Kontrola logu

Jaros · Příspěvekod **Jaros** » 21 srp 2009 12:33

Zdravím,

prosím o kontrolu logu. Nedaří se mně aktualizace Windowsů (Vista Home Premium). Normálně se mi aktualizace instalují bez problému, pak je restart -probíhá konfigurace aktualizací - 1/3, 2/3 - skončí to tak u 2/3 dokončeno 0% - potom ale skočí hláška...aktualizace nebyly správně nakonfigurovány počítač vrací zpět změny čekejte prosím nevypínejte počítač. Stahuje se třeba 20 minut 54 aktualizací a pak to stejně vrací zpět, co s tím?

Měl jsem předtím tento problém - viz téma ze včerejška: Chtěl jsem nahodit Alcohol 120% na vytvoření virtuální mechaniky, ale někde nastal kolaps. Po instalaci se to restartovalo a prakticky je to kolotoč. Vyjede tam modrá obrazovka, kde je něco napsáno o potížích ohledně změny sofwaru a hardwaru, pak tam jede nějaký krátký scan a restart znova. Nedostanu se do ani přes nouzový režim. Jak to stabilizovat a vyhodit ten Alcohol?

F8-poslední známá funkční konfigurace - nepomůže. hodil jsem do pc instalační DVD Vist, ale píše mně to max. kam chcete operační systém nainstalovat. Nevidím nikde možnosti opravit či něco podobného... je tam oddíl C - příkazy aktualizovat, odstranit, naformátovat, nový, aktualizovat ovladač a nic jinýho?

-> na DVD recovery jsem nenašel nic co by dělalo opravu či něco podobného. Startuje klasická instalace, nahodil jsem to tedy znova, původní (záloha) či co to je je na disku ve složce Windows.old. Teď zase mně to dělá takový zmatky, zasílám tedy log, jestli tam něco nějaký bordel a samozřejmě prosím o rady.

LOG z HJT:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:22:08, on 21.8.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\TO2SSM\McciTrayApp.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\conime.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TO2SSM_McciTrayApp] C:\Program Files\TO2SSM\McciTrayApp.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\F-Secure\ORSP Client\fsorsp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe

--
End of file - 5047 bytes

Reklama

Jaros · Příspěvekod **Jaros** » 21 srp 2009 12:42

Log z MBAM:

Malwarebytes' Anti-Malware 1.40
Verze databáze: 2668
Windows 6.0.6001 Service Pack 1

21.8.2009 12:41:48
mbam-log-2009-08-21 (12-41-48).txt

Typ skenu: Rychlý sken
Objektu skenováno: 82669
Uplynulý cas: 2 minute(s), 33 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 0
Infikované hodnoty registru: 0
Infikované položky dat registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované hodnoty registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
(Žádné zákerné položky nebyly zjišteny)

Infikované soubory:
(Žádné zákerné položky nebyly zjišteny)

Příspěvekod **jaro3** » 21 srp 2009 12:53

Vypni rez. ochrany a firewall u F-Secure
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

Jaros · Příspěvekod **Jaros** » 21 srp 2009 13:13

Kuš, teď mně to nepustí do žádného programu. IE, Mozilla, aoubor na ploše.

Píše to: Pokus použít neplatnou operaci na klíč, který je označen na odstranění. To se mně moc nelíbí. :(

Teď jsem musel na jiný komp, z toho se nikam nedostanu.

LOG:

ComboFix 09-08-20.06 - Jarek 21.08.2009 12:59.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1250.420.1029.18.3582.2660 [GMT 2:00]
Spuštěný z: c:\users\Jarek\Downloads\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((( Soubory vytvořené od 2009-07-21 do 2009-08-21 )))))))))))))))))))))))))))))))
.

2009-08-21 10:55 . 2009-08-21 10:55 -------- d-----w- c:\users\Jarek\AppData\Roaming\F-Secure
2009-08-21 10:38 . 2009-08-21 10:38 -------- d-----w- c:\users\Jarek\AppData\Roaming\Malwarebytes
2009-08-21 10:38 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-21 10:38 . 2009-08-21 10:38 -------- d-----w- c:\programdata\Malwarebytes
2009-08-21 10:38 . 2009-08-21 10:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-21 10:38 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-21 10:21 . 2009-08-21 10:21 -------- d-----w- c:\program files\Trend Micro
2009-08-21 09:52 . 2009-08-21 09:52 -------- d-----w- C:\$WINDOWS.~BT
2009-08-20 20:13 . 2009-08-20 20:16 -------- d-----w- c:\users\Jarek\AppData\Roaming\Zoner
2009-08-20 20:09 . 2006-10-26 17:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2009-08-20 20:08 . 2009-08-20 20:08 -------- d-----w- c:\program files\Microsoft Works
2009-08-20 20:07 . 2009-08-20 20:07 -------- d-----w- c:\windows\PCHEALTH
2009-08-20 20:07 . 2009-08-20 20:07 -------- d-----w- c:\program files\Microsoft.NET
2009-08-20 20:05 . 2009-08-20 20:05 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-08-20 20:04 . 2009-08-20 20:04 -------- d-----w- c:\users\Jarek\AppData\Local\Microsoft Help
2009-08-20 20:04 . 2009-08-20 20:10 -------- d-----w- c:\programdata\Microsoft Help
2009-08-20 19:49 . 2009-08-20 19:49 -------- d-----w- c:\users\Jarek\AppData\Roaming\Ashampoo
2009-08-20 19:49 . 2009-08-20 19:49 -------- d-----w- c:\users\Jarek\AppData\Local\ashampoo
2009-08-20 19:49 . 2009-08-20 19:49 -------- d-----w- c:\programdata\ashampoo
2009-08-20 19:49 . 2009-08-20 19:49 -------- d-----w- c:\program files\Ashampoo
2009-08-20 18:41 . 2008-02-17 15:16 90112 ----a-w- c:\users\Jarek\AppData\Roaming\Mozilla\Firefox\Profiles\k6ty5oug.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
2009-08-20 18:41 . 2007-12-28 09:15 172032 ----a-w- c:\users\Jarek\AppData\Roaming\Mozilla\Firefox\Profiles\k6ty5oug.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\puttygen.exe
2009-08-20 18:41 . 2007-10-07 23:57 307200 ----a-w- c:\users\Jarek\AppData\Roaming\Mozilla\Firefox\Profiles\k6ty5oug.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\psftp.exe
2009-08-20 18:39 . 2009-08-20 18:39 -------- d-----w- c:\program files\MozBackup
2009-08-20 18:28 . 2009-08-20 18:28 -------- d-----w- c:\users\Jarek\AppData\Local\Mozilla
2009-08-20 14:09 . 2009-08-20 14:21 33920 ----a-w- c:\windows\system32\drivers\fsbts.sys
2009-08-20 14:09 . 2008-12-04 13:57 35552 ----a-w- c:\windows\system32\drivers\fses.sys
2009-08-20 14:08 . 2008-12-04 14:03 572512 ----a-w- c:\windows\system32\msvcp50.dll
2009-08-20 14:08 . 2008-12-04 13:57 70944 ----a-w- c:\windows\system32\drivers\fsdfw.sys
2009-08-20 14:07 . 2009-08-21 05:21 -------- d-----w- c:\program files\F-Secure
2009-08-20 14:05 . 2009-08-20 14:05 -------- d-----w- c:\programdata\fssg
2009-08-20 14:04 . 2009-08-20 14:08 -------- d-----w- c:\programdata\f-secure
2009-08-20 14:01 . 2009-08-20 14:03 -------- d-----w- c:\program files\TO2SSM
2009-08-20 13:58 . 2009-08-20 14:02 -------- d-----w- c:\program files\Common Files\Motive
2009-08-20 13:57 . 2009-08-20 14:03 -------- d-----w- c:\programdata\Motive
2009-08-20 13:57 . 2009-08-20 14:13 -------- d-----w- c:\programdata\NVIDIA
2009-08-20 13:53 . 2007-09-29 14:06 12288 ----a-w- c:\windows\system32\drivers\EIO.sys
2009-08-20 13:53 . 2009-08-20 13:53 -------- d-----w- c:\program files\My Company Name
2009-08-20 13:52 . 2007-09-16 17:07 753664 ----a-w- c:\windows\system32\nvcplui.exe
2009-08-20 13:52 . 2007-09-16 17:07 307200 ----a-w- c:\windows\system32\nvexpbar.dll
2009-08-20 13:52 . 2007-09-16 17:07 1073152 ----a-w- c:\windows\system32\nvcpluir.dll
2009-08-20 13:52 . 2007-09-16 17:07 356352 ----a-w- c:\windows\system32\nvudisp.exe
2009-08-20 13:51 . 2007-09-17 00:38 356352 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-08-20 13:45 . 2009-08-20 13:46 -------- d-----w- c:\users\Jarek\AppData\Local\Adobe
2009-08-20 13:44 . 2009-08-20 13:44 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-20 13:33 . 2009-08-20 13:33 -------- d-----w- c:\program files\Intel
2009-08-20 13:33 . 2008-10-16 21:09 51224 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-20 13:33 . 2008-10-16 21:09 43544 ----a-w- c:\windows\system32\wups2.dll
2009-08-20 13:33 . 2008-10-16 21:13 1809944 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-20 13:33 . 2008-10-16 20:56 1524736 ----a-w- c:\windows\system32\wucltux.dll
2009-08-20 13:33 . 2008-10-16 21:08 34328 ----a-w- c:\windows\system32\wups.dll
2009-08-20 13:33 . 2008-10-16 20:55 83456 ----a-w- c:\windows\system32\wudriver.dll
2009-08-20 13:33 . 2008-10-16 21:12 561688 ----a-w- c:\windows\system32\wuapi.dll
2009-08-20 13:33 . 2008-10-16 12:08 162064 ----a-w- c:\windows\system32\wuwebv.dll
2009-08-20 13:33 . 2008-10-16 11:56 31232 ----a-w- c:\windows\system32\wuapp.exe
2009-08-20 13:32 . 2009-08-20 13:32 -------- d-----w- c:\program files\VIA
2009-08-20 13:32 . 2007-04-11 07:35 331184 ------w- c:\windows\system32\difxapi.dll
2009-08-20 13:32 . 2009-08-20 13:51 -------- d-----w- c:\program files\Common Files\InstallShield
2009-08-20 13:32 . 2009-08-20 20:10 -------- d-sh--w- c:\windows\Installer
2009-08-20 13:31 . 2008-08-06 08:26 9728 ----a-w- c:\windows\system32\RtNicProp32.dll
2009-08-20 13:31 . 2008-08-06 08:26 124928 ----a-w- c:\windows\system32\drivers\Rtlh86.sys
2009-08-20 13:31 . 2009-08-20 13:31 -------- d-----w- c:\program files\Realtek
2009-08-20 13:31 . 2009-08-20 14:19 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-20 13:31 . 2009-08-20 13:31 -------- d-----w- c:\users\Jarek\AppData\Roaming\InstallShield
2009-08-20 13:31 . 2006-10-18 13:44 7680 ----a-w- c:\windows\system32\drivers\ASACPI.sys
2009-08-20 13:23 . 2009-08-20 13:23 737280 ----a-w- c:\windows\iun6002.exe
2009-08-20 13:23 . 2009-08-20 13:23 -------- d-----w- c:\program files\Codec Pack - All In 1
2009-08-20 13:22 . 2009-08-20 13:22 552 ----a-w- c:\users\Jarek\AppData\Local\d3d8caps.dat
2009-08-20 13:13 . 2009-08-20 12:22 -------- d-----w- c:\windows\Panther
2009-08-20 13:08 . 2009-08-20 13:08 -------- d-----w- c:\windows\ConfigSetRoot
2009-08-20 13:02 . 2009-08-20 13:02 -------- d-----w- C:\Windows.old
2009-08-20 12:35 . 2009-08-20 14:03 -------- d-----w- c:\users\Jarek\AppData\Roaming\Motive
2009-08-20 12:34 . 2009-08-20 12:34 -------- d-----w- c:\windows\system32\Macromed
2009-08-20 12:25 . 2009-08-20 12:25 -------- d-sh--we c:\users\Default\Soubory cookie
2009-08-20 12:24 . 2009-08-21 06:28 -------- d-----w- c:\windows\Debug

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-21 10:11 . 2008-01-21 06:46 605774 ----a-w- c:\windows\system32\perfh005.dat
2009-08-21 10:11 . 2008-01-21 06:46 118030 ----a-w- c:\windows\system32\perfc005.dat
2009-08-21 07:18 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-08-21 05:20 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-20 20:20 . 2009-08-20 12:27 99864 ----a-w- c:\users\Jarek\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-20 20:08 . 2006-11-02 12:37 -------- d-----w- c:\program files\MSBuild
2009-08-20 13:37 . 2009-08-20 12:27 680 ----a-w- c:\users\Jarek\AppData\Local\d3d9caps.dat
2009-08-20 12:25 . 2009-08-20 12:25 -------- d-sh--we c:\programdata\Plocha
2009-08-20 12:25 . 2009-08-20 12:25 -------- d-sh--we c:\programdata\Oblíbené položky
2009-08-20 12:25 . 2009-08-20 12:25 -------- d-sh--we c:\programdata\Šablony
2009-08-20 12:25 . 2009-08-20 12:25 -------- d-sh--we c:\programdata\Nabídka Start
2009-08-20 12:25 . 2009-08-20 12:25 -------- d-sh--we c:\programdata\Dokumenty
2009-08-20 12:25 . 2009-08-20 12:25 -------- d-sh--we c:\programdata\Data aplikací
2009-08-20 12:20 . 2009-08-20 12:20 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2008-01-21 2153472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-16 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-16 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-16 81920]
"TO2SSM_McciTrayApp"="c:\program files\TO2SSM\McciTrayApp.exe" [2008-08-15 1473536]
"F-Secure Manager"="c:\program files\F-Secure\Common\FSM32.EXE" [2008-12-04 182936]
"F-Secure TNB"="c:\program files\F-Secure\FSGUI\TNBUtil.exe" [2008-12-04 957024]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{403E78B9-E896-441C-981B-B8D0B65D342B}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{C45B6741-E6C1-4E10-907B-51B2EA92FBAD}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{5292FDCF-981F-449B-AD01-587B906741A6}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{71553893-B2DB-435E-A541-6F3D76ED226A}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{D49639AB-9407-46B0-9B01-FA03EF3C6855}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R0 fsbts;fsbts;c:\windows\System32\drivers\fsbts.sys [20.8.2009 16:09 33920]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\F-Secure\HIPS\drivers\fshs.sys [20.8.2009 16:08 67808]
R1 FSES;F-Secure Email Scanning Driver;c:\windows\System32\drivers\fses.sys [20.8.2009 16:09 35552]
R1 FSFW;F-Secure Firewall Driver;c:\windows\System32\drivers\fsdfw.sys [20.8.2009 16:08 70944]
R1 fsvista;F-Secure Vista Support Driver;c:\program files\F-Secure\Anti-Virus\minifilter\fsvista.sys [20.8.2009 16:07 12384]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\F-Secure\Anti-Virus\minifilter\fsgk.sys [20.8.2009 16:07 99960]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\F-Secure\ORSP Client\fsorsp.exe [20.8.2009 16:08 55904]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\F-Secure\Anti-Virus\win2k\fsfilter.sys [20.8.2009 16:07 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\F-Secure\Anti-Virus\win2k\fsrec.sys [20.8.2009 16:07 25184]
.
Obsah adresáře 'Naplánované úlohy'

2009-08-21 c:\windows\Tasks\Scheduled scanning task.job
- c:\progra~1\F-Secure\ANTI-V~1\fsav.exe [2009-08-20 13:57]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\F-Secure\FSPS\program\FSLSP.DLL
FF - ProfilePath - c:\users\Jarek\AppData\Roaming\Mozilla\Firefox\Profiles\k6ty5oug.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=

---- NASTAVENÍ FIREFOXU ----
FF - user.js: capability.policy.policynames - allowclipboard
FF - user.js: capability.policy.allowclipboard.sites - hxxp://www.mozilla.org
FF - user.js: capability.policy.allowclipboard.Clipboard.cutcopy - allAccess
FF - user.js: capability.policy.allowclipboard.Clipboard.paste - allAccessc:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-21 13:02
Windows 6.0.6001 Service Pack 1 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
Celkový čas: 2009-08-21 13:04
ComboFix-quarantined-files.txt 2009-08-21 11:04

Před spuštěním: Volných bajtů: 379 237 552 128
Po spuštění: Volných bajtů: 379 219 587 072

227 --- E O F --- 2009-08-21 07:14

Příspěvekod **jaro3** » 21 srp 2009 13:23

To vypadá na chyby HW a nebo na chybu systému....

Stáhni si program OTM (by OldTimer)
http://www.edisk.cz/stahni/07995/OTMove ... .39KB.html
a ulož si ho na disk C a spusť ho.
- Do levého sloupce (Paste Instructions for Items to be Moved) zkopíruj tyto cesty:
Poznámka: Nepoužij k označení funkci VYBRAT VŠE

Kód: Vybrat vše

:Processes
explorer.exe

:Services

:Reg

:Files
c:\users\Jarek\AppData\Local\d3d8caps.dat
c:\users\Jarek\AppData\Local\d3d9caps.dat

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

- Po zkopírování klikni na tlačítko MoveIt! a vlož sem následně celý obsah z pravého sloupce, jinak uložený ve složce C:\_OTMoveIt\MovedFiles\, který bude informovat o výsledcích
- Je možné, že pokud nebudou moci být soubory odstraněny, budeš dotázán na restart počítače, v tom případě restart potvrď.

Pokud budou problémy, vlož instalačku win do mechaniky , restartuj, drž Del, v Biosu navol boot z CD/DVD-boot z cd pokračujte libovolnou klávesou, nějakou stiskni.
Na výběr budeš mít Opravit systém a pak:
Nástroj Obnovení systému
http://windowshelp.microsoft.com/Window ... e1029.mspx

Jaros · Příspěvekod **Jaros** » 21 srp 2009 13:35

Navazující dotaz. - Na výběr budeš mít Opravit systém a pak: Nástroj Obnovení systému - vůbec jsem to tam nikde nezahlédl... jak jsem psal někde v úvodu nevidím tam žádnou kolonku, vyjedou tam potvrzovací tabulky na instalaci...

Jaros · Příspěvekod **Jaros** » 21 srp 2009 13:46

Ten program tam nespustím, hlásí to pořád to: Pokus použít neplatnou operaci na klíč, který je označen na odstranění. :mad:

Příspěvekod **jaro3** » 21 srp 2009 13:50

Zkus to v průběhu instalace.
Jinak je tam psáno toto:
Poznámka:Pokud počítač neobsahuje nabídku Možnosti obnovení systému, je možné, že budete mít od výrobce počítače k dispozici jiné možnosti obnovy. Přečtěte si informace dodané s počítačem nebo si další informace vyhledejte na webu výrobce.

Viry to nebude..

Jaros · Příspěvekod **Jaros** » 21 srp 2009 14:03

Hodil jsem restart, pak mě to už pustilo na instalaci té aplikace - vložil jsem tam ty příkazy, zde je log:

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
c:\users\Jarek\AppData\Local\d3d8caps.dat moved successfully.
c:\users\Jarek\AppData\Local\d3d9caps.dat moved successfully.
========== COMMANDS ==========
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
Windows Temp folder emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTM by OldTimer - Version 2.1.0.1 log created on 08212009_135936

Příspěvekod **jaro3** » 21 srp 2009 14:13

Na viry to nevypadá, co ten Alcohol?
Ještě toto:
Stáhni si OTL
na plochu. Ujisti se , že máš zavřena všechna ostatní okna a poklepej na ikonu OTL.Nahoře v okně pod Output klikni na minimal Output.Pod Standard Registry změň na All.. Zatrhni LOP Check a Purity Check. Klikni na Run Scan. Všechny ostatní nastavení ponech jak jsou. Sken může trvat dlouho, až skončí otevřou se dva logy:
OTListIt.Txt
Extras.Txt
Jsou uloženy ve stejném místě jako OTL. Oba logy sem prosím zkopíruj.

Jinak bych to viděl na nové téma do sekce windows.Nebo problémy s HW...

Jaros · Příspěvekod **Jaros** » 21 srp 2009 14:26

LOG - OTL.txt

OTL logfile created on: 21.8.2009 14:18:40 - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Users\Jarek\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 100,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,76 Gb Total Space | 353,15 Gb Free Space | 75,82% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JAREK-PC
Current User Name: Jarek
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe (F-Secure Corporation)
PRC - C:\Program Files\F-Secure\Common\FSMA32.EXE (F-Secure Corporation)
PRC - C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE (F-Secure Corporation)
PRC - C:\Program Files\Common Files\Motive\McciCMService.exe (Motive Communications, Inc.)
PRC - C:\Program Files\F-Secure\Common\FSMB32.EXE (F-Secure Corporation)
PRC - C:\Windows\System32\WUDFHost.exe (Microsoft Corporation)
PRC - C:\Program Files\F-Secure\Common\FCH32.EXE (F-Secure Corporation)
PRC - C:\Program Files\F-Secure\Anti-Virus\fsqh.exe (F-Secure Corporation)
PRC - C:\Program Files\F-Secure\Common\FAMEH32.EXE (F-Secure Corporation)
PRC - C:\Program Files\F-Secure\ORSP Client\fsorsp.exe (F-Secure Corporation)
PRC - C:\Program Files\F-Secure\FSAUA\program\fsaua.exe (F-Secure Corporation)
PRC - C:\Program Files\F-Secure\Anti-Virus\fssm32.exe (F-Secure Corporation)
PRC - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe (F-Secure Corporation)
PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\F-Secure\FSAUA\program\fsus.exe (F-Secure Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\TO2SSM\McciTrayApp.exe (Motive Communications, Inc.)
PRC - C:\Program Files\F-Secure\Common\FSM32.EXE (F-Secure Corporation)
PRC - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Program Files\F-Secure\Anti-Virus\fsav32.exe (F-Secure Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Program Files\F-Secure\FSGUI\fsguidll.exe (F-Secure Corporation)
PRC - C:\Users\Jarek\Downloads\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ehRecvr [On_Demand | Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [On_Demand | Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (ehstart [Auto | Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (Eventlog [Auto | Running]) -- C:\Windows\System32\wevtsvc.dll (Microsoft Corporation)
SRV - (F-Secure Gatekeeper Handler Starter [Auto | Running]) -- C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe (F-Secure Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (FSAUA [On_Demand | Running]) -- C:\Program Files\F-Secure\FSAUA\program\fsaua.exe (F-Secure Corporation)
SRV - (FSDFWD [On_Demand | Running]) -- C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe (F-Secure Corporation)
SRV - (FSMA [Auto | Running]) -- C:\Program Files\F-Secure\Common\FSMA32.EXE (F-Secure Corporation)
SRV - (FSORSPClient [On_Demand | Running]) -- C:\Program Files\F-Secure\ORSP Client\fsorsp.exe (F-Secure Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (McciCMService [Auto | Running]) -- C:\Program Files\Common Files\Motive\McciCMService.exe (Motive Communications, Inc.)
SRV - (Microsoft Office Groove Audit Service [On_Demand | Stopped]) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (adp94xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (adpahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (adpu160m [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (adpu320 [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (aic78xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (aliide [Disabled | Stopped]) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (arc [Disabled | Stopped]) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (arcsas [Disabled | Stopped]) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (BrFiltLo [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (Brserid [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrSerWdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (cmdide [Disabled | Stopped]) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (E1G60 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\E1G60I32.sys (Intel Corporation)
DRV - (elxstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (F-Secure Filter [Disabled | Stopped]) -- C:\Program Files\F-Secure\Anti-Virus\Win2K\FSfilter.sys ()
DRV - (F-Secure Gatekeeper [On_Demand | Running]) -- C:\Program Files\F-Secure\Anti-Virus\minifilter\fsgk.sys ()
DRV - (F-Secure HIPS [System | Running]) -- C:\Program Files\F-Secure\HIPS\drivers\fshs.sys (F-Secure Corporation)
DRV - (F-Secure Recognizer [Disabled | Stopped]) -- C:\Program Files\F-Secure\Anti-Virus\Win2K\FSrec.sys ()
DRV - (fsbts [Boot | Running]) -- C:\Windows\system32\Drivers\fsbts.sys ()
DRV - (FSES [System | Running]) -- C:\Windows\System32\drivers\fses.sys (F-Secure Corporation)
DRV - (FSFW [System | Running]) -- C:\Windows\System32\drivers\fsdfw.sys (F-Secure Corporation)
DRV - (fsvista [System | Running]) -- C:\Program Files\F-Secure\Anti-Virus\minifilter\fsvista.sys ()
DRV - (HpCISSs [Disabled | Stopped]) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (iaStorV [Disabled | Stopped]) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (iirsp [Disabled | Stopped]) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (iteatapi [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (iteraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (LSI_FC [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (LSI_SAS [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (LSI_SCSI [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (megasas [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (MegaSR [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (Mraid35x [Disabled | Stopped]) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (MREMP50 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MTsensor [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\ASACPI.sys ()
DRV - (nfrd960 [Disabled | Stopped]) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (ntrigdigi [Disabled | Stopped]) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (nvlddmkm [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\nvlddmkm.sys (NVIDIA Corporation)
DRV - (nvraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (ql2300 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (ql40xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (RTL8169 [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\Rtlh86.sys (Realtek Corporation )
DRV - (secdrv [Auto | Running]) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SiSRaid4 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (Symc8xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_hi [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Sym_u3 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (uliahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (UlSata [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (ulsata2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (viaide [Disabled | Stopped]) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (vsmraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome

IE - HKU\S-1-5-21-1634527184-1459494616-1893601368-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-1634527184-1459494616-1893601368-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKU\S-1-5-21-1634527184-1459494616-1893601368-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKU\S-1-5-21-1634527184-1459494616-1893601368-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1634527184-1459494616-1893601368-1000\S-1-5-21-1634527184-1459494616-1893601368-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - prefs.js..extensions.enabledItems: {ea614400-e918-4741-9a97-7a972ff7c30b}:1.0.7
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.13
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009.08.20 16:53:08 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009.08.20 20:28:26 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009.08.20 22:08:34 | 00,000,000 | ---D | M]

[2009.08.20 20:28:48 | 00,000,000 | ---D | M] -- C:\Users\Jarek\AppData\Roaming\mozilla\Extensions
[2009.08.20 20:28:48 | 00,000,000 | ---D | M] -- C:\Users\Jarek\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009.08.20 23:20:43 | 00,000,000 | ---D | M] -- C:\Users\Jarek\AppData\Roaming\mozilla\Firefox\Profiles\k6ty5oug.default\extensions
[2009.08.20 20:41:31 | 00,000,000 | ---D | M] -- C:\Users\Jarek\AppData\Roaming\mozilla\Firefox\Profiles\k6ty5oug.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2009.08.20 20:41:31 | 00,000,000 | ---D | M] -- C:\Users\Jarek\AppData\Roaming\mozilla\Firefox\Profiles\k6ty5oug.default\extensions\{ea614400-e918-4741-9a97-7a972ff7c30b}
[2009.08.20 20:41:31 | 00,000,000 | ---D | M] -- C:\Users\Jarek\AppData\Roaming\mozilla\Firefox\Profiles\k6ty5oug.default\extensions\Foxdie@tanjihay.com
[2009.08.20 20:51:47 | 00,000,961 | ---- | M] () -- C:\Users\Jarek\AppData\Roaming\Mozilla\FireFox\Profiles\k6ty5oug.default\searchplugins\icqplugin-1.xml
[2009.08.06 21:18:14 | 00,000,944 | ---- | M] () -- C:\Users\Jarek\AppData\Roaming\Mozilla\FireFox\Profiles\k6ty5oug.default\searchplugins\icqplugin.xml
[2009.08.20 20:28:26 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009.08.20 20:28:26 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009.07.31 01:39:00 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009.07.31 01:39:00 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009.07.31 01:39:00 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2006.10.26 20:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2009.07.31 01:38:59 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009.07.31 00:15:16 | 00,000,638 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
[2009.07.31 00:15:16 | 00,001,687 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\mall-cz.xml
[2009.07.31 00:15:16 | 00,001,367 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml
[2009.07.31 00:15:16 | 00,000,654 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml
[2009.07.31 00:15:16 | 00,001,179 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: (761 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files\F-Secure\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files\F-Secure\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [TO2SSM_McciTrayApp] C:\Program Files\TO2SSM\McciTrayApp.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1634527184-1459494616-1893601368-1000..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1634527184-1459494616-1893601368-1000..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.DLL (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1634527184-1459494616-1893601368-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1634527184-1459494616-1893601368-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1634527184-1459494616-1893601368-1000_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\F-Secure\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\Explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009.08.21 13:59:36 | 00,000,000 | ---D | C] -- C:\_OTM
[2009.08.21 13:58:42 | 00,000,000 | ---D | C] -- C:\Users\Jarek\Desktop\OTMoveIt
[2009.08.21 13:43:38 | 00,000,000 | ---D | C] -- C:\OTMoveIt
[2009.08.21 13:04:41 | 00,000,000 | ---D | C] -- C:\Windows\temp
[2009.08.21 13:04:41 | 00,000,000 | ---D | C] -- C:\Users\Jarek\AppData\Local\temp
[2009.08.21 13:04:01 | 00,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2009.08.21 12:57:47 | 00,228,864 | ---- | C] () -- C:\Windows\PEV.exe
[2009.08.21 12:57:47 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2009.08.21 12:57:47 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2009.08.21 12:57:47 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2009.08.21 12:57:47 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009.08.21 12:57:47 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009.08.21 12:57:47 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009.08.21 12:57:47 | 00,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2009.08.21 12:57:33 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009.08.21 12:57:25 | 00,000,000 | --SD | C] -- C:\ComboFix
[2009.08.21 12:57:21 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009.08.21 12:55:37 | 00,000,000 | ---D | C] -- C:\Users\Jarek\AppData\Roaming\F-Secure
[2009.08.21 12:38:46 | 00,000,000 | ---D | C] -- C:\Users\Jarek\AppData\Roaming\Malwarebytes
[2009.08.21 12:38:45 | 00,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009.08.21 12:38:42 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009.08.21 12:38:41 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009.08.21 12:38:40 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009.08.21 12:38:40 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009.08.21 12:21:59 | 00,001,874 | ---- | C] () -- C:\Users\Jarek\Desktop\HijackThis.lnk
[2009.08.21 12:21:59 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009.08.21 11:52:37 | 00,000,000 | ---D | C] -- C:\$WINDOWS.~BT
[2009.08.21 11:52:32 | 00,001,905 | ---- | C] () -- C:\Windows\diagwrn.xml
[2009.08.21 11:52:32 | 00,001,905 | ---- | C] () -- C:\Windows\diagerr.xml
[2009.08.20 22:13:47 | 00,000,000 | ---D | C] -- C:\Users\Jarek\AppData\Roaming\Zoner
[2009.08.20 22:09:26 | 00,032,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msonpmon.dll
[2009.08.20 22:08:33 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2009.08.20 22:07:56 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2009.08.20 22:07:55 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2009.08.20 22:07:13 | 00,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2009.08.20 22:07:13 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2009.08.20 22:05:25 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2009.08.20 22:04:35 | 00,000,000 | ---D | C] -- C:\Users\Jarek\AppData\Local\Microsoft Help
[2009.08.20 22:04:21 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2009.08.20 22:04:15 | 00,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2009.08.20 21:49:43 | 00,000,000 | ---D | C] -- C:\Users\Jarek\AppData\Roaming\Ashampoo
[2009.08.20 21:49:38 | 00,000,996 | ---- | C] () -- C:\Users\Public\Desktop\Ashampoo Burning Studio 6 FREE.lnk
[2009.08.20 21:49:38 | 00,000,000 | ---D | C] -- C:\Users\Jarek\AppData\Local\ashampoo
[2009.08.20 21:49:38 | 00,000,000 | ---D | C] -- C:\ProgramData\ashampoo
[2009.08.20 21:49:32 | 00,000,000 | ---D | C] -- C:\Program Files\Ashampoo
[2009.08.20 21:42:35 | 00,000,000 | ---D | C] -- C:\Users\Jarek\AppData\Roaming\WinRAR
[2009.08.20 21:42:07 | 00,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2009.08.20 20:39:58 | 00,000,824 | ---- | C] () -- C:\Users\Public\Desktop\MozBackup.lnk
[2009.08.20 20:39:57 | 00,000,000 | ---D | C] -- C:\Program Files\MozBackup
[2009.08.20 20:28:29 | 00,000,000 | ---D | C] -- C:\Users\Jarek\AppData\Roaming\Mozilla
[2009.08.20 20:28:29 | 00,000,000 | ---D | C] -- C:\Users\Jarek\AppData\Local\Mozilla
[2009.08.20 20:28:27 | 00,001,724 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009.08.20 20:28:25 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2009.08.20 16:15:48 | 00,000,542 | ---- | C] () -- C:\Windows\tasks\Scheduled scanning task.job
[2009.08.20 16:09:21 | 00,033,920 | ---- | C] () -- C:\Windows\System32\drivers\fsbts.sys
[2009.08.20 16:09:06 | 00,035,552 | ---- | C] (F-Secure Corporation) -- C:\Windows\System32\drivers\fses.sys
[2009.08.20 16:08:59 | 00,572,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp50.dll
[2009.08.20 16:08:59 | 00,070,944 | ---- | C] (F-Secure Corporation) -- C:\Windows\System32\drivers\fsdfw.sys
[2009.08.20 16:07:17 | 00,000,000 | ---D | C] -- C:\Program Files\F-Secure
[2009.08.20 16:05:47 | 00,000,000 | ---D | C] -- C:\ProgramData\fssg
[2009.08.20 16:04:01 | 00,000,000 | ---D | C] -- C:\ProgramData\f-secure
[2009.08.20 16:03:05 | 00,000,971 | ---- | C] () -- C:\Users\Public\Desktop\O2 Internet Konfigurator.lnk
[2009.08.20 16:01:56 | 00,000,000 | ---D | C] -- C:\Program Files\TO2SSM
[2009.08.20 15:58:44 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Motive
[2009.08.20 15:57:19 | 00,000,000 | ---D | C] -- C:\ProgramData\Motive
[2009.08.20 15:57:10 | 00,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2009.08.20 15:57:09 | 00,000,000 | ---D | C] -- C:\Users\Jarek\Documents\ASUS
[2009.08.20 15:53:16 | 00,012,288 | ---- | C] (ASUSTeK Computer Inc.) -- C:\Windows\System32\drivers\EIO.sys
[2009.08.20 15:53:14 | 00,000,000 | ---D | C] -- C:\Program Files\My Company Name
[2009.08.20 15:52:38 | 01,073,152 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcpluir.dll
[2009.08.20 15:52:38 | 00,753,664 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcplui.exe
[2009.08.20 15:52:38 | 00,413,696 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcpl.cpl
[2009.08.20 15:52:38 | 00,307,200 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvexpbar.dll
[2009.08.20 15:52:18 | 00,356,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvudisp.exe
[2009.08.20 15:52:18 | 00,006,549 | ---- | C] () -- C:\Windows\System32\nvdisp.nvu
[2009.08.20 15:51:36 | 00,356,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NVUNINST.EXE
[2009.08.20 15:46:15 | 00,000,000 | ---D | C] -- C:\Users\Jarek\AppData\Roaming\Adobe
[2009.08.20 15:45:47 | 00,000,000 | ---D | C] -- C:\Users\Jarek\AppData\Local\Adobe
[2009.08.20 15:44:41 | 00,001,887 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2009.08.20 15:44:36 | 00,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2009.08.20 15:44:30 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2009.08.20 15:44:30 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe
[2009.08.20 15:33:27 | 00,051,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuauclt.exe
[2009.08.20 15:33:27 | 00,043,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2009.08.20 15:33:27 | 00,000,000 | ---D | C] -- C:\Program Files\Intel
[2009.08.20 15:33:26 | 01,809,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuaueng.dll
[2009.08.20 15:33:26 | 01,524,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2009.08.20 15:33:17 | 00,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2009.08.20 15:33:17 | 00,034,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2009.08.20 15:33:16 | 00,561,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2009.08.20 15:33:07 | 00,162,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2009.08.20 15:33:07 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2009.08.20 15:32:48 | 00,000,000 | ---D | C] -- C:\Program Files\VIA
[2009.08.20 15:32:46 | 00,331,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\difxapi.dll
[2009.08.20 15:32:27 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2009.08.20 15:32:16 | 00,000,000 | -HSD | C] -- C:\Windows\Installer
[2009.08.20 15:31:43 | 00,124,928 | ---- | C] (Realtek Corporation ) -- C:\Windows\System32\drivers\Rtlh86.sys
[2009.08.20 15:31:43 | 00,009,728 | ---- | C] (Realtek Semiconductor Corporation ) -- C:\Windows\System32\RtNicProp32.dll
[2009.08.20 15:31:30 | 00,000,000 | ---D | C] -- C:\Program Files\Realtek
[2009.08.20 15:31:29 | 00,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2009.08.20 15:31:25 | 00,000,000 | ---D | C] -- C:\Users\Jarek\AppData\Roaming\InstallShield
[2009.08.20 15:31:13 | 00,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2009.08.20 15:31:12 | 00,014,654 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2009.08.20 15:23:40 | 00,737,280 | ---- | C] (Indigo Rose Corporation) -- C:\Windows\iun6002.exe
[2009.08.20 15:23:38 | 00,000,000 | ---D | C] -- C:\Program Files\Codec Pack - All In 1
[2009.08.20 15:22:20 | 00,005,120 | ---- | C] () -- C:\Users\Jarek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.08.20 15:14:56 | 00,061,952 | ---- | C] () -- C:\Users\Jarek\Documents\Gretzky.doc
[2009.08.20 15:14:56 | 00,053,760 | ---- | C] () -- C:\Users\Jarek\Documents\materialy_ke_zkousce.doc
[2009.08.20 15:14:56 | 00,040,448 | ---- | C] () -- C:\Users\Jarek\Documents\překlad.doc
[2009.08.20 15:14:56 | 00,032,768 | ---- | C] () -- C:\Users\Jarek\Documents\na překlad.doc
[2009.08.20 15:14:55 | 00,000,000 | ---D | C] -- C:\Users\Jarek\Documents\ZPS11
[2009.08.20 15:14:55 | 00,000,000 | ---D | C] -- C:\Users\Jarek\Documents\The KMPlayer
[2009.08.20 15:14:39 | 00,000,000 | ---D | C] -- C:\Users\Jarek\Documents\Škola
[2009.08.20 15:14:39 | 00,000,000 | ---D | C] -- C:\Users\Jarek\Documents\Přerovský deník
[2009.08.20 15:14:37 | 00,000,000 | ---D | C] -- C:\Users\Jarek\Documents\pinec
[2009.08.20 15:14:33 | 00,000,000 | ---D | C] -- C:\Users\Jarek\Documents\Ostatni
[2009.08.20 15:14:33 | 00,000,000 | ---D | C] -- C:\Users\Jarek\Documents\NHL07
[2009.08.20 15:14:33 | 00,000,000 | ---D | C] -- C:\Users\Jarek\Documents\ICQ
[2009.08.20 15:14:31 | 00,000,000 | ---D | C] -- C:\Users\Jarek\Documents\HokejPortal.cz
[2009.08.20 15:14:31 | 00,000,000 | ---D | C] -- C:\Users\Jarek\Documents\Hokej - zdroje
[2009.08.20 15:14:28 | 00,000,000 | ---D | C] -- C:\Users\Jarek\Documents\Foto
[2009.08.20 15:13:09 | 00,000,000 | ---D | C] -- C:\Windows\Panther
[2009.08.20 15:12:29 | 00,043,254 | R--- | C] () -- C:\Windows\System32\OEMLOGO.BMP
[2009.08.20 15:08:40 | 00,000,000 | ---D | C] -- C:\Windows\ConfigSetRoot
[2009.08.20 15:02:39 | 00,000,000 | ---D | C] -- C:\Windows.old
[2009.08.20 14:41:50 | 01,866,561 | -H-- | C] () -- C:\Users\Jarek\AppData\Local\IconCache.db
[2009.08.20 14:35:12 | 00,000,000 | ---D | C] -- C:\Users\Jarek\AppData\Roaming\Motive
[2009.08.20 14:34:56 | 00,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2009.08.20 14:34:31 | 00,000,000 | ---D | C] -- C:\Users\Jarek\AppData\Roaming\Macromedia
[2009.08.20 14:27:50 | 00,099,864 | ---- | C] () -- C:\Users\Jarek\AppData\Local\GDIPFONTCACHEV1.DAT
[2009.08.20 14:27:29 | 00,000,000 | ---D | C] -- C:\Users\Jarek\AppData\Roaming\Identities
[2009.08.20 14:27:27 | 00,000,000 | ---D | C] -- C:\Users\Jarek\AppData\Local\VirtualStore
[2009.08.20 14:27:24 | 00,000,000 | -HSD | C] -- C:\Users\Jarek\Documents\Obrázky
[2009.08.20 14:27:24 | 00,000,000 | -HSD | C] -- C:\Users\Jarek\Documents\Hudba
[2009.08.20 14:27:24 | 00,000,000 | -HSD | C] -- C:\Users\Jarek\Documents\Filmy
[2009.08.20 14:27:24 | 00,000,000 | -HSD | C] -- C:\Users\Jarek\AppData\Local\Temporary Internet Files
[2009.08.20 14:27:24 | 00,000,000 | -HSD | C] -- C:\Users\Jarek\AppData\Local\Historie
[2009.08.20 14:27:24 | 00,000,000 | -HSD | C] -- C:\Users\Jarek\AppData\Local\Data aplikací
[2009.08.20 14:27:23 | 00,000,000 | --SD | C] -- C:\Users\Jarek\AppData\Roaming\Microsoft
[2009.08.20 14:27:23 | 00,000,000 | ---D | C] -- C:\Users\Jarek\AppData\Roaming\Media Center Programs
[2009.08.20 14:27:23 | 00,000,000 | ---D | C] -- C:\Users\Jarek\AppData\Local\Microsoft
[2009.08.20 14:25:22 | 00,000,000 | -HSD | C] -- C:\Users\Public\Documents\Obrázky
[2009.08.20 14:25:22 | 00,000,000 | -HSD | C] -- C:\Users\Public\Documents\Hudba
[2009.08.20 14:25:22 | 00,000,000 | -HSD | C] -- C:\Users\Public\Documents\Filmy
[2009.08.20 14:25:22 | 00,000,000 | -HSD | C] -- C:\ProgramData\Šablony
[2009.08.20 14:25:22 | 00,000,000 | -HSD | C] -- C:\ProgramData\Plocha
[2009.08.20 14:25:22 | 00,000,000 | -HSD | C] -- C:\ProgramData\Oblíbené položky
[2009.08.20 14:25:22 | 00,000,000 | -HSD | C] -- C:\ProgramData\Nabídka Start
[2009.08.20 14:25:22 | 00,000,000 | -HSD | C] -- C:\ProgramData\Dokumenty
[2009.08.20 14:25:22 | 00,000,000 | -HSD | C] -- C:\ProgramData\Data aplikací
[2009.08.20 14:24:54 | 00,000,000 | ---D | C] -- C:\Windows\Debug
[2009.08.20 14:23:41 | 37,572,36224 | -HS- | C] () -- C:\hiberfil.sys
[2009.08.20 14:20:13 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2009.08.20 14:19:41 | 00,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2009.08.20 14:17:00 | 00,000,000 | ---D | C] -- C:\Windows\Minidump
[2009.08.20 14:16:49 | 90,261,406 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2009.08.20 14:14:06 | 00,000,000 | ---D | C] -- C:\Windows\Prefetch
[2009.08.20 12:11:51 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009.08.19 22:45:45 | 00,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2009.08.19 22:45:45 | 00,000,000 | RHS- | C] () -- C:\IO.SYS
[2007.08.01 05:39:28 | 00,012,536 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS
[2006.11.02 14:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\win.ini
[2006.11.02 12:23:31 | 00,000,215 | ---- | C] () -- C:\Windows\system.ini
[2006.11.02 09:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005.10.14 11:56:50 | 03,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2005.10.14 11:56:50 | 00,921,600 | ---- | C] () -- C:\Windows\System32\VorbisEnc.dll
[2005.10.14 11:56:50 | 00,344,064 | ---- | C] () -- C:\Windows\System32\xvid.dll
[2005.10.14 11:56:50 | 00,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll
[2005.10.14 11:56:50 | 00,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2005.10.14 11:56:50 | 00,155,136 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2005.10.14 11:56:50 | 00,045,056 | ---- | C] () -- C:\Windows\System32\ogg.dll

========== Files - Modified Within 30 Days ==========

[2009.08.21 14:07:16 | 01,415,702 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009.08.21 14:07:16 | 00,605,774 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2009.08.21 14:07:16 | 00,594,108 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009.08.21 14:07:16 | 00,118,030 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2009.08.21 14:07:16 | 00,104,296 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009.08.21 14:00:55 | 00,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009.08.21 14:00:55 | 00,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009.08.21 14:00:53 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009.08.21 14:00:51 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009.08.21 14:00:46 | 37,572,36224 | -HS- | M] () -- C:\hiberfil.sys
[2009.08.21 13:55:06 | 01,866,561 | -H-- | M] () -- C:\Users\Jarek\AppData\Local\IconCache.db
[2009.08.21 13:49:35 | 00,005,120 | ---- | M] () -- C:\Users\Jarek\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.08.21 13:02:43 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini
[2009.08.21 12:38:45 | 00,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009.08.21 12:21:59 | 00,001,874 | ---- | M] () -- C:\Users\Jarek\Desktop\HijackThis.lnk
[2009.08.21 11:53:56 | 00,001,905 | ---- | M] () -- C:\Windows\diagwrn.xml
[2009.08.21 11:53:56 | 00,001,905 | ---- | M] () -- C:\Windows\diagerr.xml
[2009.08.21 07:19:48 | 00,000,542 | ---- | M] () -- C:\Windows\tasks\Scheduled scanning task.job
[2009.08.20 23:05:00 | 00,371,792 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.08.20 22:20:55 | 00,099,864 | ---- | M] () -- C:\Users\Jarek\AppData\Local\GDIPFONTCACHEV1.DAT
[2009.08.20 22:17:15 | 00,228,864 | ---- | M] () -- C:\Windows\PEV.exe
[2009.08.20 22:05:04 | 00,000,219 | ---- | M] () -- C:\Windows\win.ini
[2009.08.20 21:49:38 | 00,000,996 | ---- | M] () -- C:\Users\Public\Desktop\Ashampoo Burning Studio 6 FREE.lnk
[2009.08.20 20:39:58 | 00,000,824 | ---- | M] () -- C:\Users\Public\Desktop\MozBackup.lnk
[2009.08.20 20:28:27 | 00,001,724 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009.08.20 16:21:52 | 00,033,920 | ---- | M] () -- C:\Windows\System32\drivers\fsbts.sys
[2009.08.20 16:03:05 | 00,000,971 | ---- | M] () -- C:\Users\Public\Desktop\O2 Internet Konfigurator.lnk
[2009.08.20 15:44:41 | 00,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2009.08.20 15:31:12 | 00,014,654 | ---- | M] () -- C:\Windows\Ascd_tmp.ini
[2009.08.20 15:23:34 | 00,737,280 | ---- | M] (Indigo Rose Corporation) -- C:\Windows\iun6002.exe
[2009.08.20 15:12:55 | 00,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2009.08.20 14:20:58 | 00,063,514 | ---- | M] () -- C:\Windows\System32\license.rtf
[2009.08.20 14:20:13 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2009.08.20 14:16:59 | 90,261,406 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009.08.19 22:45:45 | 00,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009.08.19 22:45:45 | 00,000,000 | RHS- | M] () -- C:\IO.SYS
[2009.08.18 20:10:52 | 00,040,448 | ---- | M] () -- C:\Users\Jarek\Documents\překlad.doc
[2009.08.17 15:40:49 | 00,032,768 | ---- | M] () -- C:\Users\Jarek\Documents\na překlad.doc
[2009.08.17 15:11:55 | 00,053,760 | ---- | M] () -- C:\Users\Jarek\Documents\materialy_ke_zkousce.doc
[2009.08.16 21:21:21 | 00,061,952 | ---- | M] () -- C:\Users\Jarek\Documents\Gretzky.doc
[2009.08.03 13:36:28 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009.08.03 13:36:06 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009.07.29 17:49:16 | 24,281,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe

========== LOP Check ==========

[2006.11.02 14:37:34 | 00,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming
[2006.11.02 14:37:34 | 00,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\Media Center Programs
[2006.11.02 14:37:34 | 00,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming
[2006.11.02 14:37:34 | 00,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\Media Center Programs
[2009.08.21 12:55:37 | 00,000,000 | ---D | M] -- C:\Users\Jarek\AppData\Roaming
[2009.08.20 21:49:43 | 00,000,000 | ---D | M] -- C:\Users\Jarek\AppData\Roaming\Ashampoo
[2009.08.21 12:55:37 | 00,000,000 | ---D | M] -- C:\Users\Jarek\AppData\Roaming\F-Secure
[2006.11.02 14:37:34 | 00,000,000 | ---D | M] -- C:\Users\Jarek\AppData\Roaming\Media Center Programs
[2009.08.20 16:03:10 | 00,000,000 | ---D | M] -- C:\Users\Jarek\AppData\Roaming\Motive
[2009.08.20 22:16:52 | 00,000,000 | ---D | M] -- C:\Users\Jarek\AppData\Roaming\Zoner
[2009.08.21 14:00:53 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009.08.21 14:00:03 | 00,009,468 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009.08.21 07:19:48 | 00,000,542 | ---- | M] () -- C:\Windows\Tasks\Scheduled scanning task.job

========== Purity Check ==========

< End of report >

LOG - Extras.txt

OTL Extras logfile created on: 21.8.2009 14:18:40 - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Users\Jarek\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 100,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,76 Gb Total Space | 353,15 Gb Free Space | 75,82% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JAREK-PC
Current User Name: Jarek
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1634527184-1459494616-1893601368-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{403E78B9-E896-441C-981B-B8D0B65D342B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5292FDCF-981F-449B-AD01-587B906741A6}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{71553893-B2DB-435E-A541-6F3D76ED226A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{C45B6741-E6C1-4E10-907B-51B2EA92FBAD}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{D49639AB-9407-46B0-9B01-FA03EF3C6855}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0405-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00BA-0405-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Czech) 2007
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F0207194-35B9-4476-B02E-395EE52B5960}" = ASUS nVidia Driver
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0
"ENTERPRISE" = Microsoft Office Enterprise 2007
"F-Secure Product 277" = F-Secure Profi Antivirus
"HijackThis" = HijackThis 2.0.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MozBackup" = MozBackup 1.4.9
"Mozilla Firefox (3.5.2)" = Mozilla Firefox (3.5.2)
"NVIDIA Drivers" = NVIDIA Drivers
"O2 Internet Konfigurator" = O2 Internet Konfigurator
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"WinRAR archiver" = WinRAR
"xvid" = XviD MPEG-4 Video Codec

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 20.8.2009 17:06:08 | Computer Name = Jarek-PC | Source = WinMgmt | ID = 10
Description =

Error - 20.8.2009 17:20:38 | Computer Name = Jarek-PC | Source = WinMgmt | ID = 10
Description =

Error - 21.8.2009 1:21:06 | Computer Name = Jarek-PC | Source = WinMgmt | ID = 10
Description =

Error - 21.8.2009 1:31:51 | Computer Name = Jarek-PC | Source = WinMgmt | ID = 10
Description =

Error - 21.8.2009 3:18:46 | Computer Name = Jarek-PC | Source = WinMgmt | ID = 10
Description =

Error - 21.8.2009 3:37:55 | Computer Name = Jarek-PC | Source = WinMgmt | ID = 10
Description =

Error - 21.8.2009 6:06:10 | Computer Name = Jarek-PC | Source = WinMgmt | ID = 10
Description =

Error - 21.8.2009 6:59:13 | Computer Name = Jarek-PC | Source = FSecure-FSecure-F-Secure Anti-Virus | ID = 103
Description = 1 2009-08-21 12:59:13+02:00 jarek-pc Jarek-PC\Jarek F-Secure
Anti-Virus Malicious code found in file C:\Users\Jarek\AppData\Local\Temp\Av-test.txt.
Infection: EICAR_Test_File

Error - 21.8.2009 7:58:07 | Computer Name = Jarek-PC | Source = WinMgmt | ID = 10
Description =

Error - 21.8.2009 8:02:32 | Computer Name = Jarek-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 21.8.2009 1:33:40 | Computer Name = Jarek-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 21.8.2009 1:33:40 | Computer Name = Jarek-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 21.8.2009 1:33:40 | Computer Name = Jarek-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 21.8.2009 1:33:40 | Computer Name = Jarek-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 21.8.2009 1:33:40 | Computer Name = Jarek-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 21.8.2009 1:33:40 | Computer Name = Jarek-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 21.8.2009 1:33:40 | Computer Name = Jarek-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 21.8.2009 1:33:40 | Computer Name = Jarek-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 21.8.2009 1:34:22 | Computer Name = Jarek-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 21.8.2009 1:34:22 | Computer Name = Jarek-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

< End of report >

Ten Alcohol by měl být v té verzi WIN co je označená jako Windows.old (jak jsem psal předtím, tak jsem instaloval nanovo), může ještě dělat paseku? Díky tomu, že na Recovery DVD není asi ta funkce opravení, tak jsem musel instalovat nově... takže teď mám verzi, která jede až na ty aktualizace WIN (to nějak nezvládá), ta původní verze je na disku s tím označením old...

Příspěvekod **jaro3** » 21 srp 2009 14:49

Fajn.

Poklepej na ikonu OTL na ploše.Ujisti se , že máš všechny ostatní aplikace a prohlížeče zavřeny.
Pod Custom Scans/Fixes do okénka vlož následující text, zobrazený zeleně:

Kód: Vybrat vše

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1634527184-1459494616-1893601368-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1634527184-1459494616-1893601368-1000_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O34 - HKLM BootExecute: (*) - File not found

:Files
C:\Windows\PEV.exe
C:\Windows\SWXCACLS.exe
C:\Windows\SWREG.exe
C:\Windows\SWSC.exe
C:\Windows\sed.exe
C:\Windows\grep.exe
C:\Windows\NIRCMD.exe
C:\ComboFix
C:\Qoobox
C:\Windows\tasks\SA.DAT

:Reg
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Poté klikni nahoře na Run Fix. Nech program nerušeně běžet, na konci se provede restart PC.
Po restartu se objeví log , prosím zkopíruj sem celý jeho obsah.

Potom nový log z hJT.

Kontrola logu Vyřešeno

Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Re: Kontrola logu

Kdo je online