prosím o kontrolu logu

Zpráva

Boofy · #1 Příspěvek od **Boofy** » 07 črc 2010 16:04

Dobrý den, prosil bych o kontrolu logu. Nevím jestli mi to nějak třeba pomůže, ale například na facebooku mi to háže nesmyslné statusy (to si myslím že bude ale spíš nějak jejich chyba) ale druhá věc co mě trápí je ta, že například najedu na nějakou stránku která dřív šla bez problémů a teď mi nejdřív před najetím se otevře obrazovka s nějakou reklamou a musím kliknout na skip..... něco abych se vůbec dostal na tu stránku.

Logfile of HijackThis v1.99.1
Scan saved at 17:02:03, on 7.7.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Moravian Instruments\Shared\cwsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\uživatel\Data aplikací\index.php
C:\Documents and Settings\uživatel\Data aplikací\InstallMon.exe
C:\Program Files\Philips\GoGear SA018 Device Manager\GoGear_SA018_DeviceManager.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\QIP 2010\qip.exe
C:\Documents and Settings\uživatel\Plocha\hrubas\programy\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gb.iamwired.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: QipLI - {6B5863A0-C43F-4C0A-982B-CC0E9125783F} - C:\Documents and Settings\uživatel\Data aplikací\Microsoft\Internet Explorer\qstatsrv.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: everyflv - {8cca0561-342d-1c68-896d-4242ef1631bf} - C:\WINDOWS\system32\9Y-bnKv.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Astroburn Toolbar - {EFEED92A-A33D-4873-BA8F-32BAA631E54D} - C:\Program Files\Astroburn Toolbar\ABToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Local Security Authortity Process] C:\Documents and Settings\uživatel\Data aplikací\Microsoft\lsass.exe
O4 - HKLM\..\Run: [HijackThis] C:\Documents and Settings\uživatel\Data aplikací\MSNLiveUpdatex.exe.html
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [QIP Internet Guardian] C:\Documents and Settings\uživatel\Data aplikací\QipGuard\QipGuard.exe
O4 - HKCU\..\Run: [Infium] "C:\Program Files\QIP 2010\qip.exe" /autorun
O4 - HKCU\..\Run: [uTorrent] "C:\Documents and Settings\uživatel\Data aplikací\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [C:\Documents and Settings\uživatel\Data aplikací\InstallMon.exe] C:\Documents and Settings\uživatel\Data aplikací\InstallMon.exe
O4 - Global Startup: Philips GoGear SA018 Device Manager.lnk = C:\Program Files\Philips\GoGear SA018 Device Manager\GoGear_SA018_DeviceManager.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (file missing)
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\WINDOWS\System32\appdrvrem01.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Control Web IPC (CwIPCSvc) - Moravian Instruments® - C:\Program Files\Moravian Instruments\Shared\cwsvc.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate1ca7bfab81c2c58) (gupdate1ca7bfab81c2c58) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

#2 Příspěvek od **Caroprd111** » 07 črc 2010 18:12

Zdravím

Doporučuji odinstalovat (pokud nepoužíváte) toolbary (lišty) v Přidat nebo odebrat programy.

Obrázek

Přečtěte si pravidla fóra a dejte log z RSIT.

Boofy · #3 Příspěvek od **Boofy** » 10 črc 2010 18:48

tak snad je to správněě všechno

Logfile of random's system information tool 1.08 (written by random/random)
Run by uživatel at 2010-07-10 19:46:36
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 75 GB (38%) free of 200 GB
Total RAM: 2046 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:46:43, on 10.7.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\uživatel\Data aplikací\index.php
C:\Documents and Settings\uživatel\Data aplikací\InstallMon.exe
C:\Program Files\Philips\GoGear SA018 Device Manager\GoGear_SA018_DeviceManager.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\DOCUME~1\UIVATE~1\LOCALS~1\Temp\svcnost.exe
C:\DOCUME~1\UIVATE~1\LOCALS~1\Temp\4452970.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\uživatel\Plocha\RSIT.exe
C:\Program Files\trend micro\uživatel.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gb.iamwired.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,"C:\DOCUME~1\UIVATE~1\LOCALS~1\Temp\svcnost.exe"
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: QipLI - {6B5863A0-C43F-4C0A-982B-CC0E9125783F} - C:\Documents and Settings\uživatel\Data aplikací\Microsoft\Internet Explorer\qstatsrv.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: everyflv - {8cca0561-342d-1c68-896d-4242ef1631bf} - C:\WINDOWS\system32\9Y-bnKv.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Local Security Authortity Process] C:\Documents and Settings\uživatel\Data aplikací\Microsoft\lsass.exe
O4 - HKLM\..\Run: [HijackThis] C:\Documents and Settings\uživatel\Data aplikací\MSNLiveUpdatex.exe.html
O4 - HKLM\..\Run: [RegistryMonitor1] C:\WINDOWS\system32\qtplugin.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [QIP Internet Guardian] C:\Documents and Settings\uživatel\Data aplikací\QipGuard\QipGuard.exe
O4 - HKCU\..\Run: [Infium] "C:\Program Files\QIP 2010\qip.exe" /autorun
O4 - HKCU\..\Run: [uTorrent] "C:\Documents and Settings\uživatel\Data aplikací\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [C:\Documents and Settings\uživatel\Data aplikací\InstallMon.exe] C:\Documents and Settings\uživatel\Data aplikací\InstallMon.exe
O4 - Global Startup: Philips GoGear SA018 Device Manager.lnk = C:\Program Files\Philips\GoGear SA018 Device Manager\GoGear_SA018_DeviceManager.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (file missing)
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\WINDOWS\System32\appdrvrem01.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Správce logických disků dmserverdmadmin (dmserverdmadmin) - Unknown owner - C:\WINDOWS\system32\advpack.dllg.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate1ca7bfab81c2c58) (gupdate1ca7bfab81c2c58) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

--
End of file - 10302 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Norton Security Scan for uživatel.job
C:\WINDOWS\tasks\wavepadDowngrade.job
C:\WINDOWS\tasks\wavepadShakeIcon.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-11-18 333192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-09-12 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6B5863A0-C43F-4C0A-982B-CC0E9125783F}]
QipLI Class - C:\Documents and Settings\uživatel\Data aplikací\Microsoft\Internet Explorer\qstatsrv.dll [2010-04-30 48080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8cca0561-342d-1c68-896d-4242ef1631bf}]
everyflv - C:\WINDOWS\system32\9Y-bnKv.dll [2010-05-01 1560576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-09-02 1107200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-09-19 41368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-09-19 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-09-02 1107200]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Foxit Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-11-18 333192]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-01-13 18084864]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-08-02 13570048]
"VirtualCloneDrive"=C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2009-05-27 85160]
"H2O"=C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe [2007-12-11 307200]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-09-19 148888]
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-04-13 1135912]
"Local Security Authortity Process"=C:\Documents and Settings\uživatel\Data aplikací\Microsoft\lsass.exe [2010-06-04 77824]
"HijackThis"=C:\Documents and Settings\uživatel\Data aplikací\MSNLiveUpdatex.exe.html [2010-07-05 330212]
"RegistryMonitor1"=C:\WINDOWS\system32\qtplugin.exe [2010-07-09 506368]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files\Skype\\Phone\Skype.exe [2010-04-06 26102056]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"QIP Internet Guardian"=C:\Documents and Settings\uživatel\Data aplikací\QipGuard\QipGuard.exe [2010-04-30 184272]
"Infium"=C:\Program Files\QIP 2010\qip.exe [2010-04-30 5562832]
"uTorrent"=C:\Documents and Settings\uživatel\Data aplikací\uTorrent\utorrent.exe [2010-06-27 322352]
"C:\Documents and Settings\uživatel\Data aplikací\InstallMon.exe"=C:\Documents and Settings\uživatel\Data aplikací\InstallMon.exe [2010-06-30 36864]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Philips GoGear SA018 Device Manager.lnk - C:\Program Files\Philips\GoGear SA018 Device Manager\GoGear_SA018_DeviceManager.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-09-12 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Documents and Settings\uživatel\Data aplikací\uTorrent\utorrent.exe"="C:\Documents and Settings\uživatel\Data aplikací\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Activision\Modern Warfare 2\iw4mp.exe"="C:\Program Files\Activision\Modern Warfare 2\iw4mp.exe:*:Enabled:iw4mp"
"C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe"="C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Vibe Streamer\vibestreamer.exe"="C:\Program Files\Vibe Streamer\vibestreamer.exe:*:Enabled:vibestreamer"
"C:\Program Files\QIP\qip.exe"="C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\Program Files\QIP 2010\qip.exe"="C:\Program Files\QIP 2010\qip.exe:*:Enabled:QIP 2010"
"C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe"="C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\DOCUME~1\UIVATE~1\LOCALS~1\Temp\svcnost.exe"="C:\DOCUME~1\UIVATE~1\LOCALS~1\Temp\svcnost.exe:*:Enabled:ldrsoft"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======File associations======

.txt - open - notepad.exe %1

======List of files/folders created in the last 1 months======

2010-07-10 19:46:36 ----D---- C:\rsit
2010-07-09 17:47:39 ----A---- C:\WINDOWS\system32\qtplugin.exe
2010-07-06 22:35:57 ----A---- C:\Documents and Settings\uživatel\Data aplikací\WinInstallMon.exe
2010-07-05 21:11:08 ----D---- C:\Program Files\Ubisoft
2010-07-05 20:33:22 ----H---- C:\svchost.exe
2010-07-05 20:33:22 ----A---- C:\WINDOWS\system32\sys.bat
2010-07-05 20:33:22 ----A---- C:\WINDOWS\system32\net.vbs
2010-07-05 20:33:22 ----A---- C:\WINDOWS\system32\net.bat
2010-07-05 20:33:22 ----A---- C:\WINDOWS\system32\logg.txt
2010-07-05 20:33:22 ----A---- C:\WINDOWS\system32\launch.vbs
2010-07-05 20:33:22 ----A---- C:\WINDOWS\system32\exec.vbs
2010-07-05 20:33:22 ----A---- C:\WINDOWS\javaupdate.exe
2010-07-05 20:33:19 ----H---- C:\sys32.exe
2010-07-05 20:33:19 ----D---- C:\Documents and Settings\uživatel\Data aplikací\Trend Micro Inc
2010-07-05 20:31:42 ----H---- C:\Documents and Settings\uživatel\Data aplikací\Interop.MessengerAPI.dll
2010-07-05 20:31:32 ----A---- C:\Documents and Settings\uživatel\Data aplikací\MSNLiveUpdatex.exe.html
2010-07-05 20:31:25 ----A---- C:\Documents and Settings\uživatel\Data aplikací\WinInstallMon.exe.html
2010-06-30 22:25:24 ----A---- C:\Documents and Settings\uživatel\Data aplikací\InstallMon.exe
2010-06-24 19:34:30 ----D---- C:\Program Files\Astroburn Toolbar
2010-06-24 19:34:28 ----D---- C:\Program Files\Astroburn Lite
2010-06-24 19:34:19 ----D---- C:\Documents and Settings\uživatel\Data aplikací\Astroburn Lite
2010-06-24 19:34:16 ----D---- C:\Documents and Settings\All Users\Data aplikací\Astroburn Lite
2010-06-24 19:18:52 ----D---- C:\Documents and Settings\uživatel\Data aplikací\Media Player Classic
2010-06-24 18:45:05 ----SHD---- C:\Config.Msi
2010-06-24 18:44:42 ----D---- C:\finalburner
2010-06-24 18:44:42 ----D---- C:\Documents and Settings\uživatel\Data aplikací\FinalBurner Video DVD
2010-06-24 18:43:36 ----A---- C:\WINDOWS\system32\unrar.dll
2010-06-24 18:43:35 ----A---- C:\WINDOWS\avisplitter.ini
2010-06-24 18:43:34 ----A---- C:\WINDOWS\system32\yv12vfw.dll
2010-06-24 18:43:34 ----A---- C:\WINDOWS\system32\xvidvfw.dll
2010-06-24 18:43:34 ----A---- C:\WINDOWS\system32\xvidcore.dll
2010-06-24 18:43:34 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest
2010-06-24 18:43:34 ----A---- C:\WINDOWS\system32\ff_vfw.dll
2010-06-24 18:43:33 ----D---- C:\Program Files\K-Lite Codec Pack
2010-06-24 18:40:12 ----D---- C:\Program Files\FinalBurner
2010-06-23 18:52:40 ----A---- C:\WINDOWS\system32\drivers\appdrv01.sys
2010-06-23 18:52:39 ----A---- C:\WINDOWS\system32\appdrvrem01.exe
2010-06-22 15:07:56 ----D---- C:\Program Files\ND Games
2010-06-13 14:01:30 ----A---- C:\WINDOWS\vypalovac.ini
2010-06-13 14:01:28 ----D---- C:\Program Files\Vypalovač
2010-06-13 12:31:37 ----D---- C:\Documents and Settings\uživatel\Data aplikací\Mobile Atlas Creator

======List of files/folders modified in the last 1 months======

2010-07-10 19:46:43 ----D---- C:\Program Files\trend micro
2010-07-09 20:17:38 ----D---- C:\WINDOWS\system32
2010-07-09 19:38:25 ----D---- C:\WINDOWS\Temp
2010-07-09 19:38:25 ----D---- C:\WINDOWS\system32\drivers
2010-07-09 19:37:39 ----D---- C:\Program Files\Mozilla Firefox
2010-07-09 19:37:36 ----D---- C:\Program Files\Internet Explorer
2010-07-09 15:41:27 ----D---- C:\WINDOWS\system32\CatRoot2
2010-07-09 15:40:08 ----D---- C:\Program Files\Common Files\Symantec Shared
2010-07-09 14:43:03 ----D---- C:\Program Files\Minilyrics
2010-07-08 16:09:59 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-07-08 15:27:29 ----SHD---- C:\WINDOWS\Installer
2010-07-08 15:25:02 ----D---- C:\Program Files\Atmosphere Lite
2010-07-07 17:02:05 ----D---- C:\WINDOWS\Prefetch
2010-07-06 22:37:40 ----D---- C:\Documents and Settings\uživatel\Data aplikací\uTorrent
2010-07-06 22:37:40 ----D---- C:\Documents and Settings\uživatel\Data aplikací\Skype
2010-07-06 22:36:33 ----D---- C:\Documents and Settings\uživatel\Data aplikací\skypePM
2010-07-05 21:50:11 ----HD---- C:\WINDOWS\inf
2010-07-05 21:11:08 ----RD---- C:\Program Files
2010-07-05 21:11:08 ----HD---- C:\Program Files\InstallShield Installation Information
2010-07-05 20:33:22 ----D---- C:\WINDOWS
2010-07-05 20:31:12 ----SD---- C:\Documents and Settings\uživatel\Data aplikací\Microsoft
2010-07-05 13:17:29 ----D---- C:\Lyrics
2010-07-04 20:39:22 ----A---- C:\WINDOWS\Robota.INI
2010-06-27 12:37:28 ----SD---- C:\WINDOWS\Tasks
2010-06-24 19:28:33 ----D---- C:\Program Files\Elaborate Bytes
2010-06-24 18:46:28 ----D---- C:\Program Files\Common Files\Nero
2010-06-24 18:46:28 ----D---- C:\Documents and Settings\All Users\Data aplikací\Nero
2010-06-24 18:46:21 ----D---- C:\Program Files\Nero
2010-06-23 21:05:05 ----RSD---- C:\WINDOWS\assembly
2010-06-23 21:04:57 ----D---- C:\WINDOWS\Microsoft.NET
2010-06-23 21:02:50 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-06-23 21:02:50 ----D---- C:\WINDOWS\system32\CatRoot
2010-06-23 21:02:06 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-06-23 21:01:51 ----D---- C:\WINDOWS\WinSxS
2010-06-22 22:45:39 ----D---- C:\WINDOWS\security
2010-06-22 15:14:11 ----D---- C:\WINDOWS\RegisteredPackages
2010-06-22 15:14:11 ----D---- C:\Program Files\Windows Media Player
2010-06-22 15:14:05 ----D---- C:\WINDOWS\Help

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-03-31 44944]
R1 appdrv01;Application Driver (01); C:\WINDOWS\System32\Drivers\appdrv01.sys [2010-06-23 3033200]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-09-12 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-09-12 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-09-12 108552]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2010-01-01 26024]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]
R2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys [2008-08-14 74720]
R3 CLEDX;Team H2O CLEDX service; C:\WINDOWS\system32\DRIVERS\cledx.sys [2007-12-11 33792]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-01-13 5015040]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-08-02 6121856]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-10-30 117888]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 VClone;VClone; C:\WINDOWS\system32\DRIVERS\VClone.sys [2009-05-23 29696]
S3 ASPI;Advanced SCSI Programming Interface Driver; \??\C:\WINDOWS\System32\DRIVERS\ASPI32.sys []
S3 dot4;Ovladač MS IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-13 206976]
S3 Dot4Print;Ovladač třídy tiskárny standardu IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 dot4usb;Filtr Dot4USB Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-10-24 23808]
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-18 12160]
S3 PnkBstrK;PnkBstrK; \??\C:\WINDOWS\system32\drivers\PnkBstrK.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys [2010-03-25 99728]
S3 VBoxNetFlt;VBoxNetFlt Service; C:\WINDOWS\system32\DRIVERS\VBoxNetFlt.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-09-12 297752]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-09-19 152984]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-03-19 335872]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-08-02 163908]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-12-31 75064]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2010-05-26 214520]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2007-05-14 272024]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-09-08 545568]
S2 appdrvrem01;Application Driver Auto Removal Service (01); C:\WINDOWS\System32\appdrvrem01.exe [2010-06-23 316816]
S2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-09-12 908056]
S2 dmserverdmadmin;Správce logických disků dmserverdmadmin; C:\WINDOWS\system32\advpack.dll [2008-04-14 100352]
S2 gupdate1ca7bfab81c2c58;Služba Google Update (gupdate1ca7bfab81c2c58); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-12-13 133104]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-09-20 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#4 Příspěvek od **Caroprd111** » 10 črc 2010 19:26

Stáhněte OTL http://oldtimer.geekstogo.com/OTL.exe na plochu

Spusťte, poté do spodního políčka vložte následující skript.

Kód: Vybrat vše

 netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys 
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys 
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
tcpip.sys
cryptsvc.dll
Changer.sys
JakNDis.sys
isapnp.sys 
cdrom.sys 
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav 
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
CREATERESTOREPOINT

Označte položku Pro všechny uživatele.
Označte položky Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
Klikněte na tlačítko Prohledat
Po dokončení, sem vložte logy OTL.Txt a Extras.txt

Boofy · #5 Příspěvek od **Boofy** » 10 črc 2010 19:54

OTL logfile created on: 10.7.2010 20:37:44 - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Documents and Settings\uživatel\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 63,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 195,31 Gb Total Space | 75,72 Gb Free Space | 38,77% Space Free | Partition Type: NTFS
Drive D: | 270,44 Gb Total Space | 263,19 Gb Free Space | 97,32% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 6,97 Gb Total Space | 3,47 Gb Free Space | 49,84% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TRILINE
Current User Name: uživatel
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.07.10 20:35:50 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\uživatel\Plocha\OTL.exe
PRC - [2010.07.10 19:54:51 | 000,012,288 | ---- | M] (Asbra) -- C:\Documents and Settings\uživatel\Data aplikací\index.php
PRC - [2010.07.09 20:17:23 | 000,506,368 | ---- | M] () -- C:\WINDOWS\system32\qtplugin.exe
PRC - [2010.07.09 16:16:59 | 000,052,746 | ---- | M] (Attila Kovrig) -- C:\Documents and Settings\uživatel\Local Settings\temp\svcnost.exe
PRC - [2010.06.30 22:25:24 | 000,036,864 | ---- | M] (Microsoft) -- C:\Documents and Settings\uživatel\Data aplikací\InstallMon.exe
PRC - [2010.06.28 16:36:14 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010.06.28 16:36:13 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010.06.04 13:32:49 | 000,077,824 | ---- | M] (noOrg) -- C:\Documents and Settings\uživatel\Data aplikací\Microsoft\lsass.exe
PRC - [2010.04.30 12:44:18 | 005,562,832 | ---- | M] (QIP) -- C:\Program Files\QIP 2010\qip.exe
PRC - [2010.04.30 12:44:16 | 000,184,272 | ---- | M] () -- C:\Documents and Settings\uživatel\Data aplikací\QipGuard\QipGuard.exe
PRC - [2010.04.13 00:46:36 | 001,135,912 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2009.09.12 15:26:04 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009.09.12 15:25:55 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2009.06.05 14:05:30 | 001,615,232 | ---- | M] (Philips) -- C:\Program Files\Philips\GoGear SA018 Device Manager\GoGear_SA018_DeviceManager.exe
PRC - [2009.05.27 00:31:29 | 000,085,160 | ---- | M] (Elaborate Bytes AG) -- C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
PRC - [2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2005.12.12 14:06:27 | 001,167,360 | ---- | M] (BST) -- C:\Program Files\Webteh\BSplayer\bsplayer.exe

========== Modules (SafeList) ==========

MOD - [2010.07.10 20:35:50 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\uživatel\Plocha\OTL.exe
MOD - [2008.04.14 05:19:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2010.06.23 18:52:39 | 000,316,816 | ---- | M] (Protection Technology) [Auto | Stopped] -- C:\WINDOWS\System32\appdrvrem01.exe -- (appdrvrem01) Application Driver Auto Removal Service (01)
SRV - [2009.09.20 21:25:25 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.09.12 15:25:57 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009.09.12 15:25:55 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2008.07.29 20:16:38 | 000,132,096 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2005.11.17 14:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\VBoxNetFlt.sys -- (VBoxNetFlt)
DRV - [2010.06.23 18:52:40 | 003,033,200 | ---- | M] (Protection Technology) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\appdrv01.sys -- (appdrv01) Application Driver (01)
DRV - [2010.05.26 14:26:43 | 000,137,464 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK)
DRV - [2010.03.25 20:06:30 | 000,099,728 | ---- | M] (Sun Microsystems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2010.01.01 19:20:34 | 000,026,024 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2009.11.08 12:04:22 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2009.09.12 15:26:37 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009.09.12 15:26:34 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009.09.12 15:26:33 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009.05.23 01:08:32 | 000,029,696 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VClone.sys -- (VClone)
DRV - [2009.01.13 13:10:08 | 005,015,040 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008.10.30 15:14:20 | 000,117,888 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008.08.14 07:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\adfs.sys -- (adfs)
DRV - [2008.08.02 06:20:00 | 006,121,856 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008.04.13 22:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008.04.13 19:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) Ovladač zvukové karty USB (WDM)
DRV - [2007.12.11 05:59:40 | 000,033,792 | ---- | M] (Team H2O) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cledx.sys -- (CLEDX)
DRV - [2002.07.17 09:05:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (ASPI)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://join.clonecashsystem.com/track/N ... 4wLjAuMC4w
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://join.clonecashsystem.com/track/N ... 4wLjAuMC4w

IE - HKU\S-1-5-21-220523388-879983540-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
IE - HKU\S-1-5-21-220523388-879983540-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
IE - HKU\S-1-5-21-220523388-879983540-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
IE - HKU\S-1-5-21-220523388-879983540-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://gb.iamwired.net/
IE - HKU\S-1-5-21-220523388-879983540-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
IE - HKU\S-1-5-21-220523388-879983540-839522115-1003\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-220523388-879983540-839522115-1003\..\URLSearchHook: *{855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-220523388-879983540-839522115-1003\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-220523388-879983540-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search"
FF - prefs.js..browser.search.defaulturl: "http://gb.iamwired.net/websearch.php?src=tops&search="
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.cz/"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.2
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.8
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {17b52f53-fedd-911d-795b-0aff67a96b9c}:4.6.6.8
FF - prefs.js..extensions.enabledItems: QipCounter@qip.ru:1.0
FF - prefs.js..extensions.enabledItems: {32a1fd71-835e-4b11-8e54-886fda0b4c89}:1.1
FF - prefs.js..keyword.URL: "http://gb.iamwired.net/websearch.php?src=tops&search="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.06.28 16:36:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.07.06 22:37:12 | 000,000,000 | ---D | M]

[2009.09.14 20:50:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uživatel\Data aplikací\Mozilla\Extensions
[2009.09.12 15:40:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uživatel\Data aplikací\Mozilla\Firefox\extensions
[2009.09.12 15:40:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\uživatel\Data aplikací\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2010.07.10 20:16:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uživatel\Data aplikací\Mozilla\Firefox\Profiles\wturhvdw.default\extensions
[2009.12.13 12:44:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\uživatel\Data aplikací\Mozilla\Firefox\Profiles\wturhvdw.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.05.11 19:22:03 | 000,000,000 | ---D | M] (QipAuthorizer) -- C:\Documents and Settings\uživatel\Data aplikací\Mozilla\Firefox\Profiles\wturhvdw.default\extensions\{32a1fd71-835e-4b11-8e54-886fda0b4c89}
[2010.03.28 12:33:54 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\uživatel\Data aplikací\Mozilla\Firefox\Profiles\wturhvdw.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.02.02 14:15:38 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\uživatel\Data aplikací\Mozilla\Firefox\Profiles\wturhvdw.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010.05.11 19:22:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uživatel\Data aplikací\Mozilla\Firefox\Profiles\wturhvdw.default\extensions\QipCounter@qip.ru
[2010.06.24 19:34:30 | 000,002,071 | ---- | M] () -- C:\Documents and Settings\uživatel\Data aplikací\Mozilla\Firefox\Profiles\wturhvdw.default\searchplugins\absearch-search.xml
[2009.10.28 22:57:09 | 000,009,941 | ---- | M] () -- C:\Documents and Settings\uživatel\Data aplikací\Mozilla\Firefox\Profiles\wturhvdw.default\searchplugins\mywebsearch.xml
[2010.05.11 19:22:03 | 000,002,062 | ---- | M] () -- C:\Documents and Settings\uživatel\Data aplikací\Mozilla\Firefox\Profiles\wturhvdw.default\searchplugins\qip-search.xml
[2010.04.23 15:30:26 | 000,000,266 | ---- | M] () -- C:\Documents and Settings\uživatel\Data aplikací\Mozilla\Firefox\Profiles\wturhvdw.default\searchplugins\Search.xml
[2010.07.08 20:37:13 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.05.04 17:00:07 | 000,000,000 | ---D | M] (LoudMo Contextual Ad Assistant) -- C:\Program Files\Mozilla Firefox\extensions\{17b52f53-fedd-911d-795b-0aff67a96b9c}
[2010.03.24 05:33:30 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.03.24 05:33:30 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.03.24 05:33:30 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.03.24 05:33:30 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.03.24 05:33:30 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2010.02.03 12:23:19 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (QipLI Class) - {6B5863A0-C43F-4C0A-982B-CC0E9125783F} - C:\Documents and Settings\uživatel\Data aplikací\Microsoft\Internet Explorer\qstatsrv.dll (TODO: <Company name>)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (everyflv) - {8cca0561-342d-1c68-896d-4242ef1631bf} - C:\WINDOWS\system32\9Y-bnKv.dll ()
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKU\S-1-5-21-220523388-879983540-839522115-1003\..\Toolbar\WebBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\S-1-5-21-220523388-879983540-839522115-1003\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [H2O] C:\Program Files\Syncrosoft\POS\H2O\cledx.exe (Team H2O)
O4 - HKLM..\Run: [HijackThis] C:\Documents and Settings\uživatel\Data aplikací\MSNLiveUpdatex.exe.html (Trend Micro Inc)
O4 - HKLM..\Run: [Local Security Authortity Process] C:\Documents and Settings\uživatel\Data aplikací\Microsoft\lsass.exe (noOrg)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RegistryMonitor1] C:\WINDOWS\system32\qtplugin.exe ()
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKU\S-1-5-21-220523388-879983540-839522115-1003..\Run: [C:\Documents and Settings\uživatel\Data aplikací\InstallMon.exe] C:\Documents and Settings\uživatel\Data aplikací\InstallMon.exe (Microsoft)
O4 - HKU\S-1-5-21-220523388-879983540-839522115-1003..\Run: [Infium] C:\Program Files\QIP 2010\qip.exe (QIP)
O4 - HKU\S-1-5-21-220523388-879983540-839522115-1003..\Run: [QIP Internet Guardian] C:\Documents and Settings\uživatel\Data aplikací\QipGuard\QipGuard.exe ()
O4 - HKU\S-1-5-21-220523388-879983540-839522115-1003..\Run: [uTorrent] C:\Documents and Settings\uživatel\Data aplikací\uTorrent\utorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Philips GoGear SA018 Device Manager.lnk = C:\Program Files\Philips\GoGear SA018 Device Manager\GoGear_SA018_DeviceManager.exe (Philips)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-220523388-879983540-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-220523388-879983540-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-220523388-879983540-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-220523388-879983540-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-220523388-879983540-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... mv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/aut ... s-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} http://java.sun.com/products/plugin/aut ... s-i586.cab (Java Plug-in 1.4.2_06)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.10.10.1 10.10.10.2
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - ("C:\DOCUME~1\UIVATE~1\LOCALS~1\Temp\svcnost.exe") - C:\Documents and Settings\uživatel\Local Settings\temp\svcnost.exe (Attila Kovrig)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\uživatel\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\uživatel\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.05.02 16:12:08 | 000,000,000 | ---D | M] - C:\auto -- [ NTFS ]
O32 - AutoRun File - [2010.07.05 20:33:19 | 000,000,053 | -H-- | M] () - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010.07.05 20:33:19 | 000,000,053 | -H-- | M] () - D:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{a4838002-f099-11de-9ba6-00241d91b3f7}\Shell - "" = AutoRun
O33 - MountPoints2\{a4838002-f099-11de-9ba6-00241d91b3f7}\Shell\AutoRun\command - "" = G:\USBAutoRun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.vorbis - C:\WINDOWS\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: VIDC.CFHD - C:\WINDOWS\System32\cfhd.dll (CineForm Inc.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.MP42 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: VIDC.MPG4 - C:\WINDOWS\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (57715980977045504)

========== Files/Folders - Created Within 30 Days ==========

[2010.07.10 20:35:49 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\uživatel\Plocha\OTL.exe
[2010.07.10 19:46:36 | 000,000,000 | ---D | C] -- C:\rsit
[2010.07.05 21:11:08 | 000,000,000 | ---D | C] -- C:\Program Files\Ubisoft
[2010.07.05 20:33:22 | 000,330,212 | -H-- | C] (Trend Micro Inc) -- C:\svchost.exe
[2010.07.05 20:33:19 | 000,330,212 | -H-- | C] (Trend Micro Inc) -- C:\sys32.exe
[2010.07.05 20:33:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\uživatel\Data aplikací\Trend Micro Inc
[2010.07.05 20:31:42 | 000,065,536 | -H-- | C] ( ) -- C:\Documents and Settings\uživatel\Data aplikací\Interop.MessengerAPI.dll
[2010.07.05 20:31:32 | 000,330,212 | ---- | C] (Trend Micro Inc) -- C:\Documents and Settings\uživatel\Data aplikací\MSNLiveUpdatex.exe.html
[2010.07.05 20:31:18 | 000,012,288 | ---- | C] (Asbra) -- C:\Documents and Settings\uživatel\Data aplikací\index.php
[2010.07.05 14:10:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\uživatel\Plocha\morelokatr_-_mlady_a_neklidny
[2010.07.05 13:16:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\uživatel\Plocha\Eminem-Recovery-(Retail)-2010-[NoFS]
[2010.06.30 22:25:24 | 000,036,864 | ---- | C] (Microsoft) -- C:\Documents and Settings\uživatel\Data aplikací\InstallMon.exe
[2010.06.24 19:34:30 | 000,000,000 | ---D | C] -- C:\Program Files\Astroburn Toolbar
[2010.06.24 19:34:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\uživatel\Data aplikací\Astroburn Lite
[2010.06.24 19:34:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Astroburn Lite
[2010.06.24 19:18:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\uživatel\Data aplikací\Media Player Classic
[2010.06.24 18:45:05 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.06.24 18:44:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\uživatel\Data aplikací\FinalBurner Video DVD
[2010.06.24 18:44:42 | 000,000,000 | ---D | C] -- C:\finalburner
[2010.06.24 18:43:35 | 000,839,680 | ---- | C] (http://www.mp3dev.org/) -- C:\WINDOWS\System32\lameACM.acm
[2010.06.24 18:43:35 | 000,118,784 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm
[2010.06.24 18:43:34 | 000,217,088 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll
[2010.06.24 18:43:33 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2010.06.24 15:45:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\uživatel\Plocha\ghomez mixtape
[2010.06.23 18:52:40 | 003,033,200 | ---- | C] (Protection Technology) -- C:\WINDOWS\System32\drivers\appdrv01.sys
[2010.06.23 18:52:39 | 000,316,816 | ---- | C] (Protection Technology) -- C:\WINDOWS\System32\appdrvrem01.exe
[2010.06.23 16:53:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\uživatel\Dokumenty\NinjaBlade
[2010.06.22 15:07:56 | 000,000,000 | ---D | C] -- C:\Program Files\ND Games
[2010.06.15 20:42:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\uživatel\Plocha\Rytmus - Si zabil
[2010.06.13 18:15:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\uživatel\Plocha\Mobile Atlas Creator 1.7
[2010.06.13 14:00:42 | 001,703,227 | ---- | C] (PS Media s.r.o. ) -- C:\Documents and Settings\uživatel\Plocha\vypalovac.exe
[2010.06.13 12:31:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\uživatel\Data aplikací\Mobile Atlas Creator
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.07.10 20:35:50 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\uživatel\Plocha\OTL.exe
[2010.07.10 20:15:00 | 000,000,940 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.07.10 19:55:01 | 000,043,049 | ---- | M] () -- C:\Documents and Settings\uživatel\Data aplikací\WinInstallMon.exe
[2010.07.10 19:54:51 | 000,012,288 | ---- | M] (Asbra) -- C:\Documents and Settings\uživatel\Data aplikací\index.php
[2010.07.10 19:54:25 | 000,198,612 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010.07.10 19:54:20 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.07.10 19:54:15 | 000,000,330 | --S- | M] () -- C:\WINDOWS\System32\1041300360.dat
[2010.07.10 19:54:12 | 000,000,936 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.07.10 19:54:09 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.07.10 19:54:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.07.10 19:46:27 | 000,339,991 | ---- | M] () -- C:\Documents and Settings\uživatel\Plocha\RSIT.exe
[2010.07.09 20:17:23 | 000,506,368 | ---- | M] () -- C:\WINDOWS\System32\qtplugin.exe
[2010.07.09 16:01:29 | 000,000,564 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for uživatel.job
[2010.07.08 20:44:01 | 005,563,144 | ---- | M] () -- C:\Documents and Settings\uživatel\Plocha\swap,roucadoubyporcelan.mp3
[2010.07.08 20:43:18 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\iTunes.lnk
[2010.07.06 22:37:12 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Adobe Reader 9.lnk
[2010.07.05 20:33:22 | 000,001,050 | ---- | M] () -- C:\WINDOWS\System32\net.bat
[2010.07.05 20:33:22 | 000,000,480 | ---- | M] () -- C:\WINDOWS\System32\net.vbs
[2010.07.05 20:33:22 | 000,000,245 | ---- | M] () -- C:\WINDOWS\System32\sys.bat
[2010.07.05 20:33:22 | 000,000,137 | ---- | M] () -- C:\WINDOWS\System32\launch.vbs
[2010.07.05 20:33:22 | 000,000,137 | ---- | M] () -- C:\WINDOWS\System32\exec.vbs
[2010.07.05 20:33:22 | 000,000,000 | ---- | M] () -- C:\WINDOWS\javaupdate.exe
[2010.07.05 20:33:19 | 000,000,053 | -H-- | M] () -- C:\autorun.inf
[2010.07.05 20:31:47 | 000,065,536 | -H-- | M] ( ) -- C:\Documents and Settings\uživatel\Data aplikací\Interop.MessengerAPI.dll
[2010.07.05 20:31:36 | 000,330,212 | -H-- | M] (Trend Micro Inc) -- C:\sys32.exe
[2010.07.05 20:31:36 | 000,330,212 | -H-- | M] (Trend Micro Inc) -- C:\svchost.exe
[2010.07.05 20:31:36 | 000,330,212 | ---- | M] (Trend Micro Inc) -- C:\Documents and Settings\uživatel\Data aplikací\MSNLiveUpdatex.exe.html
[2010.07.05 20:31:27 | 000,043,049 | ---- | M] () -- C:\Documents and Settings\uživatel\Data aplikací\WinInstallMon.exe.html
[2010.07.05 15:12:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010.07.05 14:09:48 | 007,602,176 | -H-- | M] () -- C:\Documents and Settings\uživatel\NTUSER.DAT
[2010.07.04 20:39:22 | 000,000,028 | ---- | M] () -- C:\WINDOWS\Robota.INI
[2010.07.04 17:38:37 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\uživatel\ntuser.ini
[2010.07.03 20:37:30 | 000,702,661 | ---- | M] () -- C:\Documents and Settings\uživatel\Plocha\DRF promo.jpg
[2010.07.03 20:37:22 | 007,816,065 | ---- | M] () -- C:\Documents and Settings\uživatel\Plocha\DRF promo.psd
[2010.07.03 20:11:03 | 003,605,465 | ---- | M] () -- C:\Documents and Settings\uživatel\Plocha\FP STEP DOWN 96 bpm.mp3
[2010.07.03 18:48:07 | 001,715,767 | ---- | M] () -- C:\Documents and Settings\uživatel\Plocha\FP PIANO MANIACO 96 bpm.mp3
[2010.07.02 15:20:51 | 009,087,012 | ---- | M] () -- C:\Documents and Settings\uživatel\Plocha\time traveler.wav
[2010.07.01 22:26:49 | 053,125,740 | ---- | M] () -- C:\Documents and Settings\uživatel\Plocha\roccccccca.psd
[2010.07.01 22:26:27 | 002,294,250 | ---- | M] () -- C:\Documents and Settings\uživatel\Plocha\roccccccca.jpg
[2010.07.01 16:29:30 | 026,243,520 | ---- | M] () -- C:\Documents and Settings\uživatel\Plocha\TCW - 1 Beat.wav
[2010.06.30 22:25:24 | 000,036,864 | ---- | M] (Microsoft) -- C:\Documents and Settings\uživatel\Data aplikací\InstallMon.exe
[2010.06.27 13:02:15 | 000,017,181 | ---- | M] () -- C:\Documents and Settings\uživatel\Plocha\Prince.of.Persia.-.The.Forgotten.Sands.torrent
[2010.06.26 14:48:12 | 001,657,916 | ---- | M] () -- C:\Documents and Settings\uživatel\Plocha\cesta kolem světa.jpg
[2010.06.26 03:06:31 | 002,112,392 | -H-- | M] () -- C:\Documents and Settings\uživatel\Local Settings\Data aplikací\IconCache.db
[2010.06.25 20:46:47 | 003,972,519 | ---- | M] () -- C:\Documents and Settings\uživatel\Plocha\royalaudiotunes_springfever.mp3
[2010.06.24 19:28:49 | 000,000,085 | -HS- | M] () -- C:\Documents and Settings\All Users\Data aplikací\.zreglib
[2010.06.24 19:28:39 | 000,000,852 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\CloneDVD2.lnk
[2010.06.24 19:16:31 | 000,012,288 | ---- | M] () -- C:\Documents and Settings\uživatel\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.24 15:42:56 | 002,429,495 | ---- | M] () -- C:\Documents and Settings\uživatel\Plocha\01 - Mashonda - Step Into My World Intro (Produced By Swizz Beatz) (Instrumental).mp3
[2010.06.23 21:02:06 | 001,013,022 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.06.23 21:02:06 | 000,443,724 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.06.23 21:02:06 | 000,440,590 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2010.06.23 21:02:06 | 000,083,832 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2010.06.23 21:02:06 | 000,071,982 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.06.23 18:52:40 | 003,033,200 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\drivers\appdrv01.sys
[2010.06.23 18:52:39 | 000,316,816 | ---- | M] (Protection Technology) -- C:\WINDOWS\System32\appdrvrem01.exe
[2010.06.22 15:14:06 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010.06.22 15:14:06 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010.06.22 15:13:43 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010.06.18 19:02:02 | 003,763,590 | ---- | M] () -- C:\Documents and Settings\uživatel\Plocha\jayk.psd
[2010.06.18 18:28:30 | 000,211,511 | ---- | M] () -- C:\Documents and Settings\uživatel\Plocha\jayk.jpg
[2010.06.16 17:55:17 | 000,161,402 | ---- | M] () -- C:\Documents and Settings\uživatel\Plocha\joker heath ledger.jpg
[2010.06.13 18:59:37 | 003,304,816 | ---- | M] () -- C:\Documents and Settings\uživatel\Plocha\MARCOLO-...Pierwszy_wdech_(zajety).mp3
[2010.06.13 14:01:30 | 000,000,028 | ---- | M] () -- C:\WINDOWS\vypalovac.ini
[2010.06.13 14:00:50 | 001,703,227 | ---- | M] (PS Media s.r.o. ) -- C:\Documents and Settings\uživatel\Plocha\vypalovac.exe
[2010.06.11 18:26:24 | 008,920,338 | ---- | M] () -- C:\Documents and Settings\uživatel\Plocha\Majk_Spirit_feat._Suvereno_-_Slovensko_v_Afrike_(Futbalova_hymna)-1.mp3
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.07.10 19:46:27 | 000,339,991 | ---- | C] () -- C:\Documents and Settings\uživatel\Plocha\RSIT.exe
[2010.07.09 17:47:39 | 000,506,368 | ---- | C] () -- C:\WINDOWS\System32\qtplugin.exe
[2010.07.09 16:02:22 | 000,000,330 | --S- | C] () -- C:\WINDOWS\System32\1041300360.dat
[2010.07.08 20:27:35 | 005,563,144 | ---- | C] () -- C:\Documents and Settings\uživatel\Plocha\swap,roucadoubyporcelan.mp3
[2010.07.06 22:35:57 | 000,043,049 | ---- | C] () -- C:\Documents and Settings\uživatel\Data aplikací\WinInstallMon.exe
[2010.07.05 20:33:22 | 000,001,050 | ---- | C] () -- C:\WINDOWS\System32\net.bat
[2010.07.05 20:33:22 | 000,000,480 | ---- | C] () -- C:\WINDOWS\System32\net.vbs
[2010.07.05 20:33:22 | 000,000,245 | ---- | C] () -- C:\WINDOWS\System32\sys.bat
[2010.07.05 20:33:22 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\launch.vbs
[2010.07.05 20:33:22 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\exec.vbs
[2010.07.05 20:33:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\javaupdate.exe
[2010.07.05 20:33:19 | 000,000,053 | -H-- | C] () -- C:\autorun.inf
[2010.07.05 20:31:25 | 000,043,049 | ---- | C] () -- C:\Documents and Settings\uživatel\Data aplikací\WinInstallMon.exe.html
[2010.07.03 20:37:28 | 000,702,661 | ---- | C] () -- C:\Documents and Settings\uživatel\Plocha\DRF promo.jpg
[2010.07.03 20:37:21 | 007,816,065 | ---- | C] () -- C:\Documents and Settings\uživatel\Plocha\DRF promo.psd
[2010.07.03 19:40:35 | 003,605,465 | ---- | C] () -- C:\Documents and Settings\uživatel\Plocha\FP STEP DOWN 96 bpm.mp3
[2010.07.03 18:44:58 | 001,715,767 | ---- | C] () -- C:\Documents and Settings\uživatel\Plocha\FP PIANO MANIACO 96 bpm.mp3
[2010.07.02 15:20:21 | 009,087,012 | ---- | C] () -- C:\Documents and Settings\uživatel\Plocha\time traveler.wav
[2010.07.01 22:26:16 | 002,294,250 | ---- | C] () -- C:\Documents and Settings\uživatel\Plocha\roccccccca.jpg
[2010.07.01 16:59:37 | 053,125,740 | ---- | C] () -- C:\Documents and Settings\uživatel\Plocha\roccccccca.psd
[2010.07.01 16:28:10 | 026,243,520 | ---- | C] () -- C:\Documents and Settings\uživatel\Plocha\TCW - 1 Beat.wav
[2010.06.27 13:02:12 | 000,017,181 | ---- | C] () -- C:\Documents and Settings\uživatel\Plocha\Prince.of.Persia.-.The.Forgotten.Sands.torrent
[2010.06.26 14:48:09 | 001,657,916 | ---- | C] () -- C:\Documents and Settings\uživatel\Plocha\cesta kolem světa.jpg
[2010.06.24 19:28:49 | 000,000,085 | -HS- | C] () -- C:\Documents and Settings\All Users\Data aplikací\.zreglib
[2010.06.24 19:28:39 | 000,000,852 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\CloneDVD2.lnk
[2010.06.24 18:43:36 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2010.06.24 18:43:35 | 000,000,414 | ---- | C] () -- C:\WINDOWS\System32\lame_acm.xml
[2010.06.24 18:43:35 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010.06.24 18:43:34 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010.06.24 18:43:34 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010.06.24 18:43:34 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010.06.24 18:43:34 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2010.06.24 17:48:48 | 003,972,519 | ---- | C] () -- C:\Documents and Settings\uživatel\Plocha\royalaudiotunes_springfever.mp3
[2010.06.24 15:42:56 | 002,429,495 | ---- | C] () -- C:\Documents and Settings\uživatel\Plocha\01 - Mashonda - Step Into My World Intro (Produced By Swizz Beatz) (Instrumental).mp3
[2010.06.16 17:55:16 | 000,161,402 | ---- | C] () -- C:\Documents and Settings\uživatel\Plocha\joker heath ledger.jpg
[2010.06.16 17:39:55 | 003,763,590 | ---- | C] () -- C:\Documents and Settings\uživatel\Plocha\jayk.psd
[2010.06.16 16:46:04 | 000,211,511 | ---- | C] () -- C:\Documents and Settings\uživatel\Plocha\jayk.jpg
[2010.06.13 18:59:26 | 003,304,816 | ---- | C] () -- C:\Documents and Settings\uživatel

Boofy · #6 Příspěvek od **Boofy** » 10 črc 2010 19:59

[2010.06.13 18:59:26 | 003,304,816 | ---- | C] () -- C:\Documents and Settings\uživatel\Plocha\MARCOLO-...Pierwszy_wdech_(zajety).mp3
[2010.06.13 14:01:30 | 000,000,028 | ---- | C] () -- C:\WINDOWS\vypalovac.ini
[2010.06.11 18:25:58 | 008,920,338 | ---- | C] () -- C:\Documents and Settings\uživatel\Plocha\Majk_Spirit_feat._Suvereno_-_Slovensko_v_Afrike_(Futbalova_hymna)-1.mp3
[2010.05.19 20:19:22 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010.05.17 11:42:49 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2010.05.15 16:04:35 | 000,000,287 | ---- | C] () -- C:\WINDOWS\game.ini
[2010.05.02 16:12:34 | 000,000,398 | ---- | C] () -- C:\WINDOWS\AudioConverter.INI
[2010.05.02 15:57:51 | 000,000,024 | ---- | C] () -- C:\WINDOWS\System32\sysmwwod.dll
[2010.05.02 15:51:05 | 000,150,016 | ---- | C] () -- C:\WINDOWS\System32\bwmedia.dll
[2010.05.01 09:54:46 | 001,560,576 | ---- | C] () -- C:\WINDOWS\System32\9Y-bnKv.dll
[2010.01.13 22:01:34 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009.12.31 16:10:11 | 000,137,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009.12.13 15:48:55 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009.10.02 13:28:43 | 000,000,028 | ---- | C] () -- C:\WINDOWS\Robota.INI
[2009.10.02 13:27:33 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\mgxasio2.dll
[2009.10.02 13:26:48 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2009.10.02 13:26:39 | 000,006,211 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2009.09.20 10:58:29 | 000,000,034 | ---- | C] () -- C:\WINDOWS\hpfsched.ini
[2008.08.02 06:20:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008.08.02 06:20:00 | 001,499,136 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008.08.02 06:20:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008.08.02 06:20:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008.08.02 06:20:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2004.08.18 14:00:00 | 000,062,976 | --S- | C] () -- C:\WINDOWS\System32\advpack.dllg.exe
[2004.08.18 14:00:00 | 000,048,585 | ---- | C] () -- C:\WINDOWS\System32\12520437g.sys
[2004.08.18 13:53:41 | 001,571,840 | ---- | C] () -- C:\WINDOWS\System32\sfcfiles.dll
[2004.08.17 17:49:16 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003.10.07 02:14:40 | 000,943,616 | ---- | C] () -- C:\WINDOWS\System32\dfolder.dll
[2002.01.18 21:56:54 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\mp3enc.dll

========== LOP Check ==========

[2010.06.24 19:34:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Astroburn Lite
[2009.09.12 15:44:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\AVG Security Toolbar
[2010.05.01 10:14:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Borland
[2009.12.09 18:07:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\DobeSoftCZ
[2009.09.14 21:33:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ICQ
[2010.04.15 19:35:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\MAGIX
[2009.10.26 13:17:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Propellerhead Software
[2009.11.26 16:25:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\SITEguard
[2009.12.19 10:20:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\STOPzilla!
[2009.09.12 15:31:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Temp
[2009.09.15 19:53:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010.06.24 19:34:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uživatel\Data aplikací\Astroburn Lite
[2010.05.01 10:14:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uživatel\Data aplikací\Borland
[2010.06.06 21:32:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uživatel\Data aplikací\COWON
[2009.11.11 13:02:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uživatel\Data aplikací\Desktopicon
[2010.04.30 22:14:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uživatel\Data aplikací\eBookPro6
[2010.03.04 22:00:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uživatel\Data aplikací\Facebook
[2010.06.24 18:44:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uživatel\Data aplikací\FinalBurner Video DVD
[2009.09.12 15:40:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uživatel\Data aplikací\Foxit
[2010.04.28 19:58:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uživatel\Data aplikací\ICQ
[2009.12.24 20:22:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uživatel\Data aplikací\Leadertech
[2009.12.25 19:40:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uživatel\Data aplikací\LG Electronics
[2010.04.15 19:36:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uživatel\Data aplikací\MAGIX
[2010.06.13 12:31:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uživatel\Data aplikací\Mobile Atlas Creator
[2010.07.10 20:36:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uživatel\Data aplikací\NCH Swift Sound
[2009.09.12 15:16:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uživatel\Data aplikací\OpenOffice.org
[2009.10.26 13:28:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uživatel\Data aplikací\Propellerhead Software
[2010.03.07 09:42:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uživatel\Data aplikací\Purple Ghost Software, Inc
[2010.05.11 19:22:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uživatel\Data aplikací\QIP
[2010.05.11 19:22:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uživatel\Data aplikací\QipGuard
[2010.01.12 18:43:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uživatel\Data aplikací\Quest Software
[2010.03.07 14:13:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uživatel\Data aplikací\SharePod
[2010.04.11 18:54:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uživatel\Data aplikací\SQL Developer
[2010.03.24 20:47:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uživatel\Data aplikací\Steinberg
[2010.05.06 20:23:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uživatel\Data aplikací\Toad Data Modeler Freeware
[2010.07.10 19:55:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uživatel\Data aplikací\uTorrent

========== Purity Check ==========

========== Custom Scans ==========

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Skype" = "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized -- [2010.04.06 02:27:46 | 026,102,056 | R--- | M] (Skype Technologies S.A.)
"ctfmon.exe" = C:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 05:22:17 | 000,015,360 | ---- | M] (Microsoft Corporation)
"QIP Internet Guardian" = C:\Documents and Settings\uživatel\Data aplikací\QipGuard\QipGuard.exe -- [2010.04.30 12:44:16 | 000,184,272 | ---- | M] ()
"Infium" = "C:\Program Files\QIP 2010\qip.exe" /autorun -- [2010.04.30 12:44:18 | 005,562,832 | ---- | M] (QIP)
"uTorrent" = "C:\Documents and Settings\uživatel\Data aplikací\uTorrent\utorrent.exe" -- [2010.06.27 13:03:02 | 000,322,352 | ---- | M] (BitTorrent, Inc.)
"C:\Documents and Settings\uživatel\Data aplikací\InstallMon.exe" = C:\Documents and Settings\uživatel\Data aplikací\InstallMon.exe -- [2010.06.30 22:25:24 | 000,036,864 | ---- | M] (Microsoft)
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater]
"" =

< c:\windows\*.* /U >
[9 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >
[2010.07.05 20:31:36 | 000,330,212 | -H-- | M] (Trend Micro Inc) -- C:\svchost.exe
[2010.07.05 20:31:36 | 000,330,212 | -H-- | M] (Trend Micro Inc) -- C:\sys32.exe

< %ALLUSERSPROFILE%\Application Data\*. >
[2010.05.01 09:13:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Borland

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2009.12.18 17:01:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uživatel\Data aplikací\Adobe
[2009.10.01 19:47:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uživatel\Data aplikací\Apple Computer
[2010.06.24 19:34:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uživatel\Data aplikací\Astroburn Lite
[2009.09.12 15:15:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uživatel\Data aplikací\AVG8
[2010.05.01 10:14:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uživatel\Data aplikací\Borland
[2010.06.06 21:32:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uživatel\Data aplikací\COWON
[2009.09.12 15:33:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uživatel\Data aplikací\CyberLink
[2009.11.11 13:02:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uživatel\Data aplikací\Desktopicon
[2010.05.15 15:16:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uživatel\Data aplikací\DivX
[2010.04.30 22:14:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uživatel\Data aplikací\eBookPro6
[2010.03.04 22:00:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uživatel\Data aplikací\Facebook
[2010.06.24 18:44:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uživatel\Data aplikací\FinalBurner Video DVD
[2009.09.12 15:40:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uživatel\Data aplikací\Foxit
[2009.11.10 19:01:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uživatel\Data aplikací\Help
[2010.04.28 19:58:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uživatel\Data aplikací\ICQ
[2009.09.12 14:59:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uživatel\Data aplikací\Identities
[2009.09.12 15:06:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uživatel\Data aplikací\InstallShield
[2009.12.24 20:22:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uživatel\Data aplikací\Leadertech
[2009.12.25 19:40:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uživatel\Data aplikací\LG Electronics
[2009.09.12 15:48:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uživatel\Data aplikací\Macromedia
[2010.04.15 19:36:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uživatel\Data aplikací\MAGIX
[2010.06.24 19:18:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uživatel\Data aplikací\Media Player Classic
[2010.07.05 20:31:12 | 000,000,000 | --SD | M] -- C:\Documents and Settings\uživatel\Data aplikací\Microsoft
[2010.06.13 12:31:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uživatel\Data aplikací\Mobile Atlas Creator
[2009.09.12 15:40:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uživatel\Data aplikací\Mozilla
[2010.07.10 20:36:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uživatel\Data aplikací\NCH Swift Sound
[2009.12.05 16:35:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uživatel\Data aplikací\Nero
[2009.09.12 15:16:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uživatel\Data aplikací\OpenOffice.org
[2009.10.26 13:28:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uživatel\Data aplikací\Propellerhead Software
[2010.04.11 18:55:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uživatel\Data aplikací\PSpad
[2010.03.07 09:42:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uživatel\Data aplikací\Purple Ghost Software, Inc
[2010.05.11 19:22:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uživatel\Data aplikací\QIP
[2010.05.11 19:22:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uživatel\Data aplikací\QipGuard
[2010.01.12 18:43:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uživatel\Data aplikací\Quest Software
[2009.12.19 11:09:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uživatel\Data aplikací\Real
[2009.12.24 20:10:53 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\uživatel\Data aplikací\SecuROM
[2009.11.12 18:41:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uživatel\Data aplikací\Share-to-Web Upload Folder
[2010.03.07 14:13:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uživatel\Data aplikací\SharePod
[2010.07.10 20:03:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uživatel\Data aplikací\Skype
[2010.07.10 19:56:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uživatel\Data aplikací\skypePM
[2010.04.11 18:54:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uživatel\Data aplikací\SQL Developer
[2010.03.24 20:47:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uživatel\Data aplikací\Steinberg
[2009.09.19 15:51:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uživatel\Data aplikací\Sun
[2010.05.06 20:23:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uživatel\Data aplikací\Toad Data Modeler Freeware
[2010.07.05 20:33:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uživatel\Data aplikací\Trend Micro Inc
[2010.07.10 19:55:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uživatel\Data aplikací\uTorrent
[2009.09.19 14:54:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uživatel\Data aplikací\WinRAR

< %APPDATA%\*.exe /s >
[2009.02.03 14:21:10 | 000,239,104 | ---- | M] (Igor Pavlov) -- C:\Documents and Settings\uživatel\Data aplikací\7za.exe
[2010.06.30 22:25:24 | 000,036,864 | ---- | M] (Microsoft) -- C:\Documents and Settings\uživatel\Data aplikací\InstallMon.exe
[2010.07.10 19:55:01 | 000,043,049 | ---- | M] () -- C:\Documents and Settings\uživatel\Data aplikací\WinInstallMon.exe
[2010.03.04 22:00:53 | 000,050,354 | ---- | M] (Facebook, Inc.) -- C:\Documents and Settings\uživatel\Data aplikací\Facebook\uninstall.exe
[2010.06.04 13:32:49 | 000,077,824 | ---- | M] (noOrg) -- C:\Documents and Settings\uživatel\Data aplikací\Microsoft\lsass.exe
[2010.05.01 09:16:01 | 000,001,078 | R--- | M] () -- C:\Documents and Settings\uživatel\Data aplikací\Microsoft\Installer\{01E970F7-212F-4C07-87E9-5B48C52E247D}\_16496df1.exe
[2010.05.01 09:16:01 | 000,001,078 | R--- | M] () -- C:\Documents and Settings\uživatel\Data aplikací\Microsoft\Installer\{01E970F7-212F-4C07-87E9-5B48C52E247D}\_26e91eb.exe
[2010.05.01 09:16:01 | 000,001,078 | R--- | M] () -- C:\Documents and Settings\uživatel\Data aplikací\Microsoft\Installer\{01E970F7-212F-4C07-87E9-5B48C52E247D}\_5af141bb.exe
[2010.05.01 09:16:01 | 000,024,542 | R--- | M] () -- C:\Documents and Settings\uživatel\Data aplikací\Microsoft\Installer\{01E970F7-212F-4C07-87E9-5B48C52E247D}\_69525f90.exe
[2010.05.01 08:52:31 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\uživatel\Data aplikací\Microsoft\Installer\{0B1F3A28-784B-40F1-BA0D-B0439A6FEBB0}\ARPPRODUCTICON.exe
[2010.04.30 12:44:16 | 000,184,272 | ---- | M] () -- C:\Documents and Settings\uživatel\Data aplikací\QipGuard\QipGuard.exe
[2009.09.12 23:20:28 | 000,245,248 | ---- | M] (www.half-open.com) -- C:\Documents and Settings\uživatel\Data aplikací\uTorrent\half-open-fix.exe
[2009.12.06 16:08:48 | 000,697,965 | ---- | M] () -- C:\Documents and Settings\uživatel\Data aplikací\uTorrent\unins000.exe
[2010.06.27 13:03:02 | 000,322,352 | ---- | M] (BitTorrent, Inc.) -- C:\Documents and Settings\uživatel\Data aplikací\uTorrent\utorrent.exe

< MD5 for: AGP440.SYS >
[2004.08.18 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009.12.08 23:10:02 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009.12.08 23:10:02 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004.08.04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004.08.18 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009.12.08 23:10:02 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009.12.08 23:10:02 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.18 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: CDROM.SYS >
[2004.08.18 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2009.12.08 23:10:02 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2009.12.08 23:10:02 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008.04.13 20:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2004.08.18 14:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys

< MD5 for: CRYPTSVC.DLL >
[2004.08.18 14:00:00 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll
[2008.04.14 05:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[2008.04.14 05:21:38 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2008.04.14 05:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 05:21:41 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll
[2004.08.18 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 05:22:22 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004.08.18 14:00:00 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: HAL.DLL >
[2004.08.18 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2009.12.08 23:10:02 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2009.12.08 23:10:02 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll
[2008.04.13 20:31:28 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=4329EE7D502C9113EBA0F9570392F5EE -- C:\WINDOWS\system32\HAL.DLL
[2008.04.13 20:31:32 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll
[2004.08.18 14:00:00 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=DFCE51FD96909D1B97D4A1A72D060D77 -- C:\WINDOWS\$NtServicePackUninstall$\hal.dll

< MD5 for: CHANGER.SYS >
[2004.08.18 14:00:00 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2009.12.08 23:10:02 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
[2009.12.08 23:10:02 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Changer.sys
[2008.04.13 20:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\ServicePackFiles\i386\changer.sys

< MD5 for: ISAPNP.SYS >
[2009.12.08 23:10:02 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2009.12.08 23:10:02 | 023,890,583 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:isapnp.sys
[2004.08.18 14:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\$NtServicePackUninstall$\isapnp.sys
[2008.04.14 04:27:53 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\ServicePackFiles\i386\isapnp.sys
[2008.04.14 04:27:53 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\drivers\isapnp.sys

< MD5 for: LSASS.EXE >
[2004.08.18 14:00:00 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
[2010.06.04 13:32:49 | 000,077,824 | ---- | M] (noOrg) MD5=E48482E0B6577E323AA25C798EC7681C -- C:\Documents and Settings\uživatel\Data aplikací\Microsoft\lsass.exe
[2008.04.14 05:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[2008.04.14 05:22:29 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\lsass.exe

< MD5 for: NDIS.SYS >
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008.04.13 21:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2004.08.18 14:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

< MD5 for: NETLOGON.DLL >
[2009.02.06 20:47:20 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=1F43B8C0F4C767FBED89711C30E704D9 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009.02.06 20:47:20 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=1F43B8C0F4C767FBED89711C30E704D9 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004.08.18 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008.04.14 05:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 05:21:50 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004.08.18 14:00:00 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008.04.14 05:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 05:21:54 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SMSS.EXE >
[2004.08.18 14:00:00 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\$NtServicePackUninstall$\smss.exe
[2004.08.17 16:49:28 | 000,164,864 | ---- | M] (Microsoft Corporation) MD5=3C100B7FDB179B63829103DF6541337F -- C:\cmdcons\SYSTEM32\SMSS.EXE
[2008.04.14 05:22:47 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\ServicePackFiles\i386\smss.exe
[2008.04.14 05:22:47 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\smss.exe

< MD5 for: SVCHOST.EXE >
[2010.07.05 20:31:36 | 000,330,212 | -H-- | M] (Trend Micro Inc) MD5=3E642D64C2DC156DEAE89A6C6B304BF6 -- C:\svchost.exe
[2008.04.14 05:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008.04.14 05:22:48 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe
[2004.08.18 14:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: TCPIP.SYS >
[2008.06.20 12:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2008.06.20 12:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[2008.04.13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008.04.13 21:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008.06.20 13:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2004.08.18 14:00:00 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys
[2008.06.20 13:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 05:22:50 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe
[2004.08.18 14:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004.08.18 14:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 05:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 05:22:53 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WS2_32.DLL >
[2004.08.18 14:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
[2008.04.14 05:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008.04.14 05:22:06 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2010.03.09 13:11:23 | 000,430,080 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\vbscript.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009.11.13 20:38:41 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009.11.13 17:05:50 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav
[2009.11.13 20:38:41 | 018,350,080 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009.11.13 20:38:41 | 004,456,448 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >
[2010.03.09 13:11:23 | 000,430,080 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\vbscript.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs

< %systemroot%\system32\drivers\*.sys /3 >

< %systemroot%\system32\*.* /3 >
[2010.07.10 19:54:15 | 000,000,330 | --S- | M] () -- C:\WINDOWS\system32\1041300360.dat
[2010.07.10 19:54:25 | 000,198,612 | ---- | M] () -- C:\WINDOWS\system32\nvapps.xml
[2010.07.09 20:17:23 | 000,506,368 | ---- | M] () -- C:\WINDOWS\system32\qtplugin.exe
[2010.07.10 19:54:20 | 000,002,206 | ---- | M] () -- C:\WINDOWS\system32\wpa.dbl
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< End of report >

Boofy · #7 Příspěvek od **Boofy** » 10 črc 2010 20:02

a teď ten extras.txt

OTL Extras logfile created on: 10.7.2010 20:37:44 - Run 1
OTL by OldTimer - Version 3.2.9.0 Folder = C:\Documents and Settings\uživatel\Plocha
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 63,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 195,31 Gb Total Space | 75,72 Gb Free Space | 38,77% Space Free | Partition Type: NTFS
Drive D: | 270,44 Gb Total Space | 263,19 Gb Free Space | 97,32% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 6,97 Gb Total Space | 3,47 Gb Free Space | 49,84% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TRILINE
Current User Name: uživatel
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-220523388-879983540-839522115-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" =
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\ICQ6.5\ICQ.exe" = C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Documents and Settings\uživatel\Data aplikací\uTorrent\utorrent.exe" = C:\Documents and Settings\uživatel\Data aplikací\uTorrent\utorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Activision\Modern Warfare 2\iw4mp.exe" = C:\Program Files\Activision\Modern Warfare 2\iw4mp.exe:*:Enabled:iw4mp -- File not found
"C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe" = C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s -- ()
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Vibe Streamer\vibestreamer.exe" = C:\Program Files\Vibe Streamer\vibestreamer.exe:*:Enabled:vibestreamer -- ()
"C:\Program Files\QIP\qip.exe" = C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager -- File not found
"C:\Program Files\QIP 2010\qip.exe" = C:\Program Files\QIP 2010\qip.exe:*:Enabled:QIP 2010 -- (QIP)
"C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe" = C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher -- (Ubisoft)
"C:\DOCUME~1\UIVATE~1\LOCALS~1\Temp\svcnost.exe" = C:\DOCUME~1\UIVATE~1\LOCALS~1\Temp\svcnost.exe:*:Enabled:ldrsoft -- (Attila Kovrig)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01E970F7-212F-4C07-87E9-5B48C52E247D}" = Wise Owl Demeanor for .NET, Personal Edition
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0B1F3A28-784B-40F1-BA0D-B0439A6FEBB0}" = Borland Remote Debugger
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{23E797E9-F852-4AEA-93F0-772ED2B9D9F9}" = OpenOffice.org 3.1
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14
"{2864C41B-EF2D-4640-95A2-526276524519}" = Borland C++Builder 6
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2C3CE8F0-F4AD-4D54-A520-975309C617E2}" = LG PC Suite III
"{2CAF0576-1BAD-4C3E-A1DB-D6D585495DED}" = Quest Software Toad Data Modeler
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7148F0A8-6813-11D6-A77B-00B0D0142060}" = Java 2 Runtime Environment, SE v1.4.2_06
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{748F4870-8350-11D3-B0BF-080009FB4A19}" = HP Share-to-Web
"{7B4A5C13-069F-4AFE-AE57-C497B4E33C7E}" = Call of Duty(R) 2 Patch 1.3
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7ED5371F-F4EA-48F9-B8F7-C8777AD9DF69}" = Borland Developer Studio 2006
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{827B97A9-B347-4110-9F89-37AF2B758F94}" = NHL™ 09
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{88DD0B6C-B174-40C9-84F4-531D414BC949}" = ComponentOne Studio Enterprise™
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F2F35B0-4019-4291-BBF5-121F51637FC7}" = VC80MFCRedist - 8.0.50727.4053
"{90120000-0010-0405-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Czech) 12
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0015-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}_ENTERPRISE_{294B4278-CF7B-40B9-86A1-2D3FF0C2C524}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-001F-041B-0000-0000000FF1CE}_ENTERPRISE_{10EC59E5-9BCE-4884-BB1A-E28627220232}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2007
"{90120000-0044-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}_ENTERPRISE_{E12F9D31-4025-4BC6-B1B2-AB262C5580B0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2007
"{90120000-00BA-0405-0000-0000000FF1CE}_ENTERPRISE_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9F60FF4E-725D-4B28-0094-FDADF5E73647}" = NBA Live 2003
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1029-7B44-A93000000001}" = Adobe Reader 9.3.3 - Czech
"{AF145F8997B44EE9B106D018EF1DB58B}" = DivX Converter Mobile
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0E18DC4-C74A-4889-AE3A-933471023787}" = LG PC Suite III
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CAFE2005-7F33-477F-8257-C49D3F7C91F4}" = CaliberRM SDK
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{DC19A2BC-9698-430E-AD50-456B837B1BCD}" = GoGear SA018 Device Manager
"{DD362256-A7A2-4524-9457-213DDC2AFC2A}" = Adobe After Effects 7.0
"{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = jetAudio Basic VX
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E8AEA11B-E60A-455E-B008-E4E763604612}" = Browser Configuration Utility
"{EB9BD1D5-8DFB-48C4-927B-10BB47CA59B3}" = Microsoft .NET Framework SDK (English) 1.1
"{EC2A8F27-4FBF-4E41-B27B-FE822511B761}" = iTunes
"{EFE1AB94-5466-4B6E-BE31-FF4C115FD25D}" = Max Payne 2
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FA02ACAC-9E14-4878-A257-92A22A647C2C}" = LG USB Modem Drivers
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"µTorrent CZ_is1" = µTorrent CZ 1.8.5 (build 17414)
"ACE-HIGH MP3 WAV WMA OGG Converter" = ACE-HIGH MP3 WAV WMA OGG Converter
"Adobe After Effects 7.0" = Adobe After Effects 7.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Ask Toolbar_is1" = Foxit Toolbar
"Audacity_is1" = Audacity 1.2.6
"AVG8Uninstall" = AVG Free 8.5
"BSPlayer1" = BSPlayer
"CCleaner" = CCleaner
"CloneDVD2" = CloneDVD2
"Collab" = Collab
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Firebird SQL Server UK" = Firebird SQL Server - MAGIX Edition
"FL Studio 8" = FL Studio 8
"GameParkClient_is1" = GamePark
"Google Chrome" = Google Chrome
"HijackThis" = HijackThis 1.99.1
"HP Photo Imaging Software" = HP Photo Imaging Software
"HP Photo Printing Software" = HP Photo Printing Software
"IEAK6" = Microsoft IEAK 6
"IL Download Manager" = IL Download Manager
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.2.0 (Full)
"MAGIX Music Maker 15 Premium Download version UK" = MAGIX Music Maker 15 Premium Download version 15.0.1.5 (UK)
"MAGIX Screenshare UK" = MAGIX Screenshare 4.3.6.1987 (UK)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"NSS" = Norton Security Scan
"NVIDIA Drivers" = NVIDIA Drivers
"PSPad editor_is1" = PSPad editor
"Quest Software Toad Data Modeler Freeware 2.25_is1" = Quest Software Toad Data Modeler Freeware 2.25
"Reason4_is1" = Reason 4.0
"Steinberg Nuendo v3.2.0.1128" = Steinberg Nuendo v3.2.0.1128
"SyncroSoft Emu" = SyncroSoft Emu (Remove only)
"Syncrosoft's License Control" = Syncrosoft's License Control
"UHkcb-7u" = LoudMo Contextual Ad Assistant
"VirtualCloneDrive" = VirtualCloneDrive
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-220523388-879983540-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"QIP 2010" = QIP 2010 10.4.30.3381
"QipGuard" = QIP Internet Guardian

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 20.3.2010 9:25:57 | Computer Name = TRILINE | Source = Application Error | ID = 1000
Description = Chybující aplikace mxr.exe, verze 0.0.0.0, chybující modul mxr.exe,
verze 0.0.0.0, adresa chyby 0x0000e0c5.

Error - 21.3.2010 8:39:39 | Computer Name = TRILINE | Source = Application Error | ID = 1000
Description = Chybující aplikace iexplore.exe, verze 6.0.2900.5512, chybující modul
urlmon.dll, verze 6.0.2900.5921, adresa chyby 0x0003e567.

Error - 21.3.2010 8:40:20 | Computer Name = TRILINE | Source = Application Error | ID = 1000
Description = Chybující aplikace mxr.exe, verze 0.0.0.0, chybující modul mxr.exe,
verze 0.0.0.0, adresa chyby 0x0000e0c5.

Error - 21.3.2010 10:52:36 | Computer Name = TRILINE | Source = Application Error | ID = 1000
Description = Chybující aplikace photoshop.exe, verze 11.0.0.0, chybující modul
nvoglnt.dll, verze 6.14.11.7783, adresa chyby 0x00121e2d.

Error - 22.3.2010 16:04:58 | Computer Name = TRILINE | Source = Application Error | ID = 1000
Description = Chybující aplikace iexplore.exe, verze 6.0.2900.5512, chybující modul
urlmon.dll, verze 6.0.2900.5921, adresa chyby 0x0003e567.

Error - 22.3.2010 16:05:32 | Computer Name = TRILINE | Source = Application Error | ID = 1000
Description = Chybující aplikace mxr.exe, verze 0.0.0.0, chybující modul mxr.exe,
verze 0.0.0.0, adresa chyby 0x0000e0c5.

Error - 24.3.2010 13:16:58 | Computer Name = TRILINE | Source = Application Error | ID = 1000
Description = Chybující aplikace iexplore.exe, verze 6.0.2900.5512, chybující modul
urlmon.dll, verze 6.0.2900.5921, adresa chyby 0x0003e567.

Error - 25.3.2010 15:43:15 | Computer Name = TRILINE | Source = Application Error | ID = 1000
Description = Chybující aplikace iexplore.exe, verze 6.0.2900.5512, chybující modul
urlmon.dll, verze 6.0.2900.5921, adresa chyby 0x0003e567.

Error - 25.3.2010 16:10:53 | Computer Name = TRILINE | Source = Application Error | ID = 1001
Description = Chybný blok 1670750837

Error - 27.3.2010 12:00:32 | Computer Name = TRILINE | Source = Application Error | ID = 1000
Description = Chybující aplikace iexplore.exe, verze 6.0.2900.5512, chybující modul
urlmon.dll, verze 6.0.2900.5921, adresa chyby 0x0003e567.

[ System Events ]
Error - 5.7.2010 15:34:20 | Computer Name = TRILINE | Source = Cdrom | ID = 262151
Description = Zařízení \Device\CdRom1 má chybný blok.

Error - 5.7.2010 15:34:20 | Computer Name = TRILINE | Source = Cdrom | ID = 262151
Description = Zařízení \Device\CdRom1 má chybný blok.

Error - 5.7.2010 15:34:20 | Computer Name = TRILINE | Source = Cdrom | ID = 262151
Description = Zařízení \Device\CdRom1 má chybný blok.

Error - 5.7.2010 15:34:21 | Computer Name = TRILINE | Source = Cdrom | ID = 262151
Description = Zařízení \Device\CdRom1 má chybný blok.

Error - 5.7.2010 15:34:21 | Computer Name = TRILINE | Source = Cdrom | ID = 262151
Description = Zařízení \Device\CdRom1 má chybný blok.

Error - 5.7.2010 15:34:21 | Computer Name = TRILINE | Source = Cdrom | ID = 262151
Description = Zařízení \Device\CdRom1 má chybný blok.

Error - 7.7.2010 9:28:17 | Computer Name = TRILINE | Source = Dhcp | ID = 1000
Description = Zapůjčení adresy IP počítače 192.168.1.101 pro síťovou kartu se síťovou
adresou 00241D91B3F7 byla ukončena.

Error - 8.7.2010 9:01:59 | Computer Name = TRILINE | Source = Dhcp | ID = 1000
Description = Zapůjčení adresy IP počítače 192.168.1.101 pro síťovou kartu se síťovou
adresou 00241D91B3F7 byla ukončena.

Error - 9.7.2010 8:27:30 | Computer Name = TRILINE | Source = Dhcp | ID = 1000
Description = Zapůjčení adresy IP počítače 192.168.1.101 pro síťovou kartu se síťovou
adresou 00241D91B3F7 byla ukončena.

Error - 10.7.2010 13:16:40 | Computer Name = TRILINE | Source = Dhcp | ID = 1000
Description = Zapůjčení adresy IP počítače 192.168.1.101 pro síťovou kartu se síťovou
adresou 00241D91B3F7 byla ukončena.

< End of report >

#8 Příspěvek od **Caroprd111** » 10 črc 2010 20:21

Doporučuji odinstalovat µTorrent.

P2P sítě a jejich klienti jsou potenciálním bezpečnostním rizikem, prakticky neustále jsou zdrojem virů, zbytečně se vystavujete riziku.

Obrázek

Spusťte OTL a do spodního okna vložte následující skript.

Kód: Vybrat vše

:OTL
PRC - [2010.07.09 20:17:23 | 000,506,368 | ---- | M] () -- C:\WINDOWS\system32\qtplugin.exe
PRC - [2010.07.09 16:16:59 | 000,052,746 | ---- | M] (Attila Kovrig) -- C:\Documents and Settings\uživatel\Local Settings\temp\svcnost.exe
PRC - [2010.06.30 22:25:24 | 000,036,864 | ---- | M] (Microsoft) -- C:\Documents and Settings\uživatel\Data aplikací\InstallMon.exe
PRC - [2010.06.04 13:32:49 | 000,077,824 | ---- | M] (noOrg) -- C:\Documents and Settings\uživatel\Data aplikací\Microsoft\lsass.exe
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\VBoxNetFlt.sys -- (VBoxNetFlt)
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://join.clonecashsystem.com/track/N ... 4wLjAuMC4w
E - HKU\S-1-5-21-220523388-879983540-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
IE - HKU\S-1-5-21-220523388-879983540-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
IE - HKU\S-1-5-21-220523388-879983540-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
IE - HKU\S-1-5-21-220523388-879983540-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://gb.iamwired.net/
IE - HKU\S-1-5-21-220523388-879983540-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
IE - HKU\S-1-5-21-220523388-879983540-839522115-1003\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-220523388-879983540-839522115-1003\..\URLSearchHook: *{855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
FF - prefs.js..browser.search.defaulturl: "http://gb.iamwired.net/websearch.php?src=tops&search="
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.2
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.8
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {17b52f53-fedd-911d-795b-0aff67a96b9c}:4.6.6.8
FF - prefs.js..extensions.enabledItems: QipCounter@qip.ru:1.0
FF - prefs.js..extensions.enabledItems: {32a1fd71-835e-4b11-8e54-886fda0b4c89}:1.1
FF - prefs.js..keyword.URL: "http://gb.iamwired.net/websearch.php?src=tops&search="
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (QipLI Class) - {6B5863A0-C43F-4C0A-982B-CC0E9125783F} - C:\Documents and Settings\uživatel\Data aplikací\Microsoft\Internet Explorer\qstatsrv.dll (TODO: <Company name>)
O2 - BHO: (everyflv) - {8cca0561-342d-1c68-896d-4242ef1631bf} - C:\WINDOWS\system32\9Y-bnKv.dll ()
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\S-1-5-21-220523388-879983540-839522115-1003\..\Toolbar\WebBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4 - HKLM..\Run: [HijackThis] C:\Documents and Settings\uživatel\Data aplikací\MSNLiveUpdatex.exe.html (Trend Micro Inc)
O4 - HKLM..\Run: [Local Security Authortity Process] C:\Documents and Settings\uživatel\Data aplikací\Microsoft\lsass.exe (noOrg)
O4 - HKLM..\Run: [RegistryMonitor1] C:\WINDOWS\system32\qtplugin.exe ()
O4 - HKU\S-1-5-21-220523388-879983540-839522115-1003..\Run: [C:\Documents and Settings\uživatel\Data aplikací\InstallMon.exe] C:\Documents and Settings\uživatel\Data aplikací\InstallMon.exe (Microsoft)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... mv9VCM.CAB (Reg Error: Key error.)
O20 - HKLM Winlogon: UserInit - ("C:\DOCUME~1\UIVATE~1\LOCALS~1\Temp\svcnost.exe") - C:\Documents and Settings\uživatel\Local Settings\temp\svcnost.exe (Attila Kovrig)
O33 - MountPoints2\{a4838002-f099-11de-9ba6-00241d91b3f7}\Shell - "" = AutoRun
O32 - AutoRun File - [2010.05.02 16:12:08 | 000,000,000 | ---D | M] - C:\auto -- [ NTFS ]
O32 - AutoRun File - [2010.07.05 20:33:19 | 000,000,053 | -H-- | M] () - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010.07.05 20:33:19 | 000,000,053 | -H-- | M] () - D:\autorun.inf -- [ NTFS ]
[2010.07.05 20:33:22 | 000,330,212 | -H-- | C] (Trend Micro Inc) -- C:\svchost.exe
[2010.07.05 20:33:19 | 000,330,212 | -H-- | C] (Trend Micro Inc) -- C:\sys32.exe
[2010.07.05 20:33:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\uživatel\Data aplikací\Trend Micro Inc
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2010.07.05 20:33:22 | 000,001,050 | ---- | M] () -- C:\WINDOWS\System32\net.bat
[2010.07.05 20:33:22 | 000,000,480 | ---- | M] () -- C:\WINDOWS\System32\net.vbs
[2010.07.05 20:33:22 | 000,000,245 | ---- | M] () -- C:\WINDOWS\System32\sys.bat
[2010.07.05 20:33:22 | 000,000,137 | ---- | M] () -- C:\WINDOWS\System32\launch.vbs
[2010.07.05 20:33:22 | 000,000,137 | ---- | M] () -- C:\WINDOWS\System32\exec.vbs
[2010.07.05 20:33:22 | 000,000,000 | ---- | M] () -- C:\WINDOWS\javaupdate.exe
[2010.07.05 20:31:36 | 000,330,212 | ---- | M] (Trend Micro Inc) -- C:\Documents and Settings\uživatel\Data aplikací\MSNLiveUpdatex.exe.html
[2010.06.30 22:25:24 | 000,036,864 | ---- | M] (Microsoft) -- C:\Documents and Settings\uživatel\Data aplikací\InstallMon.exe
[2010.06.24 19:28:49 | 000,000,085 | -HS- | M] () -- C:\Documents and Settings\All Users\Data aplikací\.zreglib
[2010.07.09 17:47:39 | 000,506,368 | ---- | C] () -- C:\WINDOWS\System32\qtplugin.exe
[2010.07.09 16:02:22 | 000,000,330 | --S- | C] () -- C:\WINDOWS\System32\1041300360.dat
[2004.08.18 14:00:00 | 000,048,585 | ---- | C] () -- C:\WINDOWS\System32\12520437g.sys
[2009.09.12 15:31:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Temp
[2010.07.05 20:31:27 | 000,043,049 | ---- | M] () -- C:\Documents and Settings\uživatel\Data aplikací\WinInstallMon.exe.html
[2009.02.03 14:21:10 | 000,239,104 | ---- | M] (Igor Pavlov) -- C:\Documents and Settings\uživatel\Data aplikací\7za.exe
[2010.06.30 22:25:24 | 000,036,864 | ---- | M] (Microsoft) -- C:\Documents and Settings\uživatel\Data aplikací\InstallMon.exe
[2010.07.10 19:55:01 | 000,043,049 | ---- | M] () -- C:\Documents and Settings\uživatel\Data aplikací\WinInstallMon.exe
[2010.03.04 22:00:53 | 000,050,354 | ---- | M] (Facebook, Inc.) -- C:\Documents and Settings\uživatel\Data aplikací\Facebook\uninstall.exe
[2010.06.04 13:32:49 | 000,077,824 | ---- | M] (noOrg) -- C:\Documents and Settings\uživatel\Data aplikací\Microsoft\lsass.exe
[2010.05.01 09:16:01 | 000,001,078 | R--- | M] () -- C:\Documents and Settings\uživatel\Data aplikací\Microsoft\Installer\{01E970F7-212F-4C07-87E9-5B48C52E247D}\_16496df1.exe
[2010.05.01 09:16:01 | 000,001,078 | R--- | M] () -- C:\Documents and Settings\uživatel\Data aplikací\Microsoft\Installer\{01E970F7-212F-4C07-87E9-5B48C52E247D}\_26e91eb.exe
[2010.05.01 09:16:01 | 000,001,078 | R--- | M] () -- C:\Documents and Settings\uživatel\Data aplikací\Microsoft\Installer\{01E970F7-212F-4C07-87E9-5B48C52E247D}\_5af141bb.exe
[2010.05.01 09:16:01 | 000,024,542 | R--- | M] () -- C:\Documents and Settings\uživatel\Data aplikací\Microsoft\Installer\{01E970F7-212F-4C07-87E9-5B48C52E247D}\_69525f90.exe
[2010.05.01 08:52:31 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\uživatel\Data aplikací\Microsoft\Installer\{0B1F3A28-784B-40F1-BA0D-B0439A6FEBB0}\ARPPRODUCTICON.exe
[2010.05.11 19:22:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uživatel\Data aplikací\Mozilla\Firefox\Profiles\wturhvdw.default\extensions\QipCounter@qip.ru

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\DOCUME~1\UIVATE~1\LOCALS~1\Temp\svcnost.exe" =-

:Commands
[EMPTYTEMP] 
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]

Klikněte na Opravit, PC se restartuje, log vložte sem.

Boofy · #9 Příspěvek od **Boofy** » 15 črc 2010 10:09

Dobrý den, omlouvám se, ale teď jsem nebyl dva dny doma. uTorrent jsem odinstaloval a provedl jsem co sem udělat měl, ale mám další problém, nejde mi přehrát na internetu zvuk, v pc když dám ze složky co mám na disku něco spustit tak to hraje ale na internetu nic nejde, jen třeba obraz u klipu ale zvuk ne. Jinak tady je ten log:

Logfile of random's system information tool 1.08 (written by random/random)
Run by uživatel at 2010-07-15 11:07:50
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 76 GB (38%) free of 200 GB
Total RAM: 2046 MB (62% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:07:56, on 15.7.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\DOCUME~1\UIVATE~1\LOCALS~1\Temp\svcnost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Documents and Settings\uživatel\Data aplikací\Microsoft\lsass.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\qtplugin.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\uživatel\Data aplikací\QipGuard\QipGuard.exe
C:\Documents and Settings\uživatel\Data aplikací\InstallMon.exe
C:\Program Files\Philips\GoGear SA018 Device Manager\GoGear_SA018_DeviceManager.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\uživatel\Plocha\RSIT.exe
C:\Program Files\trend micro\uživatel.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsearch.com/index.jhtml ... n=77cf41cf
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,"C:\DOCUME~1\UIVATE~1\LOCALS~1\Temp\svcnost.exe"
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: QipLI - {6B5863A0-C43F-4C0A-982B-CC0E9125783F} - C:\Documents and Settings\uživatel\Data aplikací\Microsoft\Internet Explorer\qstatsrv.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: everyflv - {8cca0561-342d-1c68-896d-4242ef1631bf} - C:\WINDOWS\system32\9Y-bnKv.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKLM\..\Run: [Local Security Authortity Process] C:\Documents and Settings\uživatel\Data aplikací\Microsoft\lsass.exe
O4 - HKLM\..\Run: [HijackThis] C:\Documents and Settings\uživatel\Data aplikací\MSNLiveUpdatex.exe.html
O4 - HKLM\..\Run: [RegistryMonitor1] C:\WINDOWS\system32\qtplugin.exe
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=2 /w /h
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [QIP Internet Guardian] C:\Documents and Settings\uživatel\Data aplikací\QipGuard\QipGuard.exe
O4 - HKCU\..\Run: [Infium] "C:\Program Files\QIP 2010\qip.exe" /autorun
O4 - HKCU\..\Run: [uTorrent] "C:\Documents and Settings\uživatel\Data aplikací\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [C:\Documents and Settings\uživatel\Data aplikací\InstallMon.exe] C:\Documents and Settings\uživatel\Data aplikací\InstallMon.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - Global Startup: Philips GoGear SA018 Device Manager.lnk = C:\Program Files\Philips\GoGear SA018 Device Manager\GoGear_SA018_DeviceManager.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... 2010071503
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocach ... .0.1.1.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Správce logických disků dmserverdmadmin (dmserverdmadmin) - Unknown owner - C:\WINDOWS\system32\advpack.dllg.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate1ca7bfab81c2c58) (gupdate1ca7bfab81c2c58) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

--
End of file - 11817 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Norton Security Scan for uživatel.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}]
MyWebSearch Search Assistant BHO - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL [2010-07-15 54704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}]
mwsBar BHO - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL [2010-07-15 775696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-11-18 333192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-09-12 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6B5863A0-C43F-4C0A-982B-CC0E9125783F}]
QipLI Class - C:\Documents and Settings\uživatel\Data aplikací\Microsoft\Internet Explorer\qstatsrv.dll [2010-04-30 48080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8cca0561-342d-1c68-896d-4242ef1631bf}]
everyflv - C:\WINDOWS\system32\9Y-bnKv.dll [2010-05-01 1560576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-09-02 1107200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-09-19 41368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-09-19 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-09-02 1107200]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Foxit Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-11-18 333192]
{07B18EA9-A523-4961-B6BB-170DE4475CCA} - My Web Search - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL [2010-07-15 775696]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-01-13 18084864]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-08-02 13570048]
"VirtualCloneDrive"=C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2009-05-27 85160]
"H2O"=C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe [2007-12-11 307200]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-09-19 148888]
"Local Security Authortity Process"=C:\Documents and Settings\uživatel\Data aplikací\Microsoft\lsass.exe [2010-06-04 77824]
"HijackThis"=C:\Documents and Settings\uživatel\Data aplikací\MSNLiveUpdatex.exe.html [2010-07-05 330212]
"RegistryMonitor1"=C:\WINDOWS\system32\qtplugin.exe [2010-07-13 936448]
"My Web Search Bar Search Scope Monitor"=C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe [2010-07-15 28783]
"MyWebSearch Email Plugin"=C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe [2010-07-15 32849]
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-06-03 1144104]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files\Skype\\Phone\Skype.exe [2010-04-06 26102056]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"QIP Internet Guardian"=C:\Documents and Settings\uživatel\Data aplikací\QipGuard\QipGuard.exe [2010-04-30 184272]
"Infium"=C:\Program Files\QIP 2010\qip.exe [2010-04-30 5562832]
"uTorrent"=C:\Documents and Settings\uživatel\Data aplikací\uTorrent\utorrent.exe []
"C:\Documents and Settings\uživatel\Data aplikací\InstallMon.exe"=C:\Documents and Settings\uživatel\Data aplikací\InstallMon.exe [2010-06-30 36864]
"MyWebSearch Email Plugin"=C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe [2010-07-15 32849]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Philips GoGear SA018 Device Manager.lnk - C:\Program Files\Philips\GoGear SA018 Device Manager\GoGear_SA018_DeviceManager.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-09-12 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe"="C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Documents and Settings\uživatel\Data aplikací\uTorrent\utorrent.exe"="C:\Documents and Settings\uživatel\Data aplikací\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Activision\Modern Warfare 2\iw4mp.exe"="C:\Program Files\Activision\Modern Warfare 2\iw4mp.exe:*:Enabled:iw4mp"
"C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe"="C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Vibe Streamer\vibestreamer.exe"="C:\Program Files\Vibe Streamer\vibestreamer.exe:*:Enabled:vibestreamer"
"C:\Program Files\QIP\qip.exe"="C:\Program Files\QIP\qip.exe:*:Enabled:Quiet Internet Pager"
"C:\Program Files\QIP 2010\qip.exe"="C:\Program Files\QIP 2010\qip.exe:*:Enabled:QIP 2010"
"C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe"="C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher"
"C:\DOCUME~1\UIVATE~1\LOCALS~1\Temp\svcnost.exe"="C:\DOCUME~1\UIVATE~1\LOCALS~1\Temp\svcnost.exe:*:Enabled:ldrsoft"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======File associations======

.txt - open - notepad.exe %1

======List of files/folders created in the last 1 months======

2010-07-15 10:59:25 ----D---- C:\_OTL
2010-07-15 10:49:12 ----D---- C:\Program Files\Codec Pack - VobSub
2010-07-15 10:49:12 ----A---- C:\WINDOWS\iun6002.exe
2010-07-15 09:58:13 ----D---- C:\Documents and Settings\uživatel\Data aplikací\FunWebProducts
2010-07-15 09:48:54 ----D---- C:\Program Files\MyWebSearch
2010-07-15 09:48:36 ----RSH---- C:\Documents and Settings\uživatel\Data aplikací\ccpep.exe
2010-07-15 09:48:07 ----D---- C:\Program Files\FunWebProducts
2010-07-15 09:47:49 ----A---- C:\Documents and Settings\uživatel\Data aplikací\WinPackService.exe
2010-07-14 21:03:22 ----HDC---- C:\WINDOWS\$NtUninstallKB2229593$
2010-07-10 19:46:36 ----D---- C:\rsit
2010-07-09 17:47:39 ----A---- C:\WINDOWS\system32\qtplugin.exe
2010-07-06 22:35:57 ----A---- C:\Documents and Settings\uživatel\Data aplikací\WinInstallMon.exe
2010-07-05 21:11:08 ----D---- C:\Program Files\Ubisoft
2010-07-05 20:33:22 ----H---- C:\svchost.exe
2010-07-05 20:33:22 ----A---- C:\WINDOWS\system32\sys.bat
2010-07-05 20:33:22 ----A---- C:\WINDOWS\system32\net.vbs
2010-07-05 20:33:22 ----A---- C:\WINDOWS\system32\net.bat
2010-07-05 20:33:22 ----A---- C:\WINDOWS\system32\logg.txt
2010-07-05 20:33:22 ----A---- C:\WINDOWS\system32\launch.vbs
2010-07-05 20:33:22 ----A---- C:\WINDOWS\system32\exec.vbs
2010-07-05 20:33:22 ----A---- C:\WINDOWS\javaupdate.exe
2010-07-05 20:33:19 ----H---- C:\sys32.exe
2010-07-05 20:33:19 ----D---- C:\Documents and Settings\uživatel\Data aplikací\Trend Micro Inc
2010-07-05 20:31:42 ----H---- C:\Documents and Settings\uživatel\Data aplikací\Interop.MessengerAPI.dll
2010-07-05 20:31:32 ----A---- C:\Documents and Settings\uživatel\Data aplikací\MSNLiveUpdatex.exe.html
2010-07-05 20:31:25 ----A---- C:\Documents and Settings\uživatel\Data aplikací\WinInstallMon.exe.html
2010-06-30 22:25:24 ----A---- C:\Documents and Settings\uživatel\Data aplikací\InstallMon.exe
2010-06-24 19:34:30 ----D---- C:\Program Files\Astroburn Toolbar
2010-06-24 19:34:19 ----D---- C:\Documents and Settings\uživatel\Data aplikací\Astroburn Lite
2010-06-24 19:34:16 ----D---- C:\Documents and Settings\All Users\Data aplikací\Astroburn Lite
2010-06-24 19:18:52 ----D---- C:\Documents and Settings\uživatel\Data aplikací\Media Player Classic
2010-06-24 18:45:05 ----SHD---- C:\Config.Msi
2010-06-24 18:44:42 ----D---- C:\finalburner
2010-06-24 18:44:42 ----D---- C:\Documents and Settings\uživatel\Data aplikací\FinalBurner Video DVD
2010-06-24 18:43:35 ----A---- C:\WINDOWS\avisplitter.ini
2010-06-24 18:43:34 ----A---- C:\WINDOWS\system32\yv12vfw.dll
2010-06-24 18:43:34 ----A---- C:\WINDOWS\system32\xvidvfw.dll
2010-06-24 18:43:34 ----A---- C:\WINDOWS\system32\xvidcore.dll
2010-06-24 18:43:34 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest
2010-06-24 18:43:34 ----A---- C:\WINDOWS\system32\ff_vfw.dll
2010-06-24 18:43:33 ----D---- C:\Program Files\K-Lite Codec Pack
2010-06-22 15:07:56 ----D---- C:\Program Files\ND Games

======List of files/folders modified in the last 1 months======

2010-07-15 11:07:52 ----D---- C:\Program Files\trend micro
2010-07-15 11:07:48 ----D---- C:\WINDOWS\Prefetch
2010-07-15 11:02:05 ----D---- C:\Documents and Settings\uživatel\Data aplikací\Skype
2010-07-15 11:00:35 ----D---- C:\WINDOWS\Temp
2010-07-15 11:00:11 ----D---- C:\WINDOWS\system32
2010-07-15 11:00:05 ----D---- C:\WINDOWS
2010-07-15 10:58:30 ----D---- C:\Documents and Settings\uživatel\Data aplikací\uTorrent
2010-07-15 10:49:12 ----RD---- C:\Program Files
2010-07-15 09:52:03 ----D---- C:\Documents and Settings\All Users\Data aplikací\DivX
2010-07-15 09:51:25 ----D---- C:\Program Files\DivX
2010-07-15 09:51:25 ----D---- C:\Program Files\Common Files\DivX Shared
2010-07-15 09:48:27 ----D---- C:\Documents and Settings\uživatel\Data aplikací\skypePM
2010-07-15 09:48:13 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-07-15 09:48:09 ----D---- C:\WINDOWS\system32\CatRoot2
2010-07-15 09:47:33 ----D---- C:\WINDOWS\system32\drivers
2010-07-14 22:34:33 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-07-14 21:03:26 ----HD---- C:\WINDOWS\inf
2010-07-14 21:03:24 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-07-14 21:03:03 ----HD---- C:\WINDOWS\$hf_mig$
2010-07-14 21:01:23 ----SHD---- C:\WINDOWS\Installer
2010-07-14 21:01:15 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2010-07-12 15:29:06 ----D---- C:\Program Files\Common Files\Symantec Shared
2010-07-10 20:36:36 ----SD---- C:\WINDOWS\Tasks
2010-07-10 20:36:36 ----D---- C:\Documents and Settings\uživatel\Data aplikací\NCH Swift Sound
2010-07-10 20:35:18 ----HD---- C:\Program Files\InstallShield Installation Information
2010-07-10 20:34:16 ----D---- C:\Program Files\Mp3 File Editor
2010-07-10 20:33:48 ----D---- C:\Program Files\Minilyrics
2010-07-10 20:29:41 ----RSD---- C:\WINDOWS\Fonts
2010-07-09 19:37:39 ----D---- C:\Program Files\Mozilla Firefox
2010-07-09 19:37:36 ----D---- C:\Program Files\Internet Explorer
2010-07-08 15:27:07 ----D---- C:\Program Files\Moravian Instruments
2010-07-08 15:25:02 ----D---- C:\Program Files\Atmosphere Lite
2010-07-05 20:31:12 ----SD---- C:\Documents and Settings\uživatel\Data aplikací\Microsoft
2010-07-05 13:17:29 ----D---- C:\Lyrics
2010-07-04 20:39:22 ----A---- C:\WINDOWS\Robota.INI
2010-07-02 21:39:05 ----A---- C:\WINDOWS\system32\MRT.exe
2010-06-24 19:28:33 ----D---- C:\Program Files\Elaborate Bytes
2010-06-24 18:46:28 ----D---- C:\Program Files\Common Files\Nero
2010-06-24 18:46:28 ----D---- C:\Documents and Settings\All Users\Data aplikací\Nero
2010-06-24 18:46:21 ----D---- C:\Program Files\Nero
2010-06-23 21:05:05 ----RSD---- C:\WINDOWS\assembly
2010-06-23 21:04:57 ----D---- C:\WINDOWS\Microsoft.NET
2010-06-23 21:02:50 ----D---- C:\WINDOWS\system32\CatRoot
2010-06-23 21:02:06 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-06-23 21:01:51 ----D---- C:\WINDOWS\WinSxS
2010-06-22 22:45:39 ----D---- C:\WINDOWS\security
2010-06-22 15:14:11 ----D---- C:\WINDOWS\RegisteredPackages
2010-06-22 15:14:11 ----D---- C:\Program Files\Windows Media Player
2010-06-22 15:14:05 ----D---- C:\WINDOWS\Help

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2010-03-31 44944]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-09-12 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-09-12 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-09-12 108552]
R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2010-01-01 26024]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-18 12032]
R2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys [2008-08-14 74720]
R3 CLEDX;Team H2O CLEDX service; C:\WINDOWS\system32\DRIVERS\cledx.sys [2007-12-11 33792]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-01-13 5015040]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-08-02 6121856]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-10-30 117888]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 VClone;VClone; C:\WINDOWS\system32\DRIVERS\VClone.sys [2009-05-23 29696]
S3 ASPI;Advanced SCSI Programming Interface Driver; \??\C:\WINDOWS\System32\DRIVERS\ASPI32.sys []
S3 dot4;Ovladač MS IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [2008-04-13 206976]
S3 Dot4Print;Ovladač třídy tiskárny standardu IEEE-1284.4; C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys [2001-08-17 12928]
S3 dot4usb;Filtr Dot4USB Dot4USB Filter; C:\WINDOWS\system32\DRIVERS\dot4usb.sys [2001-10-24 23808]
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-18 12160]
S3 PnkBstrK;PnkBstrK; \??\C:\WINDOWS\system32\drivers\PnkBstrK.sys []
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-08-28 40448]
S3 usbaudio;Ovladač zvukové karty USB (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys [2010-03-25 99728]
S3 VBoxNetFlt;VBoxNetFlt Service; C:\WINDOWS\system32\DRIVERS\VBoxNetFlt.sys []
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S4 sfc;sfc; C:\WINDOWS\system32\drivers\sfc.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-09-12 297752]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-09-19 152984]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-03-19 335872]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-08-02 163908]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-12-31 75064]
R2 PnkBstrB;PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [2010-05-26 214520]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2007-05-14 272024]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
S2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-09-12 908056]
S2 dmserverdmadmin;Správce logických disků dmserverdmadmin; C:\WINDOWS\system32\advpack.dll [2008-04-14 100352]
S2 gupdate1ca7bfab81c2c58;Služba Google Update (gupdate1ca7bfab81c2c58); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-12-13 133104]
S2 MyWebSearchService;My Web Search Service; C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe [2010-07-15 28762]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-09-20 655624]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-09-08 545568]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

#10 Příspěvek od **Caroprd111** » 15 črc 2010 17:17

Vložte sem log z OTL, který na Vás měl vyskočit po aplikaci skriptu. Pokud nevyskočil, tak ho najdete v C:\_OTL\MovedFiles

Boofy · #11 Příspěvek od **Boofy** » 16 črc 2010 07:57

ty scripty jsem sem hodil oba, ale další už nemám, nebo mám teď nechat vygenerovat script stejně jako poprvé?

#12 Příspěvek od **Caroprd111** » 16 črc 2010 14:08

Caroprd111 píše: Obrázek

Spusťte OTL a do spodního okna vložte následující skript.

Kód: Vybrat vše

:OTL
PRC - [2010.07.09 20:17:23 | 000,506,368 | ---- | M] () -- C:\WINDOWS\system32\qtplugin.exe
PRC - [2010.07.09 16:16:59 | 000,052,746 | ---- | M] (Attila Kovrig) -- C:\Documents and Settings\uživatel\Local Settings\temp\svcnost.exe
PRC - [2010.06.30 22:25:24 | 000,036,864 | ---- | M] (Microsoft) -- C:\Documents and Settings\uživatel\Data aplikací\InstallMon.exe
PRC - [2010.06.04 13:32:49 | 000,077,824 | ---- | M] (noOrg) -- C:\Documents and Settings\uživatel\Data aplikací\Microsoft\lsass.exe
SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\VBoxNetFlt.sys -- (VBoxNetFlt)
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://join.clonecashsystem.com/track/N ... 4wLjAuMC4w
E - HKU\S-1-5-21-220523388-879983540-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
IE - HKU\S-1-5-21-220523388-879983540-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
IE - HKU\S-1-5-21-220523388-879983540-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
IE - HKU\S-1-5-21-220523388-879983540-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://gb.iamwired.net/
IE - HKU\S-1-5-21-220523388-879983540-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
IE - HKU\S-1-5-21-220523388-879983540-839522115-1003\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-220523388-879983540-839522115-1003\..\URLSearchHook: *{855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
FF - prefs.js..browser.search.defaulturl: "http://gb.iamwired.net/websearch.php?src=tops&search="
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.2
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.8
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {17b52f53-fedd-911d-795b-0aff67a96b9c}:4.6.6.8
FF - prefs.js..extensions.enabledItems: QipCounter@qip.ru:1.0
FF - prefs.js..extensions.enabledItems: {32a1fd71-835e-4b11-8e54-886fda0b4c89}:1.1
FF - prefs.js..keyword.URL: "http://gb.iamwired.net/websearch.php?src=tops&search="
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (QipLI Class) - {6B5863A0-C43F-4C0A-982B-CC0E9125783F} - C:\Documents and Settings\uživatel\Data aplikací\Microsoft\Internet Explorer\qstatsrv.dll (TODO: <Company name>)
O2 - BHO: (everyflv) - {8cca0561-342d-1c68-896d-4242ef1631bf} - C:\WINDOWS\system32\9Y-bnKv.dll ()
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\S-1-5-21-220523388-879983540-839522115-1003\..\Toolbar\WebBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O4 - HKLM..\Run: [HijackThis] C:\Documents and Settings\uživatel\Data aplikací\MSNLiveUpdatex.exe.html (Trend Micro Inc)
O4 - HKLM..\Run: [Local Security Authortity Process] C:\Documents and Settings\uživatel\Data aplikací\Microsoft\lsass.exe (noOrg)
O4 - HKLM..\Run: [RegistryMonitor1] C:\WINDOWS\system32\qtplugin.exe ()
O4 - HKU\S-1-5-21-220523388-879983540-839522115-1003..\Run: [C:\Documents and Settings\uživatel\Data aplikací\InstallMon.exe] C:\Documents and Settings\uživatel\Data aplikací\InstallMon.exe (Microsoft)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... mv9VCM.CAB (Reg Error: Key error.)
O20 - HKLM Winlogon: UserInit - ("C:\DOCUME~1\UIVATE~1\LOCALS~1\Temp\svcnost.exe") - C:\Documents and Settings\uživatel\Local Settings\temp\svcnost.exe (Attila Kovrig)
O33 - MountPoints2\{a4838002-f099-11de-9ba6-00241d91b3f7}\Shell - "" = AutoRun
O32 - AutoRun File - [2010.05.02 16:12:08 | 000,000,000 | ---D | M] - C:\auto -- [ NTFS ]
O32 - AutoRun File - [2010.07.05 20:33:19 | 000,000,053 | -H-- | M] () - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010.07.05 20:33:19 | 000,000,053 | -H-- | M] () - D:\autorun.inf -- [ NTFS ]
[2010.07.05 20:33:22 | 000,330,212 | -H-- | C] (Trend Micro Inc) -- C:\svchost.exe
[2010.07.05 20:33:19 | 000,330,212 | -H-- | C] (Trend Micro Inc) -- C:\sys32.exe
[2010.07.05 20:33:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\uživatel\Data aplikací\Trend Micro Inc
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2010.07.05 20:33:22 | 000,001,050 | ---- | M] () -- C:\WINDOWS\System32\net.bat
[2010.07.05 20:33:22 | 000,000,480 | ---- | M] () -- C:\WINDOWS\System32\net.vbs
[2010.07.05 20:33:22 | 000,000,245 | ---- | M] () -- C:\WINDOWS\System32\sys.bat
[2010.07.05 20:33:22 | 000,000,137 | ---- | M] () -- C:\WINDOWS\System32\launch.vbs
[2010.07.05 20:33:22 | 000,000,137 | ---- | M] () -- C:\WINDOWS\System32\exec.vbs
[2010.07.05 20:33:22 | 000,000,000 | ---- | M] () -- C:\WINDOWS\javaupdate.exe
[2010.07.05 20:31:36 | 000,330,212 | ---- | M] (Trend Micro Inc) -- C:\Documents and Settings\uživatel\Data aplikací\MSNLiveUpdatex.exe.html
[2010.06.30 22:25:24 | 000,036,864 | ---- | M] (Microsoft) -- C:\Documents and Settings\uživatel\Data aplikací\InstallMon.exe
[2010.06.24 19:28:49 | 000,000,085 | -HS- | M] () -- C:\Documents and Settings\All Users\Data aplikací\.zreglib
[2010.07.09 17:47:39 | 000,506,368 | ---- | C] () -- C:\WINDOWS\System32\qtplugin.exe
[2010.07.09 16:02:22 | 000,000,330 | --S- | C] () -- C:\WINDOWS\System32\1041300360.dat
[2004.08.18 14:00:00 | 000,048,585 | ---- | C] () -- C:\WINDOWS\System32\12520437g.sys
[2009.09.12 15:31:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Temp
[2010.07.05 20:31:27 | 000,043,049 | ---- | M] () -- C:\Documents and Settings\uživatel\Data aplikací\WinInstallMon.exe.html
[2009.02.03 14:21:10 | 000,239,104 | ---- | M] (Igor Pavlov) -- C:\Documents and Settings\uživatel\Data aplikací\7za.exe
[2010.06.30 22:25:24 | 000,036,864 | ---- | M] (Microsoft) -- C:\Documents and Settings\uživatel\Data aplikací\InstallMon.exe
[2010.07.10 19:55:01 | 000,043,049 | ---- | M] () -- C:\Documents and Settings\uživatel\Data aplikací\WinInstallMon.exe
[2010.03.04 22:00:53 | 000,050,354 | ---- | M] (Facebook, Inc.) -- C:\Documents and Settings\uživatel\Data aplikací\Facebook\uninstall.exe
[2010.06.04 13:32:49 | 000,077,824 | ---- | M] (noOrg) -- C:\Documents and Settings\uživatel\Data aplikací\Microsoft\lsass.exe
[2010.05.01 09:16:01 | 000,001,078 | R--- | M] () -- C:\Documents and Settings\uživatel\Data aplikací\Microsoft\Installer\{01E970F7-212F-4C07-87E9-5B48C52E247D}\_16496df1.exe
[2010.05.01 09:16:01 | 000,001,078 | R--- | M] () -- C:\Documents and Settings\uživatel\Data aplikací\Microsoft\Installer\{01E970F7-212F-4C07-87E9-5B48C52E247D}\_26e91eb.exe
[2010.05.01 09:16:01 | 000,001,078 | R--- | M] () -- C:\Documents and Settings\uživatel\Data aplikací\Microsoft\Installer\{01E970F7-212F-4C07-87E9-5B48C52E247D}\_5af141bb.exe
[2010.05.01 09:16:01 | 000,024,542 | R--- | M] () -- C:\Documents and Settings\uživatel\Data aplikací\Microsoft\Installer\{01E970F7-212F-4C07-87E9-5B48C52E247D}\_69525f90.exe
[2010.05.01 08:52:31 | 000,010,134 | R--- | M] () -- C:\Documents and Settings\uživatel\Data aplikací\Microsoft\Installer\{0B1F3A28-784B-40F1-BA0D-B0439A6FEBB0}\ARPPRODUCTICON.exe
[2010.05.11 19:22:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\uživatel\Data aplikací\Mozilla\Firefox\Profiles\wturhvdw.default\extensions\QipCounter@qip.ru

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\DOCUME~1\UIVATE~1\LOCALS~1\Temp\svcnost.exe" =-

:Commands
[EMPTYTEMP] 
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]

Klikněte na Opravit, PC se restartuje, log vložte sem.

Chci po Vás log po aplikaci tohoto skriptu. Najdete ho v C:\_OTL\MovedFiles

petyk73 · #13 Příspěvek od **petyk73** » 17 črc 2010 11:30

Logfile of Advanced SystemCare 3 Security Analyzer
Scan saved at 11:00:25, on 17.7.2010
Platform: Windows Vista (WinNT 6.1)
MSIE: Internet Explorer v8.0 (8.0.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\STacSV.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\vcsFPService.exe
C:\Windows\system32\vfsFPService.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\DigitalPersona\Bin\DpHostW.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\aestsrv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\Windows\system32\PnkBstrB.exe
C:\Program Files\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\Windows\system32\taskeng.exe
C:\Users\Petr\AppData\Local\Temp\Ml1.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Users\Petr\AppData\Local\Temp\Ml9.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Windows\PixArt\PAC7302\Monitor.exe
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Eset\nod32kui.exe
C:\Windows\system32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\prevhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: DigitalPersona Personal Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll
O2 - BHO: DigitalPersona Personal Extension - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: DigitalPersona Personal Extension - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: DigitalPersona Personal Extension - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Halo2] rundll32.exe C:\Users\Petr\AppData\Local\Temp\sshnas21.dll,GetMainWnd
O4 - HKCU\..\Run: [JDK5SWFMZY] C:\Users\Petr\AppData\Local\Temp\Ml1.exe
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_15) - http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} (Java Plug-in 1.6.0_15) - http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_15) - http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: (AMD External Events Utility) - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @C:\Program Files\DigitalPersona\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: @C:\Program Files\DigitalPersona\Bin\DpHostW.exe,-128 (DPS) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: Služba Google Update (gupdate1ca391a34fdc660) (gupdate1ca391a34fdc660) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: PnkBstrB - Unknown - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
O23 - Service: TV Task Scheduler (TVTS) (TVSched) - Unknown owner - C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vcsFPService.exe
O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe

#14 Příspěvek od **Caroprd111** » 17 črc 2010 11:32

petyk73

Pokračujte zde: http://www.viry.cz/forum/viewtopic.php?f=13&t=102793

Boofy · #15 Příspěvek od **Boofy** » 18 črc 2010 12:04

omlouvám se, ale jakmile dám opravit tak se pc restartuje a ve složce, kterou ste napsal žádný log nemám

VIRY.CZ