zpomalení PC + trojan

pepca11 · Příspěvekod **pepca11** » 03 bře 2010 15:57

Dobrý den
Prosím o kontrolu logu. PC je již několik dní velice pomalé, dnes při otevírání Skype začal hlásit Avast trojského koně. Počítač se velice zpomalil, CPU je vytíženo na 100%. Zkusil jsem vypnout rezidentní štít Spywera a v nouzovém režimu scan Avastem, nic nenašel, v truhle také nic není, potom v normálním režimu jsem vyčistil PC CCleanerem. PC se trochu zrychlil, ale CPU je stále na 100%.
Děkuji za odpověď Pepča

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:47:15, on 3.3.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Starostovi\Dokumenty\download\programy\hijackthis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60347
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60347
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\TRANSLAT\WEBIE.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &S-Rank - {B71B15CF-3093-459C-B764-AEB2486F2273} - C:\Program Files\Seznam\Postak\SRank.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\TRANSLAT\WEBIE.DLL
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: winesm32.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Kniha klipů HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Chytrý výběr - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLAT\WEBIE.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritage.cz/Genoogle/Compo ... eQuery.dll
O16 - DPF: {EBF85371-A38F-485B-B28F-0B4C82D25937} (CUpdateCtl Object) - http://update.hpphoto.com/download/HPSWUpdate.ocx
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 9594 bytes

Reklama

Damned · Příspěvekod **Damned** » 03 bře 2010 16:16

Vypni si rezidentní štít u Spyware Terminatora.
Odinstaluj si Crawler Toolbar, ICQ Toolbar.

Spusť HJT (HijackThis), vypni prohlížeče, odpoj se od internetu a fixni (spustit HJT, "Do a system scan only",
zatrhnout políčko před hodnotou, zmáčknout "Fix checked" a poté "Ano"):

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60347
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60347
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 Class - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - Startup: winesm32.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritage.cz/Genoogle/Compo ... eQuery.dll
O16 - DPF: {EBF85371-A38F-485B-B28F-0B4C82D25937} (CUpdateCtl Object) - http://update.hpphoto.com/download/HPSWUpdate.ocx
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
*****************************************************************************************************************************************
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

pepca11 · Příspěvekod **pepca11** » 03 bře 2010 19:20

Malwarebytes' Anti-Malware 1.44
Verze databáze: 3820
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3.3.2010 19:16:55
mbam-log-2010-03-03 (19-16-42).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 121082
Uplynulý čas: 25 minute(s), 4 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 2

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
C:\Documents and Settings\Starostovi\Nabídka Start\Programy\Po spuštění\winesm32.exe (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Starostovi\Data aplikací\avdrn.dat (Malware.Trace) -> No action taken.

autoprd · Příspěvekod **autoprd** » 03 bře 2010 21:31

Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit
Můžeš sem pak vložit log z MbAM.

autoprd · Příspěvekod **autoprd** » 03 bře 2010 21:32

Vypni rez. ochrany antiviru+deaktivuj firewall.
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

pepca11 · Příspěvekod **pepca11** » 03 bře 2010 22:31

Malwarebytes' Anti-Malware 1.44
Verze databáze: 3820
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3.3.2010 22:28:44
mbam-log-2010-03-03 (22-28-44).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 121108
Uplynulý čas: 33 minute(s), 17 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 2

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
C:\Documents and Settings\Starostovi\Nabídka Start\Programy\Po spuštění\winesm32.exe (Trojan.Downloader) -> Delete on reboot.
C:\Documents and Settings\Starostovi\Data aplikací\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.

pepca11 · Příspěvekod **pepca11** » 03 bře 2010 22:59

ComboFix 10-03-03.03 - Starostovi 03.03.2010 22:45:01.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1279.886 [GMT 1:00]
Spuštěný z: c:\documents and settings\Starostovi\Plocha\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100303-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-02-03 do 2010-03-03 )))))))))))))))))))))))))))))))
.

2010-03-03 15:32 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-03 15:32 . 2010-03-03 15:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-03 15:32 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-03 14:06 . 2010-03-03 14:06 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-03-03 12:09 . 2008-04-13 19:40 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-03-03 12:09 . 2008-04-13 19:40 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2010-03-03 12:04 . 2010-03-03 12:04 -------- d-----w- c:\documents and settings\LocalService\Plocha
2010-03-03 11:57 . 2010-03-03 11:57 116 ----a-w- c:\windows\system32\fjhdyfhsn.bat

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-03 15:57 . 2008-06-17 12:34 -------- d-----w- c:\program files\ICQToolbar
2010-03-03 14:40 . 2008-11-10 14:39 -------- d-----w- c:\program files\CCleaner
2010-03-03 14:17 . 2009-12-08 11:10 -------- d-----w- c:\program files\Spyware Terminator
2010-02-28 21:12 . 2006-03-02 12:00 47206 ----a-w- c:\windows\system32\perfc005.dat
2010-02-28 21:12 . 2006-03-02 12:00 312970 ----a-w- c:\windows\system32\perfh005.dat
2010-02-10 11:04 . 2008-05-16 14:44 -------- d-----w- c:\program files\Google
2010-01-28 16:09 . 2010-01-28 16:09 -------- d-----w- c:\program files\XP Codec Pack
2009-12-31 16:50 . 2006-03-02 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:08 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-17 07:42 . 2008-05-14 21:01 343552 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:10 . 2006-03-02 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-09 10:11 . 2006-03-02 12:00 2191360 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:11 . 2004-08-17 15:45 2068224 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 11:10 . 2009-12-08 11:10 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2009-12-04 18:22 . 2006-03-02 12:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2006-07-19 13:55 . 2008-05-14 22:18 8843 -c--a-w- c:\program files\Vyroci.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-12-08_14.25.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-03 21:43 . 2010-03-03 21:43 16384 c:\windows\Temp\Perflib_Perfdata_62c.dat
+ 2010-03-03 21:43 . 2010-03-03 21:43 16384 c:\windows\Temp\Perflib_Perfdata_5e8.dat
- 2008-04-14 03:22 . 2009-10-28 15:07 46080 c:\windows\system32\tzchange.exe
+ 2008-04-14 03:22 . 2010-01-23 08:11 46080 c:\windows\system32\tzchange.exe
+ 2006-03-02 12:00 . 2009-10-21 05:40 75776 c:\windows\system32\strmfilt.dll
- 2006-03-02 12:00 . 2008-04-14 03:22 75776 c:\windows\system32\strmfilt.dll
+ 2006-11-02 15:10 . 2006-11-02 15:10 80912 c:\windows\system32\sherlock2.exe
+ 2004-08-10 05:52 . 2004-08-10 05:52 49221 c:\windows\system32\rv40.dll
+ 2004-08-10 05:52 . 2004-08-10 05:52 49221 c:\windows\system32\rv30.dll
+ 2004-08-10 05:51 . 2004-08-10 05:51 57411 c:\windows\system32\rv20.dll
+ 2004-08-10 05:50 . 2004-08-10 05:50 49216 c:\windows\system32\rv10.dll
- 2006-03-02 12:00 . 2008-04-14 03:21 79872 c:\windows\system32\raschap.dll
+ 2006-03-02 12:00 . 2009-10-12 13:40 79872 c:\windows\system32\raschap.dll
+ 2006-03-02 12:00 . 2010-02-28 21:12 40836 c:\windows\system32\perfc009.dat
+ 2004-08-17 15:49 . 2009-11-27 17:14 17920 c:\windows\system32\msyuv.dll
+ 2006-03-02 12:00 . 2009-11-27 16:09 28672 c:\windows\system32\msvidc32.dll
+ 2006-03-02 12:00 . 2009-11-27 16:09 11264 c:\windows\system32\msrle32.dll
- 2006-03-02 12:00 . 2008-04-14 03:21 11264 c:\windows\system32\msrle32.dll
+ 2007-08-13 16:54 . 2009-12-21 19:08 55296 c:\windows\system32\msfeedsbs.dll
- 2007-08-13 16:54 . 2009-08-29 07:58 55296 c:\windows\system32\msfeedsbs.dll
+ 2010-01-08 11:34 . 2010-01-08 11:34 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
- 2006-03-02 12:00 . 2009-08-29 07:58 25600 c:\windows\system32\jsproxy.dll
+ 2006-03-02 12:00 . 2009-12-21 19:08 25600 c:\windows\system32\jsproxy.dll
+ 2004-08-17 15:49 . 2009-11-27 16:09 48128 c:\windows\system32\iyuv_32.dll
+ 2006-03-02 12:00 . 2009-10-21 05:40 25088 c:\windows\system32\httpapi.dll
+ 2006-03-02 12:00 . 2009-10-15 16:32 81920 c:\windows\system32\fontsub.dll
- 2006-03-02 12:00 . 2009-06-16 14:40 81920 c:\windows\system32\fontsub.dll
+ 2008-12-17 16:22 . 2008-12-17 16:22 93184 c:\windows\system32\ff_wmv9.dll
+ 2008-12-17 16:22 . 2008-12-17 16:22 57344 c:\windows\system32\ff_vfw.dll
+ 2001-08-17 21:52 . 2001-08-17 20:52 18688 c:\windows\system32\drivers\cdaudio.sys
- 2001-08-17 21:52 . 2006-03-02 12:00 18688 c:\windows\system32\drivers\cdaudio.sys
+ 2009-06-09 18:47 . 2009-12-21 19:08 12800 c:\windows\system32\dllcache\xpshims.dll
- 2009-06-09 18:47 . 2009-08-29 07:58 12800 c:\windows\system32\dllcache\xpshims.dll
- 2006-03-02 12:00 . 2008-04-14 03:22 75776 c:\windows\system32\dllcache\strmfilt.dll
+ 2006-03-02 12:00 . 2009-10-21 05:40 75776 c:\windows\system32\dllcache\strmfilt.dll
+ 2009-10-12 13:40 . 2009-10-12 13:40 79872 c:\windows\system32\dllcache\raschap.dll
+ 2004-08-17 15:49 . 2009-11-27 17:14 17920 c:\windows\system32\dllcache\msyuv.dll
+ 2006-03-02 12:00 . 2009-11-27 16:09 28672 c:\windows\system32\dllcache\msvidc32.dll
+ 2009-11-27 16:09 . 2009-11-27 16:09 11264 c:\windows\system32\dllcache\msrle32.dll
+ 2008-05-15 20:05 . 2009-12-21 19:08 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2008-05-15 20:05 . 2009-08-29 07:58 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2007-08-13 16:54 . 2009-08-29 07:58 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2007-08-13 16:54 . 2009-12-21 19:08 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2004-08-17 15:49 . 2009-11-27 16:09 48128 c:\windows\system32\dllcache\iyuv_32.dll
+ 2006-03-02 12:00 . 2009-10-21 05:40 25088 c:\windows\system32\dllcache\httpapi.dll
+ 2006-03-02 12:00 . 2009-10-15 16:32 81920 c:\windows\system32\dllcache\fontsub.dll
- 2006-03-02 12:00 . 2009-06-16 14:40 81920 c:\windows\system32\dllcache\fontsub.dll
+ 2009-12-14 07:10 . 2009-12-14 07:10 33280 c:\windows\system32\dllcache\csrsrv.dll
+ 2001-08-17 21:52 . 2001-08-17 20:52 18688 c:\windows\system32\dllcache\cdaudio.sys
- 2009-06-10 14:15 . 2009-06-10 14:15 84992 c:\windows\system32\dllcache\avifil32.dll
+ 2009-06-10 14:15 . 2009-11-27 16:09 84992 c:\windows\system32\dllcache\avifil32.dll
+ 2006-03-02 12:00 . 2008-04-13 18:51 59904 c:\windows\system32\dllcache\atmarpc.sys
+ 2006-03-02 12:00 . 2008-04-13 18:57 14336 c:\windows\system32\dllcache\asyncmac.sys
+ 2004-08-10 05:50 . 2004-08-10 05:50 65602 c:\windows\system32\cook.dll
+ 2008-05-14 21:10 . 2010-03-03 11:56 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-05-14 21:10 . 2008-05-15 19:12 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-05-14 21:10 . 2008-05-15 19:12 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-05-14 21:10 . 2010-03-03 11:56 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-05-14 21:10 . 2008-05-15 19:12 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2010-03-03 11:56 . 2010-03-03 11:56 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2006-03-02 12:00 . 2009-11-27 16:09 84992 c:\windows\system32\avifil32.dll
- 2006-03-02 12:00 . 2009-06-10 14:15 84992 c:\windows\system32\avifil32.dll
+ 2004-08-10 05:50 . 2004-08-10 05:50 77889 c:\windows\system32\atrc.dll
+ 2010-02-25 09:01 . 2010-02-25 09:01 22528 c:\windows\Installer\11deb9.msi
+ 2009-12-22 20:05 . 2009-12-22 20:05 25214 c:\windows\Installer\{C084BC61-E537-11DE-8616-005056806466}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
+ 2009-12-09 17:32 . 2009-12-09 17:32 25214 c:\windows\Installer\{9074AFC0-CFDA-11DE-B484-005056806466}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
+ 2010-02-10 11:05 . 2010-02-10 11:05 25214 c:\windows\Installer\{2EAF7E61-068E-11DF-953C-005056806466}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe
+ 2010-02-10 11:05 . 2010-02-10 11:05 25214 c:\windows\Installer\{2EAF7E61-068E-11DF-953C-005056806466}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2010-02-10 11:05 . 2010-02-10 11:05 25214 c:\windows\Installer\{2EAF7E61-068E-11DF-953C-005056806466}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2010-02-10 11:05 . 2010-02-10 11:05 25214 c:\windows\Installer\{2EAF7E61-068E-11DF-953C-005056806466}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2010-02-10 11:05 . 2010-02-10 11:05 25214 c:\windows\Installer\{2EAF7E61-068E-11DF-953C-005056806466}\googleearth.exe1_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2010-02-10 11:05 . 2010-02-10 11:05 25214 c:\windows\Installer\{2EAF7E61-068E-11DF-953C-005056806466}\googleearth.exe_F6A848FB884248E6A4CDCBDCF41F6A74.exe
+ 2010-02-10 11:05 . 2010-02-10 11:05 25214 c:\windows\Installer\{2EAF7E61-068E-11DF-953C-005056806466}\ARPPRODUCTICON.exe
+ 2010-01-22 17:00 . 2009-10-29 07:43 12800 c:\windows\ie8updates\KB978207-IE8\xpshims.dll
+ 2010-01-22 17:00 . 2009-10-29 07:43 55296 c:\windows\ie8updates\KB978207-IE8\msfeedsbs.dll
+ 2010-01-22 17:00 . 2009-10-29 07:43 25600 c:\windows\ie8updates\KB978207-IE8\jsproxy.dll
+ 2009-12-09 17:30 . 2009-08-29 07:58 12800 c:\windows\ie8updates\KB976325-IE8\xpshims.dll
+ 2009-12-09 17:30 . 2009-08-29 07:58 55296 c:\windows\ie8updates\KB976325-IE8\msfeedsbs.dll
+ 2009-12-09 17:30 . 2009-08-29 07:58 25600 c:\windows\ie8updates\KB976325-IE8\jsproxy.dll
+ 2009-11-27 17:14 . 2009-11-27 17:14 17920 c:\windows\Driver Cache\i386\msyuv.dll
+ 2009-11-27 16:09 . 2009-11-27 16:09 48128 c:\windows\Driver Cache\i386\iyuv_32.dll
+ 2009-12-09 17:30 . 2008-04-14 03:21 79872 c:\windows\$NtUninstallKB974318$\raschap.dll
+ 2010-01-13 21:12 . 2009-06-16 14:40 81920 c:\windows\$NtUninstallKB972270$\fontsub.dll
+ 2009-12-09 17:31 . 2008-04-14 03:22 75776 c:\windows\$NtUninstallKB970430$\strmfilt.dll
+ 2009-12-09 17:31 . 2008-04-14 03:21 24576 c:\windows\$NtUninstallKB970430$\httpapi.dll
+ 2010-01-22 17:01 . 2008-07-08 12:59 26488 c:\windows\$hf_mig$\KB978207-IE8\update\spcustom.dll
+ 2010-01-22 17:01 . 2008-07-08 12:59 18296 c:\windows\$hf_mig$\KB978207-IE8\spmsg.dll
+ 2010-01-22 11:02 . 2009-12-21 19:02 12800 c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\xpshims.dll
+ 2010-01-22 11:02 . 2009-12-21 19:02 55296 c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\msfeedsbs.dll
+ 2010-01-22 11:02 . 2009-12-21 19:02 25600 c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\jsproxy.dll
+ 2009-12-09 17:30 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB976325-IE8\update\spcustom.dll
+ 2009-12-09 17:30 . 2009-05-26 11:40 18296 c:\windows\$hf_mig$\KB976325-IE8\spmsg.dll
+ 2009-12-09 06:48 . 2009-10-29 07:38 12800 c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\xpshims.dll
+ 2009-12-09 06:48 . 2009-10-29 07:38 55296 c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\msfeedsbs.dll
+ 2009-12-09 06:48 . 2009-10-29 07:38 25600 c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\jsproxy.dll
+ 2009-12-09 17:29 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB974392\update\spcustom.dll
+ 2009-12-09 17:29 . 2009-05-26 11:40 18296 c:\windows\$hf_mig$\KB974392\spmsg.dll
+ 2009-12-09 17:30 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB974318\update\spcustom.dll
+ 2009-12-09 17:30 . 2009-05-26 11:40 18296 c:\windows\$hf_mig$\KB974318\spmsg.dll
+ 2009-10-12 13:33 . 2009-10-12 13:33 79872 c:\windows\$hf_mig$\KB974318\SP3QFE\raschap.dll
+ 2009-12-09 17:29 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB973904\update\spcustom.dll
+ 2009-12-09 17:29 . 2009-05-26 11:40 18296 c:\windows\$hf_mig$\KB973904\spmsg.dll
+ 2010-01-13 21:21 . 2008-07-08 12:59 26488 c:\windows\$hf_mig$\KB972270\update\spcustom.dll
+ 2010-01-13 21:21 . 2008-07-08 12:59 18296 c:\windows\$hf_mig$\KB972270\spmsg.dll
+ 2010-01-13 13:19 . 2009-10-15 16:40 81920 c:\windows\$hf_mig$\KB972270\SP3QFE\fontsub.dll
+ 2009-12-09 17:29 . 2008-07-08 12:59 26488 c:\windows\$hf_mig$\KB971737\update\spcustom.dll
+ 2009-12-09 17:29 . 2008-07-08 12:59 18296 c:\windows\$hf_mig$\KB971737\spmsg.dll
+ 2009-12-09 17:31 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB970430\update\spcustom.dll
+ 2009-12-09 17:31 . 2009-05-26 11:40 18296 c:\windows\$hf_mig$\KB970430\spmsg.dll
+ 2009-10-21 05:42 . 2009-10-21 05:42 75776 c:\windows\$hf_mig$\KB970430\SP3QFE\strmfilt.dll
+ 2009-10-21 05:42 . 2009-10-21 05:42 25088 c:\windows\$hf_mig$\KB970430\SP3QFE\httpapi.dll
+ 2010-01-13 22:06 . 2009-05-26 11:40 26488 c:\windows\$hf_mig$\KB955759\update\spcustom.dll
+ 2010-01-13 22:06 . 2009-05-26 11:40 18296 c:\windows\$hf_mig$\KB955759\spmsg.dll
+ 2001-10-24 12:25 . 2009-11-27 16:09 8704 c:\windows\system32\tsbyuv.dll
+ 2001-10-24 12:25 . 2009-11-27 16:09 8704 c:\windows\system32\dllcache\tsbyuv.dll
+ 2009-11-27 16:09 . 2009-11-27 16:09 8704 c:\windows\Driver Cache\i386\tsbyuv.dll
+ 2006-03-02 12:00 . 2009-08-25 09:19 354816 c:\windows\system32\winhttp.dll
+ 2006-03-02 12:00 . 2009-10-15 16:32 119808 c:\windows\system32\t2embed.dll
- 2006-03-02 12:00 . 2009-06-16 14:40 119808 c:\windows\system32\t2embed.dll
+ 2004-08-10 05:50 . 2004-08-10 05:50 106561 c:\windows\system32\sipr.dll
- 2006-03-02 12:00 . 2008-04-14 03:21 474112 c:\windows\system32\shlwapi.dll
+ 2006-03-02 12:00 . 2009-12-08 09:25 474112 c:\windows\system32\shlwapi.dll
+ 2006-03-02 12:00 . 2009-10-12 13:40 150016 c:\windows\system32\rastls.dll
+ 2003-11-25 22:32 . 2003-11-25 22:32 123392 c:\windows\system32\pncrt.dll
+ 2006-03-02 12:00 . 2010-02-28 21:12 314508 c:\windows\system32\perfh009.dat
+ 2004-04-20 21:00 . 2004-04-20 21:00 172032 c:\windows\system32\OptimFROG.dll
- 2006-03-02 12:00 . 2009-08-29 07:58 206848 c:\windows\system32\occache.dll
+ 2006-03-02 12:00 . 2009-12-21 19:08 206848 c:\windows\system32\occache.dll
+ 2006-03-02 12:00 . 2009-10-13 10:34 271360 c:\windows\system32\oakley.dll
- 2006-03-02 12:00 . 2008-04-14 03:21 271360 c:\windows\system32\oakley.dll
+ 2007-08-13 16:54 . 2009-12-21 19:08 594432 c:\windows\system32\msfeeds.dll
- 2007-08-13 16:54 . 2009-08-29 07:58 594432 c:\windows\system32\msfeeds.dll
+ 2009-10-28 03:40 . 2009-10-28 03:40 257440 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2008-12-17 15:59 . 2008-12-17 15:59 560802 c:\windows\system32\libmplayer.dll
- 2006-03-02 12:00 . 2009-06-22 06:48 726528 c:\windows\system32\jscript.dll
+ 2006-03-02 12:00 . 2009-12-09 05:55 726528 c:\windows\system32\jscript.dll
- 2006-03-02 12:00 . 2009-08-29 07:58 184320 c:\windows\system32\iepeers.dll
+ 2006-03-02 12:00 . 2009-12-21 19:08 184320 c:\windows\system32\iepeers.dll
+ 2006-03-02 12:00 . 2009-12-21 19:08 387584 c:\windows\system32\iedkcs32.dll
- 2006-03-02 12:00 . 2009-08-29 07:58 387584 c:\windows\system32\iedkcs32.dll
- 2006-03-02 12:00 . 2009-08-28 10:35 173056 c:\windows\system32\ie4uinit.exe
+ 2006-03-02 12:00 . 2009-12-21 13:18 173056 c:\windows\system32\ie4uinit.exe
+ 2004-08-10 05:52 . 2004-08-10 05:52 241723 c:\windows\system32\hxltcolor.dll
+ 2008-12-17 16:41 . 2008-12-17 16:41 884237 c:\windows\system32\ff_x264.dll
+ 2008-12-17 16:17 . 2008-12-17 16:17 239247 c:\windows\system32\ff_theora.dll
+ 2004-10-03 16:50 . 2004-10-03 16:50 129024 c:\windows\system32\ff_mpeg2enc.dll
+ 2004-11-24 18:25 . 2004-11-24 18:25 335872 c:\windows\system32\drvc.dll
+ 2004-08-10 05:51 . 2004-08-10 05:51 176195 c:\windows\system32\drv2.dll
+ 2004-08-10 05:50 . 2004-08-10 05:50 102464 c:\windows\system32\drv1.dll
+ 2006-03-02 12:00 . 2009-10-20 16:20 265728 c:\windows\system32\drivers\http.sys
- 2008-05-14 22:57 . 2008-04-13 16:39 142592 c:\windows\system32\drivers\aec.sys
+ 2008-05-14 22:57 . 2008-04-13 17:39 142592 c:\windows\system32\drivers\aec.sys
- 2007-08-13 16:54 . 2009-08-29 07:58 916480 c:\windows\system32\dllcache\wininet.dll
+ 2007-08-13 16:54 . 2009-12-21 19:08 916480 c:\windows\system32\dllcache\wininet.dll
+ 2008-12-16 12:32 . 2009-08-25 09:19 354816 c:\windows\system32\dllcache\winhttp.dll
- 2006-03-02 12:00 . 2009-06-16 14:40 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2006-03-02 12:00 . 2009-10-15 16:32 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2008-10-15 09:34 . 2009-12-31 16:50 353792 c:\windows\system32\dllcache\srv.sys
- 2006-09-23 11:12 . 2006-09-23 11:12 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2006-09-23 11:12 . 2009-12-08 09:25 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2009-10-12 13:40 . 2009-10-12 13:40 150016 c:\windows\system32\dllcache\rastls.dll
- 2007-08-13 16:44 . 2009-08-29 07:58 206848 c:\windows\system32\dllcache\occache.dll
+ 2007-08-13 16:44 . 2009-12-21 19:08 206848 c:\windows\system32\dllcache\occache.dll
+ 2009-10-13 10:34 . 2009-10-13 10:34 271360 c:\windows\system32\dllcache\oakley.dll
+ 2009-12-17 07:42 . 2009-12-17 07:42 343552 c:\windows\system32\dllcache\mspaint.exe
- 2008-05-15 20:05 . 2009-08-29 07:58 594432 c:\windows\system32\dllcache\msfeeds.dll
+ 2008-05-15 20:05 . 2009-12-21 19:08 594432 c:\windows\system32\dllcache\msfeeds.dll
+ 2008-11-12 13:28 . 2009-12-04 18:22 455424 c:\windows\system32\dllcache\mrxsmb.sys
+ 2007-08-13 16:38 . 2009-12-09 05:55 726528 c:\windows\system32\dllcache\jscript.dll
- 2007-08-13 16:38 . 2009-06-22 06:48 726528 c:\windows\system32\dllcache\jscript.dll
+ 2009-06-09 18:47 . 2009-12-21 19:08 246272 c:\windows\system32\dllcache\ieproxy.dll
- 2009-06-09 18:47 . 2009-08-29 07:58 246272 c:\windows\system32\dllcache\ieproxy.dll
+ 2007-08-13 16:54 . 2009-12-21 19:08 184320 c:\windows\system32\dllcache\iepeers.dll
- 2007-08-13 16:54 . 2009-08-29 07:58 184320 c:\windows\system32\dllcache\iepeers.dll
- 2007-08-13 16:39 . 2009-08-29 07:58 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2007-08-13 16:39 . 2009-12-21 19:08 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2007-08-13 16:39 . 2009-12-21 13:18 173056 c:\windows\system32\dllcache\ie4uinit.exe
- 2007-08-13 16:39 . 2009-08-28 10:35 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2009-10-20 16:20 . 2009-10-20 16:20 265728 c:\windows\system32\dllcache\http.sys
+ 2008-05-14 22:57 . 2008-04-13 17:39 142592 c:\windows\system32\dllcache\aec.sys
+ 2006-03-02 12:00 . 2009-11-21 16:03 471552 c:\windows\system32\dllcache\aclayers.dll
+ 2010-01-22 17:00 . 2009-10-29 07:43 916480 c:\windows\ie8updates\KB978207-IE8\wininet.dll
+ 2010-01-22 17:00 . 2009-05-26 11:40 391032 c:\windows\ie8updates\KB978207-IE8\spuninst\updspapi.dll
+ 2010-01-22 17:00 . 2008-07-08 12:59 233848 c:\windows\ie8updates\KB978207-IE8\spuninst\spuninst.exe
+ 2010-01-22 17:00 . 2009-10-29 07:43 206848 c:\windows\ie8updates\KB978207-IE8\occache.dll
+ 2010-01-22 17:00 . 2009-10-29 07:43 594432 c:\windows\ie8updates\KB978207-IE8\msfeeds.dll
+ 2010-01-22 17:00 . 2009-10-29 07:43 246272 c:\windows\ie8updates\KB978207-IE8\ieproxy.dll
+ 2010-01-22 17:00 . 2009-10-29 07:43 184320 c:\windows\ie8updates\KB978207-IE8\iepeers.dll
+ 2010-01-22 17:00 . 2009-10-29 07:43 387584 c:\windows\ie8updates\KB978207-IE8\iedkcs32.dll
+ 2010-01-22 17:00 . 2009-10-28 14:40 173056 c:\windows\ie8updates\KB978207-IE8\ie4uinit.exe
+ 2010-02-24 23:10 . 2008-07-08 12:59 391032 c:\windows\ie8updates\KB976662-IE8\spuninst\updspapi.dll
+ 2010-02-24 23:10 . 2008-07-08 12:59 233848 c:\windows\ie8updates\KB976662-IE8\spuninst\spuninst.exe
+ 2010-02-24 23:10 . 2009-06-22 06:48 726528 c:\windows\ie8updates\KB976662-IE8\jscript.dll
+ 2009-12-09 17:30 . 2009-08-29 07:58 916480 c:\windows\ie8updates\KB976325-IE8\wininet.dll
+ 2009-12-09 17:30 . 2009-05-26 11:40 391032 c:\windows\ie8updates\KB976325-IE8\spuninst\updspapi.dll
+ 2009-12-09 17:30 . 2009-05-26 11:40 233848 c:\windows\ie8updates\KB976325-IE8\spuninst\spuninst.exe
+ 2009-12-09 17:30 . 2009-08-29 07:58 206848 c:\windows\ie8updates\KB976325-IE8\occache.dll
+ 2009-12-09 17:30 . 2009-08-29 07:58 594432 c:\windows\ie8updates\KB976325-IE8\msfeeds.dll
+ 2009-12-09 17:30 . 2009-08-29 07:58 246272 c:\windows\ie8updates\KB976325-IE8\ieproxy.dll
+ 2009-12-09 17:30 . 2009-08-29 07:58 184320 c:\windows\ie8updates\KB976325-IE8\iepeers.dll
+ 2009-12-09 17:30 . 2009-08-29 07:58 387584 c:\windows\ie8updates\KB976325-IE8\iedkcs32.dll
+ 2009-12-09 17:30 . 2009-08-28 10:35 173056 c:\windows\ie8updates\KB976325-IE8\ie4uinit.exe
+ 2008-11-12 13:28 . 2009-12-04 18:22 455424 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2009-10-20 16:20 . 2009-10-20 16:20 265728 c:\windows\Driver Cache\i386\http.sys
+ 2006-03-02 12:00 . 2009-11-21 16:03 471552 c:\windows\AppPatch\aclayers.dll
+ 2009-12-09 17:29 . 2009-05-26 11:40 391032 c:\windows\$NtUninstallKB974392$\spuninst\updspapi.dll
+ 2009-12-09 17:29 . 2009-05-26 11:40 233848 c:\windows\$NtUninstallKB974392$\spuninst\spuninst.exe
+ 2009-12-09 17:29 . 2008-04-14 03:21 271360 c:\windows\$NtUninstallKB974392$\oakley.dll
+ 2009-12-09 17:30 . 2009-05-26 11:40 391032 c:\windows\$NtUninstallKB974318$\spuninst\updspapi.dll
+ 2009-12-09 17:30 . 2009-05-26 11:40 233848 c:\windows\$NtUninstallKB974318$\spuninst\spuninst.exe
+ 2009-12-09 17:30 . 2008-04-14 03:21 150528 c:\windows\$NtUninstallKB974318$\rastls.dll
+ 2009-12-09 17:29 . 2009-05-26 11:40 391032 c:\windows\$NtUninstallKB973904$\spuninst\updspapi.dll
+ 2009-12-09 17:29 . 2009-05-26 11:40 233848 c:\windows\$NtUninstallKB973904$\spuninst\spuninst.exe
+ 2009-12-09 17:29 . 2003-07-15 04:51 116288 c:\windows\$NtUninstallKB973904$\msconv97.dll
+ 2010-01-13 21:11 . 2009-06-16 14:40 119808 c:\windows\$NtUninstallKB972270$\t2embed.dll
+ 2010-01-13 21:17 . 2008-07-08 12:59 391032 c:\windows\$NtUninstallKB972270$\spuninst\updspapi.dll
+ 2010-01-13 21:18 . 2008-07-08 12:59 233848 c:\windows\$NtUninstallKB972270$\spuninst\spuninst.exe
+ 2009-12-09 17:29 . 2008-12-16 12:32 354304 c:\windows\$NtUninstallKB971737$\winhttp.dll
+ 2009-12-09 17:29 . 2009-05-26 11:40 391032 c:\windows\$NtUninstallKB971737$\spuninst\updspapi.dll
+ 2009-12-09 17:29 . 2008-07-08 12:59 233848 c:\windows\$NtUninstallKB971737$\spuninst\spuninst.exe
+ 2009-12-09 17:31 . 2009-05-26 11:40 391032 c:\windows\$NtUninstallKB970430$\spuninst\updspapi.dll
+ 2009-12-09 17:31 . 2009-05-26 11:40 233848 c:\windows\$NtUninstallKB970430$\spuninst\spuninst.exe
+ 2009-12-09 17:31 . 2008-04-13 18:53 264832 c:\windows\$NtUninstallKB970430$\http.sys
+ 2010-01-13 22:06 . 2009-05-26 16:10 391032 c:\windows\$NtUninstallKB955759$\spuninst\updspapi.dll
+ 2010-01-13 22:06 . 2009-05-26 11:40 233848 c:\windows\$NtUninstallKB955759$\spuninst\spuninst.exe
+ 2010-01-13 22:06 . 2008-04-14 03:21 451072 c:\windows\$NtUninstallKB955759$\aclayers.dll
+ 2010-01-22 17:01 . 2009-05-26 11:40 391032 c:\windows\$hf_mig$\KB978207-IE8\update\updspapi.dll
+ 2010-01-22 17:01 . 2009-05-26 11:40 759160 c:\windows\$hf_mig$\KB978207-IE8\update\update.exe
+ 2010-01-22 17:01 . 2008-07-08 12:59 233848 c:\windows\$hf_mig$\KB978207-IE8\spuninst.exe
+ 2010-01-22 11:02 . 2009-12-21 19:02 916480 c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\wininet.dll
+ 2010-01-22 11:02 . 2009-12-21 19:02 206848 c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\occache.dll
+ 2010-01-22 11:02 . 2009-12-21 19:02 594432 c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\msfeeds.dll
+ 2010-01-22 11:02 . 2009-12-21 19:02 246272 c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\ieproxy.dll
+ 2010-01-22 11:02 . 2009-12-21 19:02 184320 c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\iepeers.dll
+ 2010-01-22 11:02 . 2009-12-21 19:02 387584 c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\iedkcs32.dll
+ 2010-01-22 11:02 . 2009-12-21 13:22 173056 c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\ie4uinit.exe
+ 2009-12-09 17:30 . 2009-05-26 11:40 391032 c:\windows\$hf_mig$\KB976325-IE8\update\updspapi.dll
+ 2009-12-09 17:30 . 2009-05-26 11:40 759160 c:\windows\$hf_mig$\KB976325-IE8\update\update.exe
+ 2009-12-09 17:30 . 2009-05-26 11:40 233848 c:\windows\$hf_mig$\KB976325-IE8\spuninst.exe
+ 2009-12-09 06:48 . 2009-10-29 07:38 916480 c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\wininet.dll
+ 2009-12-09 06:48 . 2009-10-29 07:38 206848 c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\occache.dll
+ 2009-12-09 06:48 . 2009-10-29 07:38 594432 c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\msfeeds.dll
+ 2009-12-09 06:48 . 2009-10-29 07:38 246272 c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\ieproxy.dll
+ 2009-12-09 06:48 . 2009-10-29 07:38 184320 c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\iepeers.dll
+ 2009-12-09 06:48 . 2009-10-29 07:37 387584 c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\iedkcs32.dll
+ 2009-12-09 06:48 . 2009-10-28 14:09 173056 c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\ie4uinit.exe
+ 2009-12-09 17:29 . 2009-05-26 11:40 391032 c:\windows\$hf_mig$\KB974392\update\updspapi.dll
+ 2009-12-09 17:29 . 2009-05-26 11:40 759160 c:\windows\$hf_mig$\KB974392\update\update.exe
+ 2009-12-09 17:29 . 2009-05-26 11:40 233848 c:\windows\$hf_mig$\KB974392\spuninst.exe
+ 2009-10-13 10:39 . 2009-10-13 10:39 271360 c:\windows\$hf_mig$\KB974392\SP3QFE\oakley.dll
+ 2009-12-09 17:30 . 2009-05-26 11:40 391032 c:\windows\$hf_mig$\KB974318\update\updspapi.dll
+ 2009-12-09 17:30 . 2009-05-26 11:40 759160 c:\windows\$hf_mig$\KB974318\update\update.exe
+ 2009-12-09 17:30 . 2009-05-26 11:40 233848 c:\windows\$hf_mig$\KB974318\spuninst.exe
+ 2009-10-12 13:33 . 2009-10-12 13:33 150528 c:\windows\$hf_mig$\KB974318\SP3QFE\rastls.dll
+ 2009-12-09 17:29 . 2009-05-26 11:40 391032 c:\windows\$hf_mig$\KB973904\update\updspapi.dll
+ 2009-12-09 17:29 . 2009-05-26 11:40 759160 c:\windows\$hf_mig$\KB973904\update\update.exe
+ 2009-12-09 17:29 . 2009-05-26 11:40 233848 c:\windows\$hf_mig$\KB973904\spuninst.exe
+ 2009-12-09 06:47 . 2009-07-29 14:00 119648 c:\windows\$hf_mig$\KB973904\SP3QFE\msconv97.dll
+ 2010-01-13 21:21 . 2008-07-08 12:59 391032 c:\windows\$hf_mig$\KB972270\update\updspapi.dll
+ 2010-01-13 21:21 . 2008-07-08 12:59 759160 c:\windows\$hf_mig$\KB972270\update\update.exe
+ 2010-01-13 21:21 . 2008-07-08 12:59 233848 c:\windows\$hf_mig$\KB972270\spuninst.exe
+ 2010-01-13 13:19 . 2009-10-15 16:40 119808 c:\windows\$hf_mig$\KB972270\SP3QFE\t2embed.dll
+ 2009-12-09 17:29 . 2009-05-26 11:40 391032 c:\windows\$hf_mig$\KB971737\update\updspapi.dll
+ 2009-12-09 17:29 . 2009-05-26 11:40 759160 c:\windows\$hf_mig$\KB971737\update\update.exe
+ 2009-12-09 17:29 . 2008-07-08 12:59 233848 c:\windows\$hf_mig$\KB971737\spuninst.exe
+ 2009-08-25 09:31 . 2009-08-25 09:31 354816 c:\windows\$hf_mig$\KB971737\SP3QFE\winhttp.dll
+ 2009-12-09 17:31 . 2009-05-26 11:40 391032 c:\windows\$hf_mig$\KB970430\update\updspapi.dll
+ 2009-12-09 17:31 . 2009-05-26 11:40 759160 c:\windows\$hf_mig$\KB970430\update\update.exe
+ 2009-12-09 17:31 . 2009-05-26 11:40 233848 c:\windows\$hf_mig$\KB970430\spuninst.exe
+ 2009-10-20 15:21 . 2009-10-20 15:21 265728 c:\windows\$hf_mig$\KB970430\SP3QFE\http.sys
+ 2010-01-13 22:06 . 2009-05-26 16:10 391032 c:\windows\$hf_mig$\KB955759\update\updspapi.dll
+ 2010-01-13 22:06 . 2009-05-26 11:40 759160 c:\windows\$hf_mig$\KB955759\update\update.exe
+ 2010-01-13 22:06 . 2009-05-26 11:40 233848 c:\windows\$hf_mig$\KB955759\spuninst.exe
+ 2010-01-13 13:19 . 2009-11-21 15:49 471552 c:\windows\$hf_mig$\KB955759\SP3QFE\aclayers.dll
+ 2009-06-24 13:39 . 2009-06-24 13:39 1003520 c:\windows\system32\VSFilter.dll
- 2006-03-02 12:00 . 2009-08-29 07:58 1208832 c:\windows\system32\urlmon.dll
+ 2006-03-02 12:00 . 2009-12-21 19:08 1208832 c:\windows\system32\urlmon.dll
+ 2006-03-02 12:00 . 2009-11-27 17:14 1294336 c:\windows\system32\quartz.dll
+ 2006-03-02 12:00 . 2009-12-21 19:08 5942784 c:\windows\system32\mshtml.dll
+ 2009-10-28 03:40 . 2009-10-28 03:40 3885984 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2008-12-19 14:15 . 2008-12-19 14:15 4338246 c:\windows\system32\libavcodec.dll
+ 2007-08-13 16:34 . 2009-12-21 19:08 1985536 c:\windows\system32\iertutil.dll
- 2007-08-13 16:34 . 2009-08-29 07:58 1985536 c:\windows\system32\iertutil.dll
- 2007-08-13 16:54 . 2009-08-29 07:58 1208832 c:\windows\system32\dllcache\urlmon.dll
+ 2007-08-13 16:54 . 2009-12-21 19:08 1208832 c:\windows\system32\dllcache\urlmon.dll
+ 2008-05-07 05:12 . 2009-11-27 17:14 1294336 c:\windows\system32\dllcache\quartz.dll
- 2008-10-15 09:33 . 2009-08-04 20:59 2191360 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2008-10-15 09:33 . 2009-12-09 10:11 2191360 c:\windows\system32\dllcache\ntoskrnl.exe
- 2008-10-15 09:33 . 2009-08-04 17:29 2025984 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2008-10-15 09:33 . 2009-12-09 10:11 2025984 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2008-10-15 09:33 . 2009-12-09 10:11 2068224 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2008-10-15 09:33 . 2009-08-04 17:29 2068224 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-10-15 09:33 . 2009-12-09 10:11 2147328 c:\windows\system32\dllcache\ntkrnlmp.exe
- 2008-10-15 09:33 . 2009-08-04 17:29 2147328 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2007-08-13 16:54 . 2009-12-21 19:08 5942784 c:\windows\system32\dllcache\mshtml.dll
+ 2008-05-15 20:05 . 2009-12-21 19:08 1985536 c:\windows\system32\dllcache\iertutil.dll
- 2008-05-15 20:05 . 2009-08-29 07:58 1985536 c:\windows\system32\dllcache\iertutil.dll
+ 2010-02-10 11:05 . 2010-02-10 11:05 1262080 c:\windows\Installer\1349f13.msi
+ 2010-01-22 17:00 . 2009-10-29 07:43 1208832 c:\windows\ie8updates\KB978207-IE8\urlmon.dll
+ 2010-01-22 17:00 . 2009-10-29 07:43 5940736 c:\windows\ie8updates\KB978207-IE8\mshtml.dll
+ 2010-01-22 17:00 . 2009-10-29 07:43 1985536 c:\windows\ie8updates\KB978207-IE8\iertutil.dll
+ 2009-12-09 17:30 . 2009-08-29 07:58 1208832 c:\windows\ie8updates\KB976325-IE8\urlmon.dll
+ 2009-12-09 17:30 . 2009-10-22 09:18 5939712 c:\windows\ie8updates\KB976325-IE8\mshtml.dll
+ 2009-12-09 17:30 . 2009-08-29 07:58 1985536 c:\windows\ie8updates\KB976325-IE8\iertutil.dll
- 2008-10-15 09:33 . 2009-08-04 20:59 2191360 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2008-10-15 09:33 . 2009-12-09 10:11 2191360 c:\windows\Driver Cache\i386\ntoskrnl.exe
- 2008-10-15 09:33 . 2009-08-04 17:29 2025984 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-10-15 09:33 . 2009-12-09 10:11 2025984 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2008-10-15 09:33 . 2009-08-04 17:29 2068224 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-10-15 09:33 . 2009-12-09 10:11 2068224 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2008-10-15 09:33 . 2009-08-04 17:29 2147328 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2008-10-15 09:33 . 2009-12-09 10:11 2147328 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2010-01-22 11:02 . 2009-12-21 19:02 1209344 c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\urlmon.dll
+ 2010-01-22 11:02 . 2009-12-21 19:02 5945856 c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\mshtml.dll
+ 2010-01-22 11:02 . 2009-12-21 19:02 1986048 c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\iertutil.dll
+ 2009-12-09 06:48 . 2009-10-29 07:38 1209344 c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\urlmon.dll
+ 2009-12-09 06:48 . 2009-10-29 07:38 5944320 c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\mshtml.dll
+ 2009-12-09 06:48 . 2009-10-29 07:38 1986048 c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\iertutil.dll
+ 2008-05-15 20:01 . 2010-02-01 19:26 30364104 c:\windows\system32\MRT.exe
+ 2007-08-13 16:54 . 2009-12-21 19:08 11070464 c:\windows\system32\ieframe.dll
+ 2008-05-15 20:05 . 2009-12-21 19:08 11070464 c:\windows\system32\dllcache\ieframe.dll
+ 2010-01-22 17:00 . 2009-10-29 07:43 11069952 c:\windows\ie8updates\KB978207-IE8\ieframe.dll
+ 2009-12-09 17:30 . 2009-08-29 07:58 11069440 c:\windows\ie8updates\KB976325-IE8\ieframe.dll
+ 2009-12-22 13:02 . 2009-12-22 13:02 11070976 c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\ieframe.dll
+ 2009-10-29 12:08 . 2009-10-29 12:08 11070464 c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\ieframe.dll
.
-- Snímek resetován k současnému datu --
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2009-12-08 2166784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Zástupce - Organizer.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Zástupce - Organizer.lnk
backup=c:\windows\pss\Zástupce - Organizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Starostovi^Nabídka Start^Programy^Po spuštění^winesm32.exe]
path=c:\documents and settings\Starostovi\Nabídka Start\Programy\Po spuštění\winesm32.exe
backup=c:\windows\pss\winesm32.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-03-11 19:34 49152 -c--a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-08-20 08:54 150016 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 13:40 155648 -c--a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Organizér]
2006-04-19 14:15 985088 ----a-w- c:\documents and settings\Starostovi\Dokumenty\Ostatní dokumenty\Organizér\Organizer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2007-12-07 13:08 21686568 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMail]
2008-02-21 19:22 453936 ----a-w- c:\program files\Seznam\Postak\Postak.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-02-13 22:23 136600 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-05-24 12:22 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [14.5.2008 22:29 114768]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [8.12.2009 12:10 142592]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [14.5.2008 22:29 20560]
R3 SNCP106;PC Camera (6009 CIF);c:\windows\system32\drivers\sncp106.sys [17.4.2009 12:43 243712]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23.5.2008 15:00 639224]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11.7.2009 18:51 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'

2010-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-11 17:51]

2010-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-11 17:51]

2010-03-03 c:\windows\Tasks\User_Feed_Synchronization-{2EB5E2A8-B499-49CC-BFB5-3D6E4C4DA74A}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\translat\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\translat\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\translat\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\translat\WEBIE.DLL
FF - ProfilePath - c:\documents and settings\Starostovi\Data aplikací\Mozilla\Firefox\Profiles\h7o62b59.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatche ... 60347&qkw=
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Picasa2\npPicasa3.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-03 22:50
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
Celkový čas: 2010-03-03 22:53:26
ComboFix-quarantined-files.txt 2010-03-03 21:53
ComboFix2.txt 2009-12-08 14:28

Před spuštěním: Volných bajtů: 41 911 582 720
Po spuštění: Volných bajtů: 41 874 497 536

- - End Of File - - BD31484EAAADD07A2E8977325D8853EC

Damned · Příspěvekod **Damned** » 03 bře 2010 23:24

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:

File::
c:\windows\system32\fjhdyfhsn.bat
c:\windows\pss\winesm32.exeStartup
c:\windows\pss\winesm32.exe
c:\documents and settings\Starostovi\Nabídka Start\Programy\Po spuštění\winesm32.exe

Firefox::
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatche ... 60347&qkw=

Folder::
c:\program files\ICQToolbar
C:\program files\Crawler\Toolbar

Extra::

Registry::
[-HKLM\~\startupfolder\C:^Documents and Settings^Starostovi^Nabídka Start^Programy^Po spuštění^winesm32.exe]

Registry-clean::

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.

- Automaticky se spustí ComboFix, oprava může trvat i déle než 10 minut. ! Nech ComboFix dokončit svou práci !
- Vlož sem log, který vyběhne v závěru čistícího procesu

pepca11 · Příspěvekod **pepca11** » 04 bře 2010 16:29

ComboFix 10-03-03.03 - Starostovi 04.03.2010 16:20:00.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1279.891 [GMT 1:00]
Spuštěný z: c:\documents and settings\Starostovi\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Starostovi\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100304-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\documents and settings\Starostovi\Nabídka Start\Programy\Po spuštění\winesm32.exe"
"c:\windows\pss\winesm32.exe"
"c:\windows\pss\winesm32.exeStartup"
"c:\windows\system32\fjhdyfhsn.bat"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\ICQToolbar
c:\program files\ICQToolbar\about.html
c:\program files\ICQToolbar\basis.xml
c:\program files\ICQToolbar\Dlg_Res.xml
c:\program files\ICQToolbar\download.html
c:\program files\ICQToolbar\Games.xml
c:\program files\ICQToolbar\games_button.xml
c:\program files\ICQToolbar\icons.bmp
c:\program files\ICQToolbar\loading.html
c:\program files\ICQToolbar\logo_small.gif
c:\program files\ICQToolbar\newversion.txt
c:\program files\ICQToolbar\tb_buttons.xml
c:\program files\ICQToolbar\tb_games.xml
c:\program files\ICQToolbar\tb_options.xml
c:\program files\ICQToolbar\toolbaru.crc
c:\program files\ICQToolbar\version.txt
c:\windows\system32\fjhdyfhsn.bat

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-04 do 2010-03-04 )))))))))))))))))))))))))))))))
.

2010-03-03 15:32 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-03 15:32 . 2010-03-03 15:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-03 15:32 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-03 14:06 . 2010-03-03 14:06 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-03-03 12:09 . 2008-04-13 19:40 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-03-03 12:09 . 2008-04-13 19:40 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2010-03-03 12:04 . 2010-03-03 12:04 -------- d-----w- c:\documents and settings\LocalService\Plocha

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-03 14:40 . 2008-11-10 14:39 -------- d-----w- c:\program files\CCleaner
2010-03-03 14:17 . 2009-12-08 11:10 -------- d-----w- c:\program files\Spyware Terminator
2010-02-28 21:12 . 2006-03-02 12:00 47206 ----a-w- c:\windows\system32\perfc005.dat
2010-02-28 21:12 . 2006-03-02 12:00 312970 ----a-w- c:\windows\system32\perfh005.dat
2010-02-10 11:04 . 2008-05-16 14:44 -------- d-----w- c:\program files\Google
2010-01-28 16:09 . 2010-01-28 16:09 -------- d-----w- c:\program files\XP Codec Pack
2009-12-31 16:50 . 2006-03-02 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:08 . 2006-03-02 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-12-17 07:42 . 2008-05-14 21:01 343552 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:10 . 2006-03-02 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-09 10:11 . 2006-03-02 12:00 2191360 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-09 10:11 . 2004-08-17 15:45 2068224 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 11:10 . 2009-12-08 11:10 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2009-12-04 18:22 . 2006-03-02 12:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2006-07-19 13:55 . 2008-05-14 22:18 8843 -c--a-w- c:\program files\Vyroci.dat
.

((((((((((((((((((((((((((((( SnapShot_2010-03-03_21.50.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-03-04 15:17 . 2010-03-04 15:17 16384 c:\windows\Temp\Perflib_Perfdata_634.dat
+ 2010-03-04 15:18 . 2010-03-04 15:18 16384 c:\windows\Temp\Perflib_Perfdata_590.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2009-12-08 2166784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Zástupce - Organizer.lnk]
path=c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Zástupce - Organizer.lnk
backup=c:\windows\pss\Zástupce - Organizer.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-03-11 19:34 49152 -c--a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-08-20 08:54 150016 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 13:40 155648 -c--a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Organizér]
2006-04-19 14:15 985088 ----a-w- c:\documents and settings\Starostovi\Dokumenty\Ostatní dokumenty\Organizér\Organizer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2007-12-07 13:08 21686568 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMail]
2008-02-21 19:22 453936 ----a-w- c:\program files\Seznam\Postak\Postak.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-02-13 22:23 136600 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-05-24 12:22 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [14.5.2008 22:29 114768]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [8.12.2009 12:10 142592]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [14.5.2008 22:29 20560]
R3 SNCP106;PC Camera (6009 CIF);c:\windows\system32\drivers\sncp106.sys [17.4.2009 12:43 243712]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23.5.2008 15:00 639224]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [11.7.2009 18:51 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Obsah adresáře 'Naplánované úlohy'

2010-03-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-11 17:51]

2010-03-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-11 17:51]

2010-03-04 c:\windows\Tasks\User_Feed_Synchronization-{2EB5E2A8-B499-49CC-BFB5-3D6E4C4DA74A}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\translat\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\translat\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\translat\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\translat\WEBIE.DLL
FF - ProfilePath - c:\documents and settings\Starostovi\Data aplikací\Mozilla\Firefox\Profiles\h7o62b59.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatche ... 60347&qkw=
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Picasa2\npPicasa3.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-04 16:25
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
Celkový čas: 2010-03-04 16:28:34
ComboFix-quarantined-files.txt 2010-03-04 15:28
ComboFix2.txt 2010-03-03 21:53
ComboFix3.txt 2009-12-08 14:28

Před spuštěním: Volných bajtů: 41 881 640 960
Po spuštění: Volných bajtů: 41 843 638 272

- - End Of File - - 330B64318CC01D6C13FCDC7D865068E5

Damned · Příspěvekod **Damned** » 04 bře 2010 16:37

Odinstaluj ComboFix ( nutné ) .
ComboFix se odinstaluje takto:
Start-Spustit a zadej Combofix[mezera]/uninstall

Stáhni si T-Cleaner ( nutné - smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš->spustíš)

(pozn.Pokud máš AVG nebo Aviru, před stažením T-Cleaneru a po dobu čištění deaktivuj AVG i Aviru (i rezidenty), následně T-Cleaner smaž a zapni si AVG, Aviru.)
*****************************************************************************************************************************************
Stáhni si OTL na Plochu.
Ujisti se , že máš zavřena všechna ostatní okna a poklepej na ikonu OTL.Nahoře v okně pod Output klikni na minimal Output.Pod Standard Registry změň na All. Zatrhni LOP Check a Purity Check. File age změň na 14 days. Všechny ostatní nastavení ponech jak jsou. Klikni na Run Scan. Sken může trvat dlouho, až skončí otevřou se dva logy:
OTL.Txt
Extras.Txt
Jsou uloženy ve stejném místě jako OTL. Oba logy sem prosím zkopíruj

pepca11 · Příspěvekod **pepca11** » 04 bře 2010 17:15

OTL logfile created on: 4.3.2010 16:57:25 - Run 1
OTL by OldTimer - Version 3.1.33.0 Folder = C:\Documents and Settings\Starostovi\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 72,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 89,00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,55 Gb Total Space | 43,49 Gb Free Space | 58,33% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC
Current User Name: Starostovi
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 14 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Starostovi\Plocha\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (Rocket Division Software)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Starostovi\Plocha\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (sp_rssrv) -- C:\Program Files\Spyware Terminator\sp_rsser.exe (Crawler.com)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (StarWindService) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (Rocket Division Software)

========== Driver Services (SafeList) ==========

DRV - (sp_rsdrv2) -- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ()
DRV - (aswMon2) -- C:\WINDOWS\system32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswSP) -- C:\WINDOWS\system32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (aswTdi) -- C:\WINDOWS\system32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswRdr) -- C:\WINDOWS\system32\drivers\aswRdr.sys (ALWIL Software)
DRV - (Aavmker4) -- C:\WINDOWS\system32\drivers\aavmker4.sys (ALWIL Software)
DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (Changer) -- C:\WINDOWS\system32\drivers\changer.sys (Microsoft Corporation)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (SNCP106) PC Camera (6009 CIF) -- C:\WINDOWS\system32\drivers\sncp106.sys ()
DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)
DRV - (irsir) -- C:\WINDOWS\system32\drivers\irsir.sys (Microsoft Corporation)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Prev Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.order.1: "Crawler Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.8
FF - prefs.js..keyword.URL: "http://www.crawler.com/search/dispatcher.aspx?tp=aus&tbid=60347&qkw="

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009.02.13 23:23:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.02.19 10:27:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.02.19 10:27:58 | 000,000,000 | ---D | M]

[2009.12.08 11:50:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Starostovi\Data aplikací\Mozilla\Extensions
[2009.12.08 11:50:39 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Starostovi\Data aplikací\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010.03.03 16:46:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Starostovi\Data aplikací\Mozilla\Firefox\Profiles\h7o62b59.default\extensions
[2010.03.02 14:25:55 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\Starostovi\Data aplikací\Mozilla\Firefox\Profiles\h7o62b59.default\searchplugins\icqplugin-1.xml
[2009.12.08 11:48:47 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Starostovi\Data aplikací\Mozilla\Firefox\Profiles\h7o62b59.default\searchplugins\icqplugin-2.xml
[2008.07.25 16:34:04 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Starostovi\Data aplikací\Mozilla\Firefox\Profiles\h7o62b59.default\searchplugins\icqplugin-3.xml
[2009.03.20 05:04:50 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Starostovi\Data aplikací\Mozilla\Firefox\Profiles\h7o62b59.default\searchplugins\icqplugin-4.xml
[2009.10.09 16:30:26 | 000,000,950 | ---- | M] () -- C:\Documents and Settings\Starostovi\Data aplikací\Mozilla\Firefox\Profiles\h7o62b59.default\searchplugins\icqplugin-5.xml
[2009.12.08 13:21:36 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\Starostovi\Data aplikací\Mozilla\Firefox\Profiles\h7o62b59.default\searchplugins\icqplugin-6.xml
[2010.01.07 11:10:28 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\Starostovi\Data aplikací\Mozilla\Firefox\Profiles\h7o62b59.default\searchplugins\icqplugin-7.xml
[2010.02.19 10:28:42 | 000,000,961 | ---- | M] () -- C:\Documents and Settings\Starostovi\Data aplikací\Mozilla\Firefox\Profiles\h7o62b59.default\searchplugins\icqplugin-8.xml
[2008.03.31 09:52:00 | 000,000,168 | ---- | M] () -- C:\Documents and Settings\Starostovi\Data aplikací\Mozilla\Firefox\Profiles\h7o62b59.default\searchplugins\icqplugin.gif
[2008.03.31 09:52:00 | 000,000,618 | ---- | M] () -- C:\Documents and Settings\Starostovi\Data aplikací\Mozilla\Firefox\Profiles\h7o62b59.default\searchplugins\icqplugin.src
[2008.05.23 14:27:59 | 000,000,962 | ---- | M] () -- C:\Documents and Settings\Starostovi\Data aplikací\Mozilla\Firefox\Profiles\h7o62b59.default\searchplugins\icqplugin.xml
[2010.03.03 20:20:02 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.02.19 10:27:58 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008.05.16 17:15:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2009.02.13 23:24:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2010.02.19 10:27:46 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010.02.19 10:27:46 | 000,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2007.04.10 16:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
[2009.02.13 23:23:39 | 000,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2010.02.19 10:27:50 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2009.09.21 12:24:16 | 000,001,329 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml
[2009.11.03 02:45:38 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009.11.03 02:45:38 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2009.11.03 02:45:38 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2009.11.03 02:45:38 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2009.11.03 02:45:38 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2009.11.03 02:45:38 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2006.03.02 13:00:00 | 000,000,737 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (WebTransBHO Class) - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\TRANSLAT\WEBIE.DLL ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&S-Rank) - {B71B15CF-3093-459C-B764-AEB2486F2273} - C:\Program Files\Seznam\Postak\SRank.dll (Seznam.cz a.s.)
O3 - HKLM\..\Toolbar: (WebTranslator) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\TRANSLAT\WEBIE.DLL ()
O3 - HKCU\..\Toolbar\ShellBrowser: (&Adresa) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O3 - HKCU\..\Toolbar\WebBrowser: (&Adresa) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O3 - HKCU\..\Toolbar\WebBrowser: (&Odkazy) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (ICQ Toolbar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (&S-Rank) - {B71B15CF-3093-459C-B764-AEB2486F2273} - C:\Program Files\Seznam\Postak\SRank.dll (Seznam.cz a.s.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [SpywareTerminator] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Kniha klipů HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: HP Chytrý výběr - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\TRANSLAT\WEBIE.DLL ()
O9 - Extra Button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLAT\WEBIE.DLL ()
O9 - Extra 'Tools' menuitem : Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\TRANSLAT\WEBIE.DLL ()
O9 - Extra 'Tools' menuitem : Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLAT\WEBIE.DLL ()
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe (ICQ, Inc.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe (ICQ, Inc.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 77.48.254.254 77.48.100.254
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Proces mezipaměti kategorií součástí - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Nebe.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Nebe.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010.03.04 16:54:13 | 000,552,960 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Starostovi\Plocha\OTL.exe
[2010.03.04 16:52:55 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010.03.03 16:32:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Starostovi\Data aplikací\Malwarebytes
[2010.03.03 16:32:28 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.03.03 16:32:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
[2010.03.03 16:32:22 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.03.03 16:32:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.03.03 15:45:08 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Starostovi\Recent
[2010.03.03 13:09:36 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\changer.sys
[2010.03.03 13:09:36 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\changer.sys
[2010.02.20 20:24:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Starostovi\Plocha\Zimní umění Ledeč 2010
[2009.12.08 12:56:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Google
[2009.07.11 18:56:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Google
[2008.05.15 20:12:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Microsoft
[2008.05.15 07:45:04 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Data aplikací\Microsoft
[2008.05.14 22:10:27 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Data aplikací\Microsoft
[2008.05.14 22:10:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Microsoft
[2004.11.24 19:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010.03.04 16:54:18 | 000,552,960 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Starostovi\Plocha\OTL.exe
[2010.03.04 16:52:38 | 000,000,560 | ---- | M] () -- C:\WINDOWS\TRNCOM.INI
[2010.03.04 16:49:02 | 000,210,432 | ---- | M] () -- C:\Documents and Settings\Starostovi\Plocha\T-Cleaner.exe
[2010.03.04 16:46:43 | 000,000,476 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{2EB5E2A8-B499-49CC-BFB5-3D6E4C4DA74A}.job
[2010.03.04 16:28:35 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.03.04 16:25:58 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.03.04 16:17:58 | 000,000,944 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.03.04 16:17:49 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.03.04 16:17:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.03.04 16:17:44 | 1340,919,808 | -HS- | M] () -- C:\hiberfil.sys
[2010.03.04 16:16:46 | 004,718,592 | ---- | M] () -- C:\Documents and Settings\Starostovi\ntuser.dat
[2010.03.04 16:16:46 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\Starostovi\ntuser.ini
[2010.03.04 16:06:00 | 000,000,948 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.03.03 16:32:32 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2010.03.03 15:40:10 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\Starostovi\Plocha\CCleaner.lnk
[2010.03.03 15:28:26 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010.03.03 15:28:25 | 000,000,898 | ---- | M] () -- C:\WINDOWS\win.ini
[2010.03.03 13:12:28 | 000,002,275 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Skype.lnk
[2010.03.03 11:56:16 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2010.02.28 22:12:13 | 000,723,278 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.02.28 22:12:13 | 000,314,508 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.02.28 22:12:13 | 000,312,970 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2010.02.28 22:12:13 | 000,047,206 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2010.02.28 22:12:13 | 000,040,836 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.03.04 16:49:02 | 000,210,432 | ---- | C] () -- C:\Documents and Settings\Starostovi\Plocha\T-Cleaner.exe
[2010.03.03 16:32:32 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2010.03.03 15:40:10 | 000,001,548 | ---- | C] () -- C:\Documents and Settings\Starostovi\Plocha\CCleaner.lnk
[2010.03.03 15:16:50 | 1340,919,808 | -HS- | C] () -- C:\hiberfil.sys
[2009.12.08 12:10:32 | 000,142,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2009.04.17 12:43:45 | 000,061,440 | R--- | C] () -- C:\WINDOWS\System32\dsncp106.dll
[2009.04.17 12:43:44 | 000,243,712 | R--- | C] () -- C:\WINDOWS\System32\drivers\sncp106.sys
[2009.04.17 12:43:44 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\vsncp106.dll
[2009.04.17 12:43:44 | 000,015,494 | R--- | C] () -- C:\WINDOWS\sncp106.ini
[2009.03.20 18:26:04 | 000,000,313 | ---- | C] () -- C:\WINDOWS\WINCMD.INI
[2008.12.19 15:15:58 | 004,338,246 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2008.12.17 17:41:18 | 000,884,237 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2008.12.17 17:22:58 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2008.12.17 17:22:48 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008.12.17 17:17:34 | 000,239,247 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2008.12.17 16:59:54 | 000,560,802 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2008.12.11 11:27:02 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008.07.08 14:26:57 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2008.07.04 11:53:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2008.07.04 10:38:14 | 000,001,436 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\hpzinstall.log
[2008.05.31 09:51:48 | 000,000,560 | ---- | C] () -- C:\WINDOWS\TRNCOM.INI
[2008.05.31 09:51:31 | 000,000,858 | ---- | C] () -- C:\WINDOWS\WEBTRAN4.INI
[2008.05.31 09:51:03 | 000,000,087 | ---- | C] () -- C:\WINDOWS\MAILTRAN.INI
[2008.05.16 13:58:17 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008.05.16 13:58:13 | 000,034,304 | ---- | C] () -- C:\Documents and Settings\Starostovi\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.05.16 09:42:06 | 000,016,024 | ---- | C] () -- C:\WINDOWS\System32\mceiszts.dll
[2008.05.16 08:52:11 | 000,016,024 | ---- | C] () -- C:\WINDOWS\System32\mcemsutf.dll
[2008.05.16 08:24:41 | 000,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Data aplikací\ezsid.dat
[2008.05.15 07:56:30 | 000,000,390 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008.05.14 23:18:00 | 000,008,843 | ---- | C] () -- C:\Program Files\Vyroci.dat
[2005.10.14 10:56:50 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005.10.14 10:56:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005.10.14 10:56:50 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005.10.14 10:56:50 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005.10.14 10:56:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005.10.14 10:56:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005.10.14 10:56:50 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005.10.14 10:56:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2004.10.03 17:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[2003.04.09 14:38:04 | 000,005,664 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2003.02.18 17:26:28 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll

========== LOP Check ==========

[2010.03.04 13:25:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
[2008.05.14 22:46:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\STORMWARE
[2008.05.16 16:24:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Starostovi\Data aplikací\123 Free Solitaire
[2008.06.17 13:35:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Starostovi\Data aplikací\ICQ
[2008.05.16 12:20:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Starostovi\Data aplikací\ICQ Toolbar
[2008.05.23 14:46:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Starostovi\Data aplikací\ICQLite
[2008.05.16 08:33:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Starostovi\Data aplikací\Opera
[2010.03.04 13:10:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Starostovi\Data aplikací\Spyware Terminator
[2009.12.08 14:35:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Starostovi\Data aplikací\XnView
[2008.05.15 07:27:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Starostovi\Data aplikací\Zoner
[2010.03.04 16:46:43 | 000,000,476 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{2EB5E2A8-B499-49CC-BFB5-3D6E4C4DA74A}.job

========== Purity Check ==========

< End of report >

pepca11 · Příspěvekod **pepca11** » 04 bře 2010 17:16

OTL Extras logfile created on: 4.3.2010 16:57:25 - Run 1
OTL by OldTimer - Version 3.1.33.0 Folder = C:\Documents and Settings\Starostovi\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 72,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 89,00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,55 Gb Total Space | 43,49 Gb Free Space | 58,33% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC
Current User Name: Starostovi
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 14 Days
Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Prozkoumat v XnView] -- "C:\Program Files\XnView\xnview.exe" "%1" (XnView, http://www.xnview.com)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\ICQ6\ICQ.exe" = C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, Inc.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe" = C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe:*:Enabled:Crawler Spyware Terminator -- (Crawler.com)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy
"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing
"{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply
"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 pro Windows
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01
"{90110405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{A6B90148-02C5-4fd3-8D7A-EF2386835CB9}" = F4100_Help
"{A6C265BE-E2C1-483e-843D-6B4C1E912AE0}" = F4100
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}" = HP Update
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{ABE6EF98-9D69-471F-A52D-CE5E86B84FFC}" = PC Camera (6005 CIF)
"{AC76BA86-7AD7-1029-7B44-A70500000002}" = Adobe Reader 7.0.5 - Czech
"{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B4509BCE-7BAD-4a8c-B1AE-4D0CE7467C42}" = F4100_doccd
"{B4F35A00-24FD-4fb3-BF5E-413D5423434D}" = DJ_AIO_Software_min
"{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter
"{CA50045C-5119-48e7-9BA7-6B317379857A}" = DJ_AIO_Software
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E548726E-F4E8-459f-BAB8-45551BC071E9}" = DJ_AIO_ProductContext
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F63C7908-08EA-46F5-9EDF-DFF9FD231029}" = Nero 7 Essentials
"{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE
"{FA8A44D7-3E8A-4034-9C4F-088FA6B72BC4}" = HP Deskjet All-In-One Software 9.0
"{FB8148DD-C575-4B0A-9F6C-0CFC46937930}" = Opera 10.10
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast!" = avast! Antivirus
"CCleaner" = CCleaner
"C-Media Audio Driver" = C-Media WDM Audio Driver
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0
"FreeCommander_is1" = FreeCommander 2007.10a
"HijackThis" = HijackThis 2.0.2
"HomePack3000 - balík domácích aplikací_is1" = HomePack3000
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0
"HPExtendedCapabilities" = HP Customer Participation Program 9.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.5.

" = Mozilla Firefox (3.5.

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Picasa 3" = Picasa 3
"SMail" = Seznam Pošťák
"Spyware Terminator_is1" = Spyware Terminator
"Web Translator" = Web Translator
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XnView_is1" = XnView 1.96.5
"XP Codec Pack" = XP Codec Pack

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

zpomalení PC + trojan Vyřešeno

zpomalení PC + trojan

Re: zpomalení PC + trojan

Re: zpomalení PC + trojan

Re: zpomalení PC + trojan

Re: zpomalení PC + trojan

Re: zpomalení PC + trojan

Re: zpomalení PC + trojan

Re: zpomalení PC + trojan

Re: zpomalení PC + trojan

Re: zpomalení PC + trojan

Re: zpomalení PC + trojan

Re: zpomalení PC + trojan

Kdo je online