 6.0.1 CE
"Adobe SVG Viewer" = Adobe SVG Viewer
"Aspi Installer" = Aspi Installer
"AVG" = AVG 2012
"AVG Secure Search" = AVG Security Toolbar
"BearShare 2 MediaBar" = MediaBar
"BlackBerry_{3E79F719-BE4A-4579-9FFF-559EF7A81AB4}" = BlackBerry USB and Modem Drivers 6.1
"BlackBerry_{F11E0BBC-5CB9-4D64-A942-6B64043BED97}" = BlackBerry Desktop Software 5.0.1
"CAL" = Canon Camera Access Library
"CameraWindowDC8" = Canon Utilities CameraWindow DC 8
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CCleaner" = CCleaner
"CToolbar_UNINSTALL" = Crawler Toolbar
"DipTrace Language Suite" = DipTrace Language Suite
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.01
"file2linkib" = File2LinkIB
"FLVPlayer" = FLV Player 1.3.3
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"ie8" = Windows Internet Explorer 8
"InstallBrain Updater Service" = InstallBrain Updater Service
"Jewel Mine_is1" = Jewel Mine
"JpegResampler2010_is1" = Jpeg Resampler Vs 6+
"Microsoft .NET Framework 3.5 Language Pack SP1 - csy" = Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Miranda IM" = Miranda IM 0.8.9
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube
"MyCamera" = Canon Utilities MyCamera
"Neuro-Programmer 3_is1" = Neuro-Programmer 3.1.1
"Novarm DipTrace" = Novarm DipTrace
"Opera 11.52.1100" = Opera 11.52
"PCLab" = PCLab
"RealPlayer 12.0" = RealPlayer
"Regino_is1" = Regino v5.0
"STDU Viewer_is1" = STDU Viewer version 1.4.13.0
"SuperFish" = ${ADD_ON_NAME}
"The KMPlayer" = The KMPlayer (remove only)
"Výpočet transformátoru " = Výpočet transformátoru
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WinRAR archiver" = WinRAR
"xp-AntiSpy" = xp-AntiSpy 3.97-9
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"YouTube Video Downloader_is1" = YouTube Video Downloader V1.1.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1078081533-492894223-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1.9.2011 14:11:05 | Computer Name = DOLNI | Source = MsiInstaller | ID = 11500
Description = Product: Angry Birds Rio -- Error 1500. Another installation is in
progress. You must complete that installation before continuing this one.

Error - 1.9.2011 14:11:05 | Computer Name = DOLNI | Source = MsiInstaller | ID = 11500
Description = Product: Angry Birds Rio -- Error 1500. Another installation is in
progress. You must complete that installation before continuing this one.

Error - 1.9.2011 14:11:06 | Computer Name = DOLNI | Source = MsiInstaller | ID = 11500
Description = Product: Angry Birds Rio -- Error 1500. Another installation is in
progress. You must complete that installation before continuing this one.

Error - 1.9.2011 14:11:07 | Computer Name = DOLNI | Source = MsiInstaller | ID = 11500
Description = Product: Angry Birds Rio -- Error 1500. Another installation is in
progress. You must complete that installation before continuing this one.

Error - 1.9.2011 14:11:09 | Computer Name = DOLNI | Source = MsiInstaller | ID = 11500
Description = Product: Angry Birds Rio -- Error 1500. Another installation is in
progress. You must complete that installation before continuing this one.

Error - 1.9.2011 14:11:10 | Computer Name = DOLNI | Source = MsiInstaller | ID = 11500
Description = Product: Angry Birds Rio -- Error 1500. Another installation is in
progress. You must complete that installation before continuing this one.

Error - 1.9.2011 14:13:57 | Computer Name = DOLNI | Source = MsiInstaller | ID = 11500
Description = Product: Angry Birds Rio -- Error 1500. Another installation is in
progress. You must complete that installation before continuing this one.

Error - 1.9.2011 14:17:00 | Computer Name = DOLNI | Source = MsiInstaller | ID = 11500
Description = Product: Angry Birds Seasons -- Error 1500. Another installation is
in progress. You must complete that installation before continuing this one.

Error - 5.11.2011 15:05:39 | Computer Name = DOLNI | Source = MsiInstaller | ID = 10005
Description = Produkt: COMODO Firewall - Před instalací této verze odinstalujte
staré verze COMODO Internet Security nebo COMODO Firewall.

Error - 11.11.2011 12:16:30 | Computer Name = DOLNI | Source = Application Error | ID = 1000
Description = Chybující aplikace kalendar.exe, verze 3.2.0.22, chybující modul kernel32.dll,
verze 5.1.2600.5781, adresa chyby 0x00012afb.

[ System Events ]
Error - 12.11.2011 17:48:15 | Computer Name = DOLNI | Source = Dhcp | ID = 1002
Description = Zapůjčení adresy IP 10.0.0.142 pro síťovou kartu s adresou 00112F66EB8B
byla serverem DHCP 10.0.0.138 odmítnuta. (Server DHCP odeslal zprávu DHCPNACK).

Error - 14.11.2011 17:42:17 | Computer Name = DOLNI | Source = Dhcp | ID = 1002
Description = Zapůjčení adresy IP 10.0.0.141 pro síťovou kartu s adresou 00112F66EB8B
byla serverem DHCP 10.0.0.138 odmítnuta. (Server DHCP odeslal zprávu DHCPNACK).

Error - 17.11.2011 16:56:13 | Computer Name = DOLNI | Source = sr | ID = 1
Description = Filtr nástroje Obnovení systému zjistil neočekávanou chybu 0xC0000001
při zpracování souboru na svazku HarddiskVolume1. Sledování svazku bylo ukončeno.

Error - 18.11.2011 13:54:10 | Computer Name = DOLNI | Source = Disk | ID = 262155
Description = Ovladač zjistil chybu řadiče na \Device\Harddisk1\D.

Error - 20.11.2011 15:10:32 | Computer Name = DOLNI | Source = atapi | ID = 262153
Description = Zařízení \Device\Ide\IdePort1 neodpovídá v periodě časového limitu.

Error - 20.11.2011 15:11:25 | Computer Name = DOLNI | Source = atapi | ID = 262153
Description = Zařízení \Device\Ide\IdePort1 neodpovídá v periodě časového limitu.

Error - 20.11.2011 15:16:10 | Computer Name = DOLNI | Source = atapi | ID = 262153
Description = Zařízení \Device\Ide\IdePort1 neodpovídá v periodě časového limitu.

Error - 23.11.2011 6:07:56 | Computer Name = DOLNI | Source = sr | ID = 1
Description = Filtr nástroje Obnovení systému zjistil neočekávanou chybu 0xC0000001
při zpracování souboru na svazku HarddiskVolume1. Sledování svazku bylo ukončeno.

Error - 24.11.2011 15:47:50 | Computer Name = DOLNI | Source = Print | ID = 19
Description = Došlo k chybě sdílení tiskárny + 1722, tiskárna Canon Bubble-Jet BJC-2100
název sdílení Tiskárna.

Error - 25.11.2011 6:47:07 | Computer Name = DOLNI | Source = Print | ID = 19
Description = Došlo k chybě sdílení tiskárny + 1722, tiskárna Canon Bubble-Jet BJC-2100
název sdílení Tiskárna.

< End of report >

Spusťte combofix podle tohoto návodu
http://www.bleepingcomputer.com/combofi ... t-combofix

Tak jsem spustil ComboFix pro jistotu v nouzovém režimu Windows, našel nějaký rootkit (nezapamatoval jsem si jméno, nějak jako Zorro acces, nebo tak nějak)
ale na konci při mazání složek přestal reagovat a nevytvořil žádný log. Čekal jsem půl hodiny a nic se nedělo, tak jsem restartoval PC a znovu spustil CF, při mazání nějakého adresáře opět vytuhnul. Asi to ale smazal, protože inkriminovaný adresář ručně nešel vyhledat.
Jak mám postupovat dále?
Předem velmi děkuji za pomoc, mám dojem, že už PC startuje o něco rychleji.

Někam mi upněte složku C/qoobox/qarantine, mrknu co mazal.

Tak nevím, jestli se povedlo to dát do přílohy... Aaa, povedlo.

Fajn, zkuste ho spustit ještě jendou, pokud nepujde, tak napište.

Opet se to zaseklo pri mazani souboru..Nechal jsem jeste hodinu a pul, jestli se něco nebude dit, ovsem bez vysledku.

A nevíte jakého?

Stahněte z mého podpisu AVPTOOl http://www.viry.cz/forum/viewtopic.php?f=29&t=58179

-Podle návodu nainstalujte a proveďte sken
-co najde nechejte léčit, mazat
-sken může trvat několik hodin
-vložte zde log z výsledky

Status: Disinfected (events: 2)
2.12.2011 17:44:09 Disinfected Trojan program Exploit.Java.CVE-2010-0840.dn C:\Documents and Settings\Cernopolak\Data aplikací\Sun\Java\Deployment\cache\6.0\56\295cfaf8-1c0bc431 High
2.12.2011 17:44:09 Disinfected Trojan program Exploit.Java.CVE-2010-0840.dn C:\Documents and Settings\Cernopolak\Data aplikací\Sun\Java\Deployment\cache\6.0\56\295cfaf8-1c0bc431/support/SmartyPointer.class High
______________________________________________________________

Mám zase zkusit spustit ComboFix?

Ne. Co počítač?

Ten soubor, při jehož mazání se posledně zasekl KomboFix, byl nějaký log v adresáři Windows.
Předtím se zasekl při mazání adresáře WINDOWS\CSC\d6.
Obě záležitosti zřejmě smazal, ale dál nepracoval.

Jinak počítač se chová o poznání svižněji, mnohé díky za to! Máme hotovo?

Tak to zkuste naposledy

VIRY.CZ

Pro Motji...

Pro Motji...

Re: Pro Motji...

Re: Pro Motji...

Re: Pro Motji...

Re: Pro Motji...

Re: Pro Motji...

Re: Pro Motji...

Re: Pro Motji...

Re: Pro Motji...

Re: Pro Motji...

Re: Pro Motji...

Re: Pro Motji...

Re: Pro Motji...

Re: Pro Motji...

Re: Pro Motji...