Prosim kontrolu

Místo pro vaše HiJackThis logy a logy z dalších programů…

Moderátoři: Mods_senior, Security team

Odpovědět
BiScHop
Level 3
Level 3
Příspěvky: 591
Registrován: leden 09
Bydliště: Děčín
Pohlaví: Muž
Stav:
Offline
Kontakt:
Kontaktovat uživatele BiScHop

Prosim kontrolu

Příspěvekod BiScHop » 12 zář 2009 09:38

Tady log z hjt

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:38:30, on 12.9.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\SysWOW64\conime.exe
D:\Programy\TotalCommander\TOTALCMD.EXE
D:\Programy\Opera\opera.exe
D:\Programy\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\Windows\SysWOW64\dvmurl.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programy\ICQ 6.5\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programy\ICQ 6.5\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files (x86)\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe
O23 - Service: Google Update Service (gupdate1ca1c321492db59) (gupdate1ca1c321492db59) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - D:\Programy\VNC4\WinVNC4.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8249 bytes
Nahoru
Reklama
Top
Uživatelský avatar
Damned
Tvůrce článků
Master Level 9
Master Level 9
Příspěvky: 8353
Registrován: prosinec 06
Bydliště: Rokycany
Pohlaví: Muž
Stav:
Offline
Kontakt:
Kontaktovat uživatele Damned

Re: Prosim kontrolu

Příspěvekod Damned » 12 zář 2009 10:31

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
Nic není nemožné, proto tam, kde jsme s rozumem v koncích, neváháme použít kladivo.
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Nahoru
BiScHop
Level 3
Level 3
Příspěvky: 591
Registrován: leden 09
Bydliště: Děčín
Pohlaví: Muž
Stav:
Offline
Kontakt:
Kontaktovat uživatele BiScHop

Re: Prosim kontrolu

Příspěvekod BiScHop » 12 zář 2009 10:40

Malwarebytes' Anti-Malware 1.41
Verze databáze: 2784
Windows 6.0.6001 Service Pack 1

12.9.2009 10:40:09
mbam-log-2009-09-12 (10-40-03).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 83337
Uplynulý čas: 3 minute(s), 48 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 2
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 2

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
HKEY_CURRENT_USER\SOFTWARE\Monopod (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\NordBull (Malware.Trace) -> No action taken.

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
C:\Windows\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job (Trojan.Downloader) -> No action taken.
C:\Windows\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job (Trojan.Downloader) -> No action taken.
Nahoru
Uživatelský avatar
Damned
Tvůrce článků
Master Level 9
Master Level 9
Příspěvky: 8353
Registrován: prosinec 06
Bydliště: Rokycany
Pohlaví: Muž
Stav:
Offline
Kontakt:
Kontaktovat uživatele Damned

Re: Prosim kontrolu

Příspěvekod Damned » 12 zář 2009 10:53

Takže spusť znovu MbAM a dej Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

//Opraveno, zbytek níže
Naposledy upravil(a) Damned dne 12 zář 2009 11:17, celkem upraveno 1 x.
Nic není nemožné, proto tam, kde jsme s rozumem v koncích, neváháme použít kladivo.
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Nahoru
BiScHop
Level 3
Level 3
Příspěvky: 591
Registrován: leden 09
Bydliště: Děčín
Pohlaví: Muž
Stav:
Offline
Kontakt:
Kontaktovat uživatele BiScHop

Re: Prosim kontrolu

Příspěvekod BiScHop » 12 zář 2009 11:10

Malwarebytes' Anti-Malware 1.41
Verze databáze: 2784
Windows 6.0.6001 Service Pack 1

12.9.2009 11:03:52
mbam-log-2009-09-12 (11-03-52).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 83697
Uplynulý čas: 3 minute(s), 15 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 2
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 2

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
HKEY_CURRENT_USER\SOFTWARE\Monopod (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NordBull (Malware.Trace) -> Quarantined and deleted successfully.

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
C:\Windows\Tasks\{7B02EF0B-A410-4938-8480-9BA26420A627}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job (Trojan.Downloader) -> Quarantined and deleted successfully.




ten combofix nejde....mam os win vista 64-bit...prej je nekompatibilni
Nahoru
Uživatelský avatar
Damned
Tvůrce článků
Master Level 9
Master Level 9
Příspěvky: 8353
Registrován: prosinec 06
Bydliště: Rokycany
Pohlaví: Muž
Stav:
Offline
Kontakt:
Kontaktovat uživatele Damned

Re: Prosim kontrolu

Příspěvekod Damned » 12 zář 2009 11:19

Omlouvám se, koukal jsem na to, a neviděl to :lama:

Stáhni si OTLna Plochu.
Ujisti se , že máš zavřena všechna ostatní okna a poklepej na ikonu OTL.Nahoře v okně pod Output klikni na minimal Output.Pod Standard Registry změň na All.. Zatrhni LOP Check a Purity Check. Klikni na Run Scan. Všechny ostatní nastavení ponech jak jsou. Sken může trvat dlouho, až skončí otevřou se dva logy:
OTListIt.Txt
Extras.Txt
Jsou uloženy ve stejném místě jako OTL. Oba logy sem prosím zkopíruj
Nic není nemožné, proto tam, kde jsme s rozumem v koncích, neváháme použít kladivo.
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Nahoru
BiScHop
Level 3
Level 3
Příspěvky: 591
Registrován: leden 09
Bydliště: Děčín
Pohlaví: Muž
Stav:
Offline
Kontakt:
Kontaktovat uživatele BiScHop

Re: Prosim kontrolu

Příspěvekod BiScHop » 12 zář 2009 11:28

OTL logfile created on: 12.9.2009 11:27:58 - Run 4
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Users\Jakub\Desktop\x
64bit-Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

4,00 Gb Total Physical Memory | 2,54 Gb Available Physical Memory | 63,47% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74,50 Gb Total Space | 17,24 Gb Free Space | 23,13% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 54,47 Gb Free Space | 11,69% Space Free | Partition Type: NTFS
Drive E: | 389,84 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC-POKOJ
Current User Name: Jakub
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe (ESET)
PRC - C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe ()
PRC - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - D:\Programy\VNC4\WinVNC4.exe (RealVNC Ltd.)
PRC - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
PRC - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Windows\SysWOW64\PnkBstrB.exe ()
PRC - D:\Programy\Miranda IM KP v4.2\miranda32.exe ( )
PRC - C:\Windows\SysWOW64\conime.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation)
PRC - D:\Programy\Opera\opera.exe (Opera Software)
PRC - C:\Users\Jakub\Desktop\x\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV:64bit: - (AMD External Events Utility [Auto | Running]) -- C:\Windows\SysNative\atiesrxx.exe ()
SRV:64bit: - (AppMgmt [On_Demand | Stopped]) -- C:\Windows\SysNative\appmgmts.dll ()
SRV:64bit: - (CscService [Auto | Running]) -- C:\Windows\SysNative\cscsvc.dll ()
SRV:64bit: - (EhttpSrv [On_Demand | Stopped]) -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe (ESET)
SRV:64bit: - (ekrn [Auto | Running]) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe (ESET)
SRV:64bit: - (Fax [On_Demand | Stopped]) -- C:\Windows\SysNative\fxssvc.exe ()
SRV:64bit: - (UmRdpService [On_Demand | Running]) -- C:\Windows\SysNative\umrdp.dll ()
SRV:64bit: - (wbengine [On_Demand | Stopped]) -- C:\Windows\SysNative\wbengine.exe ()
SRV:64bit: - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:64bit: - (WMPNetworkSvc [On_Demand | Running]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (AcronisOSSReinstallSvc [Auto | Stopped]) -- C:\Program Files (x86)\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe ()
SRV - (Adobe LM Service [On_Demand | Stopped]) -- C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_64 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ehRecvr [On_Demand | Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [On_Demand | Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (ehstart [Auto | Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (FLEXnet Licensing Service [On_Demand | Stopped]) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (GEST Service [Auto | Running]) -- C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe ()
SRV - (gupdate1ca1c321492db59 [Auto | Stopped]) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files (x86)\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (KeyIso [On_Demand | Running]) -- C:\Windows\SysWow64\keyiso.dll (Microsoft Corporation)
SRV - (Lavasoft Ad-Aware Service [Auto | Stopped]) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (Microsoft Office Groove Audit Service [On_Demand | Stopped]) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (MSCamSvc [Auto | Running]) -- C:\Program Files (x86)\Microsoft LifeCam\MSCamS64.exe (Microsoft Corporation)
SRV - (MSDTC [Unknown | Stopped]) -- C:\Windows\SysWow64\Msdtc [2006.11.02 15:34:14 | 00,000,000 | ---D | M]
SRV - (Nero BackItUp Scheduler 4.0 [Auto | Running]) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (Netlogon [On_Demand | Stopped]) -- C:\Windows\SysWow64\netlogon.dll (Microsoft Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (PnkBstrA [Auto | Running]) -- C:\Windows\SysWow64\PnkBstrA.exe ()
SRV - (vds [On_Demand | Stopped]) -- C:\Windows\SysWow64\Wbem\vds.mof ()
SRV - (VSS [On_Demand | Stopped]) -- C:\Windows\SysWow64\Wbem\vss.mof ()
SRV - (WinVNC4 [Auto | Running]) -- D:\Programy\VNC4\WinVNC4.exe (RealVNC Ltd.)
SRV - (PnkBstrB [Auto | Running]) -- C:\Windows\SysWow64\PnkBstrB.exe ()

========== Driver Services (SafeList) ==========

DRV:64bit: - (athrusb [On_Demand | Running]) -- C:\Windows\SysNative\DRIVERS\athrxusb.sys ()
DRV:64bit: - (AtiHdmiService [On_Demand | Running]) -- C:\Windows\SysNative\drivers\AtiHdmi.sys ()
DRV:64bit: - (atikmdag [On_Demand | Running]) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys ()
DRV:64bit: - (CSC [System | Running]) -- C:\Windows\SysNative\drivers\csc.sys ()
DRV:64bit: - (eamon [Auto | Running]) -- C:\Windows\SysNative\DRIVERS\eamon.sys ()
DRV:64bit: - (ehdrv [System | Running]) -- C:\Windows\SysNative\DRIVERS\ehdrv.sys ()
DRV:64bit: - (epfw [Auto | Running]) -- C:\Windows\SysNative\DRIVERS\epfw.sys ()
DRV:64bit: - (Epfwndis [On_Demand | Running]) -- C:\Windows\SysNative\DRIVERS\Epfwndis.sys ()
DRV:64bit: - (epfwwfp [Auto | Running]) -- C:\Windows\SysNative\DRIVERS\epfwwfp.sys ()
DRV:64bit: - (fvevol [Boot | Running]) -- C:\Windows\SysNative\DRIVERS\fvevol.sys ()
DRV:64bit: - (GEARAspiWDM [On_Demand | Running]) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys ()
DRV:64bit: - (hamachi [On_Demand | Running]) -- C:\Windows\SysNative\DRIVERS\hamachi.sys ()
DRV:64bit: - (HdAudAddService [On_Demand | Stopped]) -- C:\Windows\SysNative\drivers\HdAudio.sys ()
DRV:64bit: - (Lbd [Boot | Stopped]) -- C:\Windows\SysNative\DRIVERS\Lbd.sys ()
DRV:64bit: - (RTL8169 [On_Demand | Running]) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys ()
DRV:64bit: - (snapman [Boot | Running]) -- C:\Windows\SysNative\DRIVERS\snapman.sys ()
DRV:64bit: - (sptd [Boot | Running]) -- C:\Windows\SysNative\Drivers\sptd.sys ()
DRV:64bit: - (StillCam [On_Demand | Running]) -- C:\Windows\SysNative\DRIVERS\serscan.sys ()
DRV:64bit: - (tdrpman [Boot | Running]) -- C:\Windows\SysNative\DRIVERS\tdrpman.sys ()
DRV:64bit: - (USBAAPL64 [On_Demand | Stopped]) -- C:\Windows\SysNative\Drivers\usbaapl64.sys ()
DRV:64bit: - (usbaudio [On_Demand | Running]) -- C:\Windows\SysNative\drivers\usbaudio.sys ()
DRV:64bit: - (VX1000 [On_Demand | Running]) -- C:\Windows\SysNative\DRIVERS\VX1000.sys ()
DRV:64bit: - (WpdUsb [On_Demand | Stopped]) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys ()
DRV - (CSC [System | Running]) -- C:\Windows\CSC [2009.07.17 14:49:18 | 00,000,000 | ---D | M]
DRV - (gdrv [On_Demand | Running]) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider)
DRV - (mpsdrv [On_Demand | Running]) -- C:\Windows\SysWow64\Wbem\mpsdrv.mof ()
DRV - (Tcpip [Boot | Running]) -- C:\Windows\SysWow64\Wbem\tcpip.mof ()
DRV - (VX1000 [On_Demand | Running]) -- C:\Windows\SysWow64\VX1000.dll (Microsoft Corporation)

========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 30 73 A2 6D 7B 1E CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\Windows\SysWOW64\dvmurl.dll (DeviceVM Inc.)
IE - URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009.07.18 09:31:59 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird


O1 HOSTS File: (761 bytes) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Windows\Skytel.exe (Realtek Semiconductor Corp.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] D:\Programy\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8:64bit: - Extra context menu item: E&xportovat do aplikace Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programy\ICQ 6.5\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Programy\ICQ 6.5\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysNative\NLAapi.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysNative\napinsp.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysNative\winrnr.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\mswsock.dll ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\mswsock.dll ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWow64\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWow64\napinsp.dll (Společnost Microsoft)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWow64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWow64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWow64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWow64\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWow64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWow64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWow64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWow64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWow64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWow64\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_14)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\msvidctl.dll ()
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll ()
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll ()
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll ()
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\msvidctl.dll ()
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll ()
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWow64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWow64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWow64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter: - application/octet-stream - C:\Windows\SysNative\mscoree.dll ()
O18:64bit: - Protocol\Filter: - application/x-complus - C:\Windows\SysNative\mscoree.dll ()
O18:64bit: - Protocol\Filter: - application/x-msdownload - C:\Windows\SysNative\mscoree.dll ()
O18:64bit: - Protocol\Filter: - deflate - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Filter: - gzip - C:\Windows\SysNative\urlmon.dll ()
O18:64bit: - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - application/octet-stream - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe ()
O20:64bit: - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysNative\shell32.dll ()
O20:64bit: - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysNative\sysdm.cpl ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\SysWow64\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\SysWow64\sysdm.cpl (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysNative\webcheck.dll ()
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysNative\browseui.dll ()
O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll ()
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\SysWow64\browseui.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll ()
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll ()
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll ()
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll ()
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll ()
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll ()
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.03.15 07:40:06 | 00,000,166 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{f6b2564e-72cf-11de-83f1-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{f6b2564e-72cf-11de-83f1-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Msetup4.exe -- [2006.12.12 10:26:44 | 00,476,752 | R--- | M] (CANON INC.)
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\SysWow64\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\Windows\*.tmp files]
[2009.09.12 11:25:57 | 00,000,000 | ---D | C] -- C:\Users\Jakub\Desktop\x
[2009.09.12 11:09:38 | 00,318,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CF10366.exe
[2009.09.12 11:09:38 | 00,000,000 | ---D | C] -- C:\ComboFix
[2009.09.12 11:07:30 | 00,318,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CF5828.exe
[2009.09.12 11:05:41 | 00,318,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CF9195.exe
[2009.09.12 11:05:40 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\swsc.exe
[2009.09.12 11:05:40 | 00,008,704 | ---- | C] () -- C:\Windows\SysNative\drivers\PROCEXP90.SYS
[2009.09.12 11:05:05 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009.09.12 11:05:00 | 00,318,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cmd.execf
[2009.09.12 10:21:32 | 00,068,640 | ---- | C] () -- C:\Windows\SysNative\drivers\Lbd.sys
[2009.09.12 10:21:31 | 00,000,496 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2009.09.11 16:26:47 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\iPhone Configuration Utility
[2009.09.11 16:25:48 | 00,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009.09.11 16:25:28 | 00,126,312 | ---- | C] () -- C:\Windows\SysNative\GEARAspi64.dll
[2009.09.11 16:25:28 | 00,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysWow64\GEARAspi.dll
[2009.09.11 16:25:28 | 00,034,152 | ---- | C] () -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2009.09.11 16:24:34 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\iPod
[2009.09.11 16:24:32 | 00,000,000 | ---D | C] -- C:\ProgramData\{0DD0EEEE-2A7C-411C-9243-1AE62F445FC3}
[2009.09.11 16:24:32 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009.09.11 16:24:32 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2009.09.11 16:21:12 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2009.09.11 16:18:22 | 00,000,000 | ---D | C] -- C:\Windows\LastGood.Tmp
[2009.09.11 16:17:28 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009.09.10 18:34:55 | 00,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2009.09.10 06:09:38 | 02,900,480 | ---- | C] () -- C:\Windows\SysNative\WMVCORE.DLL
[2009.09.10 06:09:35 | 02,386,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVCORE.DLL
[2009.09.10 06:09:34 | 03,547,136 | ---- | C] () -- C:\Windows\SysNative\mf.dll
[2009.09.10 06:09:34 | 02,868,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2009.09.10 06:09:32 | 00,818,176 | ---- | C] () -- C:\Windows\SysNative\jscript.dll
[2009.09.10 06:09:32 | 00,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2009.09.10 06:09:21 | 01,418,840 | ---- | C] () -- C:\Windows\SysNative\drivers\tcpip.sys
[2009.09.10 06:09:21 | 00,141,312 | ---- | C] () -- C:\Windows\SysNative\netiohlp.dll
[2009.09.10 06:09:21 | 00,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netiohlp.dll
[2009.09.10 06:09:20 | 00,032,256 | ---- | C] () -- C:\Windows\SysNative\NETSTAT.EXE
[2009.09.10 06:09:20 | 00,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\NETSTAT.EXE
[2009.09.10 06:09:20 | 00,023,040 | ---- | C] () -- C:\Windows\SysNative\ARP.EXE
[2009.09.10 06:09:19 | 00,021,504 | ---- | C] () -- C:\Windows\SysNative\ROUTE.EXE
[2009.09.10 06:09:19 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ARP.EXE
[2009.09.10 06:09:19 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ROUTE.EXE
[2009.09.10 06:09:19 | 00,012,800 | ---- | C] () -- C:\Windows\SysNative\MRINFO.EXE
[2009.09.10 06:09:19 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MRINFO.EXE
[2009.09.10 06:09:19 | 00,011,264 | ---- | C] () -- C:\Windows\SysNative\finger.exe
[2009.09.10 06:09:19 | 00,010,752 | ---- | C] () -- C:\Windows\SysNative\TCPSVCS.EXE
[2009.09.10 06:09:19 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\finger.exe
[2009.09.10 06:09:19 | 00,010,240 | ---- | C] () -- C:\Windows\SysNative\HOSTNAME.EXE
[2009.09.10 06:09:19 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\TCPSVCS.EXE
[2009.09.10 06:09:19 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\HOSTNAME.EXE
[2009.09.10 06:09:18 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2009.09.10 06:09:18 | 00,017,920 | ---- | C] () -- C:\Windows\SysNative\netevent.dll
[2009.09.10 06:08:59 | 02,608,803 | ---- | C] () -- C:\Windows\SysNative\wlan.tmf
[2009.09.10 06:08:58 | 00,376,832 | ---- | C] () -- C:\Windows\SysNative\wlansec.dll
[2009.09.10 06:08:58 | 00,353,280 | ---- | C] () -- C:\Windows\SysNative\wlanmsm.dll
[2009.09.10 06:08:58 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlanmsm.dll
[2009.09.10 06:08:58 | 00,157,184 | ---- | C] () -- C:\Windows\SysNative\L2SecHC.dll
[2009.09.10 06:08:57 | 00,615,936 | ---- | C] () -- C:\Windows\SysNative\wlansvc.dll
[2009.09.10 06:08:57 | 00,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlansec.dll
[2009.09.10 06:08:57 | 00,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\L2SecHC.dll
[2009.09.10 06:08:57 | 00,097,792 | ---- | C] () -- C:\Windows\SysNative\wlanhlp.dll
[2009.09.10 06:08:57 | 00,086,528 | ---- | C] () -- C:\Windows\SysNative\wlanapi.dll
[2009.09.08 21:17:52 | 00,000,483 | ---- | C] () -- C:\Users\Jakub\Desktop\Kája.lnk
[2009.09.06 12:16:38 | 00,000,000 | ---D | C] -- C:\Windows\pss
[2009.09.06 11:14:50 | 00,000,553 | ---- | C] () -- C:\Users\Jakub\Desktop\VNC Viewer 4.lnk
[2009.09.06 10:31:20 | 00,015,688 | ---- | C] () -- C:\Windows\SysNative\lsdelete.exe
[2009.09.06 10:17:53 | 00,000,000 | -H-D | C] -- C:\ProgramData\{83C91755-2546-441D-AC40-9A6B4B860800}
[2009.09.06 10:17:52 | 00,001,049 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2009.09.06 10:17:49 | 00,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2009.09.06 10:17:49 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2009.09.05 21:59:08 | 00,080,318 | ---- | C] () -- C:\Users\Jakub\Desktop\logo.psd
[2009.09.05 01:54:48 | 00,094,208 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\QuickTimeVR.qtx
[2009.09.05 01:54:48 | 00,069,632 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\QuickTime.qts
[2009.09.03 21:07:51 | 00,000,000 | -H-- | C] () -- C:\Users\Jakub\Documents\Default.rdp
[2009.09.03 05:58:03 | 00,032,256 | ---- | C] () -- C:\Windows\SysNative\Apphlpdm.dll
[2009.09.03 05:58:03 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Apphlpdm.dll
[2009.09.03 05:58:02 | 04,240,384 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
[2009.09.03 05:58:02 | 04,240,384 | ---- | C] () -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
[2009.09.02 15:59:55 | 00,051,014 | ---- | C] () -- C:\Users\Jakub\Desktop\klasifikace.pdf
[2009.08.31 19:42:56 | 00,000,000 | -HSD | C] -- C:\Windows\SysWow64\28463
[2009.08.30 22:54:50 | 00,000,601 | ---- | C] () -- C:\Users\Jakub\Desktop\Miranda IM KP v4.2.lnk
[2009.08.29 00:08:10 | 00,000,000 | -HSD | C] -- C:\Users\Public\Documents\MCE Logs
[2009.08.28 23:40:40 | 01,420,976 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009.08.28 21:32:21 | 02,535,361 | ---- | C] () -- C:\Users\Jakub\Desktop\Něco pro tebe.jpg
[2009.08.28 19:42:52 | 02,065,696 | ---- | C] () -- C:\Windows\SysNative\usbaaplrc.dll
[2009.08.28 19:42:52 | 00,049,152 | ---- | C] () -- C:\Windows\SysNative\drivers\usbaapl64.sys
[2009.08.27 17:35:14 | 00,390,107 | ---- | C] () -- C:\Users\Jakub\Desktop\insuperable.jpg
[2009.08.27 11:35:08 | 00,000,000 | ---D | C] -- C:\Users\Jakub\Desktop\Upravy
[2009.08.27 11:32:34 | 00,353,835 | ---- | C] () -- C:\Users\Jakub\Desktop\DSC00265.JPG
[2009.08.27 11:32:34 | 00,333,930 | ---- | C] () -- C:\Users\Jakub\Desktop\DSC00106.JPG
[2009.08.27 11:32:34 | 00,295,622 | ---- | C] () -- C:\Users\Jakub\Desktop\DSC00266.JPG
[2009.08.27 11:32:34 | 00,283,954 | ---- | C] () -- C:\Users\Jakub\Desktop\DSC00193.JPG
[2009.08.27 11:32:34 | 00,268,344 | ---- | C] () -- C:\Users\Jakub\Desktop\DSC00267.JPG
[2009.08.27 11:29:38 | 00,305,643 | ---- | C] () -- C:\Users\Jakub\Desktop\DSC00269.JPG
[2009.08.27 11:23:40 | 00,088,443 | ---- | C] () -- C:\Users\Jakub\Desktop\gjkp_49FXH.jpg
[2009.08.27 09:23:25 | 00,283,742 | ---- | C] () -- C:\Users\Jakub\Desktop\katie.psd
[2009.08.27 09:15:51 | 00,073,368 | ---- | C] () -- C:\Users\Jakub\Desktop\sonnenuntergang.jpg
[2009.08.27 03:01:48 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tzres.dll
[2009.08.27 03:01:48 | 00,002,048 | ---- | C] () -- C:\Windows\SysNative\tzres.dll
[2009.08.27 00:24:56 | 00,071,733 | ---- | C] () -- C:\Users\Jakub\Desktop\karbon_vzorek.jpg
[2009.08.27 00:21:18 | 00,078,862 | ---- | C] () -- C:\Users\Jakub\Desktop\audi-tt-roadster-f.jpg
[2009.08.27 00:19:55 | 00,050,141 | ---- | C] () -- C:\Users\Jakub\Desktop\bmw-m1-prototyp-01.jpg
[2009.08.26 21:29:24 | 00,000,736 | ---- | C] () -- C:\Users\Jakub\Desktop\Photoshop.lnk
[2009.08.26 18:39:50 | 02,465,645 | ---- | C] () -- C:\Users\Jakub\Desktop\insuperable.psd
[2009.08.26 16:36:47 | 00,000,000 | ---D | C] -- C:\ProgramData\Xerox
[2009.08.26 16:31:53 | 00,000,000 | ---D | C] -- C:\Program Files\Canon
[2009.08.26 16:31:53 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Canon
[2009.08.26 16:11:10 | 00,000,000 | ---D | C] -- C:\Users\Jakub\AppData\Roaming\UpdateStar GmbH
[2009.08.26 16:08:01 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\CANON
[2009.08.26 12:11:07 | 02,615,773 | ---- | C] () -- C:\Users\Jakub\Desktop\Bez názvu 1.psd
[2009.08.26 08:35:23 | 04,691,032 | ---- | C] () -- C:\Windows\SysNative\ntoskrnl.exe
[2009.08.25 18:52:30 | 00,000,000 | ---D | C] -- C:\Users\Jakub\Documents\AdobeStockPhotos
[2009.08.24 15:09:51 | 00,000,000 | ---D | C] -- C:\Users\Jakub\Documents\Updater
[2009.08.24 15:08:38 | 00,000,000 | ---D | C] -- C:\ProgramData\Adobe Systems
[2009.08.24 15:04:39 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe PDF
[2009.08.24 15:04:18 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe Systems Shared
[2009.08.24 14:54:42 | 00,000,000 | ---D | C] -- C:\Users\Jakub\Documents\Adobe
[2009.08.24 14:48:46 | 00,000,000 | ---D | C] -- C:\Users\Jakub\AppData\Roaming\Jpeg Resampler
[2009.08.24 14:48:44 | 00,000,599 | ---- | C] () -- C:\Users\Jakub\Desktop\JPEG Resampler.lnk
[2009.08.24 14:44:06 | 00,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
[2009.08.24 14:40:19 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared
[2009.08.22 20:24:47 | 00,356,352 | ---- | C] (Gabest) -- C:\Windows\SysWow64\RealMediaSplitter.ax
[2009.08.22 20:24:47 | 00,258,048 | ---- | C] (Peter Wimmer, Gabest) -- C:\Windows\SysWow64\GplMpgDec.ax
[2009.08.22 20:19:30 | 00,000,000 | ---D | C] -- C:\Users\Jakub\Documents\Red Kawa
[2009.08.22 20:14:01 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\AviSynth 2.5
[2009.08.22 20:09:42 | 00,000,000 | ---D | C] -- C:\temp
[2009.08.22 19:38:12 | 00,000,000 | ---D | C] -- C:\Users\Jakub\AppData\Local\Xenocode
[2009.08.20 21:17:46 | 00,195,218 | ---- | C] () -- C:\Windows\San Andreas Tools Uninstaller.exe
[2009.08.20 10:24:07 | 00,000,550 | ---- | C] () -- C:\Users\Jakub\Desktop\WinSCP.lnk
[2009.08.20 10:19:05 | 01,061,888 | ---- | C] () -- C:\Windows\SysNative\drivers\athrxusb.sys
[2009.08.19 23:24:16 | 00,000,000 | ---D | C] -- C:\Users\Jakub\AppData\Local\Ripdev
[2009.08.19 23:17:10 | 00,000,130 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2009.08.19 23:17:09 | 00,000,000 | ---D | C] -- C:\Users\Jakub\AppData\Roaming\Ripdev
[2009.08.19 00:10:14 | 00,000,000 | ---D | C] -- C:\Users\Jakub\Documents\GTA San Andreas User Files
[2009.08.18 22:54:29 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Ripdev
[2009.08.18 16:08:02 | 00,001,095 | ---- | C] () -- C:\Users\Jakub\Desktop\NeroExpress.lnk
[2009.08.18 14:08:52 | 00,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2009.08.18 14:08:07 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Atari
[2009.08.17 11:27:20 | 00,000,000 | ---D | C] -- C:\Program Files\Ubisoft
[2009.08.17 11:01:41 | 00,000,000 | ---D | C] -- C:\Users\Jakub\Documents\SH3
[2009.08.17 10:47:52 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft
[2009.08.16 23:42:24 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2009.08.16 23:41:23 | 00,275,360 | ---- | C] () -- C:\Windows\SysNative\DreamScene.dll
[2009.08.16 20:43:21 | 00,000,000 | ---D | C] -- C:\Users\Jakub\Documents\SH4
[2009.08.16 20:40:29 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\GameShadow
[2009.08.16 20:40:29 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\GameShadow
[2009.08.16 20:07:02 | 00,000,000 | ---D | C] -- C:\Users\Jakub\Documents\GameShadow
[2009.08.16 20:05:28 | 00,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2009.08.16 19:56:42 | 00,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2009.08.16 16:28:38 | 00,000,000 | ---D | C] -- C:\ProgramData\{35733029-9859-49C7-8475-1E78E2AAE413}
[2009.08.16 16:25:13 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2009.08.16 16:15:28 | 00,000,000 | ---D | C] -- C:\ProgramData\SpeedBit
[2009.08.13 18:29:25 | 00,000,952 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2009.08.13 18:29:24 | 00,000,948 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2009.08.13 18:22:34 | 00,002,018 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2009.08.13 18:21:22 | 00,000,000 | ---D | C] -- C:\Users\Jakub\AppData\Local\Google
[2009.08.13 18:21:08 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2009.08.07 19:51:34 | 00,178,430 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009.07.19 20:31:27 | 00,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.07.19 20:30:47 | 00,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2009.07.17 23:08:10 | 00,000,305 | ---- | C] () -- C:\Windows\game.ini
[2009.07.17 15:09:25 | 00,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2009.05.29 16:52:26 | 00,204,800 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009.05.29 16:47:06 | 00,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009.05.29 05:11:20 | 00,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2008.09.12 16:21:02 | 00,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest
[2007.09.04 12:56:10 | 00,164,352 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2007.04.10 23:46:39 | 00,015,498 | ---- | C] () -- C:\Windows\VX1000.ini
[2007.02.05 20:05:26 | 00,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006.11.02 14:34:27 | 00,000,219 | ---- | C] () -- C:\Windows\win.ini
[2006.11.02 14:34:27 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini

========== Files - Modified Within 30 Days ==========

[1 C:\Windows\*.tmp files]
[2009.09.12 11:25:56 | 00,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{FD5CD371-8F0F-43D9-8B58-EFE875386833}.job
[2009.09.12 11:09:38 | 00,008,704 | ---- | M] () -- C:\Windows\SysNative\drivers\PROCEXP90.SYS
[2009.09.12 11:09:05 | 00,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\cmd.execf
[2009.09.12 11:09:05 | 00,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\CF10366.exe
[2009.09.12 11:06:23 | 00,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\CF5828.exe
[2009.09.12 11:05:01 | 00,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\CF9195.exe
[2009.09.12 10:57:24 | 00,000,600 | ---- | M] () -- C:\Users\Jakub\AppData\Roaming\winscp.rnd
[2009.09.12 10:34:00 | 00,000,952 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2009.09.12 10:21:31 | 00,000,496 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2009.09.12 10:21:02 | 00,068,640 | ---- | M] () -- C:\Windows\SysNative\drivers\Lbd.sys
[2009.09.12 10:09:08 | 00,004,048 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009.09.12 10:09:08 | 00,004,048 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009.09.12 09:36:03 | 00,189,768 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2009.09.12 09:36:03 | 00,189,768 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2009.09.12 08:09:13 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009.09.11 18:34:00 | 00,000,948 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2009.09.11 16:44:34 | 00,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\Windows\gdrv.sys
[2009.09.11 16:44:32 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009.09.11 16:44:00 | 42,933,86240 | -HS- | M] () -- C:\hiberfil.sys
[2009.09.11 16:42:06 | 01,903,105 | -H-- | M] () -- C:\Users\Jakub\AppData\Local\IconCache.db
[2009.09.11 16:25:48 | 00,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009.09.10 18:34:55 | 00,000,056 | -H-- | M] () -- C:\Windows\SysWow64\ezsidmv.dat
[2009.09.10 18:34:46 | 00,002,245 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2009.09.10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2009.09.10 14:53:52 | 00,022,104 | ---- | M] () -- C:\Windows\SysNative\drivers\mbam.sys
[2009.09.09 17:54:59 | 01,402,454 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2009.09.09 17:54:59 | 00,601,854 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2009.09.09 17:54:59 | 00,589,884 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2009.09.09 17:54:59 | 00,115,998 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2009.09.09 17:54:59 | 00,101,896 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2009.09.08 21:17:52 | 00,000,483 | ---- | M] () -- C:\Users\Jakub\Desktop\Kája.lnk
[2009.09.06 11:14:50 | 00,000,553 | ---- | M] () -- C:\Users\Jakub\Desktop\VNC Viewer 4.lnk
[2009.09.06 10:17:52 | 00,001,049 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2009.09.05 22:52:00 | 02,615,773 | ---- | M] () -- C:\Users\Jakub\Desktop\Bez názvu 1.psd
[2009.09.05 22:01:09 | 00,080,318 | ---- | M] () -- C:\Users\Jakub\Desktop\logo.psd
[2009.09.05 01:54:48 | 00,094,208 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\QuickTimeVR.qtx
[2009.09.05 01:54:48 | 00,069,632 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\QuickTime.qts
[2009.09.03 21:07:51 | 00,000,000 | -H-- | M] () -- C:\Users\Jakub\Documents\Default.rdp
[2009.09.02 15:59:55 | 00,051,014 | ---- | M] () -- C:\Users\Jakub\Desktop\klasifikace.pdf
[2009.08.30 22:54:50 | 00,000,601 | ---- | M] () -- C:\Users\Jakub\Desktop\Miranda IM KP v4.2.lnk
[2009.08.29 14:31:28 | 02,535,361 | ---- | M] () -- C:\Users\Jakub\Desktop\Něco pro tebe.jpg
[2009.08.29 00:35:31 | 00,039,424 | ---- | M] () -- C:\Users\Jakub\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.08.29 00:10:41 | 26,035,144 | ---- | M] () -- C:\Windows\SysNative\mrt.exe
[2009.08.28 23:40:40 | 01,420,976 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009.08.28 23:40:27 | 00,023,888 | ---- | M] () -- C:\Users\Jakub\AppData\Roaming\UserTile.png
[2009.08.28 19:42:52 | 02,065,696 | ---- | M] () -- C:\Windows\SysNative\usbaaplrc.dll
[2009.08.28 19:42:52 | 00,049,152 | ---- | M] () -- C:\Windows\SysNative\drivers\usbaapl64.sys
[2009.08.28 14:51:05 | 00,032,256 | ---- | M] () -- C:\Windows\SysNative\Apphlpdm.dll
[2009.08.28 14:39:07 | 00,028,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\Apphlpdm.dll
[2009.08.28 12:39:32 | 04,240,384 | ---- | M] () -- C:\Windows\SysNative\GameUXLegacyGDFs.dll
[2009.08.28 12:15:30 | 04,240,384 | ---- | M] (Microsoft) -- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
[2009.08.27 20:53:29 | 02,420,008 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2009.08.27 17:35:14 | 00,390,107 | ---- | M] () -- C:\Users\Jakub\Desktop\insuperable.jpg
[2009.08.27 11:23:40 | 00,088,443 | ---- | M] () -- C:\Users\Jakub\Desktop\gjkp_49FXH.jpg
[2009.08.27 09:23:27 | 00,283,742 | ---- | M] () -- C:\Users\Jakub\Desktop\katie.psd
[2009.08.27 09:15:51 | 00,073,368 | ---- | M] () -- C:\Users\Jakub\Desktop\sonnenuntergang.jpg
[2009.08.27 03:11:25 | 00,148,312 | ---- | M] () -- C:\Users\Jakub\AppData\Local\GDIPFONTCACHEV1.DAT
[2009.08.27 00:24:56 | 00,071,733 | ---- | M] () -- C:\Users\Jakub\Desktop\karbon_vzorek.jpg
[2009.08.27 00:21:18 | 00,078,862 | ---- | M] () -- C:\Users\Jakub\Desktop\audi-tt-roadster-f.jpg
[2009.08.27 00:19:55 | 00,050,141 | ---- | M] () -- C:\Users\Jakub\Desktop\bmw-m1-prototyp-01.jpg
[2009.08.26 21:29:34 | 00,000,736 | ---- | M] () -- C:\Users\Jakub\Desktop\Photoshop.lnk
[2009.08.26 19:19:40 | 02,465,645 | ---- | M] () -- C:\Users\Jakub\Desktop\insuperable.psd
[2009.08.24 14:48:44 | 00,000,599 | ---- | M] () -- C:\Users\Jakub\Desktop\JPEG Resampler.lnk
[2009.08.20 21:17:46 | 00,195,218 | ---- | M] () -- C:\Windows\San Andreas Tools Uninstaller.exe
[2009.08.20 10:24:07 | 00,000,550 | ---- | M] () -- C:\Users\Jakub\Desktop\WinSCP.lnk
[2009.08.19 23:17:10 | 00,000,130 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2009.08.18 16:08:21 | 00,001,095 | ---- | M] () -- C:\Users\Jakub\Desktop\NeroExpress.lnk
[2009.08.18 14:08:52 | 00,043,520 | ---- | M] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2009.08.16 19:56:43 | 00,002,560 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE
[2009.08.15 18:48:32 | 00,075,064 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2009.08.14 20:05:16 | 01,418,840 | ---- | M] () -- C:\Windows\SysNative\drivers\tcpip.sys
[2009.08.14 19:29:27 | 00,141,312 | ---- | M] () -- C:\Windows\SysNative\netiohlp.dll
[2009.08.14 19:29:26 | 00,017,920 | ---- | M] () -- C:\Windows\SysNative\netevent.dll
[2009.08.14 18:29:41 | 00,104,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\netiohlp.dll
[2009.08.14 18:29:41 | 00,017,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2009.08.14 17:13:04 | 00,010,752 | ---- | M] () -- C:\Windows\SysNative\TCPSVCS.EXE
[2009.08.14 17:13:02 | 00,021,504 | ---- | M] () -- C:\Windows\SysNative\ROUTE.EXE
[2009.08.14 17:13:01 | 00,012,800 | ---- | M] () -- C:\Windows\SysNative\MRINFO.EXE
[2009.08.14 17:12:59 | 00,032,256 | ---- | M] () -- C:\Windows\SysNative\NETSTAT.EXE
[2009.08.14 17:12:59 | 00,023,040 | ---- | M] () -- C:\Windows\SysNative\ARP.EXE
[2009.08.14 17:12:58 | 00,010,240 | ---- | M] () -- C:\Windows\SysNative\HOSTNAME.EXE
[2009.08.14 17:12:57 | 00,011,264 | ---- | M] () -- C:\Windows\SysNative\finger.exe
[2009.08.14 16:16:55 | 00,017,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ROUTE.EXE
[2009.08.14 16:16:55 | 00,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\TCPSVCS.EXE
[2009.08.14 16:16:52 | 00,011,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MRINFO.EXE
[2009.08.14 16:16:51 | 00,027,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\NETSTAT.EXE
[2009.08.14 16:16:50 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ARP.EXE
[2009.08.14 16:16:49 | 00,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\finger.exe
[2009.08.14 16:16:49 | 00,008,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\HOSTNAME.EXE
[2009.08.13 18:22:34 | 00,002,018 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk

========== LOP Check ==========

[2009.08.26 16:11:10 | 00,000,000 | ---D | M] -- C:\Users\Jakub\AppData\Roaming
[2009.07.17 15:35:47 | 00,000,000 | ---D | M] -- C:\Users\Jakub\AppData\Roaming\ATI
[2009.08.03 19:44:03 | 00,000,000 | ---D | M] -- C:\Users\Jakub\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2009.07.18 09:32:36 | 00,000,000 | ---D | M] -- C:\Users\Jakub\AppData\Roaming\DAEMON Tools Lite
[2009.07.17 16:43:42 | 00,000,000 | ---D | M] -- C:\Users\Jakub\AppData\Roaming\DAEMON Tools Pro
[2009.07.25 14:09:46 | 00,000,000 | ---D | M] -- C:\Users\Jakub\AppData\Roaming\ESET
[2009.08.02 21:26:40 | 00,000,000 | ---D | M] -- C:\Users\Jakub\AppData\Roaming\GHISLER
[2009.08.31 19:46:35 | 00,000,000 | ---D | M] -- C:\Users\Jakub\AppData\Roaming\Hamachi
[2009.08.31 09:48:46 | 00,000,000 | ---D | M] -- C:\Users\Jakub\AppData\Roaming\ICQ
[2009.08.24 14:50:01 | 00,000,000 | ---D | M] -- C:\Users\Jakub\AppData\Roaming\Jpeg Resampler
[2006.11.02 17:06:33 | 00,000,000 | ---D | M] -- C:\Users\Jakub\AppData\Roaming\Media Center Programs
[2009.08.03 00:09:26 | 00,000,000 | ---D | M] -- C:\Users\Jakub\AppData\Roaming\Miranda
[2009.07.17 15:40:49 | 00,000,000 | ---D | M] -- C:\Users\Jakub\AppData\Roaming\Opera
[2009.07.27 21:40:59 | 00,000,000 | ---D | M] -- C:\Users\Jakub\AppData\Roaming\PeerNetworking
[2009.08.05 15:47:04 | 00,000,000 | ---D | M] -- C:\Users\Jakub\AppData\Roaming\Red Alert 3
[2009.08.19 23:17:09 | 00,000,000 | ---D | M] -- C:\Users\Jakub\AppData\Roaming\Ripdev
[2009.07.25 17:50:19 | 00,000,000 | RH-D | M] -- C:\Users\Jakub\AppData\Roaming\SecuROM
[2009.07.17 18:59:09 | 00,000,000 | ---D | M] -- C:\Users\Jakub\AppData\Roaming\Ubisoft
[2009.08.26 16:11:10 | 00,000,000 | ---D | M] -- C:\Users\Jakub\AppData\Roaming\UpdateStar GmbH
[2009.07.18 22:18:16 | 00,000,000 | ---D | M] -- C:\Users\Jakub\AppData\Roaming\VistaCodecs
[2009.08.01 17:06:04 | 00,000,000 | ---D | M] -- C:\Users\Jakub\AppData\Roaming\WindSolutions
[2009.09.12 10:21:31 | 00,000,496 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2009.09.11 18:34:00 | 00,000,948 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2009.09.12 10:34:00 | 00,000,952 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2009.09.11 16:44:32 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009.09.11 16:42:35 | 00,026,294 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009.09.12 11:25:56 | 00,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{FD5CD371-8F0F-43D9-8B58-EFE875386833}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:A9662AE0
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:D117B72F
< End of report >
Nahoru
Uživatelský avatar
Damned
Tvůrce článků
Master Level 9
Master Level 9
Příspěvky: 8353
Registrován: prosinec 06
Bydliště: Rokycany
Pohlaví: Muž
Stav:
Offline
Kontakt:
Kontaktovat uživatele Damned

Re: Prosim kontrolu

Příspěvekod Damned » 12 zář 2009 12:20

Odinstaluj ComboFix.
ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix[mezera]/u
*****************************************************************************************************************************************
Poklepej na ikonu OTL na ploše.Ujisti se , že máš všechny ostatní aplikace a prohlížeče zavřeny.
Pod Custom Scans/Fixes do okénka vlož následující text, zobrazený zeleně:

Kód: Vybrat vše

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294}
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D}
O33 - MountPoints2\{f6b2564e-72cf-11de-83f1-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Msetup4.exe -- [2006.12.12 10:26:44 | 00,476,752 | R--- | M] (CANON INC.)
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found

:files
C:\Windows\SysWow64\CF10366.exe
C:\ComboFix
C:\Windows\SysWow64\CF5828.exe
C:\Windows\SysWow64\CF9195.exe
C:\Windows\SysWow64\swsc.exe
C:\Windows\SysNative\drivers\PROCEXP90.SYS
C:\Qoobox
C:\Windows\SysWow64\cmd.execf
C:\Windows\tasks\SA.DAT

:Reg

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]


Poté klikni nahoře na Run Fix. Nech program nerušeně běžet, na konci se provede restart PC.
Po restartu se objeví log , prosím zkopíruj sem celý jeho obsah.
Nic není nemožné, proto tam, kde jsme s rozumem v koncích, neváháme použít kladivo.
Chceš-li vědět, co je nového, podívej se do starých knih.
Damnedovy češtiny - překlady programů pro údržbu PC
HiJackThis 2+návod FCleaner+čeština Wise Registry Cleaner
Nahoru
Odpovědět

Zpět na “HiJackThis”

Kdo je online

Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 112 hostů