Prosím o kontrolu logu; viac-menej prevencia Vyřešeno

[JANíčOK]

Prosím o kontrolu logu z HiJackThis. Ide viac-menej o prevenciu - ESET Smart Security 9-krát za posledná 3 mesiace vyhlásil infiltráciu pri pokuse o prístup na nejaké web-stránky ukončené to bolo s hláškou "prerušené spojenie - uložený do karantény". Chcem si byť istý či je všetko OK.
Ďakujem.

---

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 15:01:59, on 18.3.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvraidservice.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HE.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HiJackThis\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\Ján Beňo.HOME-X6GW7MXJAU\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Documents and Settings\Ján Beňo.HOME-X6GW7MXJAU\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\System32\nvraidservice.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [EPSON Stylus Photo RX620 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HE.EXE /P31 "EPSON Stylus Photo RX620 Series" /O6 "USB001" /M "Stylus Photo RX620"
O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v3] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" /source=HKLM
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Prevziať cez IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Prevziať cez IDM videá FLV spomedzi 10 naposledy vyžiadaných - C:\Program Files\Internet Download Manager\IEGetVL2.htm
O8 - Extra context menu item: Prevziať cez IDM všetky prepojenia - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Prevziať obsah FLV cez IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: QIP Infium - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP Infium\infium.exe (HKCU)
O16 - DPF: {1ED48504-8834-11D5-AC75-0008C73FD642} - file://C:\Applic\proeWildfire3\i486_nt\obj\pvx_install.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

--
End of file - 6998 bytes

[Reklama]

[Damned]

Spusť HJT (HijackThis), vypni prohlížeče, odpoj se od internetu a fixni (spustit HJT, "Do a system scan only",
zatrhnout políčko před hodnotou, zmáčknout "Fix checked" a poté "Ano"):

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R3 - URLSearchHook: (no name) - - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
*****************************************************************************************************************************************
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

[JANíčOK]

Posielam log z Malwarebytes' Anti-Malware 1.44.

---

Malwarebytes' Anti-Malware 1.44
Verzia databázy: 3882
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

18.3.2010 15:50:06
mbam-log-2010-03-18 (15-50-06).txt

Typ kontroly: Rýchla
Objektov kontrolovaných: 162771
Uplynutý cas: 5 minute(s), 44 second(s)

Infikovaných procesov pamäte: 0
Infikovaných modulov pamäte: 0
Infikovaných registracných klúcov: 0
Infikovaných registracných hodnôt: 0
Infikovaných registracných údajov položiek: 0
Infikovaných priecinkov: 0
Infikovaných súborov: 0

Infikovaných procesov pamäte:
(Žiadne škodlivé položky)

Infikovaných modulov pamäte:
(Žiadne škodlivé položky)

Infikovaných registracných klúcov:
(Žiadne škodlivé položky)

Infikovaných registracných hodnôt:
(Žiadne škodlivé položky)

Infikovaných registracných údajov položiek:
(Žiadne škodlivé položky)

Infikovaných priecinkov:
(Žiadne škodlivé položky)

Infikovaných súborov:
(Žiadne škodlivé položky)

[Damned]

Vypni rezidentní štít antiviru (pokud máš tak i antispyware).
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[JANíčOK]

Tu je log z ComboFix (by sUBs)

---

ComboFix 10-03-17.07 - janbeno 18.03.2010 16:25:46.11.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.421.1029.18.1023.636 [GMT 1:00]
Running from: c:\documents and settings\Ján Beňo.HOME-X6GW7MXJAU\Plocha\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\123protk_xyz.dat
c:\windows\system32\pPTS41.dll
c:\windows\system32\Vbshell.tlb

.
((((((((((((((((((((((((( Files Created from 2010-02-18 to 2010-03-18 )))))))))))))))))))))))))))))))
.

2010-03-11 20:35 . 2010-03-11 20:35 -------- d-----w- c:\program files\Common Files\Java
2010-03-02 18:30 . 2010-01-16 11:31 473600 ----a-w- c:\windows\SYCLicense80Ux64_100115.dll
2010-03-02 18:30 . 2010-01-16 11:30 425984 ----a-w- c:\windows\SYCLicenseU_100115.dll
2010-03-02 18:30 . 2010-01-16 11:30 278528 ----a-w- c:\windows\SYCLicense_100115.dll
2010-03-02 18:30 . 2010-03-02 18:58 -------- d-----w- c:\program files\STEP Import for AutoCAD

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-18 14:34 . 2010-01-26 15:43 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-03-16 18:16 . 2010-02-14 19:23 -------- d-----w- c:\program files\QIP Infium
2010-03-11 20:35 . 2009-05-12 08:53 -------- d-----w- c:\program files\Java
2010-03-05 07:22 . 2009-05-13 04:45 -------- d-----w- c:\program files\CCleaner
2010-02-12 17:17 . 2007-04-30 09:28 -------- d-----w- c:\program files\Common Files\BHPS
2010-02-12 16:23 . 2010-02-12 16:23 223128 ----a-w- c:\windows\system32\drivers\dtscsi.sys
2010-02-12 16:19 . 2010-02-12 16:19 96256 ----a-w- c:\windows\system32\drivers\sptd6349.sys
2010-02-12 16:19 . 2010-02-12 16:19 642560 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-02-05 21:41 . 2009-07-30 05:07 -------- d-----w- c:\program files\VLC media player
2010-01-19 13:12 . 2010-01-19 13:11 -------- d-----w- c:\program files\Strojnicka prirucka
2010-01-19 13:11 . 2010-01-19 13:11 -------- d-----w- c:\program files\Common Files\Borland Shared
2010-01-10 13:28 . 2010-01-10 13:28 0 ----a-w- c:\windows\ativpsrm.bin
2010-01-07 15:07 . 2009-05-16 20:43 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2009-05-16 20:43 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-05 17:34 . 2010-02-14 16:10 118000 ----a-w- c:\program files\mozilla firefox\components\qippipe.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"="c:\windows\System32\nvraidservice.exe" [2004-06-11 83968]
"SoundMan"="SOUNDMAN.EXE" [2005-10-04 90112]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-02-06 2021400]
"EPSON Stylus Photo RX620 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9HE.EXE" [2004-05-19 98304]
"pdfFactory Pro Dispatcher v3"="c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" [2009-04-28 606208]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2004-06-03 204800]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 14:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 00:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 05:58 611712 -c--a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FineReader7NewsReaderPro]
2003-12-09 22:19 278528 -c--a-w- c:\program files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-05-12 05:57 133104 -c--atw- c:\documents and settings\Ján Beňo.HOME-X6GW7MXJAU\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 13:40 155648 -c--a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2009-11-09 03:17 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [6.2.2009 13:23 106208]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [6.2.2009 13:23 727720]
R3 PAC207;Trust WB-1200p Mini Webcam;c:\windows\system32\drivers\PFC027.sys [24.2.2005 11:29 162176]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12.2.2010 17:19 642560]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Prevziať cez IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Prevziať cez IDM videá FLV spomedzi 10 naposledy vyžiadaných - c:\program files\Internet Download Manager\IEGetVL2.htm
IE: Prevziať cez IDM všetky prepojenia - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Prevziať obsah FLV cez IDM - c:\program files\Internet Download Manager\IEGetVL.htm
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {1ED48504-8834-11D5-AC75-0008C73FD642} - file://c:\applic\proeWildfire3\i486_nt\obj\pvx_install.exe
FF - ProfilePath - c:\documents and settings\Ján Beňo.HOME-X6GW7MXJAU\Data aplikací\Mozilla\Firefox\Profiles\gu9j4spb.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://sk.start3.mozilla.com/firefox?cl ... k:official
FF - prefs.js: keyword.URL - hxxp://search.qip.ru/search?from=FF&query=
FF - component: c:\documents and settings\Ján Beňo.HOME-X6GW7MXJAU\Data aplikací\IDM\idmmzcc3\components\idmmzcc.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
MSConfigStartUp-KMCONFIG - c:\program files\Trust\Trust R-Series Mouse\StartAutorun.exe
MSConfigStartUp-WireLessMouse - c:\program files\Trust\Trust R-series Mouse And Keyboard\StartAutorun.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-18 16:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{35b6f04b-f25b-4180-b3d3-b6234abe7e0b}]
@Denied: (Full) (Everyone)
"Model"=dword:000000e4
"Therad"=dword:0000001e
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):58,29,5a,51,9c,7b,78,82,82,7a,19,63,fd,53,af,f5,1f,50,fe,15,3a,
a0,fc,88,47,a5,f9,90,c7,54,cd,4a,3f,cf,60,39,4e,dd,b0,12,00,00,00,00,00,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1384)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-03-18 16:36:03
ComboFix-quarantined-files.txt 2010-03-18 15:35

Pre-Run: Volných bajtů: 14 737 416 192
Post-Run: Volných bajtů: 14 716 776 448

- - End Of File - - 822F6EA4B36175A3820138D0083EC515

[Damned]

Vypni antivir a pokud máš i Antispyware a odinstaluj ComboFix ( nutné ) .
ComboFix se odinstaluje takto:
Start-Spustit a zadej: Combofix[mezera]/uninstall

Stáhni si T-Cleaner ( nutné - smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš->spustíš)

(pozn.Pokud máš AVG nebo Aviru, před stažením T-Cleaneru a po dobu čištění deaktivuj AVG i Aviru (i rezidenty), následně T-Cleaner smaž a zapni si AVG, Aviru.)
*****************************************************************************************************************************************
Stáhni si OTL na Plochu.
Ujisti se , že máš zavřena všechna ostatní okna a poklepej na ikonu OTL.Nahoře v okně pod Output klikni na minimal Output.Pod Standard Registry změň na All. Zatrhni LOP Check a Purity Check. File age změň na 14 days. Všechny ostatní nastavení ponech jak jsou. Klikni na Run Scan. Sken může trvat dlouho, až skončí otevřou se dva logy:
OTL.Txt
Extras.Txt
Jsou uloženy ve stejném místě jako OTL. Oba logy sem prosím zkopíruj

[JANíčOK]

OTL.Txt

---

OTL logfile created on: 18.3.2010 17:15:03 - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\Ján Beňo.HOME-X6GW7MXJAU\Plocha
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 0000041B | Country: Slovensko | Language: SKY | Date Format: d.M.yyyy

1 023,00 Mb Total Physical Memory | 625,00 Mb Available Physical Memory | 61,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 89,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 13,90 Gb Free Space | 18,65% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 124,94 Mb Total Space | 119,98 Mb Free Space | 96,04% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-X6GW7MXJAU
Current User Name: janbeno
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 14 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Ján Beňo.HOME-X6GW7MXJAU\Plocha\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\ESET\ESET Smart Security\ekrn.exe (ESET)
PRC - C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
PRC - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\WINDOWS\system32\PAStiSvc.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\nvraidservice.exe (NVIDIA Corporation)
PRC - C:\Program Files\Microsoft IntelliPoint\point32.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATI9HE.EXE (SEIKO EPSON CORPORATION)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Ján Beňo.HOME-X6GW7MXJAU\Plocha\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (EhttpSrv) -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe (ESET)
SRV - (ekrn) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe (ESET)
SRV - (NetTcpPortSharing) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (MSSQL$AUTODESKVAULT) SQL Server (AUTODESKVAULT) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLBrowser) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (Autodesk Licensing Service) -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe (Autodesk)
SRV - (SQLWriter) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (STI Simulator) -- C:\WINDOWS\system32\PAStiSvc.exe ()


========== Driver Services (SafeList) ==========

DRV - (dtscsi) -- C:\WINDOWS\System32\Drivers\dtscsi.sys (DT Soft Ltd.)
DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (SCDEmu) -- C:\WINDOWS\system32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (epfwtdi) -- C:\WINDOWS\system32\drivers\epfwtdi.sys (ESET)
DRV - (Epfwndis) -- C:\WINDOWS\system32\drivers\epfwndis.sys (ESET)
DRV - (epfw) -- C:\WINDOWS\system32\drivers\epfw.sys (ESET)
DRV - (ehdrv) -- C:\WINDOWS\system32\drivers\ehdrv.sys (ESET)
DRV - (eamon) -- C:\WINDOWS\system32\drivers\eamon.sys (ESET)
DRV - (KMWDFilter) -- C:\WINDOWS\system32\drivers\KMWDFilter.SYS (Windows (R) Codename Longhorn DDK provider)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (PAC207) -- C:\WINDOWS\system32\drivers\PFC027.sys ()
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (nvraid) NVIDIA NForce(tm) -- C:\WINDOWS\System32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nvatabus) -- C:\WINDOWS\System32\DRIVERS\nvatabus.sys (NVIDIA Corporation)
DRV - (nv_agp) -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys (NVIDIA Corporation)
DRV - (cdrbsdrv) -- C:\WINDOWS\system32\drivers\CDRBSDRV.SYS (B.H.A Corporation)
DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "QIP Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Fast Browser Search"
FF - prefs.js..browser.search.order.1: "Fast Browser Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://sk.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:sk:official"
FF - prefs.js..extensions.enabledItems: mozilla_cc@internetdownloadmanager.com:6.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}:6.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {8FFE139B-90A7-4460-A972-9D2738997F6D}:1.6.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}:6.0.18
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6
FF - prefs.js..keyword.URL: "http://search.qip.ru/search?from=FF&query="


FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009.06.16 17:36:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009.05.12 09:53:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.02.14 17:10:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.02.26 22:35:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.03.17 11:58:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2009.05.11 13:59:40 | 000,000,000 | ---D | M]

[2010.01.26 13:43:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ján Beňo.HOME-X6GW7MXJAU\Data aplikací\mozilla\Extensions
[2010.01.26 13:43:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ján Beňo.HOME-X6GW7MXJAU\Data aplikací\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2009.05.11 08:47:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Ján Beňo.HOME-X6GW7MXJAU\Data aplikací\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009.08.18 18:48:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ján Beňo.HOME-X6GW7MXJAU\Data aplikací\mozilla\Extensions\MediaCoder
[2010.03.18 12:18:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ján Beňo.HOME-X6GW7MXJAU\Data aplikací\mozilla\Firefox\Profiles\gu9j4spb.default\extensions
[2010.01.28 11:52:38 | 000,000,000 | ---D | M] (QuickPageZoom) -- C:\Documents and Settings\Ján Beňo.HOME-X6GW7MXJAU\Data aplikací\mozilla\Firefox\Profiles\gu9j4spb.default\extensions\{8FFE139B-90A7-4460-A972-9D2738997F6D}
[2010.02.14 17:10:27 | 000,002,061 | ---- | M] () -- C:\Documents and Settings\Ján Beňo.HOME-X6GW7MXJAU\Data aplikací\Mozilla\FireFox\Profiles\gu9j4spb.default\searchplugins\qipsearch.xml
[2010.03.18 12:18:30 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.01.26 13:36:33 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008.11.29 17:59:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
[2009.03.30 07:46:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009.03.30 11:37:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009.09.16 08:13:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2010.02.12 18:42:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010.03.11 21:35:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
[2010.01.16 04:19:22 | 000,023,000 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010.01.16 04:19:22 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009.10.05 18:34:50 | 000,118,000 | ---- | M] () -- C:\Program Files\Mozilla Firefox\components\qippipe.dll
[2008.08.06 15:22:02 | 000,114,688 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
[2009.12.17 17:14:01 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2009.02.06 11:44:28 | 001,447,296 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
[2010.01.16 04:19:22 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2006.10.26 19:12:16 | 000,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
[2009.12.21 18:34:06 | 000,103,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2010.01.16 02:31:40 | 000,001,583 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\atlas-sk.xml
[2010.01.16 02:31:40 | 000,001,380 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\azet-sk.xml
[2010.01.16 02:31:40 | 000,001,479 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\dunaj-sk.xml
[2010.01.16 02:31:40 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2010.01.16 02:31:40 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010.01.16 02:31:40 | 000,001,473 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slovnik-sk.xml
[2010.01.16 02:31:40 | 000,001,104 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-sk.xml
[2010.01.16 02:31:40 | 000,000,830 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\zoznam-sk.xml

O1 HOSTS File: ([2009.11.22 11:39:05 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Adresa) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O3 - HKCU\..\Toolbar\WebBrowser: (&Adresa) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O3 - HKCU\..\Toolbar\WebBrowser: (&Odkazy) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [combofix] C:\ComboFix\CF19745.cfx File not found
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [EPSON Stylus Photo RX620 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HE.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\point32.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [pdfFactory Pro Dispatcher v3] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe (FinePrint Software, LLC)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClearRecentDocsOnExit = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Prevziať cez IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O8 - Extra context menu item: Prevziať cez IDM videá FLV spomedzi 10 naposledy vyžiadaných - C:\Program Files\Internet Download Manager\IEGetVL2.htm ()
O8 - Extra context menu item: Prevziať cez IDM všetky prepojenia - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Prevziať obsah FLV cez IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {1ED48504-8834-11D5-AC75-0008C73FD642} file://C:\Applic\proeWildfire3\i486_nt\obj\pvx_install.exe (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\lid {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Proces mezipaměti kategorií součástí - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Ján Beňo.HOME-X6GW7MXJAU\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Ján Beňo.HOME-X6GW7MXJAU\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010.03.18 17:11:27 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ján Beňo.HOME-X6GW7MXJAU\Plocha\OTL.exe
[2010.03.18 17:06:39 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Ján Beňo.HOME-X6GW7MXJAU\Recent
[2010.03.18 16:41:39 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010.03.17 16:37:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ján Beňo.HOME-X6GW7MXJAU\Dokumenty\vajce
[2010.03.13 11:47:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ján Beňo.HOME-X6GW7MXJAU\Dokumenty\Preberanie
[2010.03.12 10:30:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Ján Beňo.HOME-X6GW7MXJAU\Dokumenty\kraviny
[2010.03.11 21:35:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Sun
[2010.03.11 21:35:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010.03.11 21:35:34 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010.03.11 21:35:33 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010.03.11 21:35:33 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009.08.15 12:43:18 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Ján Beňo.HOME-X6GW7MXJAU\Data aplikací\pcouffin.sys
[2009.05.10 17:00:52 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Data aplikací\Microsoft
[2008.08.16 14:22:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\ESET
[2008.07.10 16:10:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\ESET
[2007.09.06 19:54:37 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Data aplikací\Microsoft
[2006.10.21 19:42:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Data aplikací\Ahead
[2006.08.09 10:38:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Microsoft
[2006.08.09 09:54:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Microsoft

========== Files - Modified Within 14 Days ==========

[2010.03.18 17:11:32 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ján Beňo.HOME-X6GW7MXJAU\Plocha\OTL.exe
[2010.03.18 17:07:27 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.03.18 17:07:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.03.18 17:06:43 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Ján Beňo.HOME-X6GW7MXJAU\ntuser.ini
[2010.03.18 17:06:42 | 007,077,888 | ---- | M] () -- C:\Documents and Settings\Ján Beňo.HOME-X6GW7MXJAU\NTUSER.DAT
[2010.03.18 17:06:39 | 001,578,360 | -H-- | M] () -- C:\Documents and Settings\Ján Beňo.HOME-X6GW7MXJAU\Local Settings\Data aplikací\IconCache.db
[2010.03.18 16:33:47 | 000,000,264 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.03.18 15:34:31 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.03.18 15:34:29 | 000,000,000 | ---- | M] () -- C:\FileOut.Cns
[2010.03.18 15:34:29 | 000,000,000 | ---- | M] () -- C:\FileIn.Cns
[2010.03.18 13:36:03 | 000,367,507 | -H-- | M] () -- C:\treeinfo.wc
[2010.03.18 13:01:59 | 000,041,281 | ---- | M] () -- C:\Documents and Settings\Ján Beňo.HOME-X6GW7MXJAU\Plocha\ec120kosican.rar
[2010.03.18 11:50:45 | 000,002,565 | ---- | M] () -- C:\Documents and Settings\Ján Beňo.HOME-X6GW7MXJAU\Plocha\Microsoft Office Word 2007.lnk
[2010.03.17 12:38:54 | 000,009,662 | ---- | M] () -- C:\WINDOWS\EPISME00.SWB
[2010.03.17 09:43:01 | 000,111,616 | ---- | M] () -- C:\Documents and Settings\Ján Beňo.HOME-X6GW7MXJAU\Dokumenty\Ziadost o vyplatenie dlznej sumy - svokor.doc
[2010.03.13 15:12:51 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2010.03.08 19:18:48 | 009,526,328 | ---- | M] () -- C:\Documents and Settings\Ján Beňo.HOME-X6GW7MXJAU\Plocha\cd_162-verze-II.dwg
[2010.03.08 17:04:02 | 000,001,846 | ---- | M] () -- C:\Documents and Settings\Ján Beňo.HOME-X6GW7MXJAU\Plocha\Train Simulator.lnk
[2010.03.05 08:22:43 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\Ján Beňo.HOME-X6GW7MXJAU\Plocha\CCleaner.lnk

========== Files Created - No Company Name ==========

[2010.03.18 13:01:34 | 000,041,281 | ---- | C] () -- C:\Documents and Settings\Ján Beňo.HOME-X6GW7MXJAU\Plocha\ec120kosican.rar
[2010.03.17 09:43:01 | 000,111,616 | ---- | C] () -- C:\Documents and Settings\Ján Beňo.HOME-X6GW7MXJAU\Dokumenty\Ziadost o vyplatenie dlznej sumy - svokor.doc
[2010.03.08 19:14:54 | 009,526,328 | ---- | C] () -- C:\Documents and Settings\Ján Beňo.HOME-X6GW7MXJAU\Plocha\cd_162-verze-II.dwg
[2010.02.26 22:36:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI
[2010.01.23 18:01:02 | 000,000,262 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010.01.23 17:04:25 | 000,000,032 | ---- | C] () -- C:\WINDOWS\start.INI
[2010.01.17 14:41:30 | 000,003,730 | ---- | C] () -- C:\WINDOWS\wtran32.INI
[2010.01.17 14:41:11 | 000,002,685 | ---- | C] () -- C:\WINDOWS\wdict32.INI
[2009.10.05 18:50:51 | 000,000,054 | ---- | C] () -- C:\WINDOWS\AutoCAD 2000 EReg.ini
[2009.10.05 18:50:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mtstack.INI
[2009.09.01 15:36:27 | 000,000,135 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2009.08.27 11:46:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\InvTXTStack.INI
[2009.08.21 12:14:30 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\libssl32.dll
[2009.08.18 18:14:07 | 000,000,066 | ---- | C] () -- C:\WINDOWS\Speed Video Converter.INI
[2009.08.15 12:43:47 | 000,001,044 | ---- | C] () -- C:\Documents and Settings\Ján Beňo.HOME-X6GW7MXJAU\Data aplikací\vso_ts_preview.xml
[2009.08.15 12:43:24 | 000,000,033 | ---- | C] () -- C:\Documents and Settings\Ján Beňo.HOME-X6GW7MXJAU\Data aplikací\pcouffin.log
[2009.08.15 12:43:18 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Ján Beňo.HOME-X6GW7MXJAU\Data aplikací\inst.exe
[2009.08.15 12:43:18 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Ján Beňo.HOME-X6GW7MXJAU\Data aplikací\pcouffin.cat
[2009.08.15 12:43:18 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Ján Beňo.HOME-X6GW7MXJAU\Data aplikací\pcouffin.inf
[2009.06.26 06:14:06 | 000,002,455 | ---- | C] () -- C:\WINDOWS\TRNCOM.INI
[2009.06.16 07:36:30 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Ján Beňo.HOME-X6GW7MXJAU\Data aplikací\AVSDVDPlayer.m3u
[2009.06.16 07:24:34 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009.06.16 05:49:21 | 000,003,185 | ---- | C] () -- C:\WINDOWS\FantasyDVD.ini
[2009.06.16 05:49:20 | 000,002,417 | ---- | C] () -- C:\WINDOWS\ShortCutInf.ini
[2009.05.25 16:32:02 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009.05.18 07:29:53 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009.05.14 17:10:34 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\Ján Beňo.HOME-X6GW7MXJAU\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.05.13 05:33:23 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2009.05.12 12:55:01 | 000,000,144 | ---- | C] () -- C:\Documents and Settings\Ján Beňo.HOME-X6GW7MXJAU\Local Settings\Data aplikací\fusioncache.dat
[2009.05.11 15:17:46 | 000,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll
[2009.05.11 15:17:46 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini
[2009.05.11 15:17:22 | 000,000,022 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009.05.11 15:13:27 | 000,000,027 | ---- | C] () -- C:\WINDOWS\CDE RX620ED.ini
[2009.05.11 09:48:10 | 000,157,184 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2009.05.11 09:17:22 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2009.02.01 18:42:57 | 000,179,312 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\FontCache3.0.0.0.dat
[2005.10.14 10:56:50 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005.10.14 10:56:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005.10.14 10:56:50 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005.10.14 10:56:50 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005.10.14 10:56:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005.10.14 10:56:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005.10.14 10:56:50 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005.10.14 10:56:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2005.10.14 10:56:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll
[2005.02.24 11:29:14 | 000,162,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\PFC027.sys
[2005.01.25 14:15:42 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\PA207USD.DLL
[2004.09.16 10:56:20 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\zlib.dll
[2004.03.18 17:40:32 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2004.03.18 17:40:24 | 000,667,648 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2001.10.25 13:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2001.10.25 13:00:00 | 000,013,576 | ---- | C] () -- C:\WINDOWS\System32\syscorecfg256.dll

========== LOP Check ==========

[2009.12.30 14:14:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\Autodesk
[2010.02.26 22:36:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\DassaultSystemes
[2009.05.11 13:59:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\ESET
[2009.10.12 15:17:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\GoldWave
[2009.06.26 05:42:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\LangSoft
[2009.05.21 14:14:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Data aplikací\TuneUp Software
[2009.11.24 22:15:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ján Beňo.HOME-X6GW7MXJAU\Data aplikací\Autodesk
[2009.08.18 18:57:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ján Beňo.HOME-X6GW7MXJAU\Data aplikací\Broad Intelligence
[2009.05.22 04:46:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ján Beňo.HOME-X6GW7MXJAU\Data aplikací\COWON
[2010.02.26 22:36:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ján Beňo.HOME-X6GW7MXJAU\Data aplikací\DassaultSystemes
[2010.03.18 15:35:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ján Beňo.HOME-X6GW7MXJAU\Data aplikací\DMCache
[2010.02.26 22:37:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ján Beňo.HOME-X6GW7MXJAU\Data aplikací\EDrawings
[2009.12.15 17:44:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ján Beňo.HOME-X6GW7MXJAU\Data aplikací\ELIS
[2009.05.12 15:12:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ján Beňo.HOME-X6GW7MXJAU\Data aplikací\EPSON
[2009.05.11 14:00:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ján Beňo.HOME-X6GW7MXJAU\Data aplikací\ESET
[2009.07.13 11:23:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ján Beňo.HOME-X6GW7MXJAU\Data aplikací\FTWeak
[2009.08.11 08:56:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ján Beňo.HOME-X6GW7MXJAU\Data aplikací\Highresolution Enterprises
[2010.02.18 15:44:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ján Beňo.HOME-X6GW7MXJAU\Data aplikací\IDM
[2009.06.16 06:53:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ján Beňo.HOME-X6GW7MXJAU\Data aplikací\InterVideo
[2009.07.04 13:41:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ján Beňo.HOME-X6GW7MXJAU\Data aplikací\IObit
[2009.05.12 09:26:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ján Beňo.HOME-X6GW7MXJAU\Data aplikací\IrfanView
[2009.06.26 08:02:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ján Beňo.HOME-X6GW7MXJAU\Data aplikací\LangSoft
[2009.05.13 07:49:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ján Beňo.HOME-X6GW7MXJAU\Data aplikací\OLYMPUS
[2009.05.13 05:14:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ján Beňo.HOME-X6GW7MXJAU\Data aplikací\PTC
[2009.12.30 17:39:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ján Beňo.HOME-X6GW7MXJAU\Data aplikací\TeamViewer
[2010.01.01 19:07:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ján Beňo.HOME-X6GW7MXJAU\Data aplikací\TechSmith
[2010.01.26 13:43:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ján Beňo.HOME-X6GW7MXJAU\Data aplikací\Thunderbird
[2009.09.11 16:12:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ján Beňo.HOME-X6GW7MXJAU\Data aplikací\TuneUp Software
[2009.08.18 19:04:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Ján Beňo.HOME-X6GW7MXJAU\Data aplikací\Vso

========== Purity Check ==========


< End of report >

[JANíčOK]

Extras.Txt

---

OTL Extras logfile created on: 18.3.2010 17:15:03 - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\Ján Beňo.HOME-X6GW7MXJAU\Plocha
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 0000041B | Country: Slovensko | Language: SKY | Date Format: d.M.yyyy

1 023,00 Mb Total Physical Memory | 625,00 Mb Available Physical Memory | 61,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 89,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 13,90 Gb Free Space | 18,65% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 124,94 Mb Total Space | 119,98 Mb Free Space | 96,04% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME-X6GW7MXJAU
Current User Name: janbeno
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 14 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.scr [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VLC media player\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VLC media player\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{109D28C7-FB38-483A-9C91-001CB59E2699}" = EPSON CardMonitor
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1FB138CC-5503-4B4A-BC42-81E9C1FF26EE}" = Autodesk Inventor Content Center Libraries 2010 (Desktop Content)
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 18
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (AUTODESKVAULT)
"{2BF46E7D-84DA-4552-A3D2-66B24D8A3F3F}" = Visual C++ 2008 Runtime (x86)
"{350C97C4-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{38623342-0CCC-47ED-9B97-E1C494591051}" = Nero 7 Ultra Edition
"{3A1AB8E6-748E-4B95-AA2D-FE9952EB3106}" = OLYMPUS Master 2
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AD49422-8B9B-4896-9C83-ED39E38B2D15}_is1" = ELIS 2009/2010
"{4ED118EE-785C-CC18-5D2E-D5CA4BAA03F0}" = Catalyst Control Center Graphics Full New
"{52969324-463B-4643-BF36-854BE2BECB89}" = Autodesk Inventor Professional 2010
"{539475B7-44B7-8B0A-134C-F01B9C8B7569}" = ccc-core-preinstall
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{546C143E-68DC-314D-97BC-1E454E3BA429}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - CSY
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5783F2D7-8001-0405-0002-0060B0CE6BBA}" = AutoCAD 2010 - česky
"{5783F2D7-8001-0405-1002-0060B0CE6BBA}" = Jazykový balíček aplikace AutoCAD 2010 - čeština
"{587A2120-41D3-11DB-3D6C-00E19E4D4AE1}" = MSTS Patch 1.8.0521 CZ
"{5AC7AE54-55DF-1126-076C-623F008D40B6}" = Catalyst Control Center Graphics Full Existing
"{6351D217-3EE3-1967-29BE-6A77635FE485}" = Skins
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{64635543-70E7-436D-8D6D-4A721595029E}" = Microsoft IntelliPoint 5.2
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6AB9CD3A-F91F-233B-923B-6C59BA63524D}" = Catalyst Control Center HydraVision Full
"{6C11D561-620B-47DA-A693-4C597F3CDF40}" = EPSON Smart Panel
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7506D309-53A2-4927-BD1B-70015F1C6E0C}" = Windows Slovak Interface Pack
"{7F4DD591-1400-0409-0000-7107D70F3DB4}" = Autodesk Inventor Professional 2010
"{7F947BFE-C2DF-4779-9909-5BEE746BD0C4}" = Microsoft .NET Framework 2.0 Language Pack - CSY
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{85A91C22-C369-FCFB-5F1F-D59EB21AD0E1}" = CCC Help English
"{88DA244E-4CEA-49E4-AD6A-301B65131E25}" = Shape Viewer
"{90120000-0010-041B-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Slovak) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0015-041B-0000-0000000FF1CE}" = Microsoft Office Access MUI (Slovak) 2007
"{90120000-0016-041B-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Slovak) 2007
"{90120000-0018-041B-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Slovak) 2007
"{90120000-0019-041B-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Slovak) 2007
"{90120000-001A-041B-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Slovak) 2007
"{90120000-001B-041B-0000-0000000FF1CE}" = Microsoft Office Word MUI (Slovak) 2007
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040E-0000-0000000FF1CE}" = Microsoft Office Proof (Hungarian) 2007
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-002C-041B-0000-0000000FF1CE}" = Microsoft Office Proofing (Slovak) 2007
"{90120000-0044-041B-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Slovak) 2007
"{90120000-006E-041B-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Slovak) 2007
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2C9CD1B-2551-3AED-B244-6698FB929FA6}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - CSY
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A6D0140F-E62F-9D1E-2408-9CFF91FF6FC8}" = ccc-utility
"{A95F8C65-078D-46D3-ABB9-F7BBA8B9FFC5}" = Pomůcka CAD správce programu Autodesk Inventor
"{AAB6D0F8-02B3-4E89-B24C-0BB153C21445}" = Windows Presentation Foundation Language Pack (CSY)
"{AAF70000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 7.0 Professional Edition
"{ac474156-361a-4a7b-8b6e-977781b92565}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1051-7B44-A93000000001}" = Adobe Reader 9.3.1 - Slovak
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C44A7422-E380-44BE-79FE-1C032D8A03A7}" = Catalyst Control Center Core Implementation
"{C48817E7-AA05-4151-A99D-1E1E550CE801}" = EPSON PhotoStarter3.1
"{C4EE60C6-515F-4BAE-AB76-2D54DBC0875D}" = Trust WB-1200p Mini Webcam
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{DD73CA82-EA82-38AA-863D-9A24A018DC96}" = Microsoft .NET Framework 3.5 Language Pack SP1 - csy
"{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = COWON Media Center - jetAudio Basic VX
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E5D24929-91A4-B0A1-DE00-AFC453921EF7}" = Catalyst Control Center Graphics Light
"{E6C09BFB-BA75-15C7-5B18-A2CE31C4F42B}" = Catalyst Control Center Graphics Previews Common
"{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}" = Microsoft SQL Server VSS Writer
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F20A984B-9B30-4A9E-A3AC-918AF0D85A48}" = Snagit 9.1.1
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}" = Microsoft SQL Server Native Client
"{F9E58416-8176-4583-B014-47985E5A8357}" = ESET Smart Security
"{FB09515C-8E3E-4E0F-A1F2-032F38DEC185}" = Microsoft .NET Framework 3.0 Czech Language Pack
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"AutoCAD 2010 - česky" = AutoCAD 2010 - česky
"AutoCAD 2010 - česky Version 2" = AutoCAD 2010 - česky Version 2
"Autodesk Inventor Professional 2010" = Autodesk Inventor Professional 2010 čeština (Czech)
"Autodesk Inventor Professional 2010 SP1" = Autodesk Inventor Professional 2010 SP1
"CCleaner" = CCleaner
"ConTEXTEditor_is1" = ConTEXT
"Convoi" = Convoi 1.50
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0
"Dream Aquarium_is1" = Dream Aquarium
"DVD Shrink_is1" = DVD Shrink 3.2
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"ESPRX620 Series Reference Guide" = ESPRX620 Series Reference Guide
"InstallShield_{C4EE60C6-515F-4BAE-AB76-2D54DBC0875D}" = Trust WB-1200p Mini Webcam
"Internet Download Manager" = Internet Download Manager
"IrfanView" = IrfanView (remove only)
"jetAudio 7.5.x Czech Language Pack" = jetAudio 7.5.x Czech Language Pack
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0 Language Pack - CSY" = Microsoft .NET Framework 2.0 Language Pack - CSY
"Microsoft .NET Framework 3.0 Czech Language Pack" = Microsoft .NET Framework 3.0 Czech Language Pack
"Microsoft .NET Framework 3.5 Language Pack SP1 - csy" = Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"MiNODLogin" = ESET Antivirus Licence Finder (MiNODLogin)
"MozBackup" = MozBackup 1.4.9
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"MSTS Activity-Analysis 2.18" = MSTS Activity-Analysis 2.18
"MSTSBin Screens & Widgets_is1" = MSTSBin Screens & Widgets 0.1
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nForce Drivers" = NVIDIA nForce Drivers
"pdfFactory Pro" = pdfFactory Pro
"PowerISO" = PowerISO
"Pro/ENGINEER Release Wildfire 4.0 Datecode M130" = Pro/ENGINEER Release Wildfire 4.0 Datecode M130
"PROPLUS" = Microsoft Office Professional Plus 2007
"PSPad editor_is1" = PSPad editor
"QuicktimeAlt_is1" = QuickTime Alternative 2.7.0
"Revo Uninstaller" = Revo Uninstaller 1.85
"ShockwaveFlash" = Macromedia Flash Player 8
"Strojnická příručka 1.4" = Strojnická příručka 1.4
"TeamViewer 4" = TeamViewer 4
"TGATool2A_is1" = TGATool2A version 4.00.34
"Totalcmd" = Total Commander (Remove or Repair)
"Train Simulator 1.0" = Microsoft Train Simulator
"Train Store (Czech Language Pack)" = Train Store (Czech Language Pack)
"Train Store V3.2" = Train Store V3.2
"VLC media player" = VLC media player 1.0.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WinRAR archiver" = WinRAR archivátor
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Xvid_is1" = Xvid 1.2.2 final uninstall

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"QIP Infium" = QIP Infium 2.0.9034

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 14.3.2010 6:42:54 | Computer Name = HOME-X6GW7MXJAU | Source = Application Error | ID = 1000
Description = Chybující aplikace train.exe, verze 1.16.5.912, chybující modul train.exe,
verze 1.16.5.912, adresa chyby 0x001b281c.

Error - 14.3.2010 17:09:55 | Computer Name = HOME-X6GW7MXJAU | Source = Application Error | ID = 1000
Description = Chybující aplikace firefox.exe, verze 1.9.2.3667, chybující modul
ntdll.dll, verze 5.1.2600.2180, adresa chyby 0x00018fea.

Error - 14.3.2010 18:30:08 | Computer Name = HOME-X6GW7MXJAU | Source = Application Error | ID = 1000
Description = Chybující aplikace train.exe, verze 1.16.5.912, chybující modul train.exe,
verze 1.16.5.912, adresa chyby 0x00006e8c.

Error - 15.3.2010 7:09:49 | Computer Name = HOME-X6GW7MXJAU | Source = Application Error | ID = 1000
Description = Chybující aplikace train.exe, verze 1.16.5.912, chybující modul train.exe,
verze 1.16.5.912, adresa chyby 0x00006e8c.

Error - 16.3.2010 9:24:55 | Computer Name = HOME-X6GW7MXJAU | Source = Application Error | ID = 1000
Description = Chybující aplikace train.exe, verze 1.16.5.912, chybující modul train.exe,
verze 1.16.5.912, adresa chyby 0x00145819.

Error - 16.3.2010 12:05:33 | Computer Name = HOME-X6GW7MXJAU | Source = Application Error | ID = 1000
Description = Chybující aplikace train.exe, verze 1.16.5.912, chybující modul train.exe,
verze 1.16.5.912, adresa chyby 0x002d420e.

Error - 18.3.2010 6:26:01 | Computer Name = HOME-X6GW7MXJAU | Source = Application Error | ID = 1000
Description = Chybující aplikace train.exe, verze 1.16.5.912, chybující modul train.exe,
verze 1.16.5.912, adresa chyby 0x00006e8c.

Error - 18.3.2010 9:24:20 | Computer Name = HOME-X6GW7MXJAU | Source = Application Error | ID = 1000
Description = Chybující aplikace train.exe, verze 1.16.5.912, chybující modul train.exe,
verze 1.16.5.912, adresa chyby 0x002f3d46.

Error - 18.3.2010 9:31:21 | Computer Name = HOME-X6GW7MXJAU | Source = Application Error | ID = 1000
Description = Chybující aplikace train.exe, verze 1.16.5.912, chybující modul train.exe,
verze 1.16.5.912, adresa chyby 0x002f3d46.

Error - 18.3.2010 9:44:19 | Computer Name = HOME-X6GW7MXJAU | Source = Application Error | ID = 1000
Description = Chybující aplikace train.exe, verze 1.16.5.912, chybující modul train.exe,
verze 1.16.5.912, adresa chyby 0x002f3d46.

[ System Events ]
Error - 2.3.2010 14:56:47 | Computer Name = HOME-X6GW7MXJAU | Source = Cdrom | ID = 262151
Description = Zařízení \Device\CdRom0 má chybný blok.

Error - 2.3.2010 14:56:50 | Computer Name = HOME-X6GW7MXJAU | Source = Cdrom | ID = 262151
Description = Zařízení \Device\CdRom0 má chybný blok.

Error - 2.3.2010 14:56:53 | Computer Name = HOME-X6GW7MXJAU | Source = Cdrom | ID = 262151
Description = Zařízení \Device\CdRom0 má chybný blok.

Error - 2.3.2010 14:56:56 | Computer Name = HOME-X6GW7MXJAU | Source = Cdrom | ID = 262151
Description = Zařízení \Device\CdRom0 má chybný blok.

Error - 2.3.2010 14:57:00 | Computer Name = HOME-X6GW7MXJAU | Source = Cdrom | ID = 262151
Description = Zařízení \Device\CdRom0 má chybný blok.

Error - 3.3.2010 7:06:50 | Computer Name = HOME-X6GW7MXJAU | Source = Cdrom | ID = 262151
Description = Zařízení \Device\CdRom0 má chybný blok.

Error - 3.3.2010 7:06:52 | Computer Name = HOME-X6GW7MXJAU | Source = Cdrom | ID = 262151
Description = Zařízení \Device\CdRom0 má chybný blok.

Error - 3.3.2010 7:06:55 | Computer Name = HOME-X6GW7MXJAU | Source = Cdrom | ID = 262151
Description = Zařízení \Device\CdRom0 má chybný blok.

Error - 15.3.2010 5:21:55 | Computer Name = HOME-X6GW7MXJAU | Source = Cdrom | ID = 262151
Description = Zařízení \Device\CdRom0 má chybný blok.

Error - 18.3.2010 9:50:59 | Computer Name = HOME-X6GW7MXJAU | Source = sr | ID = 1
Description = Filtr nástroje Obnovení systému zjistil neočekávanou chybu 0xC000009A
při zpracování souboru infium.madExcept na svazku HarddiskVolume1. Sledování svazku
bylo ukončeno.

[ TuneUp Events ]
Error - 6.8.2009 3:06:02 | Computer Name = HOME-X6GW7MXJAU | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 7.8.2009 6:31:32 | Computer Name = HOME-X6GW7MXJAU | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 7.8.2009 6:32:05 | Computer Name = HOME-X6GW7MXJAU | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 11.8.2009 6:02:23 | Computer Name = HOME-X6GW7MXJAU | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 11.8.2009 6:10:44 | Computer Name = HOME-X6GW7MXJAU | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 18.8.2009 23:49:41 | Computer Name = HOME-X6GW7MXJAU | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 18.8.2009 23:50:32 | Computer Name = HOME-X6GW7MXJAU | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 25.8.2009 15:29:56 | Computer Name = HOME-X6GW7MXJAU | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 25.8.2009 15:30:28 | Computer Name = HOME-X6GW7MXJAU | Source = TuneUp Program Statistics | ID = 131840
Description =

Error - 6.9.2009 16:51:53 | Computer Name = HOME-X6GW7MXJAU | Source = TuneUp Program Statistics | ID = 131840
Description =


< End of report >

[Damned]

Potom až skončíme si proveď kontrolu disku.

Červený soubor zkontroluj na Virustotalu a vlož sem odkaz na výsledek.
Pokud ho nenajdeš, dej si zobrazit skryté a systémové soubory. Pokud ti nabídne, že soubor už kontroloval,
nech ho zkontrolovat znovu, a počkej až se objeví "Dokončeno" a výsledek.Potom sem zkopíruj adresní řádek.

C:\WINDOWS\System32\syscorecfg256.dll
*****************************************************************************************************************************************
Poklepej na ikonu OTL na ploše.Ujisti se , že máš všechny ostatní aplikace a prohlížeče zavřeny.
Pod Custom Scans/Fixes do okénka vlož následující text, zobrazený zeleně:

Kód: Vybrat vše

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
FF - prefs.js..browser.search.defaultenginename: "QIP Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Fast Browser Search"
FF - prefs.js..browser.search.order.1: "Fast Browser Search"
FF - prefs.js..keyword.URL: "http://search.qip.ru/search?from=FF&query="
[2010.02.14 17:10:27 | 000,002,061 | ---- | M] () -- C:\Documents and Settings\Ján Beňo.HOME-X6GW7MXJAU\Data aplikací\Mozilla\FireFox\Profiles\gu9j4spb.default\searchplugins\qipsearch.xml
[2010.01.16 02:31:40 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
O4 - HKLM..\Run: [combofix] C:\ComboFix\CF19745.cfx File not found
O16 - DPF: {1ED48504-8834-11D5-AC75-0008C73FD642} file://C:\Applic\proeWildfire3\i486_nt\obj\pvx_install.exe (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)

:Files
C:\WINDOWS\*.tmp
C:\WINDOWS\System32\*.tmp
C:\WINDOWS\system32\*.tmp.dll
C:\WINDOWS\system32\SET*.tmp
C:\Recycler
C:\$RECYCLE.BIN
C:\Documents and Settings\NetworkService\Data aplikací\rbuwzv.dat
C:\Windows\tasks\SA.DAT

:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

:Commands
[purity]
[emptytemp]
[emptyflash]
[start explorer]
[Reboot]


Poté klikni nahoře na Run Fix. Nech program nerušeně běžet, na konci se provede restart PC.
Po restartu se objeví log , prosím zkopíruj sem celý jeho obsah.

[JANíčOK]

Tu je výsledok testu na VirusTotal:
http://www.virustotal.com/cs/analisis/5 ... 1268930860

[JANíčOK]

Posielam log z OTL:

---

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
Prefs.js: "QIP Search" removed from browser.search.defaultenginename
Prefs.js: "Fast Browser Search" removed from browser.search.defaultthis.engineName
Prefs.js: "Fast Browser Search" removed from browser.search.order.1
Prefs.js: "http://search.qip.ru/search?from=FF&query=" removed from keyword.URL
C:\Documents and Settings\Ján Beňo.HOME-X6GW7MXJAU\Data aplikací\Mozilla\FireFox\Profiles\gu9j4spb.default\searchplugins\qipsearch.xml moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\combofix deleted successfully.
File 504-8834-11D5-AC75-0008C73FD642} file://C:\Applic\proeWildfire3\i486_nt\obj\pvx_install.exe not found.
Starting removal of ActiveX control {1ED48504-8834-11D5-AC75-0008C73FD642}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1ED48504-8834-11D5-AC75-0008C73FD642}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1ED48504-8834-11D5-AC75-0008C73FD642}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1ED48504-8834-11D5-AC75-0008C73FD642}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{1ED48504-8834-11D5-AC75-0008C73FD642}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1ED48504-8834-11D5-AC75-0008C73FD642}\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
========== FILES ==========
File\Folder C:\WINDOWS\*.tmp not found.
File\Folder C:\WINDOWS\System32\*.tmp not found.
File\Folder C:\WINDOWS\system32\*.tmp.dll not found.
File\Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\RECYCLER\S-1-5-21-1123561945-746137067-1417001333-1003 folder moved successfully.
C:\RECYCLER folder moved successfully.
File\Folder C:\$RECYCLE.BIN not found.
File\Folder C:\Documents and Settings\NetworkService\Data aplikací\rbuwzv.dat not found.
C:\Windows\tasks\SA.DAT moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall\ deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: All Users

User: All Users.WINDOWS

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User.WINDOWS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: HOME-X6GW7MXJAU

User: Ján Beňo old

User: Ján Beňo.HOME-X6GW7MXJAU
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 567780 bytes
->Java cache emptied: 14476519 bytes
->FireFox cache emptied: 59750489 bytes
->Google Chrome cache emptied: 557424 bytes
->Flash cache emptied: 8226 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService.NT AUTHORITY
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: NetworkService.NT AUTHORITY
->Temp folder emptied: 32768 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 72,00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: All Users.WINDOWS

User: Default User

User: Default User.WINDOWS

User: HOME-X6GW7MXJAU

User: Ján Beňo old

User: Ján Beňo.HOME-X6GW7MXJAU
->Flash cache emptied: 0 bytes

User: LocalService

User: LocalService.NT AUTHORITY

User: NetworkService

User: NetworkService.NT AUTHORITY

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.1.37.3 log created on 03182010_180042

Files\Folders moved on Reboot...
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temp\Perflib_Perfdata_2fc.dat moved successfully.

Registry entries deleted on Reboot...

[Damned]

Smaž složku C:\_OTL a vysyp Koš. Měl by si to mít již OK.

Stáhni si ToolsCleaner2 (by de A.Rothstein & Dj Quiou) na Plochu a spusť ho.

Klikni na Pt. Restauration (obnova) a poté na OK.
Klikni na Corbeille (koš) a poté na OK.
Klikni na Fichiers temp (temp složky) a poté na OK.
Klikni na Recherche (hledání) a nech Cleaner pracovat. Může se během čištění zastavit , ale nech ho pokračovat.
Když program skončí , klikni na Suppression (odstranění) a odstraň nalezené.
Zavři a smaž program.


Kdyby se něco zase objevilo, tak se zastav.
Označ topic za vyřešený (zelená fajfka) a měj se.