babylon, conduit

[vava8]

Dobrý den, mám problém se svým ntb. Objevují se mi nechtěné vyhledávače. Tady je RSIT. Můžete mi prosím pomoct?
Děkuji.
V

Run by Vašek at 2012-06-13 15:42:19
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 29 GB (19%) free of 153 GB
Total RAM: 2046 MB (47% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:42:22, on 13.06.12
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\eISIS\servers\tomcat\bin\tomcat5.exe
C:\Program Files\Firebird\bin\fbguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DoroPDFWriter\DoroServer.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Firebird\bin\fbserver.exe
C:\WINDOWS\FSScrCtl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Vašek\Dokumenty\Downloads\RSIT.exe
C:\Program Files\trend micro\Vašek.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {D5D47440-0750-463D-BAEF-A47D02414806} - (no file)
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [DoroServer] C:\Program Files\DoroPDFWriter\DoroServer.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Kooperativa - PDF Server.lnk = C:\Program Files\Kooperativa\KoopPxBN\KoopPDFServerSA.exe
O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: Screen Saver Control.lnk = C:\WINDOWS\FSScrCtl.exe
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: eISIS PostgreSQL Database Server (eISISPostgreSQL) - PostgreSQL Global Development Group - c:\eISIS\servers\postgresql\bin\pg_ctl.exe
O23 - Service: eISIS Tomcat (eISISTomcat) - Apache Software Foundation - c:\eISIS\servers\tomcat\bin\tomcat5.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: KoopPdfService - Unknown owner - C:\Program Files\Kooperativa\Services\KoopPDFServer.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 8265 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Vašek\Data aplikací\Mozilla\Firefox\Profiles\ulc7w7ic.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.google.cz/"
prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11, {20a82645-c095-46ed-80e3-08825760534b}:1.1, {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.2.5.2, {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26, jqs@sun.com:1.0, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.24"
prefs.js - "keyword.URL" - "http://search.conduit.com/ResultsExt.as ... ource=2&q="

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff
"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.2.202.235 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pack.google.com/Google Updater;version=14]
"Description"=Google Updater
"Path"=C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\plugins\
npdeployJava1.dll
NPOFF12.DLL
nppdf32.dll

C:\Program Files\Mozilla Firefox\searchplugins\
amazondotcom.xml
answers.xml
babylon.xml
bing.xml
Cetrumcz_igeared.xml
creativecommons.xml
eBay.xml
google.xml
twitter.xml
wikipedia.xml
yahoo.xml

C:\Documents and Settings\Vašek\Data aplikací\Mozilla\Firefox\Profiles\ulc7w7ic.default\extensions\
ffxtlbr@babylon.com
{37483b40-c254-4a72-bda4-22ee90182c1e}
{687578b9-7132-4a7a-80e4-30ee31099e03}
{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}

C:\Documents and Settings\Vašek\Data aplikací\Mozilla\Firefox\Profiles\ulc7w7ic.default\searchplugins\
conduit.xml
daemon-search.xml
my-web-search.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll [2010-01-15 761840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-05-04 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-05-04 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D5D47440-0750-463D-BAEF-A47D02414806}

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2007-05-28 16132608]
"SynTPStart"=C:\Program Files\Synaptics\SynTP\SynTPStart.exe [2008-06-02 102400]
"LManager"=C:\PROGRA~1\LAUNCH~1\LManager.exe [2008-06-02 858632]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696]
"DoroServer"=C:\Program Files\DoroPDFWriter\DoroServer.exe [2010-10-12 167936]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2010-04-12 180224]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2012-03-07 4241512]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-06-01 39408]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Documents and Settings\Vašek\Nabídka Start\Programy\Po spuštění
Kooperativa - PDF Server.lnk - C:\Program Files\Kooperativa\KoopPxBN\KoopPDFServerSA.exe
OpenOffice.org 3.3.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe
Screen Saver Control.lnk - C:\WINDOWS\FSScrCtl.exe
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-05-30 126976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoResolveSearch"=1
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.l3acm"=C:\WINDOWS\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"VIDC.WMV3"=wmv9vcm.dll
"msacm.voxacm160"=vct3216.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv

======List of files/folders created in the last 1 month======

2012-06-13 15:37:55 ----D---- C:\Program Files\trend micro
2012-06-13 15:37:54 ----D---- C:\rsit
2012-06-13 15:27:44 ----D---- C:\WINDOWS\LastGood
2012-06-13 15:22:30 ----A---- C:\ComboFix.txt
2012-06-13 15:10:02 ----A---- C:\WINDOWS\zip.exe
2012-06-13 15:10:02 ----A---- C:\WINDOWS\SWXCACLS.exe
2012-06-13 15:10:02 ----A---- C:\WINDOWS\SWSC.exe
2012-06-13 15:10:02 ----A---- C:\WINDOWS\SWREG.exe
2012-06-13 15:10:02 ----A---- C:\WINDOWS\sed.exe
2012-06-13 15:10:02 ----A---- C:\WINDOWS\PEV.exe
2012-06-13 15:10:02 ----A---- C:\WINDOWS\NIRCMD.exe
2012-06-13 15:10:02 ----A---- C:\WINDOWS\MBR.exe
2012-06-13 15:10:02 ----A---- C:\WINDOWS\grep.exe
2012-06-11 06:12:44 ----HDC---- C:\WINDOWS\$NtUninstallKB2718704$
2012-05-24 07:08:17 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe

======List of files/folders modified in the last 1 month======

2012-06-13 15:37:55 ----RD---- C:\Program Files
2012-06-13 15:28:28 ----HD---- C:\WINDOWS\inf
2012-06-13 15:27:59 ----HD---- C:\WINDOWS\$hf_mig$
2012-06-13 15:27:59 ----D---- C:\WINDOWS
2012-06-13 15:22:39 ----D---- C:\WINDOWS\temp
2012-06-13 15:22:33 ----D---- C:\Qoobox
2012-06-13 15:21:42 ----SD---- C:\WINDOWS\Tasks
2012-06-13 15:20:13 ----A---- C:\WINDOWS\system.ini
2012-06-13 15:20:03 ----D---- C:\WINDOWS\system32\drivers\etc
2012-06-13 15:19:34 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-06-13 15:19:34 ----D---- C:\WINDOWS\system32
2012-06-13 15:17:17 ----D---- C:\WINDOWS\system32\drivers
2012-06-13 15:17:16 ----D---- C:\WINDOWS\AppPatch
2012-06-13 15:17:10 ----D---- C:\Program Files\Common Files
2012-06-13 15:11:45 ----D---- C:\WINDOWS\system32\CatRoot2
2012-06-13 15:10:09 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-06-13 15:09:45 ----D---- C:\WINDOWS\Prefetch
2012-06-13 07:10:46 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-06-07 09:35:33 ----D---- C:\Program Files\Mozilla Firefox
2012-06-04 16:05:24 ----D---- C:\WINDOWS\system32\config
2012-05-31 15:22:06 ----A---- C:\WINDOWS\system32\crypt32.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 Lbd;Lbd; C:\WINDOWS\system32\DRIVERS\Lbd.sys [2010-08-12 64288]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\System32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 phmcd;phmcd; C:\WINDOWS\system32\DRIVERS\phmcd.sys [2008-03-06 63488]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-11-05 691696]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2012-03-07 24920]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2012-03-07 35672]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2012-03-07 612184]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2012-03-07 337880]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2012-03-07 53848]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2010-04-12 59388]
R1 Tcpip6;Ovladač protokolu Microsoft IPv6; C:\WINDOWS\system32\DRIVERS\tcpip6.sys [2010-02-11 226880]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\System32\DRIVERS\wmiacpi.sys [2008-04-13 8832]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2012-03-07 20696]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2012-03-07 95704]
R2 irda;Protokol IrDA; C:\WINDOWS\System32\DRIVERS\irda.sys [2008-04-13 88192]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2008-05-30 2880512]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\System32\DRIVERS\b57xp32.sys [2007-02-16 160256]
R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2007-03-23 539072]
R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\System32\DRIVERS\btport.sys [2007-03-23 37424]
R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [2007-03-31 876384]
R3 catchme;catchme; \??\C:\DOCUME~1\VAEK~1\LOCALS~1\Temp\catchme.sys []
R3 DKbFltr;Dritek Keyboard Filter Driver; C:\WINDOWS\System32\DRIVERS\DKbFltr.sys [2008-06-02 17408]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys [2006-12-22 988800]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys [2006-12-22 209664]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-05-30 4424192]
R3 NETw5x32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETw5x32.sys [2008-11-17 3636864]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 NSCIRDA;NSC Infrared Device Driver; C:\WINDOWS\System32\DRIVERS\nscirda.sys [2008-04-13 28672]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 sdbus;sdbus; C:\WINDOWS\System32\DRIVERS\sdbus.sys [2008-04-13 79232]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\System32\DRIVERS\SynTP.sys [2008-06-02 215904]
R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2007-05-01 290816]
R3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [2006-12-22 730112]
S1 tdx;@%SystemRoot%\system32\tcpipcfg.dll,-50004; C:\WINDOWS\system32\DRIVERS\tdx.sys []
S1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\WINDOWS\system32\DRIVERS\bridge.sys [2008-04-13 71552]
S3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2007-03-23 149123]
S3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys [2007-03-31 55352]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2007-03-23 67960]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader; C:\WINDOWS\system32\DRIVERS\ewdcsc.sys []
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys []
S3 hwusbdev;Huawei DataCard USB PNP Device; C:\WINDOWS\system32\DRIVERS\ewusbdev.sys []
S3 Lavasoft Kernexplorer;Lavasoft helper driver; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys []
S3 mbr;mbr; \??\C:\ComboFix\mbr.sys []
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\WINDOWS\System32\DRIVERS\snp2uvc.sys []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 6to4;Pomocná služba protokolu IPv6; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2008-05-30 536576]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-03-07 44768]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2007-04-01 273256]
R2 eISISTomcat;eISIS Tomcat; c:\eISIS\servers\tomcat\bin\tomcat5.exe [2007-08-24 57344]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance; C:\Program Files\Firebird\bin\fbguard.exe [2007-12-12 65536]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-05-04 153376]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2010-05-10 75064]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance; C:\Program Files\Firebird\bin\fbserver.exe [2007-12-12 1531989]
S2 eISISPostgreSQL;eISIS PostgreSQL Database Server; c:\eISIS\servers\postgresql\bin\pg_ctl.exe [2008-01-04 79948]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-03-17 136176]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-09-14 194104]
S2 iphlpsvc;@%SystemRoot%\system32\iphlpsvc.dll,-200; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S2 KoopPdfService;KoopPdfService; C:\Program Files\Kooperativa\Services\KoopPDFServer.exe [2010-11-19 2220032]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-01-03 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-03-17 136176]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2007-08-22 147824]
S3 WinDefend;Windows Defender; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
S3 WinHttpAutoProxySvc;@%SystemRoot%\system32\winhttp.dll,-100; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[Mc_Murphy]

Zdravím.

Mám dotaz, jedná se o nějaké firemní PC nebo soukromé?

Ten ComboFix Ti poradil kdo, prosím Tě?! Ty s ním umíš zacházet? Umíš si napsat opravný script? Přečti si laskavě pravidla fóra, zvláště bod číslo 3.: http://www.viry.cz/forum/viewtopic.php?f=12&t=5601

Nebezpečí CFka:

• Tento program je určen primárně pro rádce - jeho svévolným použitím ztrácíš nárok na podporu!
• Maže stopy po havěti, takže v logu ze RSITu není potom nic vidět!
• Jeho log je třeba doluštit, jelikož neumí smazat vše - to ovšem těžko zvládneš, pokud k tomu nejsi vyškolen!
• CF může mít bug - sundá Ti systém a pokud nevíš, kam co ukládá a jak co obnovit, máš systém v kytkách a čeká Tě reinstall!
• CF taky bohužel prozatím nekontroluje některé důležité knihovny (např. hal.dll) - ty mažou kupříkladu některé typy havěti (Angela a další) - smaže Ti po restartu hal.dll = nenajede Ti systém a jsi o řádek výše = reinstall!

[vava8]

No jo no...... už jsem se vytočil jak mi při důležitých věcech pořád přeskakoval firefox na babylon a conduit, tak jsem se toho chtěl podle návodu na netu zbavit.... jsem amatér... jasně že nevím jak ty věci udělat co píšeš..... jde s tim ještě teď něco udělat? Noťas je to soukromej, osobní, domácí.......
Existuje nějakej takovej masakr čistič, kterej můžu ovládat sám?.... s minimální průpravou, myslím s bodovou průpravou bez pochopení systému a logiky věci?
Díky va

[Mc_Murphy]

OK, beru. Tak na to příště mysli a raději - pokud tomu sám nerozuímš - rovnou přicválej sem a tady na to někdo mrkne.

Žádnej "masakr čistič" neexistuje. Tedy existují masakr čističe, který Ti udělaj v PC maximálně tak pěknej masakr. A to jim nemusíš ani rozumět. Ty opravdu dobrý potřebují znalého rádce, který ví, kam sáhnout a co smazat a jak napsat opravný script. Všechno nejde opravit tak jednoduše, jedním kliknutím, jako se to do počítače dostalo. Já jsem rád, alespoň si někteří lidé uvědomí nebezpečí svévolného počínání při klikání na všechno, co vidí.

BTW, na ten Babylon a Conduit, které se do Tvého PC dostaly opravdu jen Tvou vlastní chybou, stačilo hodit vstupní log ze RSITu a šlo by to vyčistit pomocí OTM, případně OTL bez hrubého zásahu ComboFixem.
Na ten si dávej opravdu bacha, protože už jsme tu viděli nejednoukrát nabouraný systém a následný pláč a skřípění zubů.

Takže si ještě jednou přečti nebezpečí používání CF, ať si to zopákneš a pak mi sem hoď log z toho masakr čističe. Máš ho tady: C:\ComboFix.txt

[vava8]

OKdíky

ComboFix 12-06-13.01 - Vašek 13.06.12 15:13:02.4.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1004 [GMT 2:00]
Spuštěný z: c:\documents and settings\Vašek\Dokumenty\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\iun6002.exe
c:\windows\msmqinst.log
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\dllcache\wmpvis.dll
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\out.txt
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-05-13 do 2012-06-13 )))))))))))))))))))))))))))))))
.
.
2012-06-07 07:35 . 2012-06-07 07:35 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-06-07 07:35 . 2012-06-07 07:35 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-05-29 18:10 . 2012-05-29 18:10 -------- d-----w- c:\documents and settings\Vašek\Local Settings\Data aplikací\CRE
2012-05-24 05:08 . 2012-05-24 05:08 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-24 05:08 . 2012-05-24 05:08 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-31 13:22 . 2002-09-20 16:03 602112 ----a-w- c:\windows\system32\crypt32.dll
2012-04-11 13:55 . 2002-09-20 17:12 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-11 13:55 . 2002-09-20 15:41 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 13:55 . 2002-09-20 15:12 2150400 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-02 03:22 . 2010-06-02 03:22 89944 ----a-w- c:\program files\DSETUP.dll
2010-06-02 03:22 . 2010-06-02 03:22 537432 ----a-w- c:\program files\DXSETUP.exe
2010-06-02 03:22 . 2010-06-02 03:22 1801048 ----a-w- c:\program files\dsetup32.dll
2012-06-07 07:35 . 2011-12-13 20:29 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-28 16132608]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2008-06-02 102400]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-06-02 858632]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"DoroServer"="c:\program files\DoroPDFWriter\DoroServer.exe" [2010-10-12 167936]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Vašek\Nabídka Start\Programy\Po spuštění\
Kooperativa - PDF Server.lnk - c:\program files\Kooperativa\KoopPxBN\KoopPDFServerSA.exe [2010-12-14 2464768]
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
Screen Saver Control.lnk - c:\windows\FSScrCtl.exe [2009-11-30 249344]
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-4-1 568176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-06-01 08:06 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [26.10.10 8:08 64288]
R0 phmcd;phmcd;c:\windows\system32\drivers\phmcd.sys [01.03.08 7:57 63488]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [06.01.09 8:18 691696]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [12.02.12 18:59 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12.02.12 18:59 337880]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12.02.12 18:59 20696]
R2 eISISTomcat;eISIS Tomcat;c:\eisis\servers\tomcat\bin\tomcat5.exe [11.08.09 16:30 57344]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\bin\fbguard.exe -s --> c:\program files\Firebird\bin\fbguard.exe -s [?]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\bin\fbserver.exe -s --> c:\program files\Firebird\bin\fbserver.exe -s [?]
S2 eISISPostgreSQL;eISIS PostgreSQL Database Server;c:\eisis\servers\postgresql\bin\pg_ctl.exe runservice -N eISISPostgreSQL -D c:\eisis\data\db\data" --> c:\eisis\servers\postgresql\bin\pg_ctl.exe runservice -N eISISPostgreSQL -D c:\eisis\data\db\data [?]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [17.03.12 23:30 136176]
S2 KoopPdfService;KoopPdfService;c:\program files\Kooperativa\Services\KoopPDFServer.exe [18.10.10 15:44 2220032]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [17.03.12 23:30 136176]
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\DRIVERS\ewdcsc.sys --> c:\windows\system32\DRIVERS\ewdcsc.sys [?]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys --> c:\windows\system32\DRIVERS\ewusbdev.sys [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
.
Obsah adresáře 'Naplánované úlohy'
.
2012-06-12 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-01 19:08]
.
2012-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-17 21:29]
.
2012-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-17 21:29]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Vašek\Data aplikací\Mozilla\Firefox\Profiles\ulc7w7ic.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
FF - user.js: extensions.BabylonToolbar_i.id - d4fa9aac000000000000001f3b110859
FF - user.js: extensions.BabylonToolbar_i.hardId - d4fa9aac000000000000001f3b110859
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15398
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1718:56
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109217
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-AzMixerSel - c:\program files\Realtek\InstallShield\AzMixerSel.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-13 15:20
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1280)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2012-06-13 15:22:30
ComboFix-quarantined-files.txt 2012-06-13 13:22
ComboFix2.txt 2010-10-25 14:24
.
Před spuštěním: Volných bajtů: 30 044 921 856
Po spuštění: Volných bajtů: 30 387 535 872
.
- - End Of File - - 3AB0538B6D6E617C0F484205491D02B4

[Mc_Murphy]

OK, jestli ještě máš v PC, tak odinstaluj Lavasoft Ad-Aware - program je zastaralý a již několik let není schopen čelit aktuálním hrozbám.


Pokud jsi tak ještě neučinil, přesuň ComboFix na Plochu.

• Otevři si Poznámkový blok (Start >> Spustit... (nebo Win+R) >> do okénka napiš notepad >> [Enter]).
• Zkopíruj do něj tento script:

Kód: Vybrat vše

KillAll::

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=-
"SunJavaUpdateSched"=-
"GrooveMonitor"=-
"Adobe Reader Speed Launcher"=-
"Adobe ARM"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D5D47440-0750-463D-BAEF-A47D02414806}"=-

Driver::
gusvc
gupdate
gupdatem
Lavasoft Kernexplorer
JavaQuickStarterService

Folder::
C:\Program Files\Google\GoogleToolbarNotifier

File::
c:\documents and settings\Vašek\Nabídka Start\Programy\Po spuštění\OpenOffice.org 3.3.lnk
c:\documents and settings\Vašek\Nabídka Start\Programy\Po spuštění\Screen Saver Control.lnk
c:\documents and settings\Vašek\Nabídka Start\Programy\Po spuštění\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
c:\windows\Tasks\Google Software Updater.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
C:\Program Files\Mozilla Firefox\searchplugins\Cetrumcz_igeared.xml
C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
C:\Program Files\Mozilla Firefox\searchplugins\twitter.xml
C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml
C:\Documents and Settings\Vašek\Data aplikací\Mozilla\Firefox\Profiles\ulc7w7ic.default\searchplugins\conduit.xml
C:\Documents and Settings\Vašek\Data aplikací\Mozilla\Firefox\Profiles\ulc7w7ic.default\searchplugins\daemon-search.xml
C:\Documents and Settings\Vašek\Data aplikací\Mozilla\Firefox\Profiles\ulc7w7ic.default\searchplugins\my-web-search.xml

Firefox::
FF - ProfilePath - c:\documents and settings\Vašek\Data aplikací\Mozilla\Firefox\Profiles\ulc7w7ic.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... ource=2&q=
FF - user.js: extensions.BabylonToolbar_i.id - d4fa9aac000000000000001f3b110859
FF - user.js: extensions.BabylonToolbar_i.hardId - d4fa9aac000000000000001f3b110859
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15398
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1718:56
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109217
FF - user.js: extensions.BabylonToolbar_i.babExt - 
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false

ClearJavaCache::

AtJob::

Reboot::

• Ulož vytvořený TXT jako CFScript.txt
• Přetáhni vytvořený CFScript.txt nad ComboFix a pusť (viz obrázek).
  
• Po aplikaci scriptu (a případném restartu PC) na Tebe vyskočí log. Jeho obsah mi sem vlož.

Může se stát, že po aplikaci scriptu nenaběhnou Windows. V tom případě restartuj PC, hned při náběhu mačkej klávesu F8 a zvol Poslední známou konfiguraci.

[vava8]

tady je z combofixu

kjComboFix 12-06-14.01 - Vašek 14.06.12 14:29:37.5.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1172 [GMT 2:00]
Spuštěný z: c:\documents and settings\Vašek\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Vašek\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\documents and settings\Vašek\Data aplikací\Mozilla\Firefox\Profiles\ulc7w7ic.default\searchplugins\conduit.xml"
"c:\documents and settings\Vašek\Data aplikací\Mozilla\Firefox\Profiles\ulc7w7ic.default\searchplugins\daemon-search.xml"
"c:\documents and settings\Vašek\Data aplikací\Mozilla\Firefox\Profiles\ulc7w7ic.default\searchplugins\my-web-search.xml"
"c:\documents and settings\Vašek\Nabídka Start\Programy\Po spuštění\OpenOffice.org 3.3.lnk"
"c:\documents and settings\Vašek\Nabídka Start\Programy\Po spuštění\Screen Saver Control.lnk"
"c:\documents and settings\Vašek\Nabídka Start\Programy\Po spuštění\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk"
"c:\program files\Mozilla Firefox\searchplugins\amazondotcom.xml"
"c:\program files\Mozilla Firefox\searchplugins\answers.xml"
"c:\program files\Mozilla Firefox\searchplugins\babylon.xml"
"c:\program files\Mozilla Firefox\searchplugins\bing.xml"
"c:\program files\Mozilla Firefox\searchplugins\Cetrumcz_igeared.xml"
"c:\program files\Mozilla Firefox\searchplugins\creativecommons.xml"
"c:\program files\Mozilla Firefox\searchplugins\eBay.xml"
"c:\program files\Mozilla Firefox\searchplugins\twitter.xml"
"c:\program files\Mozilla Firefox\searchplugins\yahoo.xml"
"c:\windows\Tasks\Google Software Updater.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Google\GoogleToolbarNotifier
c:\program files\Google\GoogleToolbarNotifier\5.2.4204.1700\gth.dll
c:\program files\Google\GoogleToolbarNotifier\5.2.4204.1700\gtn.dll
c:\program files\Google\GoogleToolbarNotifier\5.2.4204.1700\Readme.url
c:\program files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
c:\program files\Mozilla Firefox\searchplugins\amazondotcom.xml
c:\program files\Mozilla Firefox\searchplugins\answers.xml
c:\program files\Mozilla Firefox\searchplugins\babylon.xml
c:\program files\Mozilla Firefox\searchplugins\bing.xml
c:\program files\Mozilla Firefox\searchplugins\Cetrumcz_igeared.xml
c:\program files\Mozilla Firefox\searchplugins\creativecommons.xml
c:\program files\Mozilla Firefox\searchplugins\eBay.xml
c:\program files\Mozilla Firefox\searchplugins\twitter.xml
c:\program files\Mozilla Firefox\searchplugins\yahoo.xml
c:\windows\Tasks\Google Software Updater.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
Nakažená kopie c:\windows\system32\samsrv.dll byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\ServicePackFiles\i386\samsrv.dll
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_GUPDATE
-------\Legacy_GUSVC
-------\Legacy_JAVAQUICKSTARTERSERVICE
-------\Legacy_LAVASOFT_KERNEXPLORER
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_gusvc
-------\Service_JavaQuickStarterService
-------\Service_Lavasoft Kernexplorer
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-05-14 do 2012-06-14 )))))))))))))))))))))))))))))))
.
.
2012-06-13 13:37 . 2012-06-13 13:42 -------- d-----w- c:\program files\trend micro
2012-06-13 13:37 . 2012-06-13 13:38 -------- d-----w- C:\rsit
2012-06-07 07:35 . 2012-06-07 07:35 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-06-07 07:35 . 2012-06-07 07:35 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-05-29 18:10 . 2012-05-29 18:10 -------- d-----w- c:\documents and settings\Vašek\Local Settings\Data aplikací\CRE
2012-05-24 05:08 . 2012-05-24 05:08 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-24 05:08 . 2012-05-24 05:08 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-31 13:22 . 2002-09-20 16:03 602112 ----a-w- c:\windows\system32\crypt32.dll
2012-04-11 13:55 . 2002-09-20 17:12 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-11 13:55 . 2002-09-20 15:41 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 13:55 . 2002-09-20 15:12 2150400 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-02 03:22 . 2010-06-02 03:22 89944 ----a-w- c:\program files\DSETUP.dll
2010-06-02 03:22 . 2010-06-02 03:22 537432 ----a-w- c:\program files\DXSETUP.exe
2010-06-02 03:22 . 2010-06-02 03:22 1801048 ----a-w- c:\program files\dsetup32.dll
2012-06-07 07:35 . 2011-12-13 20:29 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-13_13.20.12 )))))))))))))))))))))))))))))))))))))))))
.
- 2001-10-25 12:00 . 2012-06-13 05:10 69334 c:\windows\system32\perfc009.dat
+ 2001-10-25 12:00 . 2012-06-14 07:51 69334 c:\windows\system32\perfc009.dat
- 2001-10-25 12:00 . 2012-06-13 05:10 79974 c:\windows\system32\perfc005.dat
+ 2001-10-25 12:00 . 2012-06-14 07:51 79974 c:\windows\system32\perfc005.dat
+ 2001-10-25 12:00 . 2012-06-14 07:51 436438 c:\windows\system32\perfh009.dat
- 2001-10-25 12:00 . 2012-06-13 05:10 436438 c:\windows\system32\perfh009.dat
+ 2001-10-25 12:00 . 2012-06-14 07:51 433010 c:\windows\system32\perfh005.dat
- 2001-10-25 12:00 . 2012-06-13 05:10 433010 c:\windows\system32\perfh005.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-28 16132608]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2008-06-02 102400]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-06-02 858632]
"DoroServer"="c:\program files\DoroPDFWriter\DoroServer.exe" [2010-10-12 167936]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Vašek\Nabídka Start\Programy\Po spuštění\
Kooperativa - PDF Server.lnk - c:\program files\Kooperativa\KoopPxBN\KoopPDFServerSA.exe [2010-12-14 2464768]
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
Screen Saver Control.lnk - c:\windows\FSScrCtl.exe [2009-11-30 249344]
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-4-1 568176]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [26.10.10 8:08 64288]
R0 phmcd;phmcd;c:\windows\system32\drivers\phmcd.sys [01.03.08 7:57 63488]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [06.01.09 8:18 691696]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [12.02.12 18:59 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [12.02.12 18:59 337880]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12.02.12 18:59 20696]
R2 eISISTomcat;eISIS Tomcat;c:\eisis\servers\tomcat\bin\tomcat5.exe [11.08.09 16:30 57344]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\bin\fbguard.exe -s --> c:\program files\Firebird\bin\fbguard.exe -s [?]
R2 KoopPdfService;KoopPdfService;c:\program files\Kooperativa\Services\KoopPDFServer.exe [18.10.10 15:44 2220032]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\bin\fbserver.exe -s --> c:\program files\Firebird\bin\fbserver.exe -s [?]
S1 tdx;@%SystemRoot%\system32\tcpipcfg.dll,-50004;c:\windows\system32\DRIVERS\tdx.sys --> c:\windows\system32\DRIVERS\tdx.sys [?]
S2 eISISPostgreSQL;eISIS PostgreSQL Database Server;c:\eisis\servers\postgresql\bin\pg_ctl.exe runservice -N eISISPostgreSQL -D c:\eisis\data\db\data" --> c:\eisis\servers\postgresql\bin\pg_ctl.exe runservice -N eISISPostgreSQL -D c:\eisis\data\db\data [?]
S2 iphlpsvc;@%SystemRoot%\system32\iphlpsvc.dll,-200;c:\windows\System32\svchost.exe -k NetSvcs [25.10.01 14:00 14336]
S3 Huawei;HUAWEI Mobile Connect - USB Smart Card Reader;c:\windows\system32\DRIVERS\ewdcsc.sys --> c:\windows\system32\DRIVERS\ewdcsc.sys [?]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys --> c:\windows\system32\DRIVERS\ewusbdev.sys [?]
S3 WinDefend;Windows Defender;c:\windows\System32\svchost.exe -k secsvcs [25.10.01 14:00 14336]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Vašek\Data aplikací\Mozilla\Firefox\Profiles\ulc7w7ic.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-14 15:41
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1288)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(6968)
c:\windows\system32\btmmhook.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Firebird\bin\fbguard.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Firebird\bin\fbserver.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\WgaTray.exe
c:\windows\RTHDCPL.EXE
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
.
**************************************************************************
.
Celkový čas: 2012-06-14 15:46:38 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-06-14 13:46
ComboFix2.txt 2012-06-13 13:22
ComboFix3.txt 2010-10-25 14:24
.
Před spuštěním: Volných bajtů: 30 427 303 936
Po spuštění: Volných bajtů: 30 324 424 704
.
- - End Of File - - DBFF50DCC310D2AE770ACB03C1CCE009

[Mc_Murphy]

Super, ComboFix spáchal, co měl + ještě nám díky scriptu nalezl infikovaný soubor (vidíš, to je ta síla psaní scriptů, když tomu rozumíš ).

Každopádně mi napiš, jak to vypadá s počítačem nyní a dáme si ještě další scan s OTL, který je - mimo hodně jiného - hodně dobrý konkrétně na toolbary a všeliké jejich zbytky.

Nejprve ale odinstaluješ ComboFix, protože jak tam vidím, žes ho spouštěl už někdy v roce 2010, konkrétně 25. října ve 14:24, tak mě jímá hrůza.

• Přejmenuj tedy ComboFix na Uninstall.
• Spusť jej.

A žádné podvody, v logu z OTL to poznám.


A až to provedeš, tak stáhni OTL z tohoto odkazu a ulož jej na Plochu.

• Pokud používáš Win Vista či Win7, klikni na OTL pravým myšítkem a dej Run As Administrator či Spustit jako správce.
• Pokud používáš 64bitový OS, zkontroluj, zda-li je zaškrtnutý čtvereček Pro 64 bitové OS. Pokud ne, zaškrtni jej.
• Zaškrtni okénko Pro všechny uživatele.
• Zaškrtni okénko Kontrola na havěť "LOP".
• Zaškrtni okénko Kontrola na havěť "Purity".
• Stáři souborů změň z 30 dnů na 7 dnů!!
• Do spodního okénka Vlastní skenování/opravy vlož tento script (pouze zelená písmenka v bílém poli!):

Kód: Vybrat vše

CREATERESTOREPOINT

netsvc
drivers32
savembr:0

/md5start
atapi.sys
autochk.exe
cdrom.sys
explorer.exe
hal.dll
scecli.dll
svchost.exe
tcpip.sys
userinit.exe
winlogon.exe
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe
%userprofile%\Plocha\*.*
%userprofile%\Desktop\*.*
%ALLUSERSPROFILE%\Plocha\*.*
%ALLUSERSPROFILE%\Desktop\*.*
*crack* /s
*keygen* /s
*loader* /s
*RemoveWAT* /s
*minodlogin* /s
*tnod* /s
*TemDono* /s
*AutoKMS* /s
*KMSEmulator* /s
*activator* /s
*serial* /s
*w7lxe* /s
*AutoRearm* /s

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run /s
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run /s

%SystemDrive%\PhysicalMBR.bin /md5

• Klikni na tlačítko [Prohledat].
• Po dokončení skenu se objeví logy OTL.txt a Extras.txt, oba mi sem vlož.
• Logy se nevejdou do jednoho, rozděl je tedy prosím do více příspěvků.

[vava8]

posílám logy z OTL... prosimtě co se dá všechno z těchto logů vyčíst?
OTL logfile created on: 14.06.12 21:01:04 - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Documents and Settings\Vašek\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: dd.MM.yy

2,00 Gb Total Physical Memory | 0,98 Gb Available Physical Memory | 48,79% Memory free
3,85 Gb Paging File | 3,06 Gb Available in Paging File | 79,66% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 35,98 Gb Free Space | 24,14% Space Free | Partition Type: NTFS
Drive E: | 149,04 Gb Total Space | 144,64 Gb Free Space | 97,05% Space Free | Partition Type: NTFS

Computer Name: NOTEBOOK | User Name: Vašek | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - [2012.06.14 20:57:25 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vašek\Plocha\OTL.exe
PRC - [2012.06.07 09:35:22 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012.03.07 02:15:17 | 004,241,512 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012.03.07 02:15:14 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011.01.17 16:37:42 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2011.01.17 16:37:42 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010.10.12 22:13:34 | 000,167,936 | ---- | M] (CompSoft) -- C:\Program Files\DoroPDFWriter\DoroServer.exe
PRC - [2010.04.12 10:40:16 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
PRC - [2009.11.30 22:06:57 | 000,249,344 | ---- | M] (Stardust Software) -- C:\WINDOWS\FSScrCtl.exe
PRC - [2009.03.10 22:18:18 | 000,969,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WgaTray.exe
PRC - [2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.12.12 02:05:04 | 001,531,989 | ---- | M] (The Firebird Project) -- C:\Program Files\Firebird\bin\fbserver.exe
PRC - [2007.12.12 02:05:04 | 000,065,536 | ---- | M] (The Firebird Project) -- C:\Program Files\Firebird\bin\fbguard.exe
PRC - [2007.08.24 17:35:26 | 000,057,344 | ---- | M] (Apache Software Foundation) -- c:\eISIS\servers\tomcat\bin\tomcat5.exe
PRC - [2007.04.01 09:02:38 | 000,568,176 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe


========== Modules (No Company Name) ==========

MOD - [2012.06.14 07:16:25 | 001,768,960 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12061400\algo.dll
MOD - [2012.06.07 09:35:20 | 002,042,848 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012.05.24 07:08:17 | 008,797,856 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
MOD - [2012.04.20 10:36:51 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2007.04.01 09:00:28 | 002,842,624 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll
MOD - [2007.04.01 08:57:16 | 000,053,248 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- %ProgramFiles%\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - File not found [Auto | Stopped] -- %SystemRoot%\System32\iphlpsvc.dll -- (iphlpsvc)
SRV - [2012.03.07 02:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010.11.19 13:33:22 | 002,220,032 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Kooperativa\Services\KoopPDFServer.exe -- (KoopPdfService)
SRV - [2009.01.03 08:00:39 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008.01.04 08:49:16 | 000,079,948 | ---- | M] (PostgreSQL Global Development Group) [Auto | Stopped] -- c:\eISIS\servers\postgresql\bin\pg_ctl.exe -- (eISISPostgreSQL)
SRV - [2007.12.12 02:05:04 | 001,531,989 | ---- | M] (The Firebird Project) [On_Demand | Running] -- C:\Program Files\Firebird\bin\fbserver.exe -- (FirebirdServerDefaultInstance)
SRV - [2007.12.12 02:05:04 | 000,065,536 | ---- | M] (The Firebird Project) [Auto | Running] -- C:\Program Files\Firebird\bin\fbguard.exe -- (FirebirdGuardianDefaultInstance)
SRV - [2007.08.24 17:35:26 | 000,057,344 | ---- | M] (Apache Software Foundation) [Auto | Running] -- c:\eISIS\servers\tomcat\bin\tomcat5.exe -- (eISISTomcat)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | System | Stopped] -- system32\DRIVERS\tdx.sys -- (tdx)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\DRIVERS\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\uninstal\mbr.sys -- (mbr)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbdev.sys -- (hwusbdev)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewdcsc.sys -- (Huawei)
DRV - File not found [Kernel | On_Demand | Running] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2012.03.07 02:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012.03.07 02:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012.03.07 02:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012.03.07 02:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012.03.07 02:01:39 | 000,095,704 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012.03.07 02:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012.03.07 01:58:29 | 000,024,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010.11.05 14:05:19 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2010.08.12 14:15:20 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\Lbd.sys -- (Lbd)
DRV - [2010.04.12 10:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2010.02.11 14:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2008.11.17 16:23:16 | 003,636,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel(R)
DRV - [2008.05.30 17:28:34 | 002,880,512 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008.04.13 20:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\changer.sys -- (Changer)
DRV - [2008.04.13 20:40:26 | 000,034,688 | ---- | M] (Toshiba Corp.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\lbrtfdc.sys -- (lbrtfdc)
DRV - [2008.03.06 19:57:38 | 000,063,488 | ---- | M] (Phantombility, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\phmcd.sys -- (phmcd)
DRV - [2007.05.30 14:04:56 | 004,424,192 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007.05.01 21:52:00 | 000,290,816 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2007.03.31 13:02:42 | 000,876,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2007.03.31 13:02:40 | 000,055,352 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2007.03.23 10:50:42 | 000,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2007.03.23 10:50:24 | 000,149,123 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2007.03.23 10:50:08 | 000,037,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2007.03.23 10:49:54 | 000,539,072 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2007.02.16 16:46:00 | 000,160,256 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006.12.22 05:56:44 | 000,988,800 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006.12.22 05:56:00 | 000,209,664 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006.12.22 05:55:56 | 000,730,112 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {D5D47440-0750-463D-BAEF-A47D02414806}
IE - HKLM\..\SearchScopes\{D5D47440-0750-463D-BAEF-A47D02414806}: "URL" = http://search.centrum.cz/index.php?q={s ... trum-1.0.0


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-823518204-839522115-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-823518204-839522115-725345543-1003\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKU\S-1-5-21-823518204-839522115-725345543-1003\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search/web?q={searchTerms}
IE - HKU\S-1-5-21-823518204-839522115-725345543-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.as ... =CT3072253
IE - HKU\S-1-5-21-823518204-839522115-725345543-1003\..\SearchScopes\{D5D47440-0750-463D-BAEF-A47D02414806}: "URL" = http://search.centrum.cz/index.php?q={s ... trum-1.0.0
IE - HKU\S-1-5-21-823518204-839522115-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaultthis.engineName: "uTorrentControl2 Customized Web Search"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/?AF=109217&ba ... 1f3b110859"
FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.2.5.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.as ... ource=2&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.03.17 23:18:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.07 09:35:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.12.13 22:29:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

[2010.05.18 09:59:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Vašek\Data aplikací\Mozilla\Extensions
[2012.05.30 08:38:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Vašek\Data aplikací\Mozilla\Firefox\Profiles\ulc7w7ic.default\extensions
[2012.05.30 08:38:23 | 000,000,000 | ---D | M] (NCH EN Community Toolbar) -- C:\Documents and Settings\Vašek\Data aplikací\Mozilla\Firefox\Profiles\ulc7w7ic.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}
[2012.05.30 08:38:27 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Documents and Settings\Vašek\Data aplikací\Mozilla\Firefox\Profiles\ulc7w7ic.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
[2012.05.30 08:38:31 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Documents and Settings\Vašek\Data aplikací\Mozilla\Firefox\Profiles\ulc7w7ic.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2012.02.28 19:56:12 | 000,000,000 | ---D | M] (Babylon) -- C:\Documents and Settings\Vašek\Data aplikací\Mozilla\Firefox\Profiles\ulc7w7ic.default\extensions\ffxtlbr@babylon.com
[2012.04.18 00:39:24 | 000,000,935 | ---- | M] () -- C:\Documents and Settings\Vašek\Data aplikací\Mozilla\Firefox\Profiles\ulc7w7ic.default\searchplugins\conduit.xml
[2010.11.09 09:20:14 | 000,002,059 | ---- | M] () -- C:\Documents and Settings\Vašek\Data aplikací\Mozilla\Firefox\Profiles\ulc7w7ic.default\searchplugins\daemon-search.xml
[2012.03.01 17:00:09 | 000,009,630 | ---- | M] () -- C:\Documents and Settings\Vašek\Data aplikací\Mozilla\Firefox\Profiles\ulc7w7ic.default\searchplugins\my-web-search.xml
[2011.12.13 20:48:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.06.18 18:42:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\VAšEK\DATA APLIKACí\MOZILLA\FIREFOX\PROFILES\ULC7W7IC.DEFAULT\EXTENSIONS\{37483B40-C254-4A72-BDA4-22EE90182C1E}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\VAšEK\DATA APLIKACí\MOZILLA\FIREFOX\PROFILES\ULC7W7IC.DEFAULT\EXTENSIONS\{687578B9-7132-4A7A-80E4-30EE31099E03}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\VAšEK\DATA APLIKACí\MOZILLA\FIREFOX\PROFILES\ULC7W7IC.DEFAULT\EXTENSIONS\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\VAšEK\DATA APLIKACí\MOZILLA\FIREFOX\PROFILES\ULC7W7IC.DEFAULT\EXTENSIONS\FFXTLBR@BABYLON.COM
[2009.02.01 21:22:21 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012.06.07 09:35:22 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2012.06.14 15:41:23 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKU\S-1-5-21-823518204-839522115-725345543-1003\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKU\S-1-5-21-823518204-839522115-725345543-1003\..\Toolbar\WebBrowser: (no name) - {D5D47440-0750-463D-BAEF-A47D02414806} - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DoroServer] C:\Program Files\DoroPDFWriter\DoroServer.exe (CompSoft)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\Vašek\Nabídka Start\Programy\Po spuštění\Kooperativa - PDF Server.lnk = C:\Program Files\Kooperativa\KoopPxBN\KoopPDFServerSA.exe ()
O4 - Startup: C:\Documents and Settings\Vašek\Nabídka Start\Programy\Po spuštění\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\Vašek\Nabídka Start\Programy\Po spuštění\Screen Saver Control.lnk = C:\WINDOWS\FSScrCtl.exe (Stardust Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-823518204-839522115-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-823518204-839522115-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-823518204-839522115-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-823518204-839522115-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-823518204-839522115-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {00000075-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/voxacm.CAB (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.13
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{20D93F92-10A5-4060-8325-676945B9A59B}: DhcpNameServer = 192.168.1.13
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.03.23 19:09:00 | 005,174,294 | ---- | M] () - C:\auto1.rar -- [ NTFS ]
O32 - AutoRun File - [2008.12.26 13:29:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 7 Days ==========

[2012.06.14 20:57:24 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Vašek\Plocha\OTL.exe
[2012.06.14 14:37:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012.06.13 15:37:55 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2012.06.13 15:37:54 | 000,000,000 | ---D | C] -- C:\rsit
[2012.06.13 15:04:16 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Vašek\Nabídka Start\Programy\Nástroje pro správu
[2012.06.11 06:06:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Vašek\Plocha\Nepoužívané odkazy plochy
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Vašek\Plocha\*.tmp files -> C:\Documents and Settings\Vašek\Plocha\*.tmp -> ]

========== Files - Modified Within 7 Days ==========

[2012.06.14 21:02:55 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2012.06.14 20:57:25 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vašek\Plocha\OTL.exe
[2012.06.14 15:41:23 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012.06.14 15:41:15 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.06.14 14:39:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.06.14 09:51:57 | 000,436,438 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.06.14 09:51:57 | 000,433,010 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2012.06.14 09:51:57 | 000,069,334 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.06.14 09:51:56 | 000,079,974 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Vašek\Plocha\*.tmp files -> C:\Documents and Settings\Vašek\Plocha\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.06.14 21:02:55 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2012.02.15 19:40:34 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.05.06 08:14:45 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011.05.06 08:14:45 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2010.12.17 01:07:41 | 000,000,018 | ---- | C] () -- C:\WINDOWS\Winzip32.ini
[2010.11.02 10:57:57 | 000,113,931 | ---- | C] () -- C:\Program Files\MWSnap.chm
[2010.10.25 15:42:39 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010.10.25 15:42:30 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.10.25 12:03:00 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Vašek\Data aplikací\completescan
[2010.10.19 12:06:45 | 000,000,010 | ---- | C] () -- C:\Documents and Settings\Vašek\Data aplikací\install
[2010.09.14 18:10:23 | 000,000,016 | ---- | C] () -- C:\Documents and Settings\NetworkService\Data aplikací\apiqfw.dat
[2010.09.14 18:10:19 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Vašek\Data aplikací\avdrn.dat

========== LOP Check ==========

[2012.02.12 18:59:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
[2012.02.28 19:55:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Babylon
[2009.06.25 19:46:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Backup
[2010.12.04 08:57:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Broadcom
[2009.12.01 20:24:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
[2008.12.28 10:45:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ESET
[2010.12.04 09:07:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\IObit
[2012.02.28 23:02:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Tarma Installer
[2011.02.24 00:19:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Winferno
[2012.02.28 19:55:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vašek\Data aplikací\Babylon
[2009.11.20 08:37:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vašek\Data aplikací\BSplayer Pro
[2008.12.30 13:30:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vašek\Data aplikací\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009.12.01 20:34:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vašek\Data aplikací\DAEMON Tools Lite
[2011.01.05 20:29:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vašek\Data aplikací\IObit
[2012.04.20 10:37:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vašek\Data aplikací\OpenOffice.org
[2010.04.04 20:17:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vašek\Data aplikací\Opera
[2009.03.13 08:23:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vašek\Data aplikací\Simulace2009
[2011.01.25 11:24:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vašek\Data aplikací\Simulace_2009
[2011.02.21 12:06:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vašek\Data aplikací\TeamViewer
[2011.06.22 11:38:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vašek\Data aplikací\Telefónica Móviles
[2009.06.10 11:05:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vašek\Data aplikací\Xerox

========== Purity Check ==========



========== Custom Scans ==========

< >

< netsvc >

< >

< MD5 for: ATAPI.SYS >
[2002.09.20 18:17:54 | 010,174,968 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004.08.17 16:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009.04.01 14:35:23 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004.08.17 16:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2009.04.01 14:35:23 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2002.08.29 01:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[2002.08.29 02:27:50 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2008.04.14 05:22:10 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\cmdcons\autochk.exe
[2008.04.14 05:22:10 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\ServicePackFiles\i386\autochk.exe
[2008.04.14 05:22:10 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\system32\autochk.exe
[2004.08.17 16:49:22 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=CEA8636EC12F062C1ED8A7CB4E75324F -- C:\WINDOWS\$NtServicePackUninstall$\autochk.exe

< MD5 for: CDROM.SYS >
[2002.09.20 18:17:54 | 010,174,968 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:cdrom.sys
[2004.08.17 16:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2009.04.01 14:35:23 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2004.08.17 16:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:cdrom.sys
[2009.04.01 14:35:23 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2004.08.03 23:59:54 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys

< MD5 for: EXPLORER.EXE >
[2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\system32\dllcache\explorer.exe
[2004.08.17 16:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: HAL.DLL >
[2002.09.20 18:17:54 | 010,174,968 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:hal.dll
[2004.08.17 16:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2009.04.01 14:35:23 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2004.08.17 16:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:hal.dll
[2009.04.01 14:35:23 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll
[2008.04.13 20:31:28 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=4329EE7D502C9113EBA0F9570392F5EE -- C:\WINDOWS\system32\HAL.DLL
[2008.04.13 20:31:32 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll
[2004.08.03 23:59:14 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=DFCE51FD96909D1B97D4A1A72D060D77 -- C:\WINDOWS\$NtServicePackUninstall$\hal.dll

< MD5 for: SCECLI.DLL >
[2004.08.17 16:49:18 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008.04.14 05:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008.04.14 05:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 05:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SVCHOST.EXE >
[2008.04.14 05:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ERDNT\cache\svchost.exe
[2008.04.14 05:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008.04.14 05:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe
[2004.08.17 16:49:28 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: TCPIP.SYS >
[2008.06.20 12:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2008.06.20 12:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[2008.04.13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.04.13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\ERDNT\cache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2004.08.04 00:14:42 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe
[2004.08.17 16:49:28 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004.08.17 16:49:28 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 05:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008.04.14 05:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 05:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe

< >

< %systemroot%*.* /U /s >
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[25 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[6 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2012.01.06 22:48:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vašek\Data aplikací\Adobe
[2009.01.03 17:43:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vašek\Data aplikací\Apple Computer
[2008.12.26 13:46:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vašek\Data aplikací\ATI
[2009.01.04 13:46:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vašek\Data aplikací\Avant Profiles
[2009.06.25 19:22:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vašek\Data aplikací\AVG8
[2012.02.28 19:55:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vašek\Data aplikací\Babylon
[2009.11.20 08:37:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vašek\Data aplikací\BSplayer Pro
[2008.12.30 13:30:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vašek\Data aplikací\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009.12.01 20:34:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vašek\Data aplikací\DAEMON Tools Lite
[2011.06.20 13:33:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vašek\Data aplikací\dvdcss
[2009.04.21 10:35:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vašek\Data aplikací\Google
[2009.01.06 20:55:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vašek\Data aplikací\Help
[2008.12.26 13:33:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vašek\Data aplikací\Identities
[2011.12.17 14:20:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vašek\Data aplikací\InstallShield
[2010.09.13 09:48:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vašek\Data aplikací\Intelore
[2011.01.05 20:29:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vašek\Data aplikací\IObit
[2008.12.28 10:52:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vašek\Data aplikací\Macromedia
[2011.01.24 15:13:08 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Vašek\Data aplikací\Microsoft
[2011.04.14 14:38:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vašek\Data aplikací\Mozilla
[2010.01.01 21:16:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vašek\Data aplikací\Nero
[2012.04.20 10:37:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vašek\Data aplikací\OpenOffice.org
[2010.04.04 20:17:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vašek\Data aplikací\Opera
[2010.05.18 17:07:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vašek\Data aplikací\Real
[2009.03.13 08:23:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vašek\Data aplikací\Simulace2009
[2011.01.25 11:24:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vašek\Data aplikací\Simulace_2009
[2012.02.21 22:47:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vašek\Data aplikací\Skype
[2012.02.21 17:10:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vašek\Data aplikací\skypePM
[2009.02.01 21:21:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vašek\Data aplikací\Sun
[2011.02.21 12:06:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vašek\Data aplikací\TeamViewer
[2011.06.22 11:38:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vašek\Data aplikací\Telefónica Móviles
[2008.12.29 19:14:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vašek\Data aplikací\vlc
[2009.01.06 21:16:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vašek\Data aplikací\WinRAR
[2009.06.10 11:05:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Vašek\Data aplikací\Xerox

< %APPDATA%\*.exe /s >
[2012.02.27 15:00:52 | 003,766,432 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\Vašek\Data aplikací\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
[2008.12.26 14:01:54 | 000,057,344 | R--- | M] (Macrovision Corporation) -- C:\Documents and Settings\Vašek\Data aplikací\Microsoft\Installer\{EEBFB406-5846-4F33-96B5-C7BA8FC50F69}\ARPPRODUCTICON.exe
[2010.05.17 14:53:11 | 000,439,816 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\Vašek\Data aplikací\Real\Update\setup3.10\setup.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job >

< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010.11.05 14:05:19 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys

< %systemroot%\System32\config\*.sav >
[2008.12.26 21:24:42 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2008.12.26 21:24:42 | 000,630,784 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2008.12.26 21:24:42 | 000,425,984 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2012.06.14 09:51:56 | 000,079,974 | ---- | M] () -- C:\WINDOWS\system32\perfc005.dat
[2012.06.14 09:51:57 | 000,069,334 | ---- | M] () -- C:\WINDOWS\system32\perfc009.dat
[2012.06.14 09:51:57 | 000,433,010 | ---- | M] () -- C:\WINDOWS\system32\perfh005.dat
[2012.06.14 09:51:57 | 000,436,438 | ---- | M] () -- C:\WINDOWS\system32\perfh009.dat
[2012.06.14 09:51:54 | 001,031,542 | ---- | M] () -- C:\WINDOWS\system32\PerfStringBackup.INI
[2012.06.14 15:41:15 | 000,002,206 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl

< %SYSTEMDRIVE%\*.exe >

< %userprofile%\Plocha\*.* >
[2012.06.04 16:58:28 | 000,404,480 | ---- | M] () -- C:\Documents and Settings\Vašek\Plocha\ks_vasudeva.xls
[2002.07.06 18:45:42 | 000,427,008 | ---- | M] (Mirek Wojtowicz) -- C:\Documents and Settings\Vašek\Plocha\MWSnap.exe
[2012.06.14 20:57:25 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Vašek\Plocha\OTL.exe
[2012.05.01 20:27:02 | 000,010,216 | ---- | M] () -- C:\Documents and Settings\Vašek\Plocha\Rajčata smetana hrášek panýr.docx
[2012.06.13 15:47:38 | 000,030,756 | ---- | M] () -- C:\Documents and Settings\Vašek\Plocha\RSIT.txt
[2012.03.28 21:56:07 | 000,029,927 | ---- | M] () -- C:\Documents and Settings\Vašek\Plocha\Saffron Rice.docx
[2011.05.09 07:43:05 | 001,628,074 | ---- | M] () -- C:\Documents and Settings\Vašek\Plocha\vime-co-jime.pdf
[2012.02.11 16:38:08 | 000,011,763 | ---- | M] () -- C:\Documents and Settings\Vašek\Plocha\Zmrzlina kontakty.docx
[2012.06.04 12:19:02 | 000,402,944 | ---- | M] () -- C:\Documents and Settings\Vašek\Plocha\Záloha ks_vasudeva.xlk
[2011.02.27 20:54:56 | 000,000,330 | ---- | M] () -- C:\Documents and Settings\Vašek\Plocha\Zástupce - Dokumenty.lnk
[2010.09.23 09:21:49 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Vašek\Plocha\Zástupce - Tento počítač.lnk
[2011.06.27 14:21:30 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Vašek\Plocha\~$ar sir.docx
[2011.10.16 21:12:22 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Vašek\Plocha\~$ma om visnu 22011.docx
[2010.05.22 14:55:22 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Vašek\Plocha\~$s_divine_grace-NA_ISTO3(2).rtf
[2011.02.03 19:43:44 | 000,000,165 | -H-- | M] () -- C:\Documents and Settings\Vašek\Plocha\~$tabulka Góvinda.xlsx
[2012.05.21 13:57:45 | 000,038,912 | ---- | M] () -- C:\Documents and Settings\Vašek\Plocha\Župní a krajské slety 2012 - termíny.xls
[1 C:\Documents and Settings\Vašek\Plocha\*.tmp files -> C:\Documents and Settings\Vašek\Plocha\*.tmp -> ]

< %userprofile%\Desktop\*.* >

< %ALLUSERSPROFILE%\Plocha\*.* >
[2010.05.18 09:58:49 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Mozilla Firefox.lnk

< %ALLUSERSPROFILE%\Desktop\*.* >

< *crack* /s >

< *keygen* /s >

< *loader* /s >
[2012.04.18 00:39:24 | 000,010,145 | ---- | M] () -- \Documents and Settings\Vašek\Data aplikací\Mozilla\Firefox\Profiles\ulc7w7ic.default\conduitCommon\modules\3.12.0.8\ExternalLibraryLoader.jsm
[2012.04.30 16:50:42 | 000,010,145 | ---- | M] () -- \Documents and Settings\Vašek\Data aplikací\Mozilla\Firefox\Profiles\ulc7w7ic.default\conduitCommon\modules\3.12.2.3\ExternalLibraryLoader.jsm
[2012.01.05 14:50:44 | 000,010,144 | ---- | M] () -- \Documents and Settings\Vašek\Data aplikací\Mozilla\Firefox\Profiles\ulc7w7ic.default\conduitCommon\modules\3.9.0.3\ExternalLibraryLoader.jsm
[2012.05.30 08:43:20 | 000,010,145 | ---- | M] () -- \Documents and Settings\Vašek\Data aplikací\Mozilla\Firefox\Profiles\ulc7w7ic.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}\modules\ExternalLibraryLoader.jsm
[2012.05.30 08:43:28 | 000,010,145 | ---- | M] () -- \Documents and Settings\Vašek\Data aplikací\Mozilla\Firefox\Profiles\ulc7w7ic.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\modules\ExternalLibraryLoader.jsm
[2012.05.30 08:45:30 | 000,010,145 | ---- | M] () -- \Documents and Settings\Vašek\Data aplikací\Mozilla\Firefox\Profiles\ulc7w7ic.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules\ExternalLibraryLoader.jsm
[2009.01.09 20:33:48 | 000,006,308 | ---- | M] () -- \OpenOfficePortable\App\openoffice\Basis\program\pythonloader.py
[2008.12.15 13:50:28 | 000,011,776 | ---- | M] () -- \OpenOfficePortable\App\openoffice\Basis\program\pythonloader.uno.dll
[2009.01.09 20:54:22 | 000,000,171 | ---- | M] () -- \OpenOfficePortable\App\openoffice\Basis\program\pythonloader.uno.ini
[2008.12.15 13:03:06 | 000,013,824 | ---- | M] () -- \OpenOfficePortable\App\openoffice\URE\bin\javaloader.uno.dll
[2008.07.29 15:26:36 | 000,003,688 | ---- | M] () -- \OpenOfficePortable\App\openoffice\URE\java\unoloader.jar
[2007.03.14 20:21:36 | 004,937,904 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS3\Photodownloader.exe
[2007.03.14 18:07:28 | 000,011,161 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS3\apd\shared_assets\bitmaps\main_window\C_LoadError.png
[2007.03.14 18:07:28 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS3\apd\shared_assets\locales\da_dk\Photodownloader.ini
[2007.03.14 18:07:28 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS3\apd\shared_assets\locales\de_de\Photodownloader.ini
[2007.03.14 18:07:28 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS3\apd\shared_assets\locales\en_us\Photodownloader.ini
[2007.03.14 18:07:28 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS3\apd\shared_assets\locales\es_es\Photodownloader.ini
[2007.03.14 18:07:28 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS3\apd\shared_assets\locales\fi_fi\Photodownloader.ini
[2007.03.14 18:07:28 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS3\apd\shared_assets\locales\fr_fr\Photodownloader.ini
[2007.03.14 18:07:28 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS3\apd\shared_assets\locales\it_it\Photodownloader.ini
[2007.03.14 18:07:28 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS3\apd\shared_assets\locales\ja_jp\Photodownloader.ini
[2007.03.14 18:07:28 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS3\apd\shared_assets\locales\ko_kr\Photodownloader.ini
[2007.03.14 18:07:28 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS3\apd\shared_assets\locales\nl_nl\Photodownloader.ini
[2007.03.14 18:07:28 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS3\apd\shared_assets\locales\no_no\Photodownloader.ini
[2007.03.14 18:07:28 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS3\apd\shared_assets\locales\pt_br\Photodownloader.ini
[2007.03.14 18:07:30 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS3\apd\shared_assets\locales\sv_se\Photodownloader.ini
[2007.03.14 18:07:30 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS3\apd\shared_assets\locales\zh_cn\Photodownloader.ini
[2007.03.14 18:07:30 | 000,000,011 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS3\apd\shared_assets\locales\zh_tw\Photodownloader.ini
[2007.03.14 18:10:18 | 000,088,333 | ---- | M] () -- \Program Files\Common Files\Adobe\Help\ar_AE\Bridge\2.0\images\br_photo_downloader.png
[2007.03.14 18:10:20 | 000,025,188 | ---- | M] () -- \Program Files\Common Files\Adobe\Help\cs_CZ\Bridge\2.0\images\br_photo_downloader.png
[2007.03.14 18:10:26 | 000,032,022 | ---- | M] () -- \Program Files\Common Files\Adobe\Help\da_DK\Bridge\2.0\images\br_photo_downloader.png
[2007.03.14 18:10:28 | 000,032,216 | ---- | M] () -- \Program Files\Common Files\Adobe\Help\de_DE\Bridge\2.0\images\br_photo_downloader.png
[2007.03.14 18:10:30 | 000,027,655 | ---- | M] () -- \Program Files\Common Files\Adobe\Help\el_GR\Bridge\2.0\images\br_photo_downloader.png
[2007.03.14 18:10:36 | 000,030,891 | ---- | M] () -- \Program Files\Common Files\Adobe\Help\en_US\Bridge\2.0\images\br_photo_downloader.png
[2007.03.14 18:10:38 | 000,032,399 | ---- | M] () -- \Program Files\Common Files\Adobe\Help\es_ES\Bridge\2.0\images\br_photo_downloader.png
[2007.03.14 18:10:42 | 000,032,333 | ---- | M] () -- \Program Files\Common Files\Adobe\Help\fi_FI\Bridge\2.0\images\br_photo_downloader.png
[2007.03.14 18:10:42 | 000,032,393 | ---- | M] () -- \Program Files\Common Files\Adobe\Help\fr_FR\Bridge\2.0\images\br_photo_downloader.png
[2007.03.14 18:10:46 | 000,022,871 | ---- | M] () -- \Program Files\Common Files\Adobe\Help\he_IL\Bridge\2.0\images\br_photo_downloader.png
[2007.03.14 18:10:48 | 000,025,272 | ---- | M] () -- \Program Files\Common Files\Adobe\Help\hu_HU\Bridge\2.0\images\br_photo_downloader.png
[2007.03.14 18:10:50 | 000,032,109 | ---- | M] () -- \Program Files\Common Files\Adobe\Help\it_IT\Bridge\2.0\images\br_photo_downloader.png
[2007.03.14 18:10:50 | 000,032,441 | ---- | M] () -- \Program Files\Common Files\Adobe\Help\ja_JP\Bridge\2.0\images\br_photo_downloader.png
[2007.03.14 18:10:52 | 000,032,499 | ---- | M] () -- \Program Files\Common Files\Adobe\Help\ko_KR\Bridge\2.0\images\br_photo_downloader.png
[2007.03.14 18:10:54 | 000,032,074 | ---- | M] () -- \Program Files\Common Files\Adobe\Help\nb_NO\Bridge\2.0\images\br_photo_downloader.png
[2007.03.14 18:10:56 | 000,032,110 | ---- | M] () -- \Program Files\Common Files\Adobe\Help\nl_NL\Bridge\2.0\images\br_photo_downloader.png
[2007.03.14 18:10:58 | 000,024,996 | ---- | M] () -- \Program Files\Common Files\Adobe\Help\pl_PL\Bridge\2.0\images\br_photo_downloader.png
[2007.03.14 18:11:00 | 000,031,772 | ---- | M] () -- \Program Files\Common Files\Adobe\Help\pt_BR\Bridge\2.0\images\br_photo_downloader.png
[2007.03.14 18:11:02 | 000,024,463 | ---- | M] () -- \Program Files\Common Files\Adobe\Help\ro_RO\Bridge\2.0\images\br_photo_downloader.png
[2007.03.14 18:11:04 | 000,025,054 | ---- | M] () -- \Program Files\Common Files\Adobe\Help\ru_RU\Bridge\2.0\images\br_photo_downloader.png
[2007.03.14 18:11:06 | 000,032,171 | ---- | M] () -- \Program Files\Common Files\Adobe\Help\sv_SE\Bridge\2.0\images\br_photo_downloader.png
[2007.03.14 18:11:06 | 000,024,411 | ---- | M] () -- \Program Files\Common Files\Adobe\Help\tr_TR\Bridge\2.0\images\br_photo_downloader.png
[2007.03.14 18:11:08 | 000,025,525 | ---- | M] () -- \Program Files\Common Files\Adobe\Help\uk_UA\Bridge\2.0\images\br_photo_downloader.png
[2007.03.14 18:11:10 | 000,032,741 | ---- | M] () -- \Program Files\Common Files\Adobe\Help\zh_CN\Bridge\2.0\images\br_photo_downloader.png
[2007.03.14 18:11:10 | 000,032,833 | ---- | M] () -- \Program Files\Common Files\Adobe\Help\zh_TW\Bridge\2.0\images\br_photo_downloader.png
[2007.03.08 17:35:32 | 000,004,239 | ---- | M] () -- \Program Files\Common Files\Adobe\Startup Scripts CS3\Adobe Version Cue\VersionCueSDKLoader.jsx
[2006.10.26 14:40:34 | 000,057,344 | ---- | M] () -- \Program Files\Common Files\Microsoft Shared\VS7DEBUG\coloader.dll
[2006.10.26 14:40:34 | 000,005,120 | ---- | M] () -- \Program Files\Common Files\Microsoft Shared\VS7DEBUG\coloader.tlb
[2011.01.17 16:21:04 | 000,006,263 | ---- | M] () -- \Program Files\OpenOffice.org 3\Basis\program\pythonloader.py
[2012.04.20 10:36:46 | 000,021,504 | ---- | M] () -- \Program Files\OpenOffice.org 3\Basis\program\pythonloader.uno.dll
[2011.01.17 17:00:08 | 000,000,171 | ---- | M] () -- \Program Files\OpenOffice.org 3\Basis\program\pythonloader.uno.ini
[2012.04.20 10:37:02 | 000,029,184 | ---- | M] () -- \Program Files\OpenOffice.org 3\URE\bin\javaloader.uno.dll
[2010.11.19 12:24:20 | 000,003,689 | ---- | M] () -- \Program Files\OpenOffice.org 3\URE\java\unoloader.jar
[2010.02.02 05:33:46 | 000,006,308 | ---- | M] () -- \Program Files\OpenOfficePortable\App\openoffice\Basis\program\pythonloader.py
[2010.02.19 07:10:04 | 000,011,264 | ---- | M] () -- \Program Files\OpenOfficePortable\App\openoffice\Basis\program\pythonloader.uno.dll
[2010.02.02 06:05:24 | 000,000,171 | ---- | M] () -- \Program Files\OpenOfficePortable\App\openoffice\Basis\program\pythonloader.uno.ini
[2010.02.19 07:10:08 | 000,013,824 | ---- | M] () -- \Program Files\OpenOfficePortable\App\openoffice\URE\bin\javaloader.uno.dll
[2009.09.25 22:59:52 | 000,003,686 | ---- | M] () -- \Program Files\OpenOfficePortable\App\openoffice\URE\java\unoloader.jar
[2008.06.20 20:13:32 | 000,044,032 | ---- | M] () -- \Program Files\WinRAR\RarExtLoader.exe
[2004.08.17 16:49:06 | 000,035,840 | ---- | M] () -- \WINDOWS\$NtServicePackUninstall$\dmloader.dll
[2004.08.03 23:59:38 | 000,230,400 | ---- | M] () -- \WINDOWS\$NtServicePackUninstall$\osloader.exe
[2004.08.03 23:59:38 | 000,278,016 | ---- | M] () -- \WINDOWS\$NtServicePackUninstall$\osloader.ntd
[2010.11.09 10:04:13 | 000,082,784 | ---- | M] () -- \WINDOWS\assembly\GAC\IALoader\1.7.6223.0__31bf3856ad364e35\IALoader.dll
[2008.04.14 05:21:39 | 000,035,840 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\dmloader.dll
[2008.04.13 20:31:47 | 000,230,912 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\osloader.exe
[2008.04.13 20:31:48 | 000,278,528 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\osloader.ntd
[2008.04.14 05:21:39 | 000,035,840 | ---- | M] () -- \WINDOWS\system32\dmloader.dll

< *RemoveWAT* /s >

< *minodlogin* /s >

< *tnod* /s >

< *TemDono* /s >

< *AutoKMS* /s >

< *KMSEmulator* /s >

< *activator* /s >

< *serial* /s >
[2004.08.17 15:44:16 | 000,030,301 | ---- | M] () -- \cmdcons\SERIAL.SY_
[2012.03.04 13:32:11 | 000,395,094 | ---- | M] () -- \Documents and Settings\Vašek\Dokumenty\recepty\Serialising galore.docx
[2011.02.12 19:51:11 | 000,001,860 | ---- | M] () -- \eISIS\servers\tomcat\work\Catalina\localhost\eISIS\loader\org\apache\xerces\impl\msg\XMLSerializerMessages.properties
[2007.03.14 18:05:52 | 000,001,673 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS3\LMResources\BadSerialNumberAlert.exv
[2007.03.14 18:05:52 | 000,001,545 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS3\LMResources\CantChangeSerialNumberAlert.exv
[2007.03.14 18:05:52 | 000,001,639 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS3\LMResources\InValidUpGradeSerialNumberAlert.exv
[2007.03.14 18:05:52 | 000,000,833 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS3\LMResources\ReserializeAlert.exv
[2007.03.14 18:05:52 | 000,028,474 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS3\LMResources\SerializationWF.exv
[2007.03.14 18:05:52 | 000,001,695 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS3\LMResources\ar_AE\BadSerialNumberAlert.exv
[2007.03.14 18:05:52 | 000,001,567 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS3\LMResources\ar_AE\CantChangeSerialNumberAlert.exv
[2007.03.14 18:05:52 | 000,001,661 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS3\LMResources\ar_AE\InValidUpGradeSerialNumberAlert.exv
[2007.03.14 18:05:52 | 000,000,855 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS3\LMResources\ar_AE\ReserializeAlert.exv
[2007.03.14 18:05:52 | 000,028,485 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS3\LMResources\ar_AE\SerializationWF.exv
[2007.03.14 18:05:54 | 000,001,695 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS3\LMResources\he_IL\BadSerialNumberAlert.exv
[2007.03.14 18:05:54 | 000,001,567 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS3\LMResources\he_IL\CantChangeSerialNumberAlert.exv
[2007.03.14 18:05:54 | 000,001,661 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS3\LMResources\he_IL\InValidUpGradeSerialNumberAlert.exv
[2007.03.14 18:05:54 | 000,000,855 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS3\LMResources\he_IL\ReserializeAlert.exv
[2007.03.14 18:05:54 | 000,028,485 | ---- | M] () -- \Program Files\Adobe\Adobe Bridge CS3\LMResources\he_IL\SerializationWF.exv
[2007.03.15 11:19:10 | 000,001,673 | ---- | M] () -- \Program Files\Adobe\Adobe Device Central CS3\LMResources\BadSerialNumberAlert.exv
[2007.03.15 11:19:10 | 000,001,545 | ---- | M] () -- \Program Files\Adobe\Adobe Device Central CS3\LMResources\CantChangeSerialNumberAlert.exv
[2007.03.15 11:19:10 | 000,001,639 | ---- | M] () -- \Program Files\Adobe\Adobe Device Central CS3\LMResources\InValidUpGradeSerialNumberAlert.exv
[2007.03.15 11:19:10 | 000,000,833 | ---- | M] () -- \Program Files\Adobe\Adobe Device Central CS3\LMResources\ReserializeAlert.exv
[2007.03.15 11:19:10 | 000,028,474 | ---- | M] () -- \Program Files\Adobe\Adobe Device Central CS3\LMResources\SerializationWF.exv
[2007.03.15 11:19:10 | 000,001,695 | ---- | M] () -- \Program Files\Adobe\Adobe Device Central CS3\LMResources\ar_AE\BadSerialNumberAlert.exv
[2007.03.15 11:19:10 | 000,001,567 | ---- | M] () -- \Program Files\Adobe\Adobe Device Central CS3\LMResources\ar_AE\CantChangeSerialNumberAlert.exv
[2007.03.15 11:19:10 | 000,001,661 | ---- | M] () -- \Program Files\Adobe\Adobe Device Central CS3\LMResources\ar_AE\InValidUpGradeSerialNumberAlert.exv
[2007.03.15 11:19:10 | 000,000,855 | ---- | M] () -- \Program Files\Adobe\Adobe Device Central CS3\LMResources\ar_AE\ReserializeAlert.exv
[2007.03.15 11:19:12 | 000,028,485 | ---- | M] () -- \Program Files\Adobe\Adobe Device Central CS3\LMResources\ar_AE\SerializationWF.exv
[2007.03.15 11:19:14 | 000,001,695 | ---- | M] () -- \Program Files\Adobe\Adobe Device Central CS3\LMResources\he_IL\BadSerialNumberAlert.exv
[2007.03.15 11:19:14 | 000,001,567 | ---- | M] () -- \Program Files\Adobe\Adobe Device Central CS3\LMResources\he_IL\CantChangeSerialNumberAlert.exv
[2007.03.15 11:19:14 | 000,001,661 | ---- | M] () -- \Program Files\Adobe\Adobe Device Central CS3\LMResources\he_IL\InValidUpGradeSerialNumberAlert.exv
[2007.03.15 11:19:16 | 000,000,855 | ---- | M] () -- \Program Files\Adobe\Adobe Device Central CS3\LMResources\he_IL\ReserializeAlert.exv
[2007.03.15 11:19:16 | 000,028,485 | ---- | M] () -- \Program Files\Adobe\Adobe Device Central CS3\LMResources\he_IL\SerializationWF.exv
[2007.03.21 21:53:12 | 000,001,673 | ---- | M] () -- \Program Files\Adobe\Adobe Photoshop CS3\LMResources\BadSerialNumberAlert.exv
[2007.03.21 21:53:12 | 000,001,545 | ---- | M] () -- \Program Files\Adobe\Adobe Photoshop CS3\LMResources\CantChangeSerialNumberAlert.exv
[2007.03.21 21:53:12 | 000,001,639 | ---- | M] () -- \Program Files\Adobe\Adobe Photoshop CS3\LMResources\InValidUpGradeSerialNumberAlert.exv
[2007.03.21 21:53:12 | 000,000,833 | ---- | M] () -- \Program Files\Adobe\Adobe Photoshop CS3\LMResources\ReserializeAlert.exv
[2007.03.21 21:53:12 | 000,028,474 | ---- | M] () -- \Program Files\Adobe\Adobe Photoshop CS3\LMResources\SerializationWF.exv
[2007.03.21 21:53:14 | 000,001,695 | ---- | M] () -- \Program Files\Adobe\Adobe Photoshop CS3\LMResources\ar_ae\BadSerialNumberAlert.exv
[2007.03.21 21:53:14 | 000,001,567 | ---- | M] () -- \Program Files\Adobe\Adobe Photoshop CS3\LMResources\ar_ae\CantChangeSerialNumberAlert.exv
[2007.03.21 21:53:14 | 000,001,661 | ---- | M] () -- \Program Files\Adobe\Adobe Photoshop CS3\LMResources\ar_ae\InValidUpGradeSerialNumberAlert.exv
[2007.03.21 21:53:14 | 000,000,855 | ---- | M] () -- \Program Files\Adobe\Adobe Photoshop CS3\LMResources\ar_ae\ReserializeAlert.exv
[2007.03.21 21:53:14 | 000,028,485 | ---- | M] () -- \Program Files\Adobe\Adobe Photoshop CS3\LMResources\ar_ae\SerializationWF.exv
[2007.03.21 21:53:14 | 000,001,695 | ---- | M] () -- \Program Files\Adobe\Adobe Photoshop CS3\LMResources\he_il\BadSerialNumberAlert.exv
[2007.03.21 21:53:14 | 000,001,567 | ---- | M] () -- \Program Files\Adobe\Adobe Photoshop CS3\LMResources\he_il\CantChangeSerialNumberAlert.exv
[2007.03.21 21:53:14 | 000,001,661 | ---- | M] () -- \Program Files\Adobe\Adobe Photoshop CS3\LMResources\he_il\InValidUpGradeSerialNumberAlert.exv
[2007.03.21 21:53:14 | 000,000,855 | ---- | M] () -- \Program Files\Adobe\Adobe Photoshop CS3\LMResources\he_il\ReserializeAlert.exv
[2007.03.21 21:53:14 | 000,028,485 | ---- | M] () -- \Program Files\Adobe\Adobe Photoshop CS3\LMResources\he_il\SerializationWF.exv
[2011.03.10 00:43:26 | 000,413,696 | ---- | M] () -- \Program Files\Microsoft Silverlight\4.0.60310.0\System.Runtime.Serialization.dll
[2011.05.27 18:04:41 | 001,186,816 | ---- | M] () -- \Program Files\Microsoft Silverlight\4.0.60310.0\System.Runtime.Serialization.ni.dll
[2010.04.08 00:48:30 | 000,970,752 | ---- | M] () -- \Program Files\Reference Assemblies\Microsoft\Framework\v3.0\System.Runtime.Serialization.dll
[2004.08.17 16:43:56 | 000,028,416 | ---- | M] () -- \WINDOWS\$NtServicePackUninstall$\grserial.sys
[2004.08.17 16:44:16 | 000,064,640 | ---- | M] () -- \WINDOWS\$NtServicePackUninstall$\serial.sys
[2010.11.24 11:46:58 | 000,011,776 | ---- | M] () -- \WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap.resources\2.0.0.0_cs_b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2012.05.12 15:05:25 | 000,131,072 | ---- | M] () -- \WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
[2010.11.24 11:47:10 | 000,090,112 | ---- | M] () -- \WINDOWS\assembly\GAC_MSIL\system.runtime.serialization.resources\3.0.0.0_cs_b77a5c561934e089\System.RunTime.Serialization.Resources.dll
[2010.11.28 12:34:22 | 000,970,752 | ---- | M] () -- \WINDOWS\assembly\GAC_MSIL\System.Runtime.Serialization\3.0.0.0__b77a5c561934e089\System.Runtime.Serialization.dll
[2012.02.20 13:24:35 | 000,311,296 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\1335dd98ce5ce22ad1f51cc274ca5a1d\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2012.05.12 15:11:08 | 002,345,472 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\505e12638acd6fdb22e1fd2d4c6fc232\System.Runtime.Serialization.ni.dll
[2012.05.12 15:08:11 | 000,311,296 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\a644ec04e18202b60f9d828bc207972b\System.Runtime.Serialization.Formatters.Soap.ni.dll
[2012.02.20 14:04:12 | 002,345,472 | ---- | M] () -- \WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\f2532204217dc10f152afd077b09927c\System.Runtime.Serialization.ni.dll
[2009.01.17 15:22:53 | 000,929,792 | ---- | M] () -- \WINDOWS\assembly\tmp\HS09HPY6\System.Runtime.Serialization.dll
[2008.07.25 12:17:00 | 000,131,072 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
[2008.09.10 18:46:28 | 000,011,776 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v2.0.50727\cs\System.Runtime.Serialization.Formatters.Soap.resources.dll
[2010.04.08 00:48:30 | 000,970,752 | ---- | M] () -- \WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\System.Runtime.Serialization.dll
[2008.04.14 04:17:25 | 000,028,416 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\grserial.sys
[2008.04.14 04:21:08 | 000,064,256 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\serial.sys
[2004.07.19 19:54:20 | 000,131,072 | ---- | M] () -- \WINDOWS\ServicePackFiles\i386\system.runtime.serialization.formatters.soap.dll
[2001.10.25 14:00:00 | 000,053,520 | ---- | M] () -- \WINDOWS\system32\dpserial.dll
[2001.10.25 14:00:00 | 000,014,336 | ---- | M] () -- \WINDOWS\system32\serialui.dll
[2001.10.25 14:00:00 | 000,053,520 | ---- | M] () -- \WINDOWS\system32\dllcache\dpserial.dll
[2008.04.14 04:21:08 | 000,064,256 | ---- | M] () -- \WINDOWS\system32\dllcache\serial.sys
[2001.10.25 14:00:00 | 000,014,336 | ---- | M] () -- \WINDOWS\system32\dllcache\serialui.dll
[2008.04.14 04:21:08 | 000,064,256 | ---- | M] () -- \WINDOWS\system32\drivers\Serial.sys

< *w7lxe* /s >

< *AutoRearm* /s >

< >

< HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run /s >
"RTHDCPL" = RTHDCPL.EXE -- [2007.05.28 10:32:36 | 016,132,608 | R--- | M] (Realtek Semiconductor Corp.)
"SynTPStart" = C:\Program Files\Synaptics\SynTP\SynTPStart.exe -- [2008.06.02 22:58:06 | 000,102,400 | ---- | M] (Synaptics, Inc.)
"LManager" = C:\PROGRA~1\LAUNCH~1\LManager.exe -- [2008.06.02 22:24:00 | 000,858,632 | ---- | M] (Dritek System Inc.)
"DoroServer" = C:\Program Files\DoroPDFWriter\DoroServer.exe -- [2010.10.12 22:13:34 | 000,167,936 | ---- | M] (CompSoft)
"PWRISOVM.EXE" = C:\Program Files\PowerISO\PWRISOVM.EXE -- [2010.04.12 10:40:16 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.)
"avast" = "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui -- [2012.03.07 02:15:17 | 004,241,512 | ---- | M] (AVAST Software)
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
"" =
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"" =
"Installed" = 1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"" =
"Installed" = 1
"NoChange" = 1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"" =
"Installed" = 1

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater]
"" =

< HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run /s >

< >

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2012.06.14 21:02:55 | 000,000,512 | ---- | M] () MD5=C7533EB882B79B574566A129D2C6D26D -- C:\PhysicalMBR.bin

< End of report >

[vava8]

OTL Extras logfile created on: 14.06.12 21:01:04 - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Documents and Settings\Vašek\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: dd.MM.yy

2,00 Gb Total Physical Memory | 0,98 Gb Available Physical Memory | 48,79% Memory free
3,85 Gb Paging File | 3,06 Gb Available in Paging File | 79,66% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 35,98 Gb Free Space | 24,14% Space Free | Partition Type: NTFS
Drive E: | 149,04 Gb Total Space | 144,64 Gb Free Space | 97,05% Space Free | Partition Type: NTFS

Computer Name: NOTEBOOK | User Name: Vašek | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-823518204-839522115-725345543-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1
https [open] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\dpnsvr.exe" = C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server -- (Microsoft Corporation)
"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player -- ()
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{01C08A7D-4CCD-41F8-B020-4B4BB8C08C68}" = Catalyst Control Center - Branding
"{03EC1FFD-2F3C-AB30-FC8F-8A464EA3AB54}" = CCC Help Norwegian
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{153F839F-0A63-41D8-890F-7324C0E13743}" = Broadcom Driver v4.170.25.12_Foxconn Installation Program
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1A49527E-76D9-1A0E-1242-D1C449E2F246}" = Catalyst Control Center Localization French
"{1EB867A9-2CAC-9F2B-70AA-225B89329957}" = Catalyst Control Center Localization Swedish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 26
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C22A328-753B-709F-B575-8E7F26EF5769}" = CCC Help Portuguese
"{426E1B57-707D-E5D9-82BB-D375728C0101}" = Catalyst Control Center Localization Dutch
"{46369E80-6A3D-55A6-D54A-489ADE5258A2}" = Catalyst Control Center Localization Portuguese
"{466096de-3762-40d7-addf-4967eb160713}" = Nero 9 Lite
"{476275FA-A3F8-3BD2-1042-2BD29F13CC2E}" = Skins
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{51EAB826-C5A4-2578-44AE-61CB8F6AF06C}" = CCC Help Korean
"{521E1CA4-C40B-E2E0-9C88-94B89CFE1FF9}" = Catalyst Control Center Localization German
"{54213804-C8B0-FF91-FEE4-AE177D55EF56}" = CCC Help Finnish
"{546C143E-68DC-314D-97BC-1E454E3BA429}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - CSY
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54C87F30-9A03-A151-E25D-643C6A19BE4D}" = Catalyst Control Center Localization Norwegian
"{567B13FA-9FA9-050E-5CD7-6C07F3A28DF7}" = CCC Help Turkish
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5C51F530-415D-6DC1-AF78-4839F93B84C3}" = CCC Help English
"{5F212730-512E-C674-11B5-C4AEECAE1366}" = Catalyst Control Center Localization Thai
"{5F339FE5-9930-1B33-6090-EFFFD1749F3C}" = ccc-core-static
"{64682560-7401-4C2D-4B68-622001EBDB38}" = CCC Help French
"{666E9A48-A877-A912-6E7F-565C4E36A4BB}" = CCC Help Chinese Traditional
"{672F8700-B561-252F-6585-333FEE398EE3}" = CCC Help Swedish
"{68280718-3175-6C86-75E5-EA4706D0F545}" = Catalyst Control Center Localization Chinese Traditional
"{6A0DC722-5AE2-7878-04E3-12FD42242815}" = CCC Help German
"{6A41F0A6-445C-A426-3B9B-0F3138C36EC6}" = Catalyst Control Center Graphics Light
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F3AA35-BC41-119C-B74E-FFF0072973FE}" = CCC Help Spanish
"{765A0DD0-B60B-F6A0-6A8D-54054A4E6487}" = Catalyst Control Center Localization Czech
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{79170233-E0A5-5A4A-28D9-C6A0CF774F13}" = Catalyst Control Center Localization Danish
"{79435D1E-148B-8C58-8F3E-6E96D9284149}" = Catalyst Control Center Localization Chinese Standard
"{7B0B88BC-FF93-DA03-F84E-D23477157E5C}" = Catalyst Control Center Core Implementation
"{7B6FC9C2-C5B4-4F58-8E50-1587236285D0}" = Simulace_2009
"{7CB9546E-BF2C-47DE-9DB4-C4364FBE57EC}" = Broadcom Wireless LAN Driver 4.100.15.7_Negative_Foxconn
"{7CBFA1C0-9F76-FF29-3EFC-9F7655E8FF56}" = CCC Help Thai
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{80361553-17D6-84D1-31E2-D8ABF0C66959}" = ccc-utility
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8E87FED9-68EA-8A40-CB37-1F532F4D6D72}" = Catalyst Control Center Graphics Full New
"{90120000-0010-0405-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Czech) 12
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001C-0409-0000-0000000FF1CE}" = Microsoft Office Access Runtime (English) 2007
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-0020-0405-0000-0000000FF1CE}" = Sada Compatibility Pack pro systém Office 2007
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2007
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{97521F0B-9072-0C9C-C765-961B07DEA729}" = Catalyst Control Center Localization Japanese
"{9A6C83A6-C190-EBA9-8E38-D480A994DA92}" = Catalyst Control Center Localization Italian
"{9B6C43B6-8B1B-34DA-1E05-B5BC51B2B804}" = Catalyst Control Center Localization Spanish
"{9C62C977-0111-F5FC-EBCA-4D917BADF751}" = CCC Help Dutch
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2C9CD1B-2551-3AED-B244-6698FB929FA6}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - CSY
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A34C7BA8-938B-55FD-2600-57BECFB55D6A}" = CCC Help Greek
"{A6139E1F-1392-1442-8152-87BA59B2F64D}" = ccc-core-preinstall
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AEF1E88C-A98D-890F-CFDC-FD6FD3B8E829}" = CCC Help Italian
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B46FFFB4-FE24-3338-D53F-3C899AFD5A23}" = CCC Help Polish
"{B98B1629-E1F6-5DD5-8D1E-C8C3F6F80C89}" = Catalyst Control Center Graphics Full Existing
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}" = TIPCI
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C165A1B2-08D0-52C3-D5DB-665C8F251570}" = Catalyst Control Center Localization Turkish
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CB88A5FF-59EE-6BF7-A5B5-2C7B63872745}" = Catalyst Control Center Localization Korean
"{CC6C4177-6365-1500-9279-480C79B0E592}" = CCC Help Czech
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D26BCF43-7100-E5F9-27FD-EA03670F1AE8}" = CCC Help Danish
"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller
"{D5B94160-4A07-4956-9C73-8C5EEFEF180F}" = OpenOffice.org 3.3
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DC34C68C-A16F-56A7-AEFA-5DB8DAA6E9E3}" = CCC Help Russian
"{DD1DED37-2486-4F56-8F89-56AA814003F5}" = Acer Crystal Eye webcam
"{DD530FBD-D52A-8044-15B6-2E62E65AE83E}" = Catalyst Control Center Localization Polish
"{DD73CA82-EA82-38AA-863D-9A24A018DC96}" = Microsoft .NET Framework 3.5 Language Pack SP1 - csy
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E42BF37A-510C-D596-081D-307CA952D888}" = Catalyst Control Center Localization Hungarian
"{E58BE852-C68B-D02E-A6CF-BB8B4614AD42}" = Catalyst Control Center Localization Greek
"{E5A48BBD-7D1B-A49A-27D7-D02BE34940D6}" = CCC Help Hungarian
"{E697374A-6555-990E-821F-09AF8388CEAA}" = CCC Help Japanese
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{ECB8E83D-CE7B-C7E5-7F36-7677EAAB5F39}" = Catalyst Control Center Localization Russian
"{EEBFB406-5846-4F33-96B5-C7BA8FC50F69}" = AuthenTec Fingerprint Sensor Minimum Install
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F58C48CB-A079-3BEC-5CB3-1E81F36AC79D}" = Catalyst Control Center Localization Finnish
"{F915CF43-C7E7-9886-48F4-640F124A0AAB}" = CCC Help Chinese Standard
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"All ATI Software" = Softarová utilita ATI - Odinstalovat
"ATI Display Driver" = ATI Display Driver
"avast" = avast! Free Antivirus
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"Doro_is1" = Doro 1.61
"ENTERPRISE" = Microsoft Office Enterprise 2007
"F22 Air Dominance Fighter" = F22 Air Dominance Fighter
"FBDBServer_1_5_is1" = Firebird 1.5.5
"Flight Simulator 9.0" = Microsoft Flight Simulator 2004 A Century of Flight
"Google Updater" = Google Updater
"Hledik - Poradce - MAKFAC,AWD,MBI" = Poradce - MAKFAC,AWD,MBI, verze 1.30/1
"InstallShield_{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InterBase 6 Client Open Edition - 6.0.2.0" = InterBase 6 Client Open Edition - 6.0.2.0
"LManager" = Launch Manager
"Microsoft .NET Framework 3.5 Language Pack SP1 - csy" = Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"Plus500" = Plus500
"PowerISO" = PowerISO
"PunkBusterSvc" = PunkBuster Services
"Recuva" = Recuva
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 0.9.8a
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-823518204-839522115-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"eISIS synchronizator" = eISIS synchronizator

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 05.06.12 7:08:42 | Computer Name = NOTEBOOK | Source = Application Error | ID = 1000
Description = Chybující aplikace plugin-container.exe, verze 12.0.0.4493, chybující
modul mozalloc.dll, verze 12.0.0.4493, adresa chyby 0x00001976.

Error - 08.06.12 3:16:29 | Computer Name = NOTEBOOK | Source = PostgreSQL | ID = 0
Description = postgres cannot access the server configuration file "c:/eISIS/data/db/data/postgresql.conf":
No such file or directory

Error - 08.06.12 3:16:37 | Computer Name = NOTEBOOK | Source = PerfNet | ID = 2004
Description = Nelze otevřít službu serveru. Data o výkonu serveru nejsou k dispozici.
Vrácený chybový kód je v datech DWORD 0.

Error - 11.06.12 0:05:20 | Computer Name = NOTEBOOK | Source = PostgreSQL | ID = 0
Description = postgres cannot access the server configuration file "c:/eISIS/data/db/data/postgresql.conf":
No such file or directory

Error - 11.06.12 0:05:43 | Computer Name = NOTEBOOK | Source = PerfNet | ID = 2004
Description = Nelze otevřít službu serveru. Data o výkonu serveru nejsou k dispozici.
Vrácený chybový kód je v datech DWORD 0.

Error - 11.06.12 0:29:56 | Computer Name = NOTEBOOK | Source = PostgreSQL | ID = 0
Description = postgres cannot access the server configuration file "c:/eISIS/data/db/data/postgresql.conf":
No such file or directory

Error - 13.06.12 1:09:47 | Computer Name = NOTEBOOK | Source = PostgreSQL | ID = 0
Description = postgres cannot access the server configuration file "c:/eISIS/data/db/data/postgresql.conf":
No such file or directory

Error - 13.06.12 9:13:37 | Computer Name = NOTEBOOK | Source = Microsoft Office 12 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office Word.

Error - 14.06.12 3:50:11 | Computer Name = NOTEBOOK | Source = PostgreSQL | ID = 0
Description = postgres cannot access the server configuration file "c:/eISIS/data/db/data/postgresql.conf":
No such file or directory

Error - 14.06.12 8:39:57 | Computer Name = NOTEBOOK | Source = PostgreSQL | ID = 0
Description = postgres cannot access the server configuration file "c:/eISIS/data/db/data/postgresql.conf":
No such file or directory

[ OSession Events ]
Error - 14.04.11 8:56:05 | Computer Name = NOTEBOOK | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.6237.1003. This session lasted 0
seconds with 0 seconds of active time. This session ended with a crash.

Error - 14.04.11 8:56:10 | Computer Name = NOTEBOOK | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.6237.1003. This session lasted 0
seconds with 0 seconds of active time. This session ended with a crash.

Error - 14.04.11 8:56:14 | Computer Name = NOTEBOOK | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.6237.1003. This session lasted 0
seconds with 0 seconds of active time. This session ended with a crash.

Error - 14.04.11 8:56:17 | Computer Name = NOTEBOOK | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.6237.1003. This session lasted 0
seconds with 0 seconds of active time. This session ended with a crash.

Error - 14.04.11 8:56:21 | Computer Name = NOTEBOOK | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.6237.1003. This session lasted 0
seconds with 0 seconds of active time. This session ended with a crash.

Error - 14.04.11 8:56:38 | Computer Name = NOTEBOOK | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.6237.1003. This session lasted 0
seconds with 0 seconds of active time. This session ended with a crash.

Error - 14.04.11 8:56:42 | Computer Name = NOTEBOOK | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.6237.1003. This session lasted 0
seconds with 0 seconds of active time. This session ended with a crash.

Error - 14.04.11 8:58:53 | Computer Name = NOTEBOOK | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.6237.1003. This session lasted 0
seconds with 0 seconds of active time. This session ended with a crash.

Error - 14.04.11 8:59:02 | Computer Name = NOTEBOOK | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.6237.1003. This session lasted 0
seconds with 0 seconds of active time. This session ended with a crash.

Error - 14.04.11 8:59:06 | Computer Name = NOTEBOOK | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.6237.1003. This session lasted 0
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 14.06.12 8:29:30 | Computer Name = NOTEBOOK | Source = Service Control Manager | ID = 7034
Description = Služba Java Quick Starter byla neočekávaně ukončena. Tento stav nastal
již 1krát.

Error - 14.06.12 8:29:30 | Computer Name = NOTEBOOK | Source = Service Control Manager | ID = 7034
Description = Služba eISIS Tomcat byla neočekávaně ukončena. Tento stav nastal již
1krát.

Error - 14.06.12 8:29:30 | Computer Name = NOTEBOOK | Source = Service Control Manager | ID = 7034
Description = Služba Bonjour Service byla neočekávaně ukončena. Tento stav nastal
již 1krát.

Error - 14.06.12 8:29:30 | Computer Name = NOTEBOOK | Source = Service Control Manager | ID = 7034
Description = Služba Zařazování tisku byla neočekávaně ukončena. Tento stav nastal
již 1krát.

Error - 14.06.12 8:29:30 | Computer Name = NOTEBOOK | Source = Service Control Manager | ID = 7031
Description = Služba Bluetooth Service byla nečekaně ukončena. Stalo se to 1 krát.
Následující opravná akce bude spuštěna za 60000 milisekund: Restartovat službu.

Error - 14.06.12 8:37:51 | Computer Name = NOTEBOOK | Source = PlugPlayManager | ID = 11
Description = Zařízení Root\LEGACY_LAVASOFT_KERNEXPLORER\0000 se již v systému nenachází,
přestože nebylo nejdříve připraveno k odebrání.

Error - 14.06.12 8:40:04 | Computer Name = NOTEBOOK | Source = Service Control Manager | ID = 7000
Description = Služba @%SystemRoot%\system32\tcpipcfg.dll,-50004 neuspěla při spuštění
v důsledku následující chyby: %%2

Error - 14.06.12 8:40:04 | Computer Name = NOTEBOOK | Source = Service Control Manager | ID = 7003
Description = Služba @%SystemRoot%\system32\iphlpsvc.dll,-200 závisí na následující
neexistující službě: nsi

Error - 14.06.12 8:40:04 | Computer Name = NOTEBOOK | Source = Service Control Manager | ID = 7000
Description = Služba Automatic Updates neuspěla při spuštění v důsledku následující
chyby: %%1290

Error - 14.06.12 14:27:17 | Computer Name = NOTEBOOK | Source = Service Control Manager | ID = 7034
Description = Služba KoopPdfService byla neočekávaně ukončena. Tento stav nastal
již 1krát.


< End of report >

Prosimtě potřeboval bych se zbavit všech těch deb....ch toolbaru. Jo a taky mi nejdou z kompu smazat nějaký poradenský kalkulátory od pojišťoven, které jsem používal, když jsem dělal pro Broker. Nevíš jak na to? Všichni lidi jako Ty jsou pro mně jak z Jamese Bonda Vůbec té krabici nerozumim Díky Va
Jakej antivirus , nebo kombinaci používáš?....Jasně, důležitý je nelézt na rizikový servery....

[Mc_Murphy]

Prosimtě potřeboval bych se zbavit všech těch deb....ch toolbaru. Jo a taky mi nejdou z kompu smazat nějaký poradenský kalkulátory od pojišťoven, které jsem používal, když jsem dělal pro Broker. Nevíš jak na to? Všichni lidi jako Ty jsou pro mně jak z Jamese Bonda Vůbec té krabici nerozumim Díky Va
Jakej antivirus , nebo kombinaci používáš?....Jasně, důležitý je nelézt na rizikový servery....

Toolbary odpálím, neboj. Nezůstane tam ani jeden. A Ty si pak dávej pozor při instalacích hlavně freewarových prográmků, protože převážně jen u těch jsou "přifařené" toolbary a další prográmky třetích stran.

Z těch prográmků, které chceš odstranit tam vidím jen tento: C:\Program Files\Kooperativa nebo jich je tam víc? Kdyžtak mi je vypiš a já to odpálím ve scriptu. První se na všechny zkus ale podívat, jestli nejdou klasicky odinstalovat, ale počítám, že jsi to už zkusil, co? Mno, napíšu script až potom, co mi dáš přesnější informace, OK?

James Blond? Nene, je to vcelku jednoduché, když Tě to baví a máš jakýs-takýs přehled. Ze začátku jsem na to koukal také jako tele na nová vrata, ale místní borci mě proškolili fest .

Co se týče zabezpečení, máš Avast, ten si nech. Je zadarmo a na to je v této oblasti opravdu bezkonkurenčně nejlepší - malá zátěž systému a výborná detekce. Jednou za rok ho jen znovu zaregistruješ a máš ho legálně.

Jako firewall bych k němu doporučil Zone Alarm Free (klik), ale upřímně řečeno, musí se všelijak konfigurovat a ze začátku povolovat stránky, které často používáš.
Já osobně FW nepoužívám, ale jak správně píšeš na konci, nechodím do temných zákoutí internetu, nechodím na pornostránky, nechodím na warezové a podezřelé stránky. Nestahuji přes torrenty a podobné P2P sítě, prostě neriskuji. Takže FW bych nechal na Tvém vlastním rozhodnutí. Pokud by sis ho nainstaloval, musíš si dávat pozor, abys ho používal jen jak FW a ne zároveň jako AV, protože by se Ti hádal s Avastem a mohl i shazovat systém.

Dále bych Ti k AV doporučil antispyware prográmek SUPERAntiSpyware Free (klik). U něj si jen musíš dát pozor, abys po jeho instalaci zakázal spouštění při startu systému, zrušil v nastaveních možnost rezidentní ochrany (tu provádí Avast, opět by byly možné kolize) a prográmek spouštěl jednou za čas, v případě potřeby a podle toho, jak moc máš exponovaný počítač.
To jsem se rozkecal, co? Každopádně, když bys něčemu nerozumněl, napiš a pokusím se vysvětlit.

Mno a Ty mi napiš, o které prográmky se jedná, jestli jich je tedy více jak ta Kooperativa a já napíšu zase další script na čištění toolbarů i tohodle.

[vava8]

OK díky za rady.... tu Kooperativu a Generali, která nešla smáznout už jsem odstranil.... najednou to prostě šlo...
Problém však nastal, že se nemůžu připojit na internet.... pořád to načítá adresu a nic. Jinej noťas se připojí bez problémů. Co s tím?
A prosím tedy taky o skript na ty toolbary. Díky moc Va

[Mc_Murphy]

Připojení nevím, proč nejde. Zkus se podívat do nastavení připojení, jestli máš všechny hodnoty tak, jak mají být.

Nepřestalo připojení k internetu fungovat náhodou přímo po odinstalaci ComboFixu? Jestli ano, napiš mi to, prosím. Jestli ne, budeš muset asi kontaktovat svého providera, že to nefunguje, aby Ti sdělil nastavení, pokud ho nikde nemáš poznačeno.


Znovu spusť OTL.

• Pokud používáš Win Vista či Win7, klikni na OTL pravým myšítkem a dej Run As Administrator či Spustit jako správce.
• Pokud používáš 64bitový OS, zkontroluj, zda-li je zaškrtnutý čtvereček Pro 64 bitové OS. Pokud ne, zaškrtni jej.
• Do spodního okénka Vlastní skenování/opravy vlož tento script (pouze zelená písmenka v bílém poli!):

Kód: Vybrat vše

:Commands
[clearallrestorepoints]
[resethosts]
[purity]
[emptytemp]
[emptyflash]

:Services
KoopPdfService
Lbd

:OTL
SRV - File not found [On_Demand | Stopped] -- %ProgramFiles%\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - File not found [Auto | Stopped] -- %SystemRoot%\System32\iphlpsvc.dll -- (iphlpsvc)
SRV - [2010.11.19 13:33:22 | 002,220,032 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Kooperativa\Services\KoopPDFServer.exe -- (KoopPdfService)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | System | Stopped] -- system32\DRIVERS\tdx.sys -- (tdx)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\DRIVERS\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\uninstal\mbr.sys -- (mbr)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbdev.sys -- (hwusbdev)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewdcsc.sys -- (Huawei)
DRV - File not found [Kernel | On_Demand | Running] -- C:\ComboFix\catchme.sys -- (catchme)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {D5D47440-0750-463D-BAEF-A47D02414806}
IE - HKLM\..\SearchScopes\{D5D47440-0750-463D-BAEF-A47D02414806}: "URL" = http://search.centrum.cz/index.php?q={searchTerms}&toolbar=centrum-1.0.0
IE - HKU\S-1-5-21-823518204-839522115-725345543-1003\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKU\S-1-5-21-823518204-839522115-725345543-1003\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search/web?q={searchTerms}
IE - HKU\S-1-5-21-823518204-839522115-725345543-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253
IE - HKU\S-1-5-21-823518204-839522115-725345543-1003\..\SearchScopes\{D5D47440-0750-463D-BAEF-A47D02414806}: "URL" = http://search.centrum.cz/index.php?q={searchTerms}&toolbar=centrum-1.0.0
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaultthis.engineName: "uTorrentControl2 Customized Web Search"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "http://search.babylon.com/?AF=109217&babsrc=HP_ss&mntrId=d4fa9aac000000000000001f3b110859"
FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.2.5.2
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q="
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
[2012.05.30 08:38:23 | 000,000,000 | ---D | M] (NCH EN Community Toolbar) -- C:\Documents and Settings\Vašek\Data aplikací\Mozilla\Firefox\Profiles\ulc7w7ic.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}
[2012.05.30 08:38:27 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Documents and Settings\Vašek\Data aplikací\Mozilla\Firefox\Profiles\ulc7w7ic.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
[2012.05.30 08:38:31 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Documents and Settings\Vašek\Data aplikací\Mozilla\Firefox\Profiles\ulc7w7ic.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2012.02.28 19:56:12 | 000,000,000 | ---D | M] (Babylon) -- C:\Documents and Settings\Vašek\Data aplikací\Mozilla\Firefox\Profiles\ulc7w7ic.default\extensions\ffxtlbr@babylon.com
[2012.04.18 00:39:24 | 000,000,935 | ---- | M] () -- C:\Documents and Settings\Vašek\Data aplikací\Mozilla\Firefox\Profiles\ulc7w7ic.default\searchplugins\conduit.xml
[2010.11.09 09:20:14 | 000,002,059 | ---- | M] () -- C:\Documents and Settings\Vašek\Data aplikací\Mozilla\Firefox\Profiles\ulc7w7ic.default\searchplugins\daemon-search.xml
[2012.03.01 17:00:09 | 000,009,630 | ---- | M] () -- C:\Documents and Settings\Vašek\Data aplikací\Mozilla\Firefox\Profiles\ulc7w7ic.default\searchplugins\my-web-search.xml
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\VAšEK\DATA APLIKACí\MOZILLA\FIREFOX\PROFILES\ULC7W7IC.DEFAULT\EXTENSIONS\{37483B40-C254-4A72-BDA4-22EE90182C1E}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\VAšEK\DATA APLIKACí\MOZILLA\FIREFOX\PROFILES\ULC7W7IC.DEFAULT\EXTENSIONS\{687578B9-7132-4A7A-80E4-30EE31099E03}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\VAšEK\DATA APLIKACí\MOZILLA\FIREFOX\PROFILES\ULC7W7IC.DEFAULT\EXTENSIONS\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\VAšEK\DATA APLIKACí\MOZILLA\FIREFOX\PROFILES\ULC7W7IC.DEFAULT\EXTENSIONS\FFXTLBR@BABYLON.COM
O3 - HKU\S-1-5-21-823518204-839522115-725345543-1003\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKU\S-1-5-21-823518204-839522115-725345543-1003\..\Toolbar\WebBrowser: (no name) - {D5D47440-0750-463D-BAEF-A47D02414806} - No CLSID value found.
[2012.06.14 09:51:57 | 000,436,438 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.06.14 09:51:57 | 000,433,010 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2012.06.14 09:51:57 | 000,069,334 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.06.14 09:51:56 | 000,079,974 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[25 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[6 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]

:Files
C:\Program Files\Kooperativa
C:\Documents and Settings\All Users\Data aplikací\Babylon
C:\Documents and Settings\All Users\Data aplikací\IObit
C:\Documents and Settings\Vašek\Data aplikací\Babylon
C:\Documents and Settings\Vašek\Data aplikací\IObit
C:\WINDOWS\system32\drivers\Lbd.sys
C:\Documents and Settings\Vašek\Nabídka Start\Programy\Po spuštění\Screen Saver Control.lnk
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp /s

:Reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
""=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
""=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
""=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
""=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater]
""=-

• Klikni na tlačítko [Opravit].
• Po dokončení skenu se objeví log, ten mi sem vlož.
• Pokud se log nevejde do jednoho příspěvku, rozděl jej na více částí.

[vava8]

tady je výstup OTL
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Vaçek

User: Vašek
->Temp folder emptied: 6077539 bytes
->Temporary Internet Files folder emptied: 3255450 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 61226135 bytes
->Flash cache emptied: 3769822 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1100105 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1295799 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 1744 bytes

Total Files Cleaned = 73,00 mb


[EMPTYFLASH]

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

User: Vaçek

User: Vašek
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb

========== SERVICES/DRIVERS ==========
Service KoopPdfService stopped successfully!
Service KoopPdfService deleted successfully!
Service Lbd stopped successfully!
Service Lbd deleted successfully!
========== OTL ==========
Service WinDefend stopped successfully!
Service WinDefend deleted successfully!
File %ProgramFiles%\Windows Defender\mpsvc.dll not found.
Service iphlpsvc stopped successfully!
Service iphlpsvc deleted successfully!
File %SystemRoot%\System32\iphlpsvc.dll not found.
Error: No service named KoopPdfService was found to stop!
Service\Driver key KoopPdfService not found.
C:\Program Files\Kooperativa\Services\KoopPDFServer.exe moved successfully.
Service WDICA stopped successfully!
Service WDICA deleted successfully!
Service tdx stopped successfully!
Service tdx deleted successfully!
File system32\DRIVERS\tdx.sys not found.
Error: No service named SNP2UVC) USB2.0 PC Camera (SNP2UVC was found to stop!
Service\Driver key SNP2UVC) USB2.0 PC Camera (SNP2UVC not found.
File System32\DRIVERS\snp2uvc.sys not found.
Service PDRFRAME stopped successfully!
Service PDRFRAME deleted successfully!
Service PDRELI stopped successfully!
Service PDRELI deleted successfully!
Service PDFRAME stopped successfully!
Service PDFRAME deleted successfully!
Service PDCOMP stopped successfully!
Service PDCOMP deleted successfully!
Service PCIDump stopped successfully!
Service PCIDump deleted successfully!
Error: No service named mbr was found to stop!
Service\Driver key mbr not found.
File C:\uninstal\mbr.sys not found.
Service hwusbdev stopped successfully!
Service hwusbdev deleted successfully!
File system32\DRIVERS\ewusbdev.sys not found.
Service hwdatacard stopped successfully!
Service hwdatacard deleted successfully!
File system32\DRIVERS\ewusbmdm.sys not found.
Service Huawei stopped successfully!
Service Huawei deleted successfully!
File system32\DRIVERS\ewdcsc.sys not found.
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\ComboFix\catchme.sys not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D5D47440-0750-463D-BAEF-A47D02414806}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D5D47440-0750-463D-BAEF-A47D02414806}\ not found.
HKEY_USERS\S-1-5-21-823518204-839522115-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-823518204-839522115-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}\ not found.
Registry key HKEY_USERS\S-1-5-21-823518204-839522115-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_USERS\S-1-5-21-823518204-839522115-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes\{D5D47440-0750-463D-BAEF-A47D02414806}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D5D47440-0750-463D-BAEF-A47D02414806}\ not found.
Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename
Prefs.js: "uTorrentControl2 Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1
Prefs.js: "" removed from browser.search.selectedEngine
Prefs.js: "http://search.babylon.com/?AF=109217&ba ... 1f3b110859" removed from browser.startup.homepage
Prefs.js: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.2.5.2 removed from extensions.enabledItems
Prefs.js: "http://search.conduit.com/ResultsExt.as ... ource=2&q=" removed from keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14\ deleted successfully.
C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll not found.
C:\Documents and Settings\Vašek\Data aplikací\Mozilla\Firefox\Profiles\ulc7w7ic.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}\searchplugin folder moved successfully.
C:\Documents and Settings\Vašek\Data aplikací\Mozilla\Firefox\Profiles\ulc7w7ic.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}\Plugins folder moved successfully.
C:\Documents and Settings\Vašek\Data aplikací\Mozilla\Firefox\Profiles\ulc7w7ic.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}\modules folder moved successfully.
C:\Documents and Settings\Vašek\Data aplikací\Mozilla\Firefox\Profiles\ulc7w7ic.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}\META-INF folder moved successfully.
C:\Documents and Settings\Vašek\Data aplikací\Mozilla\Firefox\Profiles\ulc7w7ic.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}\defaults folder moved successfully.
C:\Documents and Settings\Vašek\Data aplikací\Mozilla\Firefox\Profiles\ulc7w7ic.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}\components folder moved successfully.
C:\Documents and Settings\Vašek\Data aplikací\Mozilla\Firefox\Profiles\ulc7w7ic.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}\chrome folder moved successfully.
C:\Documents and Settings\Vašek\Data aplikací\Mozilla\Firefox\Profiles\ulc7w7ic.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e} folder moved successfully.
C:\Documents and Settings\Vašek\Data aplikací\Mozilla\Firefox\Profiles\ulc7w7ic.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\searchplugin folder moved successfully.
C:\Documents and Settings\Vašek\Data aplikací\Mozilla\Firefox\Profiles\ulc7w7ic.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\Plugins folder moved successfully.
C:\Documents and Settings\Vašek\Data aplikací\Mozilla\Firefox\Profiles\ulc7w7ic.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\modules folder moved successfully.
C:\Documents and Settings\Vašek\Data aplikací\Mozilla\Firefox\Profiles\ulc7w7ic.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\META-INF folder moved successfully.
C:\Documents and Settings\Vašek\Data aplikací\Mozilla\Firefox\Profiles\ulc7w7ic.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\defaults folder moved successfully.
C:\Documents and Settings\Vašek\Data aplikací\Mozilla\Firefox\Profiles\ulc7w7ic.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\components folder moved successfully.
C:\Documents and Settings\Vašek\Data aplikací\Mozilla\Firefox\Profiles\ulc7w7ic.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\chrome folder moved successfully.
C:\Documents and Settings\Vašek\Data aplikací\Mozilla\Firefox\Profiles\ulc7w7ic.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03} folder moved successfully.
C:\Documents and Settings\Vašek\Data aplikací\Mozilla\Firefox\Profiles\ulc7w7ic.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin folder moved successfully.
C:\Documents and Settings\Vašek\Data aplikací\Mozilla\Firefox\Profiles\ulc7w7ic.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\Plugins folder moved successfully.
C:\Documents and Settings\Vašek\Data aplikací\Mozilla\Firefox\Profiles\ulc7w7ic.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\modules folder moved successfully.
C:\Documents and Settings\Vašek\Data aplikací\Mozilla\Firefox\Profiles\ulc7w7ic.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\META-INF folder moved successfully.
C:\Documents and Settings\Vašek\Data aplikací\Mozilla\Firefox\Profiles\ulc7w7ic.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults folder moved successfully.
C:\Documents and Settings\Vašek\Data aplikací\Mozilla\Firefox\Profiles\ulc7w7ic.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components folder moved successfully.
C:\Documents and Settings\Vašek\Data aplikací\Mozilla\Firefox\Profiles\ulc7w7ic.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\chrome folder moved successfully.
C:\Documents and Settings\Vašek\Data aplikací\Mozilla\Firefox\Profiles\ulc7w7ic.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} folder moved successfully.
C:\Documents and Settings\Vašek\Data aplikací\Mozilla\Firefox\Profiles\ulc7w7ic.default\extensions\ffxtlbr@babylon.com\defaults\preferences folder moved successfully.
C:\Documents and Settings\Vašek\Data aplikací\Mozilla\Firefox\Profiles\ulc7w7ic.default\extensions\ffxtlbr@babylon.com\defaults folder moved successfully.
C:\Documents and Settings\Vašek\Data aplikací\Mozilla\Firefox\Profiles\ulc7w7ic.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs folder moved successfully.
C:\Documents and Settings\Vašek\Data aplikací\Mozilla\Firefox\Profiles\ulc7w7ic.default\extensions\ffxtlbr@babylon.com\content\imgs folder moved successfully.
C:\Documents and Settings\Vašek\Data aplikací\Mozilla\Firefox\Profiles\ulc7w7ic.default\extensions\ffxtlbr@babylon.com\content folder moved successfully.
C:\Documents and Settings\Vašek\Data aplikací\Mozilla\Firefox\Profiles\ulc7w7ic.default\extensions\ffxtlbr@babylon.com\components folder moved successfully.
C:\Documents and Settings\Vašek\Data aplikací\Mozilla\Firefox\Profiles\ulc7w7ic.default\extensions\ffxtlbr@babylon.com folder moved successfully.
C:\Documents and Settings\Vašek\Data aplikací\Mozilla\Firefox\Profiles\ulc7w7ic.default\searchplugins\conduit.xml moved successfully.
C:\Documents and Settings\Vašek\Data aplikací\Mozilla\Firefox\Profiles\ulc7w7ic.default\searchplugins\daemon-search.xml moved successfully.
C:\Documents and Settings\Vašek\Data aplikací\Mozilla\Firefox\Profiles\ulc7w7ic.default\searchplugins\my-web-search.xml moved successfully.
Registry value HKEY_USERS\S-1-5-21-823518204-839522115-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Registry value HKEY_USERS\S-1-5-21-823518204-839522115-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D5D47440-0750-463D-BAEF-A47D02414806} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D5D47440-0750-463D-BAEF-A47D02414806}\ not found.
C:\WINDOWS\system32\perfh009.dat moved successfully.
C:\WINDOWS\system32\perfh005.dat moved successfully.
C:\WINDOWS\system32\perfc009.dat moved successfully.
C:\WINDOWS\system32\perfc005.dat moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP124.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP146.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP147.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP156.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP15E.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP17E.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1D3.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1F0.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP275.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP298.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2E.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP36E.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP38F.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3AD.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP3D.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP416.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP46C.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP494.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP595.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP84C.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP8CE.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP94C.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9D9.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPC.tmp folder deleted successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPC73.tmp folder deleted successfully.
C:\WINDOWS\Installer\MSI143.tmp deleted successfully.
C:\WINDOWS\Installer\MSI290.tmp deleted successfully.
C:\WINDOWS\Installer\MSI293.tmp deleted successfully.
C:\WINDOWS\Installer\MSI844.tmp deleted successfully.
C:\WINDOWS\Installer\MSI84E.tmp deleted successfully.
C:\WINDOWS\Installer\MSI913.tmp deleted successfully.
========== FILES ==========
C:\Program Files\Kooperativa\Services folder moved successfully.
C:\Program Files\Kooperativa\Partner H59\Export folder moved successfully.
C:\Program Files\Kooperativa\Partner H59\Data folder moved successfully.
C:\Program Files\Kooperativa\Partner H59 folder moved successfully.
C:\Program Files\Kooperativa\ObsVerze folder moved successfully.
C:\Program Files\Kooperativa\Malaga folder moved successfully.
C:\Program Files\Kooperativa\KoopPxBN folder moved successfully.
C:\Program Files\Kooperativa\Kolumbus2006\VPP folder moved successfully.
C:\Program Files\Kooperativa\Kolumbus2006\udf folder moved successfully.
C:\Program Files\Kooperativa\Kolumbus2006\intl folder moved successfully.
C:\Program Files\Kooperativa\Kolumbus2006 folder moved successfully.
C:\Program Files\Kooperativa\KalkZiv\VPP folder moved successfully.
C:\Program Files\Kooperativa\KalkZiv\2DKOD folder moved successfully.
C:\Program Files\Kooperativa\KalkZiv folder moved successfully.
C:\Program Files\Kooperativa\KalkulatorData folder moved successfully.
C:\Program Files\Kooperativa\Isos\Utils\SetObsVerze folder moved successfully.
C:\Program Files\Kooperativa\Isos\Utils folder moved successfully.
C:\Program Files\Kooperativa\Isos\udf folder moved successfully.
C:\Program Files\Kooperativa\Isos\intl folder moved successfully.
C:\Program Files\Kooperativa\Isos\Data folder moved successfully.
C:\Program Files\Kooperativa\Isos folder moved successfully.
C:\Program Files\Kooperativa\Export\Zakonne\Exportovane folder moved successfully.
C:\Program Files\Kooperativa\Export\Zakonne folder moved successfully.
C:\Program Files\Kooperativa\Export\Tandem\Exportovane folder moved successfully.
C:\Program Files\Kooperativa\Export\Tandem folder moved successfully.
C:\Program Files\Kooperativa\Export\Malaga\Exportovane folder moved successfully.
C:\Program Files\Kooperativa\Export\Malaga folder moved successfully.
C:\Program Files\Kooperativa\Export\Kolumbus2006\Exportovane folder moved successfully.
C:\Program Files\Kooperativa\Export\Kolumbus2006 folder moved successfully.
C:\Program Files\Kooperativa\Export\Kolumbus\Exportovane folder moved successfully.
C:\Program Files\Kooperativa\Export\Kolumbus folder moved successfully.
C:\Program Files\Kooperativa\Export\KalkZiv\Exportovane folder moved successfully.
C:\Program Files\Kooperativa\Export\KalkZiv folder moved successfully.
C:\Program Files\Kooperativa\Export\Havarka\Exportovane folder moved successfully.
C:\Program Files\Kooperativa\Export\Havarka folder moved successfully.
C:\Program Files\Kooperativa\Export\Global\Exportovane folder moved successfully.
C:\Program Files\Kooperativa\Export\Global folder moved successfully.
C:\Program Files\Kooperativa\Export\Ex_750\Exportovane folder moved successfully.
C:\Program Files\Kooperativa\Export\Ex_750 folder moved successfully.
C:\Program Files\Kooperativa\Export folder moved successfully.
C:\Program Files\Kooperativa\AUTO\udf folder moved successfully.
C:\Program Files\Kooperativa\AUTO\intl folder moved successfully.
C:\Program Files\Kooperativa\AUTO folder moved successfully.
C:\Program Files\Kooperativa folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Babylon folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\IObit\IObit Security 360 folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\IObit\Game Booster\Essentials folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\IObit\Game Booster\BackLnk folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\IObit\Game Booster folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\IObit folder moved successfully.
C:\Documents and Settings\Vašek\Data aplikací\Babylon folder moved successfully.
C:\Documents and Settings\Vašek\Data aplikací\IObit\IObit SmartDefrag folder moved successfully.
C:\Documents and Settings\Vašek\Data aplikací\IObit\Advanced Uninsataller folder moved successfully.
C:\Documents and Settings\Vašek\Data aplikací\IObit\Advanced SystemCare\Backup\Registry folder moved successfully.
C:\Documents and Settings\Vašek\Data aplikací\IObit\Advanced SystemCare\Backup folder moved successfully.
C:\Documents and Settings\Vašek\Data aplikací\IObit\Advanced SystemCare folder moved successfully.
C:\Documents and Settings\Vašek\Data aplikací\IObit folder moved successfully.
C:\WINDOWS\system32\drivers\Lbd.sys moved successfully.
C:\Documents and Settings\Vašek\Nabídka Start\Programy\Po spuštění\Screen Saver Control.lnk moved successfully.
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
File/Folder C:\WINDOWS\*.tmp not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater\\ deleted successfully.

OTL by OldTimer - Version 3.2.48.0 log created on 06202012_101111

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

.... ano inet nepřestal fungovat ihned po smazání CF, ale po smazání a restartu kompu....... Smazal jsem vypnul komp a odjel na víkend. Po návratu už se nepřipojil a stále nepřipojí ani po poslední OTL akci......... co teď......... jinak vše jede rychleji ..... díky Va

[Mc_Murphy]

Ano, mělo by to jet rychleji, protože všechny toolbary i ostatní zdržovadla jsou pryč.

Co se týče internetu, mohlo by to být chybou ComboFixu, kterou máme nahlášenu přímo od jeho tvůrce, uživatele sUBs.

Zkusíme jeho postup - stáhni poslední verzi ComboFixu z této lokace: http://download.bleepingcomputer.com/sUBs/ComboFix.exe , ulož na Plochu a spusť jej.
Nech proběhnout všechny kroky. Po skončení vyskočí log, ten mi sem pro jistotu ještě hoď a napiš mi, jestli se připojení k internetu podařilo obnovit.