Prosím o kontrolu HJT logu + Vyřešeno

[mike007]

Ahoj,

Prosím o preventivní kontrolu logu. Laickým okem tam nic nevidím, nicméně poslední dobou mám nějak pomalý internet, tak jen jestli jsem někde nechytil nějakýho toho šmejda

Díky

---

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 17:52:06, on 20.11.2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16671)
Boot mode: Normal

Running processes:
C:\Users\mike\AppData\Local\Seznam.cz\postak.exe
C:\Users\mike\AppData\Roaming\Transcend\SJelite3\SJelite3Launch.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Razer\razerhid.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Razer\razertra.exe
C:\Program Files (x86)\Razer\razerofa.exe
C:\Program Files (x86)\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.foxconn.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [razer] C:\Program Files (x86)\Razer\razerhid.exe
O4 - HKLM\..\Run: [Diamondback] C:\Program Files (x86)\Razer\Diamondback\Razer\Diamondback\razerhid.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICAE.EXE /FU "C:\Windows\TEMP\E_SBD36.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Seznam Postak] "C:\Users\mike\AppData\Local\Seznam.cz\postak.exe" -s
O4 - HKCU\..\Run: [SJelite3Launch] C:\Users\mike\AppData\Roaming\Transcend\SJelite3\SJelite3Launch.exe
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\system32\StikyNot.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Stavová služba ASP.NET (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8761 bytes

[Reklama]

[memphisto]

fix:
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[mike007]

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 5157

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

20.11.2010 19:21:58
mbam-log-2010-11-20 (19-21-58).txt

Typ skenu: Rychlý sken
Skenované objekty: 145539
Uplynulý čas: 2 minuta(y), 49 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

[memphisto]

Stáhni si OTL
na plochu. Ujisti se , že máš zavřena všechna ostatní okna a poklepej na ikonu OTL.Nahoře v okně pod Výstup klikni na minimální výstup.Pod Běžné registry změň na Vše. Zatrhni Kontrola na havěť “LOP“ a Kontrola na havěť “ Purity“ . Klikni na Prohledat. Všechny ostatní nastavení ponech jak jsou. Sken může trvat dlouho, až skončí otevřou se dva logy:
OTL.Txt
Extras.Txt
Jsou uloženy ve stejném místě jako OTL. Oba logy sem prosím zkopíruj.

[mike007]

Vytvořil se jen OTL log - v příloze

[memphisto]

Dej je sem. Klidně to rozděl na více témat Je to lepší pro kontrolu

[jaro3]

memphisto má pravdu , já to stáhnul , ale kromě začátku se to nedá luštit..
Vlož sem klidně na několikrát.

[mike007]

OTL 1.část

OTL logfile created on: 20.11.2010 20:14:31 - Run 2
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\mike\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 67,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,75 Gb Total Space | 263,52 Gb Free Space | 56,58% Space Free | Partition Type: NTFS

Computer Name: MIKE-PC | User Name: mike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\mike\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\mike\AppData\Local\Seznam.cz\postak.exe ()
PRC - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Users\mike\AppData\Roaming\Transcend\SJelite3\SJelite3Launch.exe ()
PRC - C:\Program Files (x86)\Razer\razerhid.exe ()
PRC - C:\Program Files (x86)\Razer\razertra.exe ()
PRC - C:\Program Files (x86)\Razer\razerofa.exe (Razer Inc.)


========== Modules (SafeList) ==========

MOD - C:\Users\mike\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (getPlusHelper) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV - (TeamViewer5) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE (SEIKO EPSON CORPORATION)


========== Driver Services (SafeList) ==========

DRV:64bit: - (usedisk) -- C:\Windows\SysNative\drivers\usedisk.sys (Gili Soft INC.)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (pcouffin) -- C:\Windows\SysNative\drivers\pcouffin.sys (VSO Software)
DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (RTL8023x64) -- C:\Windows\SysNative\drivers\Rtnic64.sys (Realtek Semiconductor Corporation )
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation )
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (AmdTools64) -- C:\Windows\SysNative\drivers\AmdTools64.sys (AMD, Inc.)
DRV:64bit: - (camfilt2) -- C:\Windows\SysNative\drivers\camfilt2.sys (Guillemot Corporation)
DRV:64bit: - (OM0530) -- C:\Windows\SysNative\drivers\ov530vx.sys (OmniVision Technology Inc.)
DRV:64bit: - (Razerlow) -- C:\Windows\SysNative\drivers\Razerlow.sys (Razer (Asia-Pacific) Pte Ltd)
DRV:64bit: - (MarvinBus) -- C:\Windows\SysNative\drivers\MarvinBus64.sys (Pinnacle Systems GmbH)

========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SYSTEM32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mail.foxconn.cz/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4B 1E 9C 8D F2 AE CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.4
FF - prefs.js..extensions.enabledItems: cs@dictionaries.addons.mozilla.org:1.0.2
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1
FF - prefs.js..extensions.enabledItems: externalip@erik.morlin:0.9.9.6
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.4
FF - prefs.js..extensions.enabledItems: {8061ddcf-3632-4287-8d8a-133e219ae838}:0.9.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.2
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.12
FF - prefs.js..browser.startup.homepage: "Je%C5%A1t%C4%9B%20to%20nen%C3%AD,%20m%C3%A1m%20dotaz,%20jak%20dlouho%20to%20je%C5%A1t%C4%9B%20bude%20trvat%20-%20jako%20opravit%20to%20CoD2%20..%20Zkusil%20bych%20posledn%C3%AD%20krok%20a%20kdyby%20to%20ne%C5%A1lo%20tak%20bych%20to%20smazl%20a%20vykadil%20se%20na%20to..Jestli%20by%20to%20bylo%20je%C5%A1t%C4%9B%20dlouho%20;)...%0A%0A%0ALog%20-%20%C4%8Dist%C3%ADc%C3%AD%20proces%20%0A%0AComboFix%2010-11-11.01%20-%20Admin%2012.11.2010%20%2023:24:36.3.1%20-%20x86%0ASyst%C3%A9m%20Microsoft%20Windows%20XP%20Professional%20%205.1.2600.3.1250.420.1029.18.1024.717%20%5BGMT%201:00%5D%0ASpu%C5%A1t%C4%9Bn%C3%BD%20z:%20c:%5Cdocuments%20and%20settings%5CAdmin%5CPlocha%5CComboFix.exe%0APou%C5%BEit%C3%A9%20ovl%C3%A1dac%C3%AD%20p%C5%99ep%C3%ADna%C4%8De%20::%20c:%5Cdocuments%20and%20settings%5CAdmin%5CPlocha%5CCFScript.txt%0A%20*%20Vytvo%C5%99en%20nov%C3%BD%20Bod%20Obnoven%C3%AD%0A.%0A%0A(((((((((((((((((((((((((((((((((((((((%20%20%20Ostatn%C3%AD%20v%C3%BDmazy%20%20%20)))))))))))))))))))))))))))))))))))))))))))))))))%0A.%0A%0A.%0A---------------%20FCopy%20---------------%0A%0Ac:%5Csrsvc.dll%20--%3E%20c:%5Cwindows%5Csystem32%5Csrsvc.dll%0Ac:%5Csrsvc.dll%20--%3E%20c:%5Cwindows%5Csystem32%5Cdllcache%5Csrsvc.dll%0A.%0A(((((((((((((((((((((((((%20%20%20Soubory%20vytvo%C5%99en%C3%A9%20od%202010-10-12%20do%202010-11-12%20%20)))))))))))))))))))))))))))))))%0A.%0A%0A2010-11-12%2022:24%20.%202008-04-14%2006:52%09171008%09----a-w-%09c:%5Cwindows%5Csystem32%5Csrsvc.dll%0A2010-11-12%2022:24%20.%202008-04-14%2006:52%09171008%09----a-w-%09c:%5Cwindows%5Csystem32%5Cdllcache%5Csrsvc.dll%0A2010-11-12%2021:50%20.%202008-04-14%2006:52%09171008%09------w-%09C:%5Csrsvc.dll%0A2010-11-12%2013:18%20.%202010-11-12%2013:18%09--------%09d-----w-%09c:%5Cprogram%20files%5CCommon%20Files%5CDirectX%0A2010-11-12%2006:41%20.%202010-11-12%2006:41%09--------%09d-----w-%09c:%5Cprogram%20files%5CAspyr%20Media,%20Inc%0A2010-11-11%2019:59%20.%202010-11-11%2019:59%09--------%09d-----w-%09c:%5Cdocuments%20and%20settings%5CAdmin%5CData%20aplikac%C3%AD%5CMalwarebytes%0A2010-11-11%2019:59%20.%202010-04-29%2014:39%0938224%09----a-w-%09c:%5Cwindows%5Csystem32%5Cdrivers%5Cmbamswissarmy.sys%0A2010-11-11%2019:59%20.%202010-11-11%2019:59%09--------%09d-----w-%09c:%5Cprogram%20files%5CMalwarebytes'%20Anti-Malware%0A2010-11-11%2019:59%20.%202010-11-11%2019:59%09--------%09d-----w-%09c:%5Cdocuments%20and%20settings%5CAll%20Users%5CData%20aplikac%C3%AD%5CMalwarebytes%0A2010-11-11%2019:59%20.%202010-04-29%2014:39%0920952%09----a-w-%09c:%5Cwindows%5Csystem32%5Cdrivers%5Cmbam.sys%0A2010-11-11%2019:38%20.%202010-11-11%2019:38%09--------%09d-----w-%09c:%5Cdocuments%20and%20settings%5CAdmin%5CDoctorWeb%0A2010-11-11%2019:01%20.%202010-11-11%2019:01%09388096%09----a-r-%09c:%5Cdocuments%20and%20settings%5CAdmin%5CData%20aplikac%C3%AD%5CMicrosoft%5CInstaller%5C%7B45A66726-69BC-466B-A7A4-12FCBA4883D7%7D%5CHiJackThis.exe%0A2010-11-11%2016:44%20.%202010-11-11%2016:54%09--------%09d-----w-%09c:%5Cprogram%20files%5CDaemonicMU%0A2010-11-09%2015:01%20.%202010-11-09%2015:01%09--------%09d-----w-%09C:%5Ctotalcmd%0A2010-11-09%2015:01%20.%202010-11-09%2015:01%09--------%09d-----w-%09c:%5Cdocuments%20and%20settings%5CAdmin%5CData%20aplikac%C3%AD%5CGHISLER%0A2010-11-09%2015:01%20.%202010-07-07%2006:55%09545%09----a-w-%09c:%5Cwindows%5CUC.PIF%0A2010-11-09%2015:01%20.%202010-07-07%2006:55%09545%09----a-w-%09c:%5Cwindows%5CRAR.PIF%0A2010-11-09%2015:01%20.%202010-07-07%2006:55%09545%09----a-w-%09c:%5Cwindows%5CPKZIP.PIF%0A2010-11-09%2015:01%20.%202010-07-07%2006:55%09545%09----a-w-%09c:%5Cwindows%5CPKUNZIP.PIF%0A2010-11-09%2015:01%20.%202010-07-07%2006:55%09545%09----a-w-%09c:%5Cwindows%5CNOCLOSE.PIF%0A2010-11-09%2015:01%20.%202010-07-07%2006:55%09545%09----a-w-%09c:%5Cwindows%5CLHA.PIF%0A2010-11-09%2015:01%20.%202010-07-07%2006:55%09545%09----a-w-%09c:%5Cwindows%5CARJ.PIF%0A2010-11-05%2019:25%20.%202010-11-05%2019:25%09691696%09----a-w-%09c:%5Cwindows%5Csystem32%5Cdrivers%5Csptd.sys%0A2010-11-05%2019:25%20.%202010-11-05%2019:25%09--------%09d-----w-%09c:%5Cprogram%20files%5CDAEMON%20Tools%20Lite%0A2010-11-05%2019:24%20.%202010-11-05%2019:51%09--------%09d-----w-%09c:%5Cdocuments%20and%20settings%5CAdmin%5CData%20aplikac%C3%AD%5CDAEMON%20Tools%20Lite%0A2010-11-05%2019:24%20.%202010-11-05%2019:24%09--------%09d-----w-%09c:%5Cdocuments%20and%20settings%5CAll%20Users%5CData%20aplikac%C3%AD%5CDAEMON%20Tools%20Lite%0A2010-11-05%2012:53%20.%202004-08-18%2008:34%09442368%09----a-r-%09c:%5Cwindows%5Csystem32%5Cvp6vfw.dll%0A2010-11-04%2021:54%20.%202010-11-04%2021:54%09--------%09d-----w-%09c:%5Cprogram%20files%5CCCleaner%0A2010-11-03%2019:17%20.%202010-11-11%2000:23%09--------%09d-----w-%09c:%5Cprogram%20files%5CMicrosoft%20Games%0A2010-10-31%2009:07%20.%202010-11-04%2021:14%09--------%09d-----w-%09c:%5Cprogram%20files%5CNVIDIA%20Corporation%0A2010-10-30%2023:47%20.%202010-10-30%2023:47%09271360%09----a-w-%09c:%5Cwindows%5Csystem32%5Cdrivers%5Catksgt.sys%0A2010-10-30%2023:47%20.%202010-10-30%2023:47%0918048%09----a-w-%09c:%5Cwindows%5Csystem32%5Cdrivers%5Clirsgt.sys%0A2010-10-29%2011:14%20.%202010-10-29%2011:14%09--------%09d-----w-%09c:%5Cprogram%20files%5CSystemRequirementsLab%0A2010-10-29%2010:32%20.%202010-10-29%2010:32%09--------%09d-----w-%09c:%5Cdocuments%20and%20settings%5CAdmin%5CLocal%20Settings%5CData%20aplikac%C3%AD%5COpera%0A2010-10-29%2010:31%20.%202010-10-29%2010:31%09--------%09d-----w-%09c:%5Cprogram%20files%5COpera%0A2010-10-29%2010:03%20.%202010-10-29%2010:03%09--------%09d-----w-%09c:%5Cdocuments%20and%20settings%5CAdmin%5CData%20aplikac%C3%AD%5C2K%20Sports%0A2010-10-28%2021:27%20.%202010-10-28%2021:27%09--------%09d-----w-%09c:%5Cdocuments%20and%20settings%5CAll%20Users%5CData%20aplikac%C3%AD%5CElectronic%20Arts%0A2010-10-28%2021:18%20.%202004-10-22%2000:18%09749568%09----a-w-%09c:%5Cprogram%20files%5CCommon%20Files%5CInstallShield%5CProfessional%5CRunTime%5C10%5C50%5CIntel32%5CiKernel.dll%0A2010-10-28%2021:18%20.%202004-10-22%2000:17%0969715%09----a-w-%09c:%5Cprogram%20files%5CCommon%20Files%5CInstallShield%5CProfessional%5CRunTime%5C10%5C50%5CIntel32%5Cctor.dll%0A2010-10-28%2021:18%20.%202004-10-22%2000:17%09274432%09----a-w-%09c:%5Cprogram%20files%5CCommon%20Files%5CInstallShield%5CProfessional%5CRunTime%5C10%5C50%5CIntel32%5Ciscript.dll%0A2010-10-28%2021:18%20.%202004-10-22%2000:16%09180224%09----a-w-%09c:%5Cprogram%20files%5CCommon%20Files%5CInstallShield%5CProfessional%5CRunTime%5C10%5C50%5CIntel32%5Ciuser.dll%0A2010-10-28%2021:18%20.%202004-10-22%2000:16%095632%09----a-w-%09c:%5Cprogram%20files%5CCommon%20Files%5CInstallShield%5CProfessional%5CRunTime%5C10%5C50%5CIntel32%5CDotNetInstaller.exe%0A2010-10-28%2021:18%20.%202010-10-28%2021:18%09192644%09----a-w-%09c:%5Cprogram%20files%5CCommon%20Files%5CInstallShield%5CProfessional%5CRunTime%5C10%5C50%5CIntel32%5CiGdi.dll%0A2010-10-28%2021:18%20.%202010-10-28%2021:18%09323716%09----a-w-%09c:%5Cprogram%20files%5CCommon%20Files%5CInstallShield%5CProfessional%5CRunTime%5C10%5C50%5CIntel32%5Csetup.dll%0A2010-10-28%2010:35%20.%202010-10-28%2010:35%09--------%09d-----w-%09c:%5Cdocuments%20and%20settings%5CAdmin%5CSystemRequirementsLab%0A2010-10-26%2019:20%20.%202010-10-26%2019:20%09--------%09d--h--r-%09c:%5Cdocuments%20and%20settings%5CAdmin%5CData%20aplikac%C3%AD%5CSecuROM%0A2010-10-25%2020:16%20.%202010-10-25%2020:18%09--------%09d-----w-%09c:%5Cdocuments%20and%20settings%5CAdmin%5CLocal%20Settings%5CData%20aplikac%C3%AD%5CApplicationHistory%0A2010-10-24%2019:20%20.%202010-10-24%2019:20%09--------%09d-----w-%09c:%5Cwindows%5Csystem32%5CURTTEMP%0A2010-10-17%2015:12%20.%202010-10-17%2015:12%09--------%09d-----w-%09c:%5Cdocuments%20and%20settings%5CAdmin%5CData%20aplikac%C3%AD%5CRedDotGames%0A2010-10-17%2014:08%20.%202010-10-17%2014:08%09--------%09d-----w-%09c:%5Cdocuments%20and%20settings%5CAdmin%5CLocal%20Settings%5CData%20aplikac%C3%AD%5CLucasArts%0A2010-10-17%2009:22%20.%202010-10-17%2009:22%09--------%09d-----w-%09c:%5Cdocuments%20and%20settings%5CAll%20Users%5CData%20aplikac%C3%AD%5CActivision%0A%0A.%0A((((((((((((((((((((((((((((((((((((((((%20%20%20Find3M%20v%C3%BDpis%20%20%20))))))))))))))))))))))))))))))))))))))))))))))))))))%0A.%0A2010-10-30%2022:16%20.%202010-05-20%2018:06%09107888%09----a-w-%09c:%5Cwindows%5Csystem32%5CCmdLineExt.dll%0A2010-10-19%2013:28%20.%202010-05-08%2012:11%0922328%09----a-w-%09c:%5Cwindows%5Csystem32%5Cdrivers%5CPnkBstrK.sys%0A2010-10-19%2013:28%20.%202010-05-08%2012:11%0966872%09----a-w-%09c:%5Cwindows%5Csystem32%5CPnkBstrA.exe%0A2010-10-19%2013:28%20.%202010-05-08%2012:11%09103736%09----a-w-%09c:%5Cwindows%5Csystem32%5CPnkBstrB.exe%0A2010-10-10%2008:41%20.%202010-05-08%2012:11%09233960%09----a-w-%09c:%5Cwindows%5Csystem32%5CPnkBstrB.xtr%0A2010-10-03%2011:24%20.%202010-10-03%2011:24%09115968%09----a-w-%09c:%5Cwindows%5Csystem32%5Cdrivers%5Cprodrv03.sys%0A2010-09-18%2010:23%20.%202007-04-03%2006:44%09974848%09----a-w-%09c:%5Cwindows%5Csystem32%5Cmfc42u.dll%0A2010-09-18%2006:53%20.%202008-04-14%2006:51%09974848%09----a-w-%09c:%5Cwindows%5Csystem32%5Cmfc42.dll%0A2010-09-18%2006:53%20.%202008-04-14%2006:51%09953856%09----a-w-%09c:%5Cwindows%5Csystem32%5Cmfc40u.dll%0A2010-09-18%2006:53%20.%202001-10-25%2014:00%09954368%09----a-w-%09c:%5Cwindows%5Csystem32%5Cmfc40.dll%0A2010-09-09%2014:23%20.%202008-04-14%2006:52%09668160%09----a-w-%09c:%5Cwindows%5Csystem32%5Cwininet.dll%0A2010-09-09%2014:23%20.%202008-04-14%2006:50%0961952%09----a-w-%09c:%5Cwindows%5Csystem32%5Ctdc.ocx%0A2010-09-09%2014:23%20.%202008-04-14%2006:51%0981920%09----a-w-%09c:%5Cwindows%5Csystem32%5Cieencode.dll%0A2010-09-09%2014:16%20.%202008-04-14%2005:50%09370176%09----a-w-%09c:%5Cwindows%5Csystem32%5Chtml.iec%0A2010-09-01%2011:52%20.%202008-04-14%2006:37%09285824%09----a-w-%09c:%5Cwindows%5Csystem32%5Catmfd.dll%0A2010-09-01%2007:57%20.%202008-04-14%2005:45%091852800%09----a-w-%09c:%5Cwindows%5Csystem32%5Cwin32k.sys%0A2010-08-27%2008:03%20.%202008-04-14%2006:52%09119808%09----a-w-%09c:%5Cwindows%5Csystem32%5Ct2embed.dll%0A2010-08-27%2005:54%20.%202008-04-14%2006:52%0999840%09----a-w-%09c:%5Cwindows%5Csystem32%5Csrvsvc.dll%0A2010-08-27%2001:43%20.%202010-07-22%2006:19%095632%09----a-w-%09c:%5Cwindows%5Csystem32%5Cxpsp4res.dll%0A2010-08-26%2013:39%20.%202008-04-13%2022:45%09357248%09----a-w-%09c:%5Cwindows%5Csystem32%5Cdrivers%5Csrv.sys%0A2010-08-24%2011:15%20.%202010-08-24%2011:15%09114048%09----a-w-%09c:%5Cwindows%5Csystem32%5Cdrivers%5Csnapman.sys%0A2010-08-23%2016:12%20.%202008-04-14%2006:51%09617472%09----a-w-%09c:%5Cwindows%5Csystem32%5Ccomctl32.dll%0A2010-08-17%2013:17%20.%202008-04-14%2006:52%0958880%09----a-w-%09c:%5Cwindows%5Csystem32%5Cspoolsv.exe%0A2010-08-16%2008:45%20.%202008-04-14%2006:51%09590848%09----a-w-%09c:%5Cwindows%5Csystem32%5Crpcrt4.dll%0A.%0A%0A(((((((((((((((((((((((((((((%20%20%20SnapShot@2010-11-11_20.53.39%20%20%20)))))))))))))))))))))))))))))))))))))))))%0A.%0A-%202001-10-25%2014:00%20.%202010-11-01%2012:55%0966656%20%20%20%20%20%20%20%20%20%20%20%20%20%20c:%5Cwindows%5Csystem32%5Cperfc009.dat%0A+%202001-10-25%2014:00%20.%202010-11-11%2021:21%0966656%20%20%20%20%20%20%20%20%20%20%20%20%20%20c:%5Cwindows%5Csystem32%5Cperfc009.dat%0A-%202001-10-25%2014:00%20.%202010-11-01%2012:55%0977442%20%20%20%20%20%20%20%20%20%20%20%20%20%20c:%5Cwindows%5Csystem32%5Cperfc005.dat%0A+%202001-10-25%2014:00%20.%202010-11-11%2021:21%0977442%20%20%20%20%20%20%20%20%20%20%20%20%20%20c:%5Cwindows%5Csystem32%5Cperfc005.dat%0A+%202010-11-12%2006:51%20.%202010-11-12%2006:51%0910134%20%20%20%20%20%20%20%20%20%20%20%20%20%20c:%5Cwindows%5CInstaller%5C%7B20454918-294E-40FD-9D9C-E25C5E165905%7D%5CARPPRODUCTICON.exe%0A-%202010-11-03%2019:24%20.%202010-11-03%2019:24%0912800%20%20%20%20%20%20%20%20%20%20%20%20%20%20c:%5Cwindows%5Cassembly%5CGAC%5CMicrosoft.DirectX.Diagnostics%5C1.0.2902.0__31bf3856ad364e35%5CMicrosoft.DirectX.Diagnostics.dll%0A+%202010-11-12%2017:05%20.%202010-11-12%2017:05%0912800%20%20%20%20%20%20%20%20%20%20%20%20%20%20c:%5Cwindows%5Cassembly%5CGAC%5CMicrosoft.DirectX.Diagnostics%5C1.0.2902.0__31bf3856ad364e35%5CMicrosoft.DirectX.Diagnostics.dll%0A-%202010-11-03%2019:24%20.%202010-11-03%2019:24%0953248%20%20%20%20%20%20%20%20%20%20%20%20%20%20c:%5Cwindows%5Cassembly%5CGAC%5CMicrosoft.DirectX.AudioVideoPlayback%5C1.0.2902.0__31bf3856ad364e35%5CMicrosoft.DirectX.AudioVideoPlayback.dll%0A+%202010-11-12%2017:05%20.%202010-11-12%2017:05%0953248%20%20%20%20%20%20%20%20%20%20%20%20%20%20c:%5Cwindows%5Cassembly%5CGAC%5CMicrosoft.DirectX.AudioVideoPlayback%5C1.0.2902.0__31bf3856ad364e35%5CMicrosoft.DirectX.AudioVideoPlayback.dll%0A+%202001-10-25%2014:00%20.%202010-11-11%2021:21%09425578%20%20%20%20%20%20%20%20%20%20%20%20%20%20c:%5Cwindows%5Csystem32%5Cperfh009.dat%0A-%202001-10-25%2014:00%20.%202010-11-01%2012:55%09425578%20%20%20%20%20%20%20%20%20%20%20%20%20%20c:%5Cwindows%5Csystem32%5Cperfh009.dat%0A-%202001-10-25%2014:00%20.%202010-11-01%2012:55%09422508%20%20%20%20%20%20%20%20%20%20%20%20%20%20c:%5Cwindows%5Csystem32%5Cperfh005.dat%0A+%202001-10-25%2014:00%20.%202010-11-11%2021:21%09422508%20%20%20%20%20%20%20%20%20%20%20%20%20%20c:%5Cwindows%5Csystem32%5Cperfh005.dat%0A+%202010-11-12%2017:05%20.%202010-11-12%2017:05%09223232%20%20%20%20%20%20%20%20%20%20%20%20%20%20c:%5Cwindows%5Cassembly%5CGAC%5CMicrosoft.DirectX%5C1.0.2902.0__31bf3856ad364e35%5CMicrosoft.DirectX.dll%0A-%202010-11-03%2019:24%20.%202010-11-03%2019:24%09223232%20%20%20%20%20%20%20%20%20%20%20%20%20%20c:%5Cwindows%5Cassembly%5CGAC%5CMicrosoft.DirectX%5C1.0.2902.0__31bf3856ad364e35%5CMicrosoft.DirectX.dll%0A+%202010-11-12%2017:05%20.%202010-11-12%2017:05%09178176%20%20%20%20%20%20%20%20%20%20%20%20%20%20c:%5Cwindows%5Cassembly%5CGAC%5CMicrosoft.DirectX.DirectSound%5C1.0.2902.0__31bf3856ad364e35%5CMicrosoft.DirectX.DirectSound.dll%0A-%202010-11-03%2019:24%20.%202010-11-03%2019:24%09178176%20%20%20%20%20%20%20%20%20%20%20%20%20%20c:%5Cwindows%5Cassembly%5CGAC%5CMicrosoft.DirectX.DirectSound%5C1.0.2902.0__31bf3856ad364e35%5CMicrosoft.DirectX.DirectSound.dll%0A+%202010-11-12%2017:05%20.%202010-11-12%2017:05%09364544%20%20%20%20%20%20%20%20%20%20%20%20%20%20c:%5Cwindows%5Cassembly%5CGAC%5CMicrosoft.DirectX.DirectPlay%5C1.0.2902.0__31bf3856ad364e35%5CMicrosoft.DirectX.DirectPlay.dll%0A-%202010-11-03%2019:24%20.%202010-11-03%2019:24%09364544%20%20%20%20%20%20%20%20%20%20%20%20%20%20c:%5Cwindows%5Cassembly%5CGAC%5CMicrosoft.DirectX.DirectPlay%5C1.0.2902.0__31bf3856ad364e35%5CMicrosoft.DirectX.DirectPlay.dll%0A-%202010-11-03%2019:24%20.%202010-11-03%2019:24%09159232%20%20%20%20%20%20%20%20%20%20%20%20%20%20c:%5Cwindows%5Cassembly%5CGAC%5CMicrosoft.DirectX.DirectInput%5C1.0.2902.0__31bf3856ad364e35%5CMicrosoft.DirectX.DirectInput.dll%0A+%202010-11-12%2017:05%20.%202010-11-12%2017:05%09159232%20%20%20%20%20%20%20%20%20%20%20%20%20%20c:%5Cwindows%5Cassembly%5CGAC%5CMicrosoft.DirectX.DirectInput%5C1.0.2902.0__31bf3856ad364e35%5CMicrosoft.DirectX.DirectInput.dll%0A-%202010-11-03%2019:24%20.%202010-11-03%2019:24%09145920%20%20%20%20%20%20%20%20%20%20%20%20%20%20c:%5Cwindows%5Cassembly%5CGAC%5CMicrosoft.DirectX.DirectDraw%5C1.0.2902.0__31bf3856ad364e35%5CMicrosoft.DirectX.DirectDraw.dll%0A+%202010-11-12%2017:05%20.%202010-11-12%2017:05%09145920%20%20%20%20%20%20%20%20%20%20%20%20%20%20c:%5Cwindows%5Cassembly%5CGAC%5CMicrosoft.DirectX.DirectDraw%5C1.0.2902.0__31bf3856ad364e35%5CMicrosoft.DirectX.DirectDraw.dll%0A+%202010-11-12%2017:05%20.%202010-11-12%2017:05%09578560%20%20%20%20%20%20%20%20%20%20%20%20%20%20c:%5Cwindows%5Cassembly%5CGAC%5CMicrosoft.DirectX.Direct3DX%5C1.0.2911.0__31bf3856ad364e35%5CMicrosoft.DirectX.Direct3DX.dll%0A-%202010-11-02%2014:40%20.%202010-11-02%2014:40%09578560%20%20%20%20%20%20%20%20%20%20%20%20%20%20c:%5Cwindows%5Cassembly%5CGAC%5CMicrosoft.DirectX.Direct3DX%5C1.0.2911.0__31bf3856ad364e35%5CMicrosoft.DirectX.Direct3DX.dll%0A+%202010-11-12%2017:05%20.%202010-11-12%2017:05%09578560%20%20%20%20%20%20%20%20%20%20%20%20%20%20c:%5Cwindows%5Cassembly%5CGAC%5CMicrosoft.DirectX.Direct3DX%5C1.0.2910.0__31bf3856ad364e35%5CMicrosoft.DirectX.Direct3DX.dll%0A-%202010-11-02%2014:40%20.%202010-11-02%2014:40%09578560%20%20%20%20%20%20%20%20%20%20%20%20%20%20c:%5Cwindows%5Cassembly%5CGAC%5CMicrosoft.DirectX.Direct3DX%5C1.0.2910.0__31bf3856ad364e35%5CMicrosoft.DirectX.Direct3DX.dll%0A+%202010-11-12%2017:05%20.%202010-11-12%2017:05%09577536%20%20%20%20%20%20%20%20%20%20%20%20%20%20c:%5Cwindows%5Cassembly%5CGAC%5CMicrosoft.DirectX.Direct3DX%5C1.0.2909.0__31bf3856ad364e35%5CMicrosoft.DirectX.Direct3DX.dll%0A-%202010-11-02%2014:40%20.%202010-11-02%2014:40%09577536%20%20%20%20%20%20%20%20%20%20%20%20%20%20c:%5Cwindows%5Cassembly%5CGAC%5CMicrosoft.DirectX.Direct3DX%5C1.0.2909.0__31bf3856ad364e35%5CMicrosoft.DirectX.Direct3DX.dll%0A-%202010-11-02%2014:40%20.%202010-11-02%2014:40%09577536%20%20%20%20%20%20%20%20%20%20%20%20%20%20c:%5Cwindows%5Cassembly%5CGAC%5CMicrosoft.DirectX.Direct3DX%5C1.0.2908.0__31bf3856ad364e35%5CMicrosoft.DirectX.Direct3DX.dll%0A+%202010-11-12%2017:05%20.%202010-11-12%2017:05%09577536%20%20%20%20%20%20%20%20%20%20%20%20%20%20c:%5Cwindows%5Cassembly%5CGAC%5CMicrosoft.DirectX.Direct3DX%5C1.0.2908.0__31bf3856ad364e35%5CMicrosoft.DirectX.Direct3DX.dll%0A+%202010-11-12%2017:05%20.%202010-11-12%2017:05%09577024%20%20%20%20%20%20%20%20%20%20%20%20%20%20c:%5Cwindows%5Cassembly%5CGAC%5CMicrosoft.DirectX.Direct3DX%5C1.0.2907.0__31bf3856ad364e35%5CMicrosoft.DirectX.Direct3DX.dll%0A-%202010-11-02%2014:40%20.%202010-11-02%2014:40%09577024%20%20%20%20%20%20%20%20%20%20%20%20%20%20c:%5Cwindows%5Cassembly%5CGAC%5CMicrosoft.DirectX.Direct3DX%5C1.0.2907.0__31bf3856ad364e35%5CMicrosoft.DirectX.Direct3DX.dll%0A+%202010-11-12%2017:05%20.%202010-11-12%2017:05%09576000%20%20%20%20%20%20%20%20%20%20%20%20%20%20c:%5Cwindows%5Cassembly%5CGAC%5CMicrosoft.DirectX.Direct3DX%5C1.0.2906.0__31bf3856ad364e35%5CMicrosoft.DirectX.Direct3DX.dll%0A-%202010-11-02%2014:40%20.%202010-11-02%2014:40%09576000%20%20%20%20%20%20%20%20%20%20%20%20%20%20c:%5Cwindows%5Cassembly%5CGAC%5CMicrosoft.DirectX.Direct3DX%5C1.0.2906.0__31bf3856ad364e35%5CMicrosoft.DirectX.Direct3DX.dll%0A-%202010-11-03%2019:24%20.%202010-11-03%2019:24%09567296%20%20%20%20%20%20%20%20%20%20%20%20%20%20c:%5Cwindows%5Cassembly%5CGAC%5CMicrosoft.DirectX.Direct3DX%5C1.0.2905.0__31bf3856ad364e35%5CMicrosoft.DirectX.Direct3DX.dll%0A+%202010-11-12%2017:05%20.%202010-11-12%2017:05%09567296%20%20%20%20%20%20%20%20%20%20%20%20%20%20c:%5Cwindows%5Cassembly%5CGAC%5CMicrosoft.DirectX.Direct3DX%5C1.0.2905.0__31bf3856ad364e35%5CMicrosoft.DirectX.Direct3DX.dll%0A-%202010-11-02%2014:40%20.%202010-11-02%2014:40%09563712%20%20%20%20%20%20%20%20%20%20%20%20%20%20c:%5Cwindows%5Cassembly%5CGAC%5CMicrosoft.DirectX.Direct3DX%5C1.0.2904.0__31bf3856ad364e35%5CMicrosoft.DirectX.Direct3DX.dll%0A+%202010-11-12%2017:05%20.%202010-11-12%2017:05%09563712%20%20%20%20%20%20%20%20%20%20%20%20%20%20c:%5Cwindows%5Cassembly%5CGAC%5CMicrosoft.DirectX.Direct3DX%5C1.0.2904.0__31bf3856ad364e35%5CMicrosoft.DirectX.Direct3DX.dll%0A+%202010-11-12%2017:05%20.%202010-11-12%2017:05%09473600%20%20%20%20%20%20%20%20%20%20%20%20%20%20c:%5Cwindows%5Cassembly%5CGAC%5CMicrosoft.DirectX.Direct3D%5C1.0.2902.0__31bf3856ad364e35%5CMicrosoft.DirectX.Direct3D.dll%0A-%202010-11-03%2019:24%20.%202010-11-03%2019:24%09473600%20%20%20%20%20%20%20%20%20%20%20%20%20%20c:%5Cwindows%5Cassembly%5CGAC%5CMicrosoft.DirectX.Direct3D%5C1.0.2902.0__31bf3856ad364e35%5CMicrosoft.DirectX.Direct3D.dll%0A+%202010-11-12%2006:51%20.%202010-11-12%2006:51%092286080%20%20%20%20%20%20%20%20%20%20%20%20%20%20c:%5Cwindows%5CInstaller%5Cc0e0e.msi%0A+%202010-11-12%2017:05%20.%202010-11-12%2017:05%092846720%20%20%20%20%20%20%20%20%20%20%20%20%20%20c:%5Cwindows%5Cassembly%5CGAC%5CMicrosoft.DirectX.Direct3DX%5C1.0.2903.0__31bf3856ad364e35%5CMicrosoft.DirectX.Direct3DX.dll%0A-%202010-11-02%2014:40%20.%202010-11-02%2014:40%092846720%20%20%20%20%20%20%20%20%20%20%20%20%20%20c:%5Cwindows%5Cassembly%5CGAC%5CMicrosoft.DirectX.Direct3DX%5C1.0.2903.0__31bf3856ad364e35%5CMicrosoft.DirectX.Direct3DX.dll%0A+%202010-11-12%2017:05%20.%202010-11-12%2017:05%092676224%20%20%20%20%20%20%20%20%20%20%20%20%20%20c:%5Cwindows%5Cassembly%5CGAC%5CMicrosoft.DirectX.Direct3DX%5C1.0.2902.0__31bf3856ad364e35%5CMicrosoft.DirectX.Direct3DX.dll%0A-%202010-11-02%2014:40%20.%202010-11-02%2014:40%092676224%20%20%20%20%20%20%20%20%20%20%20%20%20%20c:%5Cwindows%5Cassembly%5CGAC%5CMicrosoft.DirectX.Direct3DX%5C1.0.2902.0__31bf3856ad364e35%5CMicrosoft.DirectX.Direct3DX.dll%0A.%0A((((((((((((((((((((((((((((((((((%20%20%20Spou%C5%A1t%C4%9Bc%C3%AD%20body%20v%20registru%20%20%20)))))))))))))))))))))))))))))))))))))))))))))%0A.%0A.%0A*Pozn%C3%A1mka*%20pr%C3%A1zdn%C3%A9%20z%C3%A1znamy%20a%20legitimn%C3%AD%20v%C3%BDchoz%C3%AD%20%C3%BAdaje%20nejsou%20zobrazeny.%20%0AREGEDIT4%0A%0A%5BHKEY_LOCAL_MACHINE%5CSOFTWARE%5CMicrosoft%5CWindows%5CCurrentVersion%5CRun%5D%0A%22SmcService%22=%22c:%5Cprogra~1%5CSygate%5CSPF%5Csmc.exe%22%20%5B2005-09-27%202635472%5D%0A%22avgnt%22=%22c:%5Cprogram%20files%5CAvira%5CAntiVir%20Desktop%5Cavgnt.exe%22%20%5B2010-03-02%20282792%5D%0A%0A%5BHKEY_USERS%5C.DEFAULT%5CSoftware%5CMicrosoft%5CWindows%5CCurrentVersion%5CRun%5D%0A%22CTFMON.EXE%22=%22c:%5Cwindows%5Csystem32%5Cctfmon.exe%22%20%5B2008-04-14%2015360%5D%0A%0A%5BHKLM%5C~%5Cstartupfolder%5CC:%5EDocuments%20and%20Settings%5EAdmin%5ENab%C3%ADdka%20Start%5EProgramy%5EPo%20spu%C5%A1t%C4%9Bn%C3%AD%5ERegistration%20Assassin.LNK%5D%0Apath=c:%5Cdocuments%20and%20settings%5CAdmin%5CNab%C3%ADdka%20Start%5CProgramy%5CPo%20spu%C5%A1t%C4%9Bn%C3%AD%5CRegistration%20Assassin.LNK%0Abackup=c:%5Cwindows%5Cpss%5CRegistration%20Assassin.LNKStartup%0A%0A%5BHKLM%5C~%5Cstartupfolder%5CC:%5EDocuments%20and%20Settings%5EAdmin%5ENab%C3%ADdka%20Start%5EProgramy%5EPo%20spu%C5%A1t%C4%9Bn%C3%AD%5ERegistration%20Call%20of%20Juarez.LNK%5D%0Apath=c:%5Cdocuments%20and%20settings%5CAdmin%5CNab%C3%ADdka%20Start%5CProgramy%5CPo%20spu%C5%A1t%C4%9Bn%C3%AD%5CRegistration%20Call%20of%20Juarez.LNK%0Abackup=c:%5Cwindows%5Cpss%5CRegistration%20Call%20of%20Juarez.LNKStartup%0A%0A%5BHKEY_LOCAL_MACHINE%5Csoftware%5Cmicrosoft%5Cshared%20tools%5Cmsconfig%5Cstartupreg%5CKernelFaultCheck%5D%0Ac:%5Cwindows%5Csystem32%5Cdumprep%200%20-k%20%5BX%5D%0A%0A%5BHKEY_LOCAL_MACHINE%5Csoftware%5Cmicrosoft%5Cshared%20tools%5Cmsconfig%5Cstartupreg%5CAdobe%20ARM%5D%0A2010-09-21%2018:37%09932288%09----a-w-%09c:%5Cprogram%20files%5CCommon%20Files%5CAdobe%5CARM%5C1.0%5CAdobeARM.exe%0A%0A%5BHKEY_LOCAL_MACHINE%5Csoftware%5Cmicrosoft%5Cshared%20tools%5Cmsconfig%5Cstartupreg%5CAdobe%20Reader%20Speed%20Launcher%5D%0A2010-04-04%2005:42%0936272%09----a-w-%09c:%5Cprogram%20files%5CAdobe%5CReader%209.0%5CReader%5Creader_sl.exe%0A%0A%5BHKEY_LOCAL_MACHINE%5Csoftware%5Cmicrosoft%5Cshared%20tools%5Cmsconfig%5Cstartupreg%5CAGRSMMSG%5D%0A2002-09-25%2010:44%0987751%09----a-w-%09c:%5Cwindows%5CAGRSMMSG.exe%0A%0A%5BHKEY_LOCAL_MACHINE%5Csoftware%5Cmicrosoft%5Cshared%20tools%5Cmsconfig%5Cstartupreg%5CDAEMON%20Tools%20Lite%5D%0A2010-04-01%2009:16%09357696%09----a-w-%09c:%5Cprogram%20files%5CDAEMON%20Tools%20Lite%5CDTLite.exe%0A%0A%5BHKEY_LOCAL_MACHINE%5Csoftware%5Cmicrosoft%5Cshared%20tools%5Cmsconfig%5Cstartupreg%5CDivXUpdate%5D%0A2010-06-03%2000:50%091144104%09----a-w-%09c:%5Cprogram%20files%5CDivX%5CDivX%20Update%5CDivXUpdate.exe%0A%0A%5BHKEY_LOCAL_MACHINE%5Csoftware%5Cmicrosoft%5Cshared%20tools%5Cmsconfig%5Cstartupreg%5CiTunesHelper%5D%0A2010-09-01%2006:32%09421160%09----a-w-%09c:%5Cprogram%20files%5CiTunes%5CiTunesHelper.exe%0A%0A%5BHKEY_LOCAL_MACHINE%5Csoftware%5Cmicrosoft%5Cshared%20tools%5Cmsconfig%5Cstartupreg%5COSSelectorReinstall%5D%0A2007-03-15%2008:06%092225208%09----a-w-%09c:%5Cprogram%20files%5CCommon%20Files%5CAcronis%5CAcronis%20Disk%20Director%5Coss_reinstall.exe%0A%0A%5BHKEY_LOCAL_MACHINE%5Csoftware%5Cmicrosoft%5Cshared%20tools%5Cmsconfig%5Cstartupreg%5CPWRISOVM.EXE%5D%0A2009-03-15%2010:15%09180224%09----a-w-%09c:%5Cprogram%20files%5CPowerISO%5CPWRISOVM.EXE%0A%0A%5BHKEY_LOCAL_MACHINE%5Csoftware%5Cmicrosoft%5Cshared%20tools%5Cmsconfig%5Cstartupreg%5CQuickTime%20Task%5D%0A2010-08-10%2003:15%09421888%09----a-w-%09c:%5Cprogram%20files%5CQuickTime%5CQTTask.exe%0A%0A%5BHKEY_LOCAL_MACHINE%5Csoftware%5Cmicrosoft%5Cshared%20tools%5Cmsconfig%5Cstartupreg%5CSkype%5D%0A2010-05-13%2014:12%0926192168%09----a-r-%09c:%5Cprogram%20files%5CSkype%5CPhone%5CSkype.exe%0A%0A%5BHKEY_LOCAL_MACHINE%5Csoftware%5Cmicrosoft%5Cshared%20tools%5Cmsconfig%5Cstartupreg%5CSmapp%5D%0A2003-05-05%2006:57%09143360%09----a-w-%09c:%5Cprogram%20files%5CAnalog%20Devices%5CSoundMAX%5CSMTray.exe%0A%0A%5BHKEY_LOCAL_MACHINE%5Csoftware%5Cmicrosoft%5Cshared%20tools%5Cmsconfig%5Cstartupreg%5CStartCCC%5D%0A2010-02-10%2021:32%0961440%09----a-w-%09c:%5Cprogram%20files%5CATI%20Technologies%5CATI.ACE%5CCore-Static%5CCLIStart.exe%0A%0A%5BHKEY_LOCAL_MACHINE%5Csoftware%5Cmicrosoft%5Cshared%20tools%5Cmsconfig%5Cstartupreg%5CSunJavaUpdateSched%5D%0A2010-02-18%2009:43%09248040%09----a-w-%09c:%5Cprogram%20files%5CCommon%20Files%5CJava%5CJava%20Update%5Cjusched.exe%0A%0A%5BHKEY_LOCAL_MACHINE%5Csoftware%5Cmicrosoft%5Cshared%20tools%5Cmsconfig%5Cservices%5D%0A%22YahooAUService%22=2%20(0x2)%0A%22SoundMAX%20Agent%20Service%20(default)%22=2%20(0x2)%0A%22JavaQuickStarterService%22=2%20(0x2)%0A%22idsvc%22=3%20(0x3)%0A%22ATI%20Smart%22=2%20(0x2)%0A%22Schedule%22=2%20(0x2)%0A%22Ati%20HotKey%20Poller%22=2%20(0x2)%0A%22Bonjour%20Service%22=2%20(0x2)%0A%22Apple%20Mobile%20Device%22=2%20(0x2)%0A%0A%5BHKLM%5C~%5Cservices%5Csharedaccess%5Cparameters%5Cfirewallpolicy%5Cstandardprofile%5CAuthorizedApplications%5CList%5D%0A%22%25windir%25%5C%5Csystem32%5C%5Csessmgr.exe%22=%0A%0A%5BHKLM%5C~%5Cservices%5Csharedaccess%5Cparameters%5Cfirewallpolicy%5Cstandardprofile%5CGloballyOpenPorts%5CList%5D%0A%223389:TCP%22=%203389:TCP:@xpsp2res.dll,-22009%0A%0AR0%20sptd;sptd;c:%5Cwindows%5Csystem32%5Cdrivers%5Csptd.sys%20%5B5.11.2010%2020:25%20691696%5D%0AR1%20prodrv03;Star%20Force%20copy%20protection%20driver%20v3;c:%5Cwindows%5Csystem32%5Cdrivers%5Cprodrv03.sys%20%5B3.10.2010%2012:24%20115968%5D%0AR2%20AntiVirSchedulerService;Avira%20AntiVir%20Scheduler;c:%5Cprogram%20files%5CAvira%5CAntiVir%20Desktop%5Csched.exe%20%5B7.5.2010%2018:15%20135336%5D%0AR2%20cpuz134;cpuz134;c:%5Cwindows%5Csystem32%5Cdrivers%5Ccpuz134_x32.sys%20%5B28.8.2010%203:11%2020328%5D%0AR2%20npf;NetGroup%20Packet%20Filter%20Driver;c:%5Cwindows%5Csystem32%5Cdrivers%5Cnpf.sys%20%5B16.11.2009%2017:33%2050704%5D%0AS3%20MBAMSwissArmy;MBAMSwissArmy;c:%5Cwindows%5Csystem32%5Cdrivers%5Cmbamswissarmy.sys%20%5B11.11.2010%2020:59%2038224%5D%0A.%0AObsah%20adres%C3%A1%C5%99e%20'Napl%C3%A1novan%C3%A9%20%C3%BAlohy'%0A%0A2010-07-19%20c:%5Cwindows%5CTasks%5C1-Click%20Maintenance.job%0A-%20c:%5Cprogram%20files%5CTuneUp%20Utilities%202009%5COneClickStarter.exe%20%5B2008-12-11%2019:36%5D%0A.%0A.%0A-------%20Dopl%C5%88kov%C3%BD%20sken%20-------%0A.%0AFF%20-%20ProfilePath%20-%20c:%5Cdocuments%20and%20settings%5CAdmin%5CData%20aplikac%C3%AD%5CMozilla%5CFirefox%5CProfiles%5Cxss29fsr.default%5C%0AFF%20-%20prefs.js:%20browser.search.selectedEngine%20-%20Google%0AFF%20-%20prefs.js:%20browser.startup.homepage%20-%20hxxp://www.seznam.cz%0AFF%20-%20plugin:%20c:%5Cprogram%20files%5CDivX%5CDivX%20Plus%20Web%20Player%5Cnpdivx32.dll%0AFF%20-%20plugin:%20c:%5Cprogram%20files%5CJava%5Cjre6%5Cbin%5Cnew_plugin%5CnpdeployJava1.dll%0AFF%20-%20plugin:%20c:%5Cprogram%20files%5CMozilla%20Firefox%5Cplugins%5Cnpwachk.dll%0AFF%20-%20HiddenExtension:%20Microsoft%20.NET%20Framework%20Assistant:%20%7B20a82645-c095-46ed-80e3-08825760534b%7D%20-%20c:%5Cwindows%5CMicrosoft.NET%5CFramework%5Cv3.5%5CWindows%20Presentation%20Foundation%5CDotNetAssistantExtension%5C%0A%0A----%20NASTAVEN%C3%8D%20FIREFOXU%20----%0AFF%20-%20user.js:%20network.http.max-persistent-connections-per-server%20-%204%0AFF%20-%20user.js:%20nglayout.initialpaint.delay%20-%20600%0AFF%20-%20user.js:%20content.notify.interval%20-%20600000%0AFF%20-%20user.js:%20content.max.tokenizing.time%20-%201800000%0AFF%20-%20user.js:%20content.switch.threshold%20-%20600000%0AFF%20-%20user.js:%20yahoo.ytff.general.dontshowhpoffer%20-%20true%0Ac:%5Cprogram%20files%5CMozilla%20Firefox%5Cgreprefs%5Call.js%20-%20pref(%22network.IDN.whitelist.xn--mgbaam7a8h%22,%20true);%20%0Ac:%5Cprogram%20files%5CMozilla%20Firefox%5Cgreprefs%5Call.js%20-%20pref(%22network.IDN.whitelist.xn--fiqz9s%22,%20true);%20//%20Traditional%0Ac:%5Cprogram%20files%5CMozilla%20Firefox%5Cgreprefs%5Call.js%20-%20pref(%22network.IDN.whitelist.xn--fiqs8s%22,%20true);%20//%20Simplified%0Ac:%5Cprogram%20files%5CMozilla%20Firefox%5Cgreprefs%5Call.js%20-%20pref(%22network.IDN.whitelist.xn--j6w193g%22,%20true);%0Ac:%5Cprogram%20files%5CMozilla%20Firefox%5Cgreprefs%5Call.js%20-%20pref(%22network.IDN.whitelist.xn--mgberp4a5d4ar%22,%20true);%20%0Ac:%5Cprogram%20files%5CMozilla%20Firefox%5Cgreprefs%5Call.js%20-%20pref(%22network.IDN.whitelist.xn--mgberp4a5d4a87g%22,%20true);%0Ac:%5Cprogram%20files%5CMozilla%20Firefox%5Cgreprefs%5Call.js%20-%20pref(%22network.IDN.whitelist.xn--mgbqly7c0a67fbc%22,%20true);%0Ac:%5Cprogram%20files%5CMozilla%20Firefox%5Cgreprefs%5Call.js%20-%20pref(%22network.IDN.whitelist.xn--mgbqly7cvafr%22,%20true);%0Ac:%5Cprogram%20files%5CMozilla%20Firefox%5Cgreprefs%5Call.js%20-%20pref(%22network.IDN.whitelist.xn--kpry57d%22,%20true);%20%20//%20Traditional%0Ac:%5Cprogram%20files%5CMozilla%20Firefox%5Cgreprefs%5Call.js%20-%20pref(%22network.IDN.whitelist.xn--kprw13d%22,%20true);%20%20//%20Simplified%0Ac:%5Cprogram%20files%5CMozilla%20Firefox%5Cdefaults%5Cpref%5Cfirefox-l10n.js%20-%20pref(%22browser.fixup.alternate.suffix%22,%20%22.cz%22);%0Ac:%5Cprogram%20files%5CMozilla%20Firefox%5Cdefaults%5Cpref%5Cfirefox.js%20-%20pref(%22dom.ipc.plugins.enabled%22,%20false);%0A.%0A%0A**************************************************************************%0A%0Acatchme%200.3.1398%20W2K/XP/Vista%20-%20rootkit/stealth%20malware%20detector%20by%20Gmer,%20http://www.gmer.net%0ARootkit%20scan%202010-11-12%2023:38%0AWindows%205.1.2600%20Service%20Pack%203%20NTFS%0A%0Askenov%C3%A1n%C3%AD%20skryt%C3%BDch%20proces%C5%AF%20...%20%20%0A%0Askenov%C3%A1n%C3%AD%20skryt%C3%BDch%20polo%C5%BEek%20'Po%20spu%C5%A1t%C4%9Bn%C3%AD'%20...%20%0A%0Askenov%C3%A1n%C3%AD%20skryt%C3%BDch%20soubor%C5%AF%20...%20%20%0A%0Asken%20byl%20%C3%BAspe%C5%A1n%C4%9B%20dokon%C4%8Den%0Askryt%C3%A9%20soubory:%200%0A%0A**************************************************************************%0A%0A%5BHKEY_LOCAL_MACHINE%5CSystem%5CControlSet001%5CServices%5Cvsdatant%5D%0A%22ImagePath%22=%22%22%0A.%0A---------------------%20ZAMKNUT%C3%89%20KL%C3%8D%C4%8CE%20V%20REGISTRU%20---------------------%0A%0A%5BHKEY_USERS%5CS-1-5-21-1801674531-1482476501-1644491937-1003%5CSoftware%5CSecuROM%5C!CAUTION!%20NEVER%20A%20OR%20CHANGE%20ANY%20KEY*%5D%0A%22??%22=hex:e0,69,f1,1a,f2,d8,fe,c8,54,f0,db,2b,16,c4,80,eb,1a,69,40,31,42,6d,4d,%0A%20%20%203d,54,2c,1a,ca,37,26,d3,dd,8f,7e,2c,12,c9,40,63,2a,7f,cc,19,06,60,ab,1b,2d,%5C%0A%22??%22=hex:f1,42,49,73,a4,b4,8b,22,77,dd,69,bc,52,95,ad,ee%0A%0A%5BHKEY_USERS%5CS-1-5-21-1801674531-1482476501-1644491937-1003%5CSoftware%5CSecuROM%5CLicense%20information*%5D%0A%22datasecu%22=hex:20,9e,e9,bc,f0,b4,a4,4e,bc,25,f1,71,bb,55,bd,6f,76,dd,39,f0,09,%0A%20%20%208c,e5,dc,38,4a,fa,9b,21,cb,1d,82,57,69,3e,5c,9f,f6,9d,6e,62,20,8b,9b,79,d7,%5C%0A%22rkeysecu%22=hex:cd,50,d1,e1,eb,4f,07,e4,2e,df,94,c8,20,6a,09,6b%0A.%0A---------------------%20Knihovny%20nav%C3%A1zan%C3%A9%20na%20b%C4%9B%C5%BE%C3%ADc%C3%AD%20procesy%20---------------------%0A%0A-%20-%20-%20-%20-%20-%20-%20%3E%20'winlogon.exe'(540)%0Ac:%5Cwindows%5Csystem32%5CAti2evxx.dll%0A%0A-%20-%20-%20-%20-%20-%20-%20%3E%20'explorer.exe'(2316)%0Ac:%5Cwindows%5Csystem32%5CSSSensor.dll%0A.%0A------------------------%20Jin%C3%A9%20spu%C5%A1ten%C3%A9%20procesy%20------------------------%0A.%0Ac:%5Cprogram%20files%5CAvira%5CAntiVir%20Desktop%5Cavguard.exe%0Ac:%5Cprogram%20files%5CSygate%5CSPF%5Csmc.exe%0Ac:%5Cprogram%20files%5CAvira%5CAntiVir%20Desktop%5Cavshadow.exe%0A.%0A**************************************************************************%0A.%0ACelkov%C3%BD%20%C4%8Das:%202010-11-12%20%2023:44:09%20-%20po%C4%8D%C3%ADta%C4%8D%20byl%20restartov%C3%A1n%0AComboFix-quarantined-files.txt%20%202010-11-12%2022:44%0AComboFix2.txt%20%202010-11-12%2019:43%0AComboFix3.txt%20%202010-11-11%2020:57%0A%0AP%C5%99ed%20spu%C5%A1t%C4%9Bn%C3%ADm:%20Voln%C3%BDch%20bajt%C5%AF:%2011%C2%A0081%C2%A0629%C2%A0696%0APo%20spu%C5%A1t%C4%9Bn%C3%AD:%20Voln%C3%BDch%20bajt%C5%AF:%2011%C2%A0073%C2%A0937%C2%A0408%0A%0A-%20-%20End%20Of%20File%20-%20-%20655163401071B6F988B0CA05DEB9AAE9%0A%0A%0ALog%20%20z%20HiJackThis%20%0A%0ALogfile%20of%20Trend%20Micro%20HijackThis%20v2.0.4%0AScan%20saved%20at%2023:56:34,%20on%2012.11.2010%0APlatform:%20Windows%20XP%20SP3%20(WinNT%205.01.2600)%0AMSIE:%20Internet%20Explorer%20v6.00%20SP3%20(6.00.2900.5512)%0ABoot%20mode:%20Normal%0A%0ARunning%20processes:%0AC:%5CWINDOWS%5CSystem32%5Csmss.exe%0AC:%5CWINDOWS%5Csystem32%5Cwinlogon.exe%0AC:%5CWINDOWS%5Csystem32%5Cservices.exe%0AC:%5CWINDOWS%5Csystem32%5Clsass.exe%0AC:%5CWINDOWS%5Csystem32%5Csvchost.exe%0AC:%5CWINDOWS%5CSystem32%5Csvchost.exe%0AC:%5CWINDOWS%5Csystem32%5Cspoolsv.exe%0AC:%5CProgram%20Files%5CAvira%5CAntiVir%20Desktop%5Csched.exe%0AC:%5CProgram%20Files%5CAvira%5CAntiVir%20Desktop%5Cavguard.exe%0AC:%5CProgram%20Files%5CSygate%5CSPF%5Csmc.exe%0AC:%5CProgram%20Files%5CAvira%5CAntiVir%20Desktop%5Cavshadow.exe%0AC:%5CProgram%20Files%5CAvira%5CAntiVir%20Desktop%5Cavgnt.exe%0AC:%5CWINDOWS%5Cexplorer.exe%0AC:%5CProgram%20Files%5CMozilla%20Firefox%5Cfirefox.exe%0AC:%5CProgram%20Files%5CMozilla%20Firefox%5Cplugin-container.exe%0AC:%5CProgram%20Files%5CHiJackThis%5CTrend%20Micro%5CHiJackThis%5CHiJackThis.exe%0A%0AR1%20-%20HKLM%5CSoftware%5CMicrosoft%5CInternet%20Explorer%5CMain,Default_Page_URL%20=%20http://go.microsoft.com/fwlink/?LinkId=69157%0AR1%20-%20HKLM%5CSoftware%5CMicrosoft%5CInternet%20Explorer%5CMain,Default_Search_URL%20=%20http://go.microsoft.com/fwlink/?LinkId=54896%0AR1%20-%20HKLM%5CSoftware%5CMicrosoft%5CInternet%20Explorer%5CMain,Search%20Page%20=%20http://go.microsoft.com/fwlink/?LinkId=54896%0AR0%20-%20HKCU%5CSoftware%5CMicrosoft%5CInternet%20Explorer%5CToolbar,LinksFolderName%20=%20Odkazy%0AO2%20-%20BHO:%20Java(tm)%20Plug-In%202%20SSV%20Helper%20-%20%7BDBC80044-A445-435b-BC74-9C25C1C588A9%7D%20-%20C:%5CProgram%20Files%5CJava%5Cjre6%5Cbin%5Cjp2ssv.dll%0AO2%20-%20BHO:%20JQSIEStartDetectorImpl%20-%20%7BE7E6F031-17CE-4C07-BC86-EABFE594F69C%7D%20-%20C:%5CProgram%20Files%5CJava%5Cjre6%5Clib%5Cdeploy%5Cjqs%5Cie%5Cjqs_plugin.dll%0AO4%20-%20HKLM%5C..%5CRun:%20%5BSmcService%5D%20C:%5CPROGRA~1%5CSygate%5CSPF%5Csmc.exe%20-startgui%0AO4%20-%20HKLM%5C..%5CRun:%20%5Bavgnt%5D%20%22C:%5CProgram%20Files%5CAvira%5CAntiVir%20Desktop%5Cavgnt.exe%22%20/min%0AO4%20-%20HKUS%5CS-1-5-18%5C..%5CRun:%20%5BCTFMON.EXE%5D%20C:%5CWINDOWS%5Csystem32%5Cctfmon.exe%20(User%20'SYSTEM')%0AO4%20-%20HKUS%5C.DEFAULT%5C..%5CRun:%20%5BCTFMON.EXE%5D%20C:%5CWINDOWS%5Csystem32%5Cctfmon.exe%20(User%20'Default%20user')%0AO6%20-%20HKCU%5CSoftware%5CPolicies%5CMicrosoft%5CInternet%20Explorer%5CToolbars%5CRestrictions%20present%0AO9%20-%20Extra%20button:%20(no%20name)%20-%20%7Be2e2dd38-d088-4134-82b7-f2ba38496583%7D%20-%20C:%5CWINDOWS%5CNetwork%20Diagnostic%5Cxpnetdiag.exe%0AO9%20-%20Extra%20'Tools'%20menuitem:%20@xpsp3res.dll,-20001%20-%20%7Be2e2dd38-d088-4134-82b7-f2ba38496583%7D%20-%20C:%5CWINDOWS%5CNetwork%20Diagnostic%5Cxpnetdiag.exe%0AO18%20-%20Protocol:%20skype4com%20-%20%7BFFC8B962-9B40-4DFF-9458-1830C7DD7F5D%7D%20-%20C:%5CPROGRA~1%5CCOMMON~1%5CSkype%5CSKYPE4~1.DLL%0AO22%20-%20SharedTaskScheduler:%20Browseui%20preloader%20-%20%7B438755C2-A8BA-11D1-B96B-00A0C90312E1%7D%20-%20C:%5CWINDOWS%5Csystem32%5Cbrowseui.dll%0AO22%20-%20SharedTaskScheduler:%20Proces%20mezipam%C4%9Bti%20kategori%C3%AD%20sou%C4%8D%C3%A1st%C3%AD%20-%20%7B8C7461EF-2B13-11d2-BE35-3078302C2030%7D%20-%20C:%5CWINDOWS%5Csystem32%5Cbrowseui.dll%0AO23%20-%20Service:%20Avira%20AntiVir%20Scheduler%20(AntiVirSchedulerService)%20-%20Avira%20GmbH%20-%20C:%5CProgram%20Files%5CAvira%5CAntiVir%20Desktop%5Csched.exe%0AO23%20-%20Service:%20Avira%20AntiVir%20Guard%20(AntiVirService)%20-%20Avira%20GmbH%20-%20C:%5CProgram%20Files%5CAvira%5CAntiVir%20Desktop%5Cavguard.exe%0AO23%20-%20Service:%20ClipSrv%20-%20Unknown%20owner%20-%20C:%5CWINDOWS%5Csystem32%5Cclipsrv.exe%20(file%20missing)%0AO23%20-%20Service:%20InstallDriver%20Table%20Manager%20(IDriverT)%20-%20Macrovision%20Corporation%20-%20C:%5CProgram%20Files%5CCommon%20Files%5CInstallShield%5CDriver%5C1050%5CIntel%2032%5CIDriverT.exe%0AO23%20-%20Service:%20iPod%20Service%20-%20Apple%20Inc.%20-%20C:%5CProgram%20Files%5CiPod%5Cbin%5CiPodService.exe%0AO23%20-%20Service:%20Sygate%20Personal%20Firewall%20Pro%20(SmcService)%20-%20Sygate%20Technologies,%20Inc.%20-%20C:%5CProgram%20Files%5CSygate%5CSPF%5Csmc.exe%0AO23%20-%20Service:%20UPS%20-%20Unknown%20owner%20-%20C:%5CWINDOWS%5CSystem32%5Cups.exe%20(file%20missing)%0A%0A--%0AEnd%20of%20file%20-%203450%20bytes%0A%0A%5Bsize=85%5D%5Bcolor=#FF0000%5D//%20P%C5%99%C3%ADsp%C4%9Bvky%20slou%C4%8Deny.%0A//%20Pokud%20chce%C5%A1%20n%C4%9Bco%20dodat%20a%20je%C5%A1t%C4%9B%20nikdo%20po%20tob%C4%9B%20nep%C5%99isp%C4%9Bl,%20pou%C5%BEij%20tla%C4%8D%C3%ADtko%20%3E%3E%20%5Bi%5DUpravit%5B/i%5D%20%3C%3C%20a%20sv%C5%AFj%20p%C5%99%C3%ADsp%C4%9Bvek%20dopl%C5%88.%20D%C3%ADky.%0A//mike007%5B/color%5D%5B/size%5D"

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.10.28 19:09:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.11.18 19:08:37 | 000,000,000 | ---D | M]

[2010.02.16 11:30:23 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\Mozilla\Extensions
[2010.02.16 11:30:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mike\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010.11.19 21:48:24 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\757v9wke.default\extensions
[2010.10.29 03:50:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\757v9wke.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2010.05.05 21:06:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\757v9wke.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010.03.08 12:35:43 | 000,000,000 | ---D | M] (Live PageRank) -- C:\Users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\757v9wke.default\extensions\{8061ddcf-3632-4287-8d8a-133e219ae838}
[2010.10.14 20:18:04 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\757v9wke.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.08.27 20:28:11 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\757v9wke.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.10.14 20:18:04 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\757v9wke.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010.06.25 05:37:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\757v9wke.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2010.06.04 14:59:56 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\757v9wke.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010.04.08 23:55:43 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\757v9wke.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010.10.14 20:18:04 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\757v9wke.default\extensions\cs@dictionaries.addons.mozilla.org
[2010.02.16 12:04:19 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\Mozilla\Firefox\Profiles\757v9wke.default\extensions\externalip@erik.morlin
[2010.11.19 21:48:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010.10.28 19:09:32 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010.04.25 18:51:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.09 06:49:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.15 08:44:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.10.28 19:09:31 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browserdirprovider.dll
[2010.10.28 19:09:31 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\brwsrcmp.dll
[2010.09.15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2009.06.25 12:20:28 | 001,446,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
[2010.10.28 19:09:31 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npnul32.dll
[2006.10.26 20:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
[2010.11.06 11:37:34 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
[2010.09.23 20:00:05 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
[2010.09.23 20:00:05 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
[2010.09.23 20:00:05 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
[2010.09.23 20:00:05 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
[2010.09.23 20:00:06 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
[2010.09.23 20:00:06 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
[2010.09.23 20:00:06 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
[2007.03.10 00:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npyaxmpb.dll
[2010.03.29 07:53:22 | 000,032,576 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\np_gp.dll
[2010.01.16 01:50:40 | 000,002,371 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\google.xml
[2010.01.16 01:50:40 | 000,000,638 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.01.16 01:50:40 | 000,001,687 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.01.16 01:50:40 | 000,001,367 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.01.16 01:50:40 | 000,000,654 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.01.16 01:50:40 | 000,001,179 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-cz.xml

[mike007]

OTL 2.část

O1 HOSTS File: ([2010.04.03 20:09:55 | 000,000,808 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Diamondback] C:\Program Files (x86)\Razer\Diamondback\Razer\Diamondback\razerhid.exe ()
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [razer] C:\Program Files (x86)\Razer\razerhid.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [EPSON Stylus DX4400 Series] C:\Windows\SysWow64\spool\DRIVERS\x64\3\E_IATICAE.EXE File not found
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\SysWow64\StikyNot.exe File not found
O4 - HKCU..\Run: [Seznam Postak] C:\Users\mike\AppData\Local\Seznam.cz\postak.exe ()
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SJelite3Launch] C:\Users\mike\AppData\Roaming\Transcend\SJelite3\SJelite3Launch.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.27.254.250
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\SYSTEM32\Userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[mike007]

OTL 3.část

========== Files/Folders - Created Within 30 Days ==========

[2010.11.20 19:59:22 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\mike\Desktop\OTL.exe
[2010.11.20 16:11:11 | 000,000,000 | ---D | C] -- C:\Users\mike\Desktop\Half life 2
[2010.11.20 16:10:50 | 000,000,000 | ---D | C] -- C:\Windows\LastGood
[2010.11.20 08:36:25 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\Transcend
[2010.11.13 04:56:47 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_5.dll
[2010.11.13 04:56:47 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2010.11.13 04:56:46 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_42.dll
[2010.11.13 04:56:46 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
[2010.11.13 04:56:46 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll
[2010.11.13 04:56:46 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_5.dll
[2010.11.13 04:56:45 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_42.dll
[2010.11.13 04:56:45 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll
[2010.11.13 04:56:44 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_42.dll
[2010.11.13 04:56:44 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2010.11.13 04:56:44 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2010.11.13 04:56:44 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2010.11.13 04:56:44 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_42.dll
[2010.11.13 04:56:44 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll
[2010.11.13 04:56:43 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_41.dll
[2010.11.13 04:56:43 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_41.dll
[2010.11.13 04:56:43 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_41.dll
[2010.11.13 04:56:43 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_41.dll
[2010.11.13 04:56:42 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_41.dll
[2010.11.13 04:56:42 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll
[2010.11.13 04:56:42 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll
[2010.11.13 04:56:42 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll
[2010.11.13 04:56:42 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_4.dll
[2010.11.13 04:56:42 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll
[2010.11.13 04:56:42 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll
[2010.11.13 04:56:42 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll
[2010.11.13 04:56:42 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll
[2010.11.13 04:56:42 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_4.dll
[2010.11.13 04:56:42 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll
[2010.11.13 04:56:42 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2010.11.13 04:56:42 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_6.dll
[2010.11.13 04:56:42 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll
[2010.11.13 04:56:41 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll
[2010.11.13 04:56:41 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2010.11.13 04:56:40 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_3.dll
[2010.11.13 04:56:40 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll
[2010.11.13 04:56:40 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll
[2010.11.13 04:56:40 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
[2010.11.13 04:56:40 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll
[2010.11.13 04:56:40 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll
[2010.11.13 04:56:40 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll
[2010.11.13 04:56:40 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_3.dll
[2010.11.13 04:56:40 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_2.dll
[2010.11.13 04:56:40 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll
[2010.11.13 04:56:40 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll
[2010.11.13 04:56:40 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2010.11.13 04:56:40 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_5.dll
[2010.11.13 04:56:40 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll
[2010.11.13 04:56:39 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll
[2010.11.13 04:56:39 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2010.11.13 04:56:39 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll
[2010.11.13 04:56:39 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2010.11.13 04:56:39 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll
[2010.11.13 04:56:39 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_1.dll
[2010.11.13 04:56:39 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll
[2010.11.13 04:56:39 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2010.11.13 04:56:39 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_0.dll
[2010.11.13 04:56:39 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll
[2010.11.13 04:56:38 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_38.dll
[2010.11.13 04:56:38 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll
[2010.11.13 04:56:38 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_38.dll
[2010.11.13 04:56:38 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll
[2010.11.13 04:56:38 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll
[2010.11.13 04:56:38 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_1.dll
[2010.11.13 04:56:38 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_4.dll
[2010.11.13 04:56:38 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll
[2010.11.13 04:56:37 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_38.dll
[2010.11.13 04:56:37 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll
[2010.11.13 04:56:37 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_37.dll
[2010.11.13 04:56:37 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll
[2010.11.13 04:56:37 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_37.dll
[2010.11.13 04:56:37 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_0.dll
[2010.11.13 04:56:37 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll
[2010.11.13 04:56:37 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll
[2010.11.13 04:56:37 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll
[2010.11.13 04:56:37 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_0.dll
[2010.11.13 04:56:37 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_3.dll
[2010.11.13 04:56:37 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll
[2010.11.13 04:56:36 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_37.dll
[2010.11.13 04:56:36 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll
[2010.11.13 04:56:36 | 000,411,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_10.dll
[2010.11.13 04:56:36 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_10.dll
[2010.11.13 04:56:35 | 005,081,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_36.dll
[2010.11.13 04:56:35 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_36.dll
[2010.11.13 04:56:35 | 002,006,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_36.dll
[2010.11.13 04:56:35 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_36.dll
[2010.11.13 04:56:35 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_36.dll
[2010.11.13 04:56:35 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_36.dll
[2010.11.13 04:56:35 | 000,411,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_9.dll
[2010.11.13 04:56:35 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll
[2010.11.13 04:56:34 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_35.dll
[2010.11.13 04:56:34 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll
[2010.11.13 04:56:34 | 001,985,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_35.dll
[2010.11.13 04:56:34 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll
[2010.11.13 04:56:34 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_35.dll
[2010.11.13 04:56:34 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll
[2010.11.13 04:56:33 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_8.dll
[2010.11.13 04:56:33 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll
[2010.11.13 04:56:33 | 000,021,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_2.dll
[2010.11.13 04:56:33 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_2.dll
[2010.11.12 16:41:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2010.11.12 11:22:13 | 000,000,000 | ---D | C] -- C:\Users\mike\Documents\NetXfer
[2010.11.12 11:21:28 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\Xi
[2010.10.30 08:09:10 | 000,000,000 | ---D | C] -- C:\Users\mike\AppData\Roaming\Merscom
[2010.10.30 08:09:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Merscom
[2010.10.27 18:19:08 | 000,029,208 | ---- | C] (Gili Soft INC.) -- C:\Windows\SysNative\drivers\usedisk.sys
[2010.10.27 18:19:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GiliSoft
[2010.02.20 21:34:35 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\mike\AppData\Roaming\pcouffin.sys
[10 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.11.20 19:59:25 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\mike\Desktop\OTL.exe
[2010.11.20 19:38:00 | 000,000,948 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.11.20 19:01:04 | 000,000,154 | ---- | M] () -- C:\Users\mike\Desktop\kontrola logu.url
[2010.11.20 18:51:55 | 000,044,581 | ---- | M] () -- C:\Users\mike\Desktop\Anti_double_post_v2.0.3.zip
[2010.11.20 18:34:36 | 000,001,755 | ---- | M] () -- C:\Windows\WDICT32.INI
[2010.11.20 18:00:00 | 000,000,464 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration.job
[2010.11.20 16:19:24 | 000,000,792 | ---- | M] () -- C:\Users\mike\Desktop\half life 2.lnk
[2010.11.20 16:16:22 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.11.20 16:16:22 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.11.20 16:13:48 | 001,473,146 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.11.20 16:13:48 | 000,631,116 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2010.11.20 16:13:48 | 000,615,760 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.11.20 16:13:48 | 000,123,556 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2010.11.20 16:13:48 | 000,107,396 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.11.20 16:00:45 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.11.20 16:00:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.11.20 16:00:26 | 3217,678,336 | -HS- | M] () -- C:\hiberfil.sys
[2010.11.19 22:03:12 | 000,034,308 | ---- | M] () -- C:\Windows\SysWow64\BASSMOD.dll
[2010.11.18 04:29:26 | 002,301,648 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.11.17 15:43:32 | 000,285,123 | ---- | M] () -- C:\Users\mike\Desktop\samolepka-návrh.psd
[2010.11.15 08:44:32 | 000,067,072 | ---- | M] () -- C:\Users\mike\Desktop\plavání a kondiciogram.xls
[2010.11.12 17:32:34 | 000,004,688 | ---- | M] () -- C:\Windows\WINCMD.INI
[2010.11.12 17:03:20 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2010.11.11 16:19:31 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdRapi2_01_00_00.Wdf
[2010.10.31 11:39:59 | 000,002,951 | ---- | M] () -- C:\Windows\WTRAN32.INI
[2010.10.27 18:19:08 | 000,029,208 | ---- | M] (Gili Soft INC.) -- C:\Windows\SysNative\drivers\usedisk.sys
[10 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.11.20 19:00:58 | 000,000,154 | ---- | C] () -- C:\Users\mike\Desktop\kontrola logu.url
[2010.11.20 18:51:55 | 000,044,581 | ---- | C] () -- C:\Users\mike\Desktop\Anti_double_post_v2.0.3.zip
[2010.11.20 16:16:38 | 000,000,792 | ---- | C] () -- C:\Users\mike\Desktop\half life 2.lnk
[2010.11.19 22:03:12 | 000,034,308 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
[2010.11.17 14:02:15 | 000,285,123 | ---- | C] () -- C:\Users\mike\Desktop\samolepka-návrh.psd
[2010.11.11 16:19:31 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdRapi2_01_00_00.Wdf
[2010.07.20 16:41:09 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010.06.10 07:58:25 | 000,001,736 | ---- | C] () -- C:\ProgramData\__wdump.txt
[2010.04.24 13:56:15 | 001,496,428 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.04.24 06:48:37 | 000,089,922 | ---- | C] () -- C:\Users\mike\AppData\Roaming\preview.html
[2010.04.05 13:44:10 | 000,002,516 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010.04.05 13:44:10 | 000,000,008 | RHS- | C] () -- C:\ProgramData\6E2DA673AC.sys
[2010.03.03 17:31:11 | 000,011,776 | ---- | C] () -- C:\Users\mike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.02.24 12:43:35 | 000,000,328 | ---- | C] () -- C:\Windows\game.ini
[2010.02.21 14:15:41 | 000,002,951 | ---- | C] () -- C:\Windows\WTRAN32.INI
[2010.02.20 21:34:40 | 000,000,034 | ---- | C] () -- C:\Users\mike\AppData\Roaming\pcouffin.log
[2010.02.20 21:34:35 | 000,099,384 | ---- | C] () -- C:\Users\mike\AppData\Roaming\inst.exe
[2010.02.20 21:34:35 | 000,007,859 | ---- | C] () -- C:\Users\mike\AppData\Roaming\pcouffin.cat
[2010.02.20 21:34:35 | 000,001,167 | ---- | C] () -- C:\Users\mike\AppData\Roaming\pcouffin.inf
[2010.02.20 16:07:32 | 000,001,755 | ---- | C] () -- C:\Windows\WDICT32.INI
[2010.02.20 15:27:26 | 000,000,342 | ---- | C] () -- C:\Windows\wcx_ftp.ini
[2010.02.20 15:25:46 | 000,004,688 | ---- | C] () -- C:\Windows\WINCMD.INI
[2010.02.20 14:04:59 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2010.02.17 12:13:57 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys
[2010.02.17 07:02:56 | 000,007,605 | ---- | C] () -- C:\Users\mike\AppData\Local\Resmon.ResmonCfg
[2010.02.16 12:58:55 | 000,210,032 | ---- | C] () -- C:\Windows\SysWow64\DBCLIENT.DLL
[2010.02.16 11:36:18 | 000,000,026 | ---- | C] () -- C:\Windows\CDE DX4400DEFGIPS.ini
[2010.02.14 21:23:05 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2006.02.09 09:53:28 | 000,042,828 | ---- | C] () -- C:\Windows\php.ini
[2006.01.23 15:12:54 | 000,000,776 | ---- | C] () -- C:\Windows\my.ini
[2006.01.11 17:15:20 | 001,069,056 | ---- | C] () -- C:\Windows\SysWow64\libmysql.dll
[2005.10.14 11:56:50 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2005.10.14 11:56:50 | 000,921,600 | ---- | C] () -- C:\Windows\SysWow64\VorbisEnc.dll
[2005.10.14 11:56:50 | 000,761,856 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2005.10.14 11:56:50 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\xvid.dll
[2005.10.14 11:56:50 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\OggDS.dll
[2005.10.14 11:56:50 | 000,188,416 | ---- | C] () -- C:\Windows\SysWow64\vorbis.dll
[2005.10.14 11:56:50 | 000,155,136 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2005.10.14 11:56:50 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\ogg.dll

========== LOP Check ==========

[2010.02.18 20:26:51 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\123 Free Solitaire
[2010.05.02 10:52:54 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\ALoader.4B20135A7DFE1EFD9E3F2D85BC270425EC80F48F.1
[2010.09.07 10:21:09 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\Cool Record Edit Pro
[2010.02.24 10:39:47 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\EPSON
[2010.06.13 20:04:50 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\Facebook
[2010.05.05 21:23:10 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\GARMIN
[2010.04.24 06:48:35 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\GSBuilder
[2010.02.19 06:55:48 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\IrfanView
[2010.10.30 08:09:10 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\Merscom
[2010.06.27 12:18:24 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\Nvu
[2010.09.09 14:46:34 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\Publish Providers
[2010.09.09 20:09:24 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\Sony
[2010.10.10 10:23:28 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\TeamViewer
[2010.11.20 08:36:25 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\Transcend
[2010.10.26 15:11:44 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\Vso
[2010.11.12 11:21:28 | 000,000,000 | ---D | M] -- C:\Users\mike\AppData\Roaming\Xi
[2010.11.20 18:00:00 | 000,000,464 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration.job
[2010.11.12 19:07:04 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 24 bytes -> C:\Windows:ECBB7A89262CE9ED

< End of report >

[jaro3]

Extras.Txt---ten tam nebyl??

Ta prostřední část----ta je divná , skutečně byl ten log takovýto?

Co tam dělá toto?
ComboFix.
CFScript
Avira---zkus odinstalovat , ale asi nepůjde.


Stáhni si TFC
Otevři soubor a zavři všechny ostatní okna, Klikni na Start k zahájení procesu. Program by neměl trvat dlouho.
Poté by se měl PC restartovat, pokud ne , proveď sám.

Zkus odinstalovat Combofix:
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Stáhni si Security Check by screen317 z některého odkazu
http://screen317.spywareinfoforum.org/SecurityCheck.exe
http://screen317.changelog.fr/SecurityCheck.exe

ulož si ho na plochu, poklepej na něj a postupuj podle instrukcí v černém okně. Potom se automaticky otevře pozn. Blok, bude mít název checkup.txt. Jeho obsah sem prosím zkopíruj.

odeber ostatní javy v přidat/odebrat programy, ponech jen verzi:
1.6.0_22


Poklepej na ikonu OTL na ploše.Ujisti se , že máš všechny ostatní aplikace a prohlížeče zavřeny.
Pod Vlastní skenování/opravy do okénka vlož následující text, zobrazený zeleně:

Kód: Vybrat vše

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
O1 HOSTS File: ([2010.04.03 20:09:55 | 000,000,808 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O4 - HKCU..\Run: [EPSON Stylus DX4400 Series] C:\Windows\SysWow64\spool\DRIVERS\x64\3\E_IATICAE.EXE File not found
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\SysWow64\StikyNot.exe File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
[2010.11.20 16:13:48 | 000,631,116 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2010.11.20 16:13:48 | 000,615,760 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.11.20 16:13:48 | 000,123,556 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2010.11.20 16:13:48 | 000,107,396 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
@Alternate Data Stream - 24 bytes -> C:\Windows:ECBB7A89262CE9ED

:Files
C:\WINDOWS\System32\*.tmp
C:\WINDOWS\*.tmp
C:\WINDOWS\system32\*.tmp.dll
C:\WINDOWS\system32\SET*.tmp
c:\windows\Tasks\*.job
C:\*.tmp
C:\Documents and Settings\All Users\Data aplikací\*.tmp
C:\Windows\SysNative\drivers\*.tmp
C:\Windows\SysWow64\drivers\*.tmp
C:\Program Files (x86)\*.tmp
C:\Windows\SysWow64\*.tmp
C:\Windows\SysNative\*.tmp
C:\ProgramData\KGyGaAvL.sys
C:\ProgramData\6E2DA673AC.sys
C:\Users\mike\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Users\mike\AppData\Roaming\inst.exe

:Reg
:Commands
[resethosts]
[purity]
[emptytemp]
[start explorer]
[Reboot]

Poté klikni nahoře na Opravit. Nech program nerušeně běžet, na konci se provede restart PC.
Po restartu se objeví log , prosím zkopíruj sem celý jeho obsah.

[mike007]

Extras.txt se vůbec nevytvořil. Log z OTL.txt je přesně takový jaký vidíš zde.

Combofix a CFScript mi v počítači pravděpodobně zůstal po poslední kontrole. Avira nevím co je. V seznamu programů nic takového nevidím.
Combofix tím příkazem nelze smazat, prý neexistuje.

Musím teď vypadnout. Za hodinu se vrátím a juknu na ty Javy, SecurityCheck a OTL. Zatím díkas.