Log v HiJackThis

daveing · Příspěvekod **daveing** » 04 bře 2010 00:00

Moh bych poprosit o radu, pustil jsem HiJackThis, ale píše mě to: For some reason your system denied write access to the Hosts file. If anyhijacked domains are in this file HijackThis may NOT be able to fix this.
It that happens, you need to edit the file yourself. To do this, click Start, Run type: notepad C:\Windows\System32\drivers\etc\hosts
and press Enter. Find the line(s) HijackThis reports and delete them. Save the file as 'host' (with quotes)and reboot
For Vista:simply, exit HijackThis, right click on the HijackThis icon, choose Run as administrator

Ten soubor mi nejde ulozit, tak co s tim mam delat.
Ze ten soubor existuje, tak jestli ho chci prepsat(kdyz ukladam logfile)a nahradit
Pak me to napise, ze nemoze nalezt soubor C:\Program Files\hijacktis.log
Kdyz ano, tak se mi zobrazi prazdny soubor

Jinac tento PC byl trosku zavirovanej a byl celkem bez ochrany, nebo nejakou mel, ale neaktualizoval diky moc

Reklama

Damned · Příspěvekod **Damned** » 04 bře 2010 00:18

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
*****************************************************************************************************************************************
Stáhni si OTL na Plochu.
Ujisti se , že máš zavřena všechna ostatní okna a poklepej na ikonu OTL.Nahoře v okně pod Output klikni na minimal Output.Pod Standard Registry změň na All. Zatrhni LOP Check a Purity Check. File age změň na 14 days. Zaškrtni "Scan All users". Všechny ostatní nastavení ponech jak jsou. Klikni na Run Scan. Sken může trvat dlouho, až skončí otevřou se dva logy:
OTL.Txt
Extras.Txt
Jsou uloženy ve stejném místě jako OTL. Oba logy sem prosím zkopíruj

daveing · Příspěvekod **daveing** » 21 bře 2010 22:22

Malwarebytes' Anti-Malware 1.44
Verze databáze: 3895
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18882

21.3.2010 22:21:40
mbam-log-2010-03-21 (22-21-26).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 115926
Uplynulý čas: 4 minute(s), 50 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 33
Infikované hodnoty registru: 4
Infikované datové položky registru: 0
Infikované adresáře: 17
Infikované soubory: 30

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
HKEY_CLASSES_ROOT\aimactivexdll.aimhelper (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\aimactivexdll.aimhelper.1 (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\explorerbar.funexplorer (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\explorerbar.funexplorer.1 (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\explorerbar.funredirector (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\explorerbar.funredirector.1 (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\oeactivexdll.desktopbuttonhandler (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\oeactivexdll.desktopbuttonhandler.1 (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\oeactivexdll.desktopoeaddin1 (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\oeactivexdll.desktopoeaddin1.1 (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{57aba38e-6535-48f3-99fd-efdc62137c78} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35b8d58c-b0cb-46b0-ba64-05b3804e4e86} (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cdbfb47b-58a8-4111-bf95-06178dce326d} (Adware.DoubleD) -> No action taken.
HKEY_CLASSES_ROOT\AppID\AIMActiveXDLL.dll (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\DoubleD (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{16b6279b-9ff5-41fb-8bf9-404324f5dd1f}}_is1 (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1fb52ab3-5987-45a2-85e0-f3ec30dddc29}}_is1 (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{c5096216-7703-409e-b85a-8a6ee7395128}}_is1 (Adware.DoubleD) -> No action taken.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Funband Serach (Adware.DoubleD) -> No action taken.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Funband Serach (Adware.DoubleD) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\B1RQJ7YJ0U (Trojan.FakeAlert) -> No action taken.

Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{5617eca9-488d-4ba2-8562-9710b9ab78d2} (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{0ba0192d-94a5-45e3-b2b8-3ec5a1a0b5ec} (Adware.DoubleD) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\{2224e955-00e9-4613-a844-ce69fccaae91} (Adware.DoubleD) -> No action taken.

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
C:\Program Files\Internet Saving Optimizer (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.6.0.4470 (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.6.0.4470\Data (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.6.0.4470\FF (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.6.0.4470\FF\chrome (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.6.0.4470\FF\chrome\content (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.6.0.4470\FF\components (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.3.850 (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.3.850\Data (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.3.850\FF (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.3.850\FF\chrome (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.3.850\FF\chrome\content (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.3.850\FF\components (Adware.DoubleD) -> No action taken.
C:\Program Files\System Search Dispatcher (Adware.DoubleD) -> No action taken.
C:\Program Files\System Search Dispatcher\1.3.3.840 (Adware.DoubleD) -> No action taken.
C:\Program Files\System Search Dispatcher\1.3.3.840\Data (Adware.DoubleD) -> No action taken.

Infikované soubory:
C:\Program Files\Internet Saving Optimizer\3.6.0.4470\adwpx.exe (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.6.0.4470\NPCommon.dll (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.6.0.4470\unins000.dat (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.6.0.4470\unins000.exe (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.6.0.4470\Data\config.md (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.6.0.4470\FF\chrome.manifest (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.6.0.4470\FF\install.rdf (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.6.0.4470\FF\chrome\NPAddOn.jar (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.6.0.4470\FF\chrome\content\NPAddOn.js (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.6.0.4470\FF\chrome\content\NPAddOn.xul (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.6.0.4470\FF\components\NPFFAddOn.xpt (Adware.DoubleD) -> No action taken.
C:\Program Files\Internet Saving Optimizer\3.6.0.4470\FF\components\NPFFHelperComponent.js (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.3.850\HPCommon.dll (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.3.850\hppx.exe (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.3.850\unins000.dat (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.3.850\unins000.exe (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.3.850\Data\config.md (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.3.850\FF\chrome.manifest (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.3.850\FF\install.rdf (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.3.850\FF\chrome\HPAddOn.jar (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.3.850\FF\chrome\content\HPAddOn.js (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.3.850\FF\chrome\content\HPAddOn.xul (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.3.850\FF\components\HPFFAddOn.xpt (Adware.DoubleD) -> No action taken.
C:\Program Files\Media Access Startup\1.5.3.850\FF\components\HPFFHelperComponent.js (Adware.DoubleD) -> No action taken.
C:\Program Files\System Search Dispatcher\1.3.3.840\unins000.dat (Adware.DoubleD) -> No action taken.
C:\Program Files\System Search Dispatcher\1.3.3.840\unins000.exe (Adware.DoubleD) -> No action taken.
C:\Program Files\System Search Dispatcher\1.3.3.840\Data\eacore.mx (Adware.DoubleD) -> No action taken.
C:\Program Files\System Search Dispatcher\1.3.3.840\Data\URLDynamic.mx (Adware.DoubleD) -> No action taken.
C:\Program Files\System Search Dispatcher\1.3.3.840\Data\URLStatic.mx (Adware.DoubleD) -> No action taken.
C:\Windows\msa.exe (Trojan.Agent) -> No action taken.

Log z malwarebytes

Damned · Příspěvekod **Damned** » 21 bře 2010 22:32

Spusť znovu MbAM a dej Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Konec

Pak zkus vytvořit log z HJT a vlož mi sem ty logy z OTL.

daveing · Příspěvekod **daveing** » 21 bře 2010 22:35

OTL logfile created on: 21.3.2010 22:32:08 - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\uzivatel\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 57,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 74,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 113,39 Gb Free Space | 48,69% Space Free | Partition Type: NTFS
Drive D: | 3,37 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NB-ASUSF7S
Current User Name: uzivatel
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 14 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\uzivatel\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Windows\System32\IfxUAGUI.exe (Infineon Technologies AG)
PRC - C:\Windows\System32\IfxPsdSv.exe (Infineon Technologies AG)
PRC - C:\Program Files\Infineon\Security Platform Software\SpTNA.exe (Infineon Technologies AG)
PRC - C:\Program Files\Infineon\Security Platform Software\PSDrt.exe (Infineon Technologies AG)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
PRC - C:\Program Files\SINOSUN\TPM Secure Tools\TSS\SinoTCS.exe ( SINOSUN Technology)
PRC - C:\Program Files\SINOSUN\TPM Secure Tools\Common\PrivateDisk.exe (SINOSUN Technology)

========== Modules (SafeList) ==========

MOD - C:\Users\uzivatel\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (IAANTMON) Intel(R) -- File not found
SRV - (TuneUp.Defrag) -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (PersonalSecureDriveService) -- C:\Windows\System32\IfxPsdSv.exe (Infineon Technologies AG)
SRV - (NetTcpPortSharing) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (SinoTCS) Trusted Platform Core Service (SINOSUN) -- C:\Program Files\SINOSUN\TPM Secure Tools\TSS\SinoTCS.exe ( SINOSUN Technology)
SRV - (PrivateDiskService) -- C:\Program Files\SINOSUN\TPM Secure Tools\Common\PrivateDisk.exe (SINOSUN Technology)

========== Driver Services (SafeList) ==========

DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (ALWIL Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (HWiNFO32) -- C:\Program Files\HWiNFO32\HWiNFO32.SYS (REALiX(tm))
DRV - (PersonalSecureDrive) -- C:\Windows\System32\drivers\psd.sys (Infineon Technologies AG)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (RMCAST) Ovladač protokolu RMCAST (Pgm) -- C:\Windows\System32\drivers\rmcast.sys (Microsoft Corporation)
DRV - (epfwtdi) -- C:\Windows\System32\drivers\epfwtdi.sys (ESET)
DRV - (epfw) -- C:\Windows\System32\drivers\epfw.sys (ESET)
DRV - (easdrv) -- C:\Windows\System32\drivers\easdrv.sys (ESET)
DRV - (eamon) -- C:\Windows\System32\drivers\eamon.sys (ESET)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (MODEMCSA) -- C:\Windows\System32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (BthAvrcp) -- C:\Windows\System32\drivers\BthAvrcp.sys (CSR, plc)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100)
DRV - (IpwP) -- C:\Windows\System32\drivers\ipw3gnet.sys (IPWireless Inc.)
DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)
DRV - (mod7700) -- C:\Windows\System32\drivers\dvb7700all.sys (DiBcom)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (PrivateDiskDriver) -- C:\Windows\System32\drivers\PrivateDisk.sys (SINOSUN Technology)
DRV - (Ethpdrv) -- C:\Windows\System32\drivers\ethpdrv.sys (Gemfor s.r.o.)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\..\URLSearchHook: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll (Conduit Ltd.)

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-21-709791173-2793847062-3387327118-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-709791173-2793847062-3387327118-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-709791173-2793847062-3387327118-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2405280
IE - HKU\S-1-5-21-709791173-2793847062-3387327118-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C8 FF AB F3 4E CA C9 01 [binary data]
IE - HKU\S-1-5-21-709791173-2793847062-3387327118-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-709791173-2793847062-3387327118-1000\..\URLSearchHook: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-709791173-2793847062-3387327118-1000\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-709791173-2793847062-3387327118-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-709791173-2793847062-3387327118-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Softonic-Eng7 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Softonic-Eng7 Customized Web Search"
FF - prefs.js..browser.startup.homepage: "www.seznam.cz"
FF - prefs.js..extensions.enabledItems: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}:2.4.0.4
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.8
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&SearchSource=2&q="
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009.07.07 19:16:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2224E955-00E9-4613-A844-CE69FCCAAE91}: C:\Program Files\Internet Saving Optimizer\3.6.0.4470\FF [2009.08.07 04:04:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{0BA0192D-94A5-45e3-B2B8-3EC5A1A0B5EC}: C:\Program Files\Media Access Startup\1.5.3.850\FF [2009.08.07 04:04:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.02.22 11:28:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.02.22 11:28:13 | 000,000,000 | ---D | M]

[2009.07.10 15:07:32 | 000,000,000 | ---D | M] -- C:\Users\uzivatel\AppData\Roaming\Mozilla\Extensions
[2009.07.10 15:07:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\uzivatel\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010.03.21 21:57:31 | 000,000,000 | ---D | M] -- C:\Users\uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\wrchilfi.default\extensions
[2009.07.19 12:34:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\wrchilfi.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.03.08 23:08:24 | 000,000,000 | ---D | M] (Softonic-Eng7 Toolbar) -- C:\Users\uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\wrchilfi.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}
[2009.11.24 09:28:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\wrchilfi.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2009.07.29 09:37:04 | 000,000,000 | ---D | M] -- C:\Users\uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\wrchilfi.default\extensions\DTToolbar@toolbarnet.com
[2009.09.30 10:08:32 | 000,000,888 | ---- | M] () -- C:\Users\uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\wrchilfi.default\searchplugins\conduit.xml
[2009.07.29 09:36:33 | 000,000,523 | ---- | M] () -- C:\Users\uzivatel\AppData\Roaming\Mozilla\Firefox\Profiles\wrchilfi.default\searchplugins\daemon-search.xml
[2009.08.12 22:13:17 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.02.22 11:28:12 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010.02.22 11:28:10 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010.02.22 11:28:10 | 000,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2010.02.22 11:28:11 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2009.02.27 11:13:42 | 000,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
[2010.01.28 12:06:30 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010.01.28 12:06:30 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.01.28 12:06:30 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.01.28 12:06:30 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.01.28 12:06:30 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.01.28 12:06:31 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Media Access Startup) - {25B8D58C-B0CB-46b0-BA64-05B3804E4E86} - Reg Error: Value error. File not found
O2 - BHO: (NP Helper Class) - {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - Reg Error: Value error. File not found
O2 - BHO: (Softonic-Eng7 Toolbar) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll (Conduit Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (System Search Dispatcher) - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Softonic-Eng7 Toolbar) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {5617ECA9-488D-4BA2-8562-9710B9AB78D2} - No CLSID value found.
O3 - HKU\S-1-5-21-709791173-2793847062-3387327118-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKU\S-1-5-21-709791173-2793847062-3387327118-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [IFXSPMGT] C:\Windows\System32\ifxspmgt.exe (Infineon Technologies AG)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-709791173-2793847062-3387327118-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-709791173-2793847062-3387327118-1000..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-709791173-2793847062-3387327118-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\S-1-5-21-709791173-2793847062-3387327118-1000..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\uzivatel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CCC.lnk = C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (ATI Technologies Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Společnost Microsoft)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000033 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/ ... ontrol.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\uzivatel\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta galerie Windows Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\uzivatel\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta galerie Windows Fotogalerie.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{97b63177-6b1e-11de-a4c5-001e8c53a5f0}\Shell\AutoRun\command - "" = E:\SETUP.EXE -- File not found
O33 - MountPoints2\{97b63177-6b1e-11de-a4c5-001e8c53a5f0}\Shell\configure\command - "" = E:\SETUP.EXE -- File not found
O33 - MountPoints2\{97b63177-6b1e-11de-a4c5-001e8c53a5f0}\Shell\install\command - "" = E:\SETUP.EXE -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010.03.21 22:17:32 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Users\uzivatel\Desktop\OTL.exe
[2010.03.21 22:15:35 | 000,000,000 | ---D | C] -- C:\Users\uzivatel\AppData\Roaming\Malwarebytes
[2010.03.21 22:15:31 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.03.21 22:15:30 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.03.21 22:15:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.03.21 22:15:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.03.21 22:14:13 | 005,115,832 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\uzivatel\Desktop\mbam-setup.exe
[2010.03.08 23:51:36 | 000,000,000 | ---D | C] -- C:\Users\uzivatel\Documents\GomEncoder
[2010.03.08 23:10:49 | 000,000,000 | ---D | C] -- C:\Program Files\CoreAAC
[2010.03.08 23:09:06 | 000,000,000 | ---D | C] -- C:\Users\uzivatel\AppData\Local\Conduit
[2010.03.08 23:09:05 | 000,000,000 | ---D | C] -- C:\Users\uzivatel\AppData\Local\Softonic-Eng7
[2010.03.08 23:08:33 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010.03.08 23:08:25 | 000,000,000 | ---D | C] -- C:\Program Files\Softonic-Eng7
[2010.03.08 23:07:41 | 006,147,544 | ---- | C] (Gretech Corp.) -- C:\Users\uzivatel\Desktop\gomplayerensetup.exe
[2010.03.08 23:06:08 | 000,000,000 | ---D | C] -- C:\Users\uzivatel\AppData\Roaming\GRETECH
[2010.03.08 23:05:34 | 000,000,000 | ---D | C] -- C:\Program Files\GRETECH
[2010.03.08 22:58:35 | 000,000,000 | ---D | C] -- C:\Lichtspiel
[2010.03.08 22:39:51 | 000,000,000 | ---D | C] -- C:\Users\uzivatel\Documents\The KMPlayer

========== Files - Modified Within 14 Days ==========

[2010.03.21 22:32:25 | 002,097,152 | -HS- | M] () -- C:\Users\uzivatel\NTUSER.DAT
[2010.03.21 22:17:33 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\uzivatel\Desktop\OTL.exe
[2010.03.21 22:14:24 | 005,115,832 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\uzivatel\Desktop\mbam-setup.exe
[2010.03.21 21:50:13 | 001,508,186 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.03.21 21:50:13 | 000,636,000 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2010.03.21 21:50:13 | 000,625,582 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.03.21 21:50:13 | 000,134,810 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2010.03.21 21:50:13 | 000,117,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.03.21 21:45:16 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.03.21 21:45:13 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.03.21 21:45:13 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.03.21 21:45:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.03.21 21:45:01 | 2146,672,640 | -HS- | M] () -- C:\hiberfil.sys
[2010.03.19 15:39:19 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.03.19 15:39:12 | 000,524,288 | -HS- | M] () -- C:\Users\uzivatel\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.03.19 15:39:12 | 000,065,536 | -HS- | M] () -- C:\Users\uzivatel\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.03.19 15:38:55 | 004,289,245 | -H-- | M] () -- C:\Users\uzivatel\AppData\Local\IconCache.db
[2010.03.16 19:21:47 | 000,186,880 | ---- | M] () -- C:\Users\uzivatel\Desktop\jedermann.doc
[2010.03.09 23:53:55 | 000,025,088 | ---- | M] () -- C:\Users\uzivatel\Desktop\Nový Dokument aplikace Microsoft Word.doc
[2010.03.09 19:08:44 | 269,343,974 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.03.08 23:51:39 | 000,000,962 | ---- | M] () -- C:\Users\Public\Desktop\GOM ENCODER.lnk
[2010.03.08 23:10:30 | 000,000,870 | ---- | M] () -- C:\Users\uzivatel\Desktop\KMPlayer.lnk
[2010.03.08 23:08:31 | 000,000,940 | ---- | M] () -- C:\Users\Public\Desktop\GOM Player.lnk
[2010.03.08 23:08:15 | 002,392,676 | ---- | M] () -- C:\Users\uzivatel\Desktop\SoftonicToolbar.exe
[2010.03.08 23:08:02 | 006,147,544 | ---- | M] (Gretech Corp.) -- C:\Users\uzivatel\Desktop\gomplayerensetup.exe
[2010.03.08 20:16:50 | 000,019,968 | ---- | M] () -- C:\Users\uzivatel\Desktop\Normal.doc

========== Files Created - No Company Name ==========

[2010.03.16 19:17:27 | 000,186,880 | ---- | C] () -- C:\Users\uzivatel\Desktop\jedermann.doc
[2010.03.16 18:37:44 | 000,096,256 | ---- | C] () -- C:\Users\uzivatel\Desktop\Mlynskekolo.doc
[2010.03.09 19:08:44 | 269,343,974 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010.03.08 23:51:39 | 000,000,962 | ---- | C] () -- C:\Users\Public\Desktop\GOM ENCODER.lnk
[2010.03.08 23:10:30 | 000,000,870 | ---- | C] () -- C:\Users\uzivatel\Desktop\KMPlayer.lnk
[2010.03.08 23:07:41 | 002,392,676 | ---- | C] () -- C:\Users\uzivatel\Desktop\SoftonicToolbar.exe
[2010.03.08 23:05:45 | 000,000,940 | ---- | C] () -- C:\Users\Public\Desktop\GOM Player.lnk
[2010.03.08 20:16:50 | 000,019,968 | ---- | C] () -- C:\Users\uzivatel\Desktop\Normal.doc
[2010.03.08 19:14:07 | 000,025,088 | ---- | C] () -- C:\Users\uzivatel\Desktop\Nový Dokument aplikace Microsoft Word.doc
[2010.03.03 20:00:44 | 000,000,285 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2009.07.29 09:32:40 | 000,717,296 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009.07.21 23:36:15 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.07.21 22:34:25 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.07.10 13:24:07 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009.07.10 13:24:06 | 000,022,328 | ---- | C] () -- C:\Users\uzivatel\AppData\Roaming\PnkBstrK.sys
[2009.07.07 19:07:08 | 000,000,384 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.05.01 18:24:17 | 000,524,288 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009.05.01 18:24:17 | 000,139,264 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.05.01 13:27:22 | 000,009,728 | ---- | C] () -- C:\Users\uzivatel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.05.01 10:57:58 | 000,000,680 | ---- | C] () -- C:\Users\uzivatel\AppData\Local\d3d9caps.dat
[2007.09.20 23:43:46 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.03.09 09:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005.05.06 18:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2003.04.09 14:38:04 | 000,005,664 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI

========== LOP Check ==========

[2010.03.04 00:17:06 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Infineon
[2010.01.04 11:24:40 | 000,000,000 | ---D | M] -- C:\Users\uzivatel\AppData\Roaming\CadSoft
[2009.07.29 11:32:15 | 000,000,000 | ---D | M] -- C:\Users\uzivatel\AppData\Roaming\Command & Conquer 3 Kane's Wrath
[2009.07.10 18:36:51 | 000,000,000 | ---D | M] -- C:\Users\uzivatel\AppData\Roaming\Command & Conquer 3 Tiberium Wars
[2009.07.29 09:32:21 | 000,000,000 | ---D | M] -- C:\Users\uzivatel\AppData\Roaming\DAEMON Tools
[2009.06.19 12:27:27 | 000,000,000 | ---D | M] -- C:\Users\uzivatel\AppData\Roaming\ESET
[2009.10.13 14:50:32 | 000,000,000 | ---D | M] -- C:\Users\uzivatel\AppData\Roaming\ICQ
[2009.05.01 13:50:49 | 000,000,000 | ---D | M] -- C:\Users\uzivatel\AppData\Roaming\Infineon
[2009.08.12 16:41:15 | 000,000,000 | ---D | M] -- C:\Users\uzivatel\AppData\Roaming\Nokia
[2009.08.12 16:41:23 | 000,000,000 | ---D | M] -- C:\Users\uzivatel\AppData\Roaming\PC Suite
[2010.03.03 20:29:51 | 000,000,000 | ---D | M] -- C:\Users\uzivatel\AppData\Roaming\TuneUp Software
[2010.03.19 15:39:25 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\uzivatel\Desktop\Command & Conquer Tiberian Sun - NOD Ending..mp3:TOC.WMV
< End of report >

OTL.txt

daveing · Příspěvekod **daveing** » 21 bře 2010 22:36

OTL Extras logfile created on: 21.3.2010 22:32:08 - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\uzivatel\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 57,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 74,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 113,39 Gb Free Space | 48,69% Space Free | Partition Type: NTFS
Drive D: | 3,37 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NB-ASUSF7S
Current User Name: uzivatel
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 14 Days
Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-709791173-2793847062-3387327118-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{034BC253-CB47-4F60-A86B-0BCB6CA12DF8}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{04B3C383-4F57-4D81-9E6B-F4FDF192A179}" = lport=138 | protocol=17 | dir=in | app=system |
"{1AE2D9EA-4A5B-4FCE-BC5D-4D5C64B0E851}" = lport=445 | protocol=6 | dir=in | app=system |
"{1BD4B255-0650-4B5B-B568-CCE6986E2503}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{38E0C705-1905-4FE2-8B19-E217D99E435D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{3CD27980-831F-43DB-B854-D82E77DE3E49}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3D9551A9-20D3-44D1-AFFB-A9369667B0C2}" = rport=445 | protocol=6 | dir=out | app=system |
"{3E2974EA-C545-4A43-BDCF-C5F0C94AA633}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{49D32D7A-E65F-4987-A262-D1280E3133EA}" = rport=137 | protocol=17 | dir=out | app=system |
"{5046A39B-3D53-4B88-BEE2-5230C7D762F7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{56033C95-4100-4CF7-B8B4-BFF49E1C3480}" = rport=2869 | protocol=6 | dir=out | app=system |
"{571EFA30-B80E-4E75-97D0-A58A71329D59}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{62031239-666A-4DB0-A8BD-2B974C040D75}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{65F73DF1-5D24-4C1F-9D49-D305F89AA79F}" = lport=139 | protocol=6 | dir=in | app=system |
"{70C6856E-959D-49B4-8124-BF579EBD859C}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{72C24B43-25F1-403D-9135-96066F27E76F}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{787CE1E3-AAB2-4301-85F7-06E8ECF2AE18}" = rport=138 | protocol=17 | dir=out | app=system |
"{7FF1D878-862C-4FDD-A351-05EE07F24F60}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{81DCB86B-2AE3-4F85-BF35-CD0BF72586DD}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{945FF6DF-4323-4CB1-A3D9-315BEEB08138}" = lport=137 | protocol=17 | dir=in | app=system |
"{A13E2B03-2F81-4ABE-B80E-AE530A0E5ED4}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{B52D463A-00E6-4E20-9132-CD5B84C39520}" = rport=139 | protocol=6 | dir=out | app=system |
"{BCE4104A-AD6A-498E-A73D-05CDB9C9E723}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C53C0C36-5F66-4929-9696-A9584B407BDB}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{E381193B-F6EA-41B5-BC30-A1D225DE8FF9}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{FE8CCEB0-B4DE-4A04-8320-337FEA301251}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2B33317D-1716-4945-9662-1AD3A4E09BD7}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{2CD321C3-2512-48A6-91EA-5D978BF29B93}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{76672004-A420-42C4-BE88-97145B97C17B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{78B5F153-651C-4D8A-8AA8-822023A9BEE6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{AE00A53F-EC18-4784-9F37-FF3F72DED534}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{DD3BE9BC-96BF-4CD6-8A1D-CE83DEB60F18}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{DEA343AF-CBA9-4570-A693-9A428E7CBFE0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{FBCADF4A-3CF9-4ECC-BCE5-95BE6F25C7D9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"TCP Query User{9071E128-BEDA-416F-9ACB-2883828EDBF0}C:\program files\ea games\battlefield 1942\bf1942.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 1942\bf1942.exe |
"TCP Query User{9569909E-9931-42C6-83F2-24BF842E9A99}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{9640C3F1-60B9-429E-91F5-C9898C59E464}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{226BFFBE-0A21-40F7-A2B9-3C8BCABB24BB}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{89CED12B-3DAD-45A8-BA78-7C9CC5AC94FC}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{90F09B24-067B-492E-A737-AF49BA451207}C:\program files\ea games\battlefield 1942\bf1942.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 1942\bf1942.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{11BFB898-71E5-488A-A8FF-0E462667FB72}" = Soldier of Fortune Payback
"{121ECDB5-5DBE-498A-909D-A971C0F4A337}" = Prey
"{16B6279B-9FF5-41fb-8BF9-404324F5DD1F}}_is1" = Media Access Startup
"{1FB52AB3-5987-45a2-85E0-F3EC30DDDC29}}_is1" = Internet Saving Optimizer
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{2CC332F9-A16B-02D2-02C1-7C515D610692}" = Catalyst Control Center Graphics Previews Vista
"{300ABE5A-8485-47F8-B24F-1A319307B6B3}" = TPM Secure Tools
"{3596567E-9DEB-9972-FAAC-DCD87C4E5C46}" = Catalyst Control Center Graphics Full Existing
"{3C6F5BF7-FEDC-65A2-5957-E3E26DF94DDE}" = Catalyst Control Center Graphics Full New
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{690C7041-50C2-12E9-2E49-DA9C1076DC7A}" = ccc-core-static
"{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942
"{6E32B134-CA8D-49DD-B94C-0DB155CE70B5}" = ccc-Branding
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7CE43781-6B3B-2587-3385-EA65829D181E}" = Skins
"{8B53527D-BBB2-43A5-91D7-9ED772FD737F}" = Skype web features
"{90110405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{932B2039-B9A2-6C36-7664-5ED6C59F0780}" = Catalyst Control Center Graphics Previews Common
"{9629D0D1-D2E3-16AF-5072-2DD36392BED7}" = Catalyst Control Center Core Implementation
"{9F8E8FB0-30C8-9FA5-0F74-0EE5ABE86F56}" = Catalyst Control Center Graphics Light
"{AC76BA86-7AD7-1029-7B44-A91000000001}" = Adobe Reader 9.1 - Czech
"{B0C30E93-D3D9-4F04-A2AC-54749B573275}" = Command & Conquer 3
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C5096216-7703-409E-B85A-8A6EE7395128}}_is1" = System Search Dispatcher
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D104C1CF-7C12-4D32-9850-DDC99060DE5B}" = Infineon TPM Professional Package
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D3BE0676-D9F1-45CC-A042-179CF2EFF86D}" = TPM Secure Tools
"{DA9EBAAE-57E5-44D2-B496-8771CD924C68}" = MainConcept MCE Encoder
"{DD73CA82-EA82-38AA-863D-9A24A018DC96}" = Microsoft .NET Framework 3.5 Language Pack SP1 - csy
"{ECC5B1E6-E4C0-9FDC-598D-209B17A313F3}" = ATI Catalyst Install Manager
"{FE3997D3-6B56-4AC4-A99C-9DDFC45359BF}" = TuneUp Utilities Language Pack (en-US)
"{FE645582-89FD-C252-11CC-C61A7F3F1E97}" = ccc-utility
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"Ask Toolbar_is1" = Ask Toolbar
"avast!" = avast! Antivirus
"CCleaner" = CCleaner
"CoreAAC" = CoreAAC
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free YouTube Download_is1" = Free YouTube Download 2.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"GOM ENCODER" = GOM ENCODER
"GOM Player" = GOM Player
"HWiNFO32_is1" = HWiNFO32 Version 3.00
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - csy" = Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.

" = Mozilla Firefox (3.5.

"Network Stumbler" = Network Stumbler 0.4.0 (remove only)
"PunkBusterSvc" = PunkBuster Services
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Softonic-Eng7 Toolbar" = Softonic-Eng7 Toolbar
"The KMPlayer" = The KMPlayer (remove only)
"TuneUp Utilities" = TuneUp Utilities
"Uninstall_is1" = Uninstall 1.0.0.1
"WinRAR archiver" = WinRAR

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7.3.2010 17:08:29 | Computer Name = NB-ASUSF7S | Source = Windows Search Service | ID = 3013
Description =

Error - 7.3.2010 17:08:30 | Computer Name = NB-ASUSF7S | Source = Windows Search Service | ID = 3013
Description =

Error - 7.3.2010 17:08:31 | Computer Name = NB-ASUSF7S | Source = Windows Search Service | ID = 3013
Description =

Error - 7.3.2010 17:08:32 | Computer Name = NB-ASUSF7S | Source = Windows Search Service | ID = 3013
Description =

Error - 7.3.2010 17:08:33 | Computer Name = NB-ASUSF7S | Source = Windows Search Service | ID = 3013
Description =

Error - 7.3.2010 17:08:33 | Computer Name = NB-ASUSF7S | Source = Windows Search Service | ID = 3013
Description =

Error - 8.3.2010 15:16:24 | Computer Name = NB-ASUSF7S | Source = Application Hang | ID = 1002
Description = Program WINWORD.EXE verze 11.0.5604.0 přestal spolupracovat se systémem
Windows a byl ukončen. Chcete-li zjistit, zda je k dispozici více informací o tomto
problému, vyhledejte historii problému v ovládacím panelu Oznámení a řešení problémů.
ID
procesu: 1094 Čas zahájení: 01cabeeb2db49c2b Čas ukončení: 93

Error - 9.3.2010 2:21:16 | Computer Name = NB-ASUSF7S | Source = EventSystem | ID = 4621
Description =

Error - 15.3.2010 18:57:25 | Computer Name = NB-ASUSF7S | Source = EventSystem | ID = 4621
Description =

Error - 18.3.2010 18:58:47 | Computer Name = NB-ASUSF7S | Source = EventSystem | ID = 4621
Description =

[ System Events ]
Error - 5.1.2010 12:49:00 | Computer Name = NB-ASUSF7S | Source = ipnathlp | ID = 30013
Description = Přidělování DHCP bylo automaticky vypnuto u adresy IP 192.168.1.3,
protože tato adresa nepatří do oboru 192.168.0.0/255.255.255.0, ze kterého jsou
přidělovány adresy klientům DHCP. Chcete-li přidělování DHCP u této adresy IP zapnout,
změňte obor tak, aby tuto adresu IP zahrnoval, nebo změňte adresu IP tak, aby patřila
do oboru.

Error - 5.1.2010 13:40:15 | Computer Name = NB-ASUSF7S | Source = DCOM | ID = 10010
Description =

Error - 5.1.2010 13:56:42 | Computer Name = NB-ASUSF7S | Source = ipnathlp | ID = 34001
Description = Službě ICS_IPV6 se nepodařilo nakonfigurovat zásobník IPv6.

Error - 5.1.2010 13:56:42 | Computer Name = NB-ASUSF7S | Source = ipnathlp | ID = 30013
Description = Přidělování DHCP bylo automaticky vypnuto u adresy IP 192.168.1.3,
protože tato adresa nepatří do oboru 192.168.0.0/255.255.255.0, ze kterého jsou
přidělovány adresy klientům DHCP. Chcete-li přidělování DHCP u této adresy IP zapnout,
změňte obor tak, aby tuto adresu IP zahrnoval, nebo změňte adresu IP tak, aby patřila
do oboru.

Error - 5.1.2010 13:56:45 | Computer Name = NB-ASUSF7S | Source = Service Control Manager | ID = 7026
Description =

Error - 5.1.2010 16:33:25 | Computer Name = NB-ASUSF7S | Source = DCOM | ID = 10010
Description =

Error - 6.1.2010 5:20:22 | Computer Name = NB-ASUSF7S | Source = ipnathlp | ID = 34001
Description = Službě ICS_IPV6 se nepodařilo nakonfigurovat zásobník IPv6.

Error - 6.1.2010 5:20:22 | Computer Name = NB-ASUSF7S | Source = ipnathlp | ID = 30013
Description = Přidělování DHCP bylo automaticky vypnuto u adresy IP 192.168.1.3,
protože tato adresa nepatří do oboru 192.168.0.0/255.255.255.0, ze kterého jsou
přidělovány adresy klientům DHCP. Chcete-li přidělování DHCP u této adresy IP zapnout,
změňte obor tak, aby tuto adresu IP zahrnoval, nebo změňte adresu IP tak, aby patřila
do oboru.

Error - 6.1.2010 5:20:26 | Computer Name = NB-ASUSF7S | Source = Service Control Manager | ID = 7026
Description =

Error - 6.1.2010 6:22:05 | Computer Name = NB-ASUSF7S | Source = Service Control Manager | ID = 7011
Description =

< End of report >

Extras.txt

daveing · Příspěvekod **daveing** » 21 bře 2010 23:10

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 23:09:31, on 21.3.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Infineon\Security Platform Software\PSDrt.exe
C:\Program Files\Infineon\Security Platform Software\SpTna.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\HiJackThis\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2405280
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [IFXSPMGT] C:\Windows\system32\ifxspmgt.exe /NotifyLogon
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: CCC.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{56D86750-47F4-40F9-9843-A18773EA8ACB}: NameServer = 192.168.10.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{F0442CE6-C842-4417-BC97-245F41EB9CA6}: NameServer = 192.168.10.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Unknown owner - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (file missing)
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\Windows\system32\ifxspmgt.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\Windows\system32\ifxtcs.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Windows\system32\IfxPsdSv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Private Encrypted Virtual Disk (PrivateDiskService) - SINOSUN Technology - C:\Program Files\SINOSUN\TPM Secure Tools\Common\PrivateDisk.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Trusted Platform Core Service (SINOSUN) (SinoTCS) - SINOSUN Technology - C:\Program Files\SINOSUN\TPM Secure Tools\TSS\SinoTCS.exe
O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

--
End of file - 7090 bytes

a tady je log z HJT

Damned · Příspěvekod **Damned** » 21 bře 2010 23:19

Potřeboval bych i ten MbAM, zda smazal vše. Odinstaluj si Softonic-Eng7 Toolbar, Ask.com (Ask Toolbar), Daemon Tools Toolbar, vypni si natrvalo TeaTimer (rezident) i Spybota.

Spusť HJT (HijackThis), vypni prohlížeče, odpoj se od internetu a fixni (spustit HJT, "Do a system scan only",
zatrhnout políčko před hodnotou, zmáčknout "Fix checked" a poté "Ano"):

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2405280
R3 - URLSearchHook: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll
O4 - Startup: CCC.lnk = ?
*****************************************************************************************************************************************
Vypni rezidentní štít antiviru (pokud máš tak i antispyware).
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

Log v HiJackThis

Log v HiJackThis

Re: Log v HiJackThis

Re: Log v HiJackThis

Re: Log v HiJackThis

Re: Log v HiJackThis

Re: Log v HiJackThis

Re: Log v HiJackThis

Re: Log v HiJackThis

Kdo je online