Poblázněný notebook - čas běží 15 x rychleji

milancz · Příspěvekod **milancz** » 14 bře 2010 23:14

ComboFix 10-03-14.03 - xxx 14.03.2010 23:38:58.4.2 - x86 NETWORK
Spuštěný z: c:\users\xxx\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-02-14 do 2010-03-14 )))))))))))))))))))))))))))))))
.

2010-03-14 22:51 . 2010-03-14 22:51 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-03-14 22:51 . 2010-03-14 22:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-14 22:51 . 2010-03-14 22:51 -------- d-----w- c:\users\Honza\AppData\Local\temp
2010-03-14 20:55 . 2010-03-14 20:55 -------- d---a-w- c:\windows\VDLL.DLL
2010-03-14 20:55 . 2010-03-14 20:55 -------- d---a-w- c:\windows\system32\runouce.exe
2010-03-14 20:55 . 2010-03-14 20:55 -------- d---a-w- c:\windows\rundll16.exe
2010-03-14 20:55 . 2010-03-14 20:55 -------- d---a-w- c:\windows\RUNDL132.EXE
2010-03-14 20:55 . 2010-03-14 20:55 -------- d---a-w- c:\windows\logo1_.exe
2010-03-14 20:55 . 2010-03-14 20:55 -------- d---a-w- c:\windows\logo_1.exe
2010-03-14 20:20 . 2010-03-14 20:23 22 ----a-w- c:\windows\REGBK00.ZIP
2010-03-14 20:20 . 2010-03-14 20:20 626688 ----a-w- c:\windows\system32\msvcr80.dll
2010-03-14 20:20 . 2010-03-14 20:20 548864 ----a-w- c:\windows\system32\msvcp80.dll
2010-03-14 20:20 . 2010-03-14 20:20 28672 ----a-w- c:\windows\system32\eEmpty.exe
2010-03-14 17:11 . 2010-03-14 17:16 -------- d-----w- C:\rsit
2010-03-14 16:28 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-14 16:27 . 2010-03-14 16:27 -------- d-----w- c:\programdata\Malwarebytes
2010-03-14 16:27 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-14 16:27 . 2010-03-14 21:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-13 07:36 . 2010-03-13 07:36 -------- d-----w- c:\program files\Lavalys
2010-03-13 07:22 . 2010-03-13 07:22 -------- d-----w- c:\programdata\MicroWorld
2010-03-11 12:12 . 2010-02-12 10:32 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-03-11 05:59 . 2010-02-20 23:06 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-03-11 05:59 . 2010-02-20 20:53 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-03-11 05:59 . 2010-02-20 23:05 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-02-24 07:01 . 2010-01-23 09:26 2048 ----a-w- c:\windows\system32\tzres.dll
2010-02-24 07:00 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-02-24 07:00 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc.dll
2010-02-24 07:00 . 2010-01-25 08:21 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-02-24 07:00 . 2010-01-25 12:00 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-02-24 07:00 . 2010-01-25 12:00 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-02-24 07:00 . 2010-01-25 11:58 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-02-24 07:00 . 2010-01-25 08:21 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-02-24 07:00 . 2010-01-25 08:21 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-02-24 07:00 . 2010-01-25 08:21 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-02-24 07:00 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-02-24 07:00 . 2010-01-06 15:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-02-24 07:00 . 2010-01-06 13:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-02-13 14:24 . 2010-02-13 14:24 -------- d-----w- c:\users\Honza\AppData\Local\WinZip
2010-02-13 14:23 . 2010-02-13 14:24 -------- d-----w- c:\programdata\WinZip

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-14 21:52 . 2009-09-05 17:42 -------- d-----w- c:\program files\CCleaner
2010-03-14 21:16 . 2008-06-19 12:53 -------- d-----w- c:\program files\ATI
2010-03-14 20:44 . 2008-04-14 13:47 598832 ----a-w- c:\windows\system32\perfh005.dat
2010-03-14 20:44 . 2008-04-14 13:47 114992 ----a-w- c:\windows\system32\perfc005.dat
2010-03-14 17:11 . 2010-01-16 17:39 -------- d-----w- c:\program files\trend micro
2010-03-11 06:20 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-03-09 18:29 . 2009-01-27 16:17 -------- d-----w- c:\users\Honza\AppData\Roaming\ICQ
2010-03-05 15:07 . 2009-01-19 18:36 104608 ----a-w- c:\users\Honza\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-24 08:16 . 2009-10-05 12:10 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-05 16:21 . 2010-02-05 16:21 -------- d-----w- c:\program files\Lexis Numérique
2010-02-05 16:21 . 2008-06-19 12:59 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-05 13:46 . 2010-02-05 13:46 -------- d-----w- c:\programdata\Electronic Arts
2010-02-05 13:45 . 2010-02-05 13:25 -------- d-----w- c:\program files\Electronic Arts
2010-02-05 13:44 . 2010-02-05 13:44 -------- d-----w- c:\program files\Microsoft WSE
2010-01-21 13:17 . 2009-11-01 12:43 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-16 17:49 . 2009-11-01 12:50 -------- d-----w- c:\program files\Windows Live
2010-01-16 17:31 . 2009-01-26 08:30 -------- d-----w- c:\program files\ICQ6.5
2010-01-16 17:18 . 2010-01-16 17:18 -------- d-----w- c:\programdata\Alawar Stargaze
2010-01-16 17:18 . 2010-01-16 17:18 -------- d-----w- c:\program files\Games
2010-01-16 17:15 . 2008-06-19 12:58 -------- d-----w- c:\program files\Common Files\InstallShield
2010-01-16 16:37 . 2010-01-16 16:16 -------- d-----w- c:\program files\Microsoft Works
2010-01-16 16:16 . 2010-01-16 16:16 -------- d-----w- c:\program files\Microsoft.NET
2010-01-02 06:38 . 2010-01-22 07:26 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 07:26 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-01-22 07:26 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57 . 2010-01-22 07:26 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-20 09:53 . 2009-12-20 09:53 234016 ----a-w- c:\windows\system32\drivers\Rtlh86.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-02-04 23975720]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WisKeyState"="c:\program files\Launch Manager\WisKeyState.exe" [2008-03-07 208896]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-17 102400]
"LMgrVolOSD"="c:\program files\Launch Manager\OSD.exe" [2008-03-04 258048]
"LMgrOSD"="c:\program files\Launch Manager\OSDCtrl.exe" [2007-12-25 241664]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-01 6025216]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2008-03-26 188416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"fsc-reg"="c:\programdata\fsc-reg\fscreg.exe" [2007-11-08 519440]

c:\users\Ivźa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-9-16 384512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 21:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
2009-02-28 19:29 2579392 ----a-w- c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
2009-05-07 19:05 75048 ----a-w- c:\program files\CyberLink\Shared files\brs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FSCRecovery]
2008-05-08 09:59 268096 ----a-w- c:\program files\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD9LanguageShortcut]
2009-04-27 15:50 50472 ------w- c:\program files\CyberLink\PowerDVD9\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl9]
2009-04-27 18:41 87336 ------w- c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-01-21 19:17 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"VistaSp2"=hex(b):b5,74,ee,a0,1a,3d,ca,01

R1 aswSP;avast! Self Protection; [x]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/09/24 17:07];c:\program files\CyberLink\PowerDVD9\000.fcl [2009-05-07 19:05 87536]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-11-24 53328]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-04-11 84240]
R3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28.sys [2007-08-23 313344]
R3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [2008-01-15 118784]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - ECACHE

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'

2010-03-14 c:\windows\Tasks\User_Feed_Synchronization-{81744EBA-0C4D-43F7-85D7-BB3889A2BDED}.job
- c:\windows\system32\msfeedssync.exe [2010-01-22 04:56]

2010-03-14 c:\windows\Tasks\User_Feed_Synchronization-{BF82C1CD-1A41-4400-9CA5-1872BEE9BD0C}.job
- c:\windows\system32\msfeedssync.exe [2010-01-22 04:56]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uDefault_Search_URL = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://search.qip.ru/search?query=%s&from=IE
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Ivča\AppData\Roaming\Mozilla\Firefox\Profiles\7ghdc50a.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-RunOnce-<NO NAME> - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-14 23:52
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
.
Celkový čas: 2010-03-14 23:24:43
ComboFix-quarantined-files.txt 2010-03-14 22:24
ComboFix2.txt 2010-03-14 22:06
ComboFix3.txt 2010-01-16 17:35

Před spuštěním: Volných bajtů: 33 891 389 440
Po spuštění: Volných bajtů: 33 860 345 856

- - End Of File - - 63CE07169A024C11BF6E210A833424E7

Reklama

Damned · Příspěvekod **Damned** » 14 bře 2010 23:36

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:

File::
c:\windows\system32\eEmpty.exe

Folder::
c:\windows\VDLL.DLL
c:\windows\system32\runouce.exe
c:\windows\rundll16.exe
c:\windows\RUNDL132.EXE
c:\windows\logo1_.exe
c:\windows\logo_1.exe
C:\rsit
Driver::
aswSP;avast! Self Protection
aswSP

DDS::
uSearchURL,(Default) = hxxp://search.qip.ru/search?query=%s&from=IE

Regedit::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"=-

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.

- Automaticky se spustí ComboFix, oprava může trvat i déle než 10 minut. ! Nech ComboFix dokončit svou práci !
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT a popiš chování počítače

Stejně si myslím, že to bude v bedýnce.

milancz · Příspěvekod **milancz** » 15 bře 2010 00:20

ComboFix 10-03-14.03 - xxx 15.03.2010 0:42.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2269.1454 [GMT 1:00]
Spuštěný z: c:\users\xxx\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Ivča\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\windows\system32\eEmpty.exe"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\rsit
c:\rsit\info.txt
c:\rsit\log.txt
c:\windows\logo_1.exe
c:\windows\logo1_.exe
c:\windows\RUNDL132.EXE
c:\windows\rundll16.exe
c:\windows\system32\eEmpty.exe
c:\windows\system32\runouce.exe
c:\windows\VDLL.DLL

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ASWSP
-------\Service_aswSP

((((((((((((((((((((((((( Soubory vytvořené od 2010-02-14 do 2010-03-14 )))))))))))))))))))))))))))))))
.

2010-03-14 16:27 . 2010-03-14 16:27 -------- d-----w- c:\programdata\Malwarebytes
2010-03-13 07:22 . 2010-03-13 07:22 -------- d-----w- c:\programdata\MicroWorld
2010-02-13 14:23 . 2010-02-13 14:24 -------- d-----w- c:\programdata\WinZip

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-02-04 23975720]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WisKeyState"="c:\program files\Launch Manager\WisKeyState.exe" [2008-03-07 208896]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-17 102400]
"LMgrVolOSD"="c:\program files\Launch Manager\OSD.exe" [2008-03-04 258048]
"LMgrOSD"="c:\program files\Launch Manager\OSDCtrl.exe" [2007-12-25 241664]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-01 6025216]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2008-03-26 188416]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"fsc-reg"="c:\programdata\fsc-reg\fscreg.exe" [2007-11-08 519440]

c:\users\Ivźa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-9-16 384512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-11 21:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
2009-02-28 19:29 2579392 ----a-w- c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
2009-05-07 19:05 75048 ----a-w- c:\program files\CyberLink\Shared files\brs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FSCRecovery]
2008-05-08 09:59 268096 ----a-w- c:\program files\Fujitsu Siemens Computers\Fujitsu Siemens Computers Recovery\FSCRecoveryReminder.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD9LanguageShortcut]
2009-04-27 15:50 50472 ------w- c:\program files\CyberLink\PowerDVD9\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl9]
2009-04-27 18:41 87336 ------w- c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-01-21 19:17 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"VistaSp2"=hex(b):b5,74,ee,a0,1a,3d,ca,01

R2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]
R3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28.sys [2007-08-23 313344]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/09/24 17:07];c:\program files\CyberLink\PowerDVD9\000.fcl [2009-05-07 19:05 87536]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-11-24 53328]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-04-11 84240]
S3 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [2008-01-15 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'

2010-03-14 c:\windows\Tasks\User_Feed_Synchronization-{81744EBA-0C4D-43F7-85D7-BB3889A2BDED}.job
- c:\windows\system32\msfeedssync.exe [2010-01-22 04:56]

2010-03-14 c:\windows\Tasks\User_Feed_Synchronization-{BF82C1CD-1A41-4400-9CA5-1872BEE9BD0C}.job
- c:\windows\system32\msfeedssync.exe [2010-01-22 04:56]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uDefault_Search_URL = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://search.qip.ru/search?query=%s&from=IE
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Ivča\AppData\Roaming\Mozilla\Firefox\Profiles\7ghdc50a.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-15 00:58
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\Windows Media Player\wmpnscfg.exe
.
**************************************************************************
.

Malwarebytes' Anti-Malware 1.44
Verze databáze: 3868
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

15.3.2010 1:05:03
mbam-log-2010-03-15 (01-05-03).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 125991
Uplynulý čas: 1 hour(s), 39 minute(s), 21 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
(Nebyly nalezeny žádné škodlivé položky)

PC se chová čím dál hůř, nastartuju ho přes Boot (někdy), musím mu vybrat jediný HDD (předtím zahlásí Disk Error), než naběhne tak problikává monitor dokud není vše načteno, nechce mi spouštět programy (spustí třeba až na potřetí) a s časem je to pořád stejné. Teplota CPU cca 65 st. C. HotkeyApp hlásí že nemohl být načten. Díky.

Damned · Příspěvekod **Damned** » 15 bře 2010 00:30

Odinstaluj ComboFix ( nutné ) .
ComboFix se odinstaluje takto:
Start-Spustit a zadej Combofix[mezera]/uninstall

Stáhni si T-Cleaner ( nutné - smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš->spustíš)

(pozn.Pokud máš AVG nebo Aviru, před stažením T-Cleaneru a po dobu čištění deaktivuj AVG i Aviru (i rezidenty), následně T-Cleaner smaž a zapni si AVG, Aviru.)
*****************************************************************************************************************************************
Stáhni si OTL na Plochu.
Ujisti se , že máš zavřena všechna ostatní okna a poklepej na ikonu OTL.Nahoře v okně pod Output klikni na minimal Output.Pod Standard Registry změň na All. Zatrhni LOP Check a Purity Check. File age změň na 14 days. Všechny ostatní nastavení ponech jak jsou. Klikni na Run Scan. Sken může trvat dlouho, až skončí otevřou se dva logy:
OTL.Txt
Extras.Txt
Jsou uloženy ve stejném místě jako OTL. Oba logy sem prosím zkopíruj

guest · Příspěvekod **guest** » 15 bře 2010 09:32

Imho si myslím, že je tam spíš poblázněný nějaký oscilátor který ten čas "dělá". Prošvihlý kondik apod.

milancz · Příspěvekod **milancz** » 15 bře 2010 15:57

Tak to si nemyslím, psal jsem, že v Biosu běží čas normálně. Navíc, teď jsem spustil ntb i čas běží normálně. Zde výpisy z OTL:

OTL logfile created on: 15.3.2010 0:58:43 - Run 1
OTL by OldTimer - Version 3.1.37.1 Folder = C:\Users\Ivča\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 61,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 94,16 Gb Total Space | 29,56 Gb Free Space | 31,40% Space Free | Partition Type: NTFS
Drive D: | 195,14 Gb Total Space | 194,09 Gb Free Space | 99,46% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HONZA-PC
Current User Name: Ivča
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 14 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Ivča\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
PRC - C:\Program Files\Launch Manager\WisKeyState.exe (Wistron Corp.)
PRC - C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)
PRC - C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers)
PRC - C:\Program Files\Launch Manager\WisLMSvc.exe (Wistron Corp.)
PRC - C:\Program Files\Launch Manager\OSDCtrl.exe ()
PRC - C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)

========== Modules (SafeList) ==========

MOD - C:\Users\Ivča\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (TestHandler) -- C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WisLMSvc) -- C:\Program Files\Launch Manager\WisLMSvc.exe (Wistron Corp.)

========== Driver Services (SafeList) ==========

DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek )
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (ALWIL Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation)
DRV - ({B154377D-700F-42cc-9474-23858FBDF4BD}) -- C:\Program Files\CyberLink\PowerDVD9\000.fcl (CyberLink Corp.)
DRV - (AnyDVD) -- C:\Windows\System32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (ahcix86s) -- C:\Windows\system32\drivers\ahcix86s.sys (AMD Technologies Inc.)
DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corp.)
DRV - (JRAID) -- C:\Windows\system32\drivers\jraid.sys (JMicron Technology Corp.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)
DRV - (netr28) -- C:\Windows\System32\drivers\netr28.sys (Ralink Technology, Corp.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
DRV - (Hotkey) -- C:\Windows\System32\drivers\HOTKEY.sys ()

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009.09.03 07:01:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.03.12 06:30:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.03.12 06:30:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.19\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009.02.23 21:15:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.19\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2009.09.05 18:49:12 | 000,000,000 | ---D | M] -- C:\Users\Ivča\AppData\Roaming\Mozilla\Extensions
[2009.09.05 18:49:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ivča\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010.03.14 22:18:18 | 000,000,000 | ---D | M] -- C:\Users\Ivča\AppData\Roaming\Mozilla\Firefox\Profiles\7ghdc50a.default\extensions
[2009.09.05 18:53:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Ivča\AppData\Roaming\Mozilla\Firefox\Profiles\7ghdc50a.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.12.20 15:34:28 | 000,000,000 | ---D | M] -- C:\Users\Ivča\AppData\Roaming\Mozilla\Firefox\Profiles\7ghdc50a.default\extensions\LogMeInClient@logmein.com
[2009.02.23 21:00:03 | 000,000,000 | ---D | M] -- C:\Users\Ivča\AppData\Roaming\Mozilla\Sunbird\Profiles\b4qw7ag3.default\extensions
[2009.09.05 18:48:59 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.03.12 06:30:39 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010.03.12 06:30:25 | 000,023,000 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010.03.12 06:30:25 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2010.03.12 06:30:32 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2007.03.22 19:23:30 | 000,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
[2010.03.12 06:30:35 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010.03.12 06:30:35 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.03.12 06:30:35 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.03.12 06:30:35 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.03.12 06:30:35 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.03.12 06:30:35 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2010.03.15 00:45:42 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Podpora odkazu pro Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Pomocník pro přihlášení ke službě Windows Live) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSDCtrl.exe ()
O4 - HKLM..\Run: [LMgrVolOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WisKeyState] C:\Program Files\Launch Manager\WisKeyState.exe (Wistron Corp.)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - Startup: C:\Users\Ivča\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Společnost Microsoft)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Ivča\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta galerie Windows Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Ivča\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta galerie Windows Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010.03.15 01:27:01 | 000,555,008 | ---- | C] (OldTimer Tools) -- C:\Users\Ivča\Desktop\OTL.exe
[2010.03.15 00:51:35 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010.03.14 23:25:00 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010.03.14 23:24:58 | 000,000,000 | ---D | C] -- C:\Users\Ivča\AppData\Local\temp
[2010.03.14 23:07:50 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010.03.14 23:07:26 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010.03.14 22:33:07 | 000,000,000 | ---D | C] -- C:\Users\Ivča\AppData\Local\eSupport.com
[2010.03.14 22:30:53 | 000,576,824 | ---- | C] (Copyright © 2009 Phoenix Technologies LTD. All Rights Reserved.) -- C:\Users\Ivča\Desktop\biosagentplus_40.exe
[2010.03.14 21:31:33 | 000,000,000 | ---D | C] -- C:\Users\Ivča\Desktop\mwav-10.0.6
[2010.03.14 21:20:21 | 000,626,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcr80.dll
[2010.03.14 21:20:14 | 000,548,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvcp80.dll
[2010.03.14 17:29:23 | 000,000,000 | ---D | C] -- C:\Users\Ivča\AppData\Roaming\Malwarebytes
[2010.03.14 17:27:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.03.13 08:36:31 | 000,000,000 | ---D | C] -- C:\Program Files\Lavalys
[2010.03.11 13:12:45 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2010.03.11 06:59:34 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2010.03.11 06:59:30 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll

========== Files - Modified Within 14 Days ==========

[2010.03.15 01:48:00 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{BF82C1CD-1A41-4400-9CA5-1872BEE9BD0C}.job
[2010.03.15 01:41:21 | 001,572,864 | -HS- | M] () -- C:\Users\Ivča\ntuser.dat
[2010.03.15 01:29:03 | 000,210,432 | ---- | M] () -- C:\Users\Ivča\Desktop\T-Cleaner.exe
[2010.03.15 01:27:16 | 000,555,008 | ---- | M] (OldTimer Tools) -- C:\Users\Ivča\Desktop\OTL.exe
[2010.03.15 01:11:31 | 000,524,288 | -HS- | M] () -- C:\Users\Ivča\ntuser.dat{1fb8c76e-f9a2-11dd-8180-001f1605c97c}.TMContainer00000000000000000001.regtrans-ms
[2010.03.15 01:11:31 | 000,065,536 | -HS- | M] () -- C:\Users\Ivča\ntuser.dat{1fb8c76e-f9a2-11dd-8180-001f1605c97c}.TM.blf
[2010.03.15 01:10:50 | 001,633,358 | -H-- | M] () -- C:\Users\Ivča\AppData\Local\IconCache.db
[2010.03.15 01:02:09 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.03.15 01:02:08 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.03.15 00:49:44 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.03.15 00:48:25 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010.03.15 00:45:42 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010.03.15 00:32:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.03.15 00:28:41 | 2380,316,672 | -HS- | M] () -- C:\hiberfil.sys
[2010.03.14 23:04:41 | 267,888,886 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.03.14 22:31:21 | 000,576,824 | ---- | M] (Copyright © 2009 Phoenix Technologies LTD. All Rights Reserved.) -- C:\Users\Ivča\Desktop\biosagentplus_40.exe
[2010.03.14 22:27:03 | 000,001,939 | ---- | M] () -- C:\Users\Public\Desktop\Play The Lord of the Rings Online™ - FREE for 10 Days!.lnk
[2010.03.14 21:44:10 | 000,585,738 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.03.14 21:44:09 | 000,598,832 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2010.03.14 21:44:09 | 000,099,810 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.03.14 21:44:03 | 000,114,992 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2010.03.14 21:44:02 | 001,393,902 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.03.14 21:38:25 | 000,000,434 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{81744EBA-0C4D-43F7-85D7-BB3889A2BDED}.job
[2010.03.14 21:36:15 | 000,176,688 | ---- | M] () -- C:\Users\Ivča\Desktop\sit.jpg
[2010.03.14 21:23:52 | 000,000,022 | ---- | M] () -- C:\Windows\REGBK00.ZIP
[2010.03.14 21:20:19 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcr80.dll
[2010.03.14 21:20:13 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvcp80.dll
[2010.03.11 14:06:06 | 000,001,595 | ---- | M] () -- C:\Users\Public\Desktop\Výběr prohlížeče.lnk
[2010.03.11 07:04:01 | 000,000,319 | ---- | M] () -- C:\Windows\win.ini
[2010.03.09 19:49:28 | 001,210,337 | ---- | M] () -- C:\Users\Ivča\Documents\P3260778.JPG
[2010.03.02 13:48:58 | 000,104,608 | ---- | M] () -- C:\Users\Ivča\AppData\Local\GDIPFONTCACHEV1.DAT

========== Files Created - No Company Name ==========

[2010.03.15 01:28:49 | 000,210,432 | ---- | C] () -- C:\Users\Ivča\Desktop\T-Cleaner.exe
[2010.03.14 23:52:54 | 2380,316,672 | -HS- | C] () -- C:\hiberfil.sys
[2010.03.14 23:04:41 | 267,888,886 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010.03.14 22:27:03 | 000,001,939 | ---- | C] () -- C:\Users\Public\Desktop\Play The Lord of the Rings Online™ - FREE for 10 Days!.lnk
[2010.03.14 21:36:11 | 000,176,688 | ---- | C] () -- C:\Users\Ivča\Desktop\sit.jpg
[2010.03.14 21:20:27 | 000,000,022 | ---- | C] () -- C:\Windows\REGBK00.ZIP
[2010.03.14 21:20:12 | 000,000,522 | ---- | C] () -- C:\Windows\System32\Microsoft.VC80.CRT.manifest
[2010.03.11 14:06:06 | 000,001,595 | ---- | C] () -- C:\Users\Public\Desktop\Výběr prohlížeče.lnk
[2010.03.09 19:49:26 | 001,210,337 | ---- | C] () -- C:\Users\Ivča\Documents\P3260778.JPG
[2009.12.23 18:00:22 | 000,000,384 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.12.03 09:27:28 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009.09.24 17:13:38 | 000,000,000 | ---- | C] () -- C:\Windows\Irremote.ini
[2009.09.13 18:35:28 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.03.20 08:54:15 | 000,000,083 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009.02.23 21:10:05 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.02.05 16:25:42 | 000,015,360 | ---- | C] () -- C:\Users\Ivča\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.01.26 08:56:44 | 000,001,356 | ---- | C] () -- C:\Users\Ivča\AppData\Local\d3d9caps.dat
[2008.06.19 14:00:53 | 000,009,867 | ---- | C] () -- C:\Windows\System32\drivers\HOTKEY.sys
[2008.06.19 13:59:46 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.06.19 13:52:17 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008.02.29 14:13:14 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005.10.14 11:56:50 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2005.10.14 11:56:50 | 000,921,600 | ---- | C] () -- C:\Windows\System32\VorbisEnc.dll
[2005.10.14 11:56:50 | 000,761,856 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2005.10.14 11:56:50 | 000,344,064 | ---- | C] () -- C:\Windows\System32\xvid.dll
[2005.10.14 11:56:50 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll
[2005.10.14 11:56:50 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2005.10.14 11:56:50 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ogg.dll
[2003.04.09 15:38:04 | 000,005,664 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== LOP Check ==========

[2010.03.14 17:33:16 | 000,000,000 | ---D | M] -- C:\Users\Ivča\AppData\Roaming\GHISLER
[2010.03.12 22:01:24 | 000,000,000 | ---D | M] -- C:\Users\Ivča\AppData\Roaming\ICQ
[2009.12.20 15:31:07 | 000,000,000 | ---D | M] -- C:\Users\Ivča\AppData\Roaming\OpenOffice.org
[2009.01.23 22:05:48 | 000,000,000 | ---D | M] -- C:\Users\Ivča\AppData\Roaming\QIP
[2009.02.23 21:15:02 | 000,000,000 | ---D | M] -- C:\Users\Ivča\AppData\Roaming\Thunderbird
[2010.03.15 01:14:03 | 000,032,552 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.03.14 21:38:25 | 000,000,434 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{81744EBA-0C4D-43F7-85D7-BB3889A2BDED}.job
[2010.03.15 01:48:00 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{BF82C1CD-1A41-4400-9CA5-1872BEE9BD0C}.job

========== Purity Check ==========

< End of report >

milancz · Příspěvekod **milancz** » 15 bře 2010 15:57

OTL Extras logfile created on: 15.3.2010 0:58:44 - Run 1
OTL by OldTimer - Version 3.1.37.1 Folder = C:\Users\Ivča\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 61,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 94,16 Gb Total Space | 29,56 Gb Free Space | 31,40% Space Free | Partition Type: NTFS
Drive D: | 195,14 Gb Total Space | 194,09 Gb Free Space | 99,46% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HONZA-PC
Current User Name: Ivča
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 14 Days
Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01354F51-9A67-4007-AFC5-D5280AE2C5F2}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{060F1B6F-87AF-4645-890B-100976855D7E}" = rport=137 | protocol=17 | dir=out | app=system |
"{1AE7B402-223D-4FC9-B013-6598BF8A21B7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1BF61500-B236-4131-B2E3-D05AE6E0B25C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{234446D4-DE64-476A-8FFC-37C39C28F3B7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{2C77366D-C612-414C-8DFF-D170E8F0AC75}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4D63565E-8868-4012-8F18-329656F731DF}" = rport=445 | protocol=6 | dir=out | app=system |
"{53344C59-21F9-4992-845E-99AB830B453C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{7F6C0999-FB99-4033-A258-ED1780AB0364}" = rport=138 | protocol=17 | dir=out | app=system |
"{8B5B27FC-A3CF-4892-97F2-556958E17B7C}" = lport=139 | protocol=6 | dir=in | app=system |
"{8E3AABD7-849A-4016-B0EF-E03A2B87671C}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A2B3DDC7-9ECD-478A-87C0-6CE21C68B55F}" = lport=445 | protocol=6 | dir=in | app=system |
"{A62A3C7B-BDBB-4FC1-99F4-6A642FE5397C}" = rport=139 | protocol=6 | dir=out | app=system |
"{A82A53EA-16E2-43B9-922E-7A527EF2D83D}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{CE8C7475-F037-45CA-B19D-53950AC0815C}" = lport=137 | protocol=17 | dir=in | app=system |
"{D5AC0F08-299A-43EB-B446-48072E00F3A1}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{D7B79BC9-1B31-4D88-9CA4-34E51D40507C}" = lport=138 | protocol=17 | dir=in | app=system |
"{E1290D7A-ED6C-401E-B7C5-557151215BCB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{15E2C8A9-2CD2-4084-AEE1-7BF7B86830F4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{4A03AD9F-7C42-45AF-B6D9-01091BC3478C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{5BAA6BF8-337F-415D-95C2-321E0C1D24DE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7ACAD98D-3A63-45DE-91B6-73F6E06A8419}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{873C1F26-7698-4CFC-B5E8-F114AD9A18A1}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
"{CA0BC88F-67CB-4527-A2CD-A4A35514FF32}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd9.exe |
"{E0D2801E-7F6E-4983-B44D-8B07E83DB677}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E5328B39-955E-487E-987E-7E733C6A0C12}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{0126CF38-9D1C-4DFD-A88A-3F77DFE74DE9}C:\program files\hasbro interactive\rollercoaster tycoon\rct.exe" = protocol=6 | dir=in | app=c:\program files\hasbro interactive\rollercoaster tycoon\rct.exe |
"TCP Query User{1324B70D-2D18-4F2D-9EB4-8F532B72574A}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{1B32084A-E226-4DD3-AC80-6C71E51DC8E1}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{57DE85AB-E04D-438B-867E-108A3417ECD8}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{97C49AC2-9869-4933-80DB-B52CCA105FAF}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{2A4C9670-D7D0-492D-82EB-F2300DAB7453}C:\program files\hasbro interactive\rollercoaster tycoon\rct.exe" = protocol=17 | dir=in | app=c:\program files\hasbro interactive\rollercoaster tycoon\rct.exe |
"UDP Query User{C7198619-5B14-45B6-BE92-F70EC64E5D2E}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{CE9327EC-2937-49B8-8CFD-C3490A3D40B9}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{D0CF14A3-7716-43D2-AD15-4F13DBDD4E2E}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{D18FAB59-3E90-4B42-A139-D748FD71594B}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01D077B2-EBC2-D3CE-C93F-3D6285688554}" = Catalyst Control Center Graphics Full New
"{03DB61A0-1D22-4EDD-BCE8-01471A9A9300}" = Fashion Škola Módy
"{089C498F-F37F-A4B9-4F1E-CB70643DE15A}" = Catalyst Control Center Localization Japanese
"{0FAEE6AC-5614-8C19-C649-8AFBDA06940E}" = ccc-core-static
"{1284C032-AF85-47E2-33BD-8FF589924833}" = CCC Help Italian
"{16F42C96-1F4B-160D-C610-0F34524341CF}" = Catalyst Control Center Localization Turkish
"{18642F84-F583-4491-41B7-E2385A63859B}" = Catalyst Control Center Localization Hungarian
"{1A40AE7E-E0B8-1DCC-BDBF-FBAD0605778C}" = Catalyst Control Center Localization Swedish
"{1D097338-B4FA-4F29-9C43-8D7A970A007E}" = Windows Live Fotogalerie
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Nástroj pro odesílání služby Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{2D3D458D-0B38-2E33-08A9-ACD9F32B478B}" = CCC Help German
"{34021ED2-6D5E-8687-2FE2-FE952AF148F0}" = Catalyst Control Center Localization French
"{34C710D2-7247-7E43-828F-966688D2DE59}" = Catalyst Control Center Localization Spanish
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{395336D5-4396-D918-EA0C-51FE645A27F9}" = CCC Help French
"{3E62B27C-342F-4B44-9331-CA4BC59A586F}" = Asistent pro přihlášení ke službě Windows Live
"{3FA83286-C1C0-681A-A99B-A195B051E2D4}" = Skins
"{41D46777-91F4-2964-C92F-156718BFD6C2}" = Catalyst Control Center Graphics Full Existing
"{44180AF6-7A2A-B2C6-CBC9-AF2547AFD8E6}" = ATI Catalyst Install Manager
"{46D0FC74-4FB0-238E-BDAD-8FEDD20BE0A9}" = CCC Help Turkish
"{479A749B-1684-4881-8266-BF8DD22251E7}" = Windows Live Writer
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4D7FD58B-FEC0-A82E-4825-284C4016F775}" = Catalyst Control Center Localization Russian
"{51470BC4-6582-059E-D29D-248461273EF6}" = Catalyst Control Center Graphics Previews Vista
"{51A3E74E-2D76-EC58-51F7-B5AA29C27BA9}" = CCC Help Chinese Traditional
"{5303BDEA-9AFE-7205-17D9-412F2A08ACDC}" = Catalyst Control Center Localization Polish
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57A98027-DE21-3702-AE9E-9D9E3C369872}" = ccc-utility
"{58BF90E1-8051-3485-EFBE-2172DF7C66C9}" = CCC Help Chinese Standard
"{58E3755B-1E0D-307B-5FD6-2D424AF2E9F8}" = CCC Help Czech
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{62701057-5B94-D746-735D-1126F2E99978}" = CCC Help Japanese
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = The Sims 2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{756E4DC1-9324-66B1-B062-BC07ABDF6BBD}" = CCC Help Norwegian
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7AB93213-828A-3C16-5EFB-4D9698AF2734}" = Catalyst Control Center Localization Chinese Traditional
"{824BADF8-9A1B-4D07-8817-8DDDC8543F23}" = OpenOffice.org 3.1
"{83722EAE-DBE4-AFB8-8AC2-F790BC17ACE1}" = Catalyst Control Center Localization Portuguese
"{849C6A43-7355-FBDE-4723-C1CC3DF77248}" = Catalyst Control Center Localization Chinese Standard
"{893B7839-EEEE-DB64-DFB0-259D61CBE3E5}" = Catalyst Control Center Localization German
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8CE00DD7-BA88-D261-DC58-6D2A412FB5FB}" = CCC Help Korean
"{90110405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{95120000-00AF-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (Czech)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D24F28F-791D-926B-5EBF-741B4E0B1FDB}" = CCC Help English
"{A44B40EB-59AA-2801-7CB1-998E74D0D895}" = CCC Help Russian
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{AC76BA86-7AD7-1029-7B44-A81200000003}" = Adobe Reader 8 - Czech
"{B0490CEE-D5ED-431A-88EB-772D9DB70C0C}" = Windows Live Movie Maker
"{B4695441-BC7D-DF5C-6018-FD022F86171E}" = Catalyst Control Center Core Implementation
"{BC22842C-7CF3-1EBC-F10D-7A74C4AA52E1}" = Catalyst Control Center Localization Dutch
"{BD1B3451-AF14-1697-FF21-60112C206D00}" = CCC Help Danish
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C3A2FF4E-864F-F8E5-7880-D1EDFE1A7896}" = CCC Help Greek
"{C58F654F-EADD-1F68-659E-88181D641CE7}" = CCC Help Thai
"{C65DE133-36F8-AFE1-1B74-71877D890C5C}" = Catalyst Control Center Localization Korean
"{C87BC0B7-2BB8-49D1-8CE0-EB0410EF0938}" = SystemDiagnostics
"{CA45B622-88F9-4836-A529-DBF14698498D}" = Catalyst Control Center - Branding
"{CAAAB5BD-AB1B-792D-6962-A721ED4074C8}" = CCC Help Spanish
"{CB9FB73E-A07D-F109-6A0D-2A5F095F3635}" = Catalyst Control Center Localization Thai
"{CD844C3C-20EE-274B-E926-D424A02916E7}" = Catalyst Control Center Localization Norwegian
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BA}" = WinZip 14.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.5.3
"{D09ACD31-5B82-CB45-B2F3-85315AC90D42}" = CCC Help Finnish
"{D3A07BAE-624A-19E3-E136-9A1FF49F920C}" = CCC Help Swedish
"{D519B743-3D37-52F0-5BEB-662BC0DB4DCC}" = CCC Help Polish
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{DAA575D9-3E2E-CD34-623A-1B6775A92440}" = CCC Help Dutch
"{DD73CA82-EA82-38AA-863D-9A24A018DC96}" = Microsoft .NET Framework 3.5 Language Pack SP1 - csy
"{E0F456B2-A569-161C-2E0D-2C43D8232F3A}" = CCC Help Portuguese
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E3F328E4-EB9F-4ABF-8FF3-5AD0472743D8}" = Windows Live Essentials
"{E5275822-15B2-65DE-FB19-3DD506FAF4A1}" = Catalyst Control Center Graphics Light
"{E5A10EF8-DBF3-4251-A9CA-423311DBBFC8}" = Windows Live Mail
"{EA77CFCF-693C-FF52-8B51-90745F1F398B}" = Catalyst Control Center Localization Danish
"{EC3FB2E1-E36F-3801-CEBD-90B47703B14B}" = Catalyst Control Center Localization Czech
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EE5BC0BB-9EDA-423C-8276-48857B735D68}" = Prince of Persia Warrior Within
"{F0697602-055D-0EFA-0AF1-EB127A7E2946}" = Catalyst Control Center Localization Finnish
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4A86368-01BD-6AF1-1552-DAFB99F74F90}" = CCC Help Hungarian
"{F574CBB5-A312-C472-1C29-D5C9E3E8B61B}" = Catalyst Control Center Localization Greek
"{F58B763E-9FB9-4629-AF3C-CC9744BC4BA7}" = Fujitsu Siemens Computers Recovery
"{F86AD773-5BC0-499B-9F48-4E0D5FED759D}" = Windows Live Zabezpečení rodiny
"{FC8F9F2F-4B7A-A318-86A1-1695DCCCC586}" = Catalyst Control Center Localization Italian
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AnyDVD" = AnyDVD
"avast!" = avast! Antivirus
"CCleaner" = CCleaner
"CloneDVD2" = CloneDVD2
"EADM" = EA Download Manager
"Farm Frenzy - Pizza Party!" = Farm Frenzy - Pizza Party!
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"Microsoft .NET Framework 3.5 Language Pack SP1 - csy" = Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"Mozilla Thunderbird (2.0.0.19)" = Mozilla Thunderbird (2.0.0.19)
"QIP Infium_is1" = QIP Infium 2.0.9022 RC4
"RollerCoaster Tycoon Setup" = Roll
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The Treasures Of Montezuma" = The Treasures Of Montezuma
"The Treasures of Montezuma 2 1.00" = The Treasures of Montezuma 2 1.00
"Totalcmd" = Total Commander (Remove or Repair)
"VLC media player" = VideoLAN VLC media player 0.8.6i
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 2.1.2010 17:48:47 | Computer Name = Honza-PC | Source = avast! | ID = 33554522
Description = AAVM - chyba při testování: x_AavmCheckFileDirectEx: avfilesScanReal
of C:\Windows\System32\conime.exe failed, 00000005.

[ Application Events ]
Error - 10.3.2010 13:59:28 | Computer Name = Honza-PC | Source = EventSystem | ID = 4621
Description =

Error - 10.3.2010 13:59:53 | Computer Name = Honza-PC | Source = EventSystem | ID = 4621
Description =

Error - 10.3.2010 16:45:28 | Computer Name = Honza-PC | Source = WinMgmt | ID = 10
Description =

Error - 11.3.2010 1:55:44 | Computer Name = Honza-PC | Source = WinMgmt | ID = 10
Description =

Error - 11.3.2010 2:22:46 | Computer Name = Honza-PC | Source = WinMgmt | ID = 10
Description =

Error - 11.3.2010 8:12:13 | Computer Name = Honza-PC | Source = EventSystem | ID = 4621
Description =

Error - 11.3.2010 9:06:10 | Computer Name = Honza-PC | Source = WinMgmt | ID = 10
Description =

Error - 12.3.2010 1:12:21 | Computer Name = Honza-PC | Source = WinMgmt | ID = 10
Description =

Error - 12.3.2010 17:01:25 | Computer Name = Honza-PC | Source = EventSystem | ID = 4621
Description =

Error - 13.3.2010 1:44:44 | Computer Name = Honza-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 14.3.2010 19:33:36 | Computer Name = Honza-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 14.3.2010 19:33:36 | Computer Name = Honza-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 14.3.2010 19:33:36 | Computer Name = Honza-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 14.3.2010 19:33:36 | Computer Name = Honza-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 14.3.2010 19:33:36 | Computer Name = Honza-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 14.3.2010 19:33:36 | Computer Name = Honza-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 14.3.2010 19:33:36 | Computer Name = Honza-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 14.3.2010 19:36:09 | Computer Name = Honza-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 14.3.2010 19:41:39 | Computer Name = Honza-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 14.3.2010 19:41:39 | Computer Name = Honza-PC | Source = Service Control Manager | ID = 7000
Description =

< End of report >

guest · Příspěvekod **guest** » 15 bře 2010 16:05

Tak to si nemyslím, psal jsem, že v Biosu běží čas normálně. Navíc, teď jsem spustil ntb i čas běží normálně.

Sám jsem zvědavý čím to je, nicméně Bios a CPU mají různé časové základny. V Biosu může být čas O.K., ale pokud ho správně "nepředá" dál, může být v PC úplně jiný. Stejně tak i to, že někdy je rozhozený a někdy běží normálně.

hroch123 · Příspěvekod **hroch123** » 15 bře 2010 19:51

třeba to Avast vyléčí

Damned · Příspěvekod **Damned** » 15 bře 2010 21:56

Pokud si to ještě neodnesl zpět, tak:

Poklepej na ikonu OTL na ploše.Ujisti se , že máš všechny ostatní aplikace a prohlížeče zavřeny.
Pod Custom Scans/Fixes do okénka vlož následující text, zobrazený zeleně:

Kód: Vybrat vše

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found

:Files
C:\WINDOWS\*.tmp
C:\WINDOWS\System32\*.tmp
C:\WINDOWS\system32\*.tmp.dll
C:\WINDOWS\system32\SET*.tmp
C:\Recycler
C:\$RECYCLE.BIN
C:\Documents and Settings\NetworkService\Data aplikací\rbuwzv.dat
C:\Windows\tasks\SA.DAT
C:\ProgramData\ezsidmv.dat
C:\Users\Ivča\AppData\Local\d3d9caps.dat

:Reg

:Commands
[purity]
[emptytemp]
[emptyflash]
[start explorer]
[Reboot]

Poté klikni nahoře na Run Fix. Nech program nerušeně běžet, na konci se provede restart PC.
Po restartu se objeví log , prosím zkopíruj sem celý jeho obsah.

milancz · Příspěvekod **milancz** » 15 bře 2010 22:31

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
========== FILES ==========
File\Folder C:\WINDOWS\*.tmp not found.
File\Folder C:\WINDOWS\System32\*.tmp not found.
File\Folder C:\WINDOWS\system32\*.tmp.dll not found.
File\Folder C:\WINDOWS\system32\SET*.tmp not found.
File\Folder C:\Recycler not found.
C:\$RECYCLE.BIN\S-1-5-21-3494975800-2385530976-2436313536-1001 folder moved successfully.
C:\$RECYCLE.BIN\S-1-5-21-3494975800-2385530976-2436313536-1000 folder moved successfully.
C:\$RECYCLE.BIN folder moved successfully.
File\Folder C:\Documents and Settings\NetworkService\Data aplikací\rbuwzv.dat not found.
C:\Windows\tasks\SA.DAT moved successfully.
C:\ProgramData\ezsidmv.dat moved successfully.
C:\Users\Ivča\AppData\Local\d3d9caps.dat moved successfully.
========== REGISTRY ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Honza
->Temp folder emptied: 22502570 bytes
->Temporary Internet Files folder emptied: 107900956 bytes
->FireFox cache emptied: 87887358 bytes
->Flash cache emptied: 50517 bytes

User: Honzík
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 60200750 bytes
->FireFox cache emptied: 101061763 bytes
->Flash cache emptied: 34862 bytes

User: Ivča
->Temp folder emptied: 31832 bytes
->Temporary Internet Files folder emptied: 127918 bytes
->FireFox cache emptied: 58465244 bytes
->Flash cache emptied: 1564 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 75460 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 418,00 mb

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Honza
->Flash cache emptied: 0 bytes

User: Honzík
->Flash cache emptied: 0 bytes

User: Ivča
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb

OTL by OldTimer - Version 3.1.37.1 log created on 03152010_222646

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

milancz · Příspěvekod **milancz** » 18 bře 2010 04:57

Ntb se chová standartně, mockrát děkuji za pomoc.

Poblázněný notebook - čas běží 15 x rychleji Vyřešeno

Re: Poblázněný notebook - čas běží 15 x rychleji

Re: Poblázněný notebook - čas běží 15 x rychleji

Re: Poblázněný notebook - čas běží 15 x rychleji

Re: Poblázněný notebook - čas běží 15 x rychleji

Re: Poblázněný notebook - čas běží 15 x rychleji

Re: Poblázněný notebook - čas běží 15 x rychleji

Re: Poblázněný notebook - čas běží 15 x rychleji

Re: Poblázněný notebook - čas běží 15 x rychleji

Re: Poblázněný notebook - čas běží 15 x rychleji

Re: Poblázněný notebook - čas běží 15 x rychleji

Re: Poblázněný notebook - čas běží 15 x rychleji

Re: Poblázněný notebook - čas běží 15 x rychleji

Kdo je online