Prosim o kontrolu logu

Tram1n · Příspěvekod **Tram1n** » 19 bře 2010 12:06

Zdravim,
v posledni dobe mam dost pomaly pc, cpu mi casto vyskakuje pres 60% a pc nicim nezatezuju. Oproti drivejsku i dlouho cekam nez se vypne. Vim ze mi bezi hodne nepotrebnych veci ale jako laik v teto oblasti si sam neporadim.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:57:15, on 19.3.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Zango\bin\10.3.85.0\OEAddOn.exe
C:\Program Files\Zango\bin\10.3.85.0\ZangoSA.exe
C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFDE.EXE
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\pc-help.cz\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch_1.dll
O2 - BHO: NP Helper Class - {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Internet Saving Optimizer\3.6.3.4500\NPIEAddOn.dll
O2 - BHO: Zango - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Program Files\Zango\bin\10.3.85.0\HostIE.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: GamingHarbor Toolbar - {5617ECA9-488D-4BA2-8562-9710B9AB78D2} - C:\Program Files\DoubleD\GamingHarbor Toolbar\4.2.0.21210\stb0.dll
O3 - Toolbar: Zango - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Program Files\Zango\bin\10.3.85.0\HostIE.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ZangoOE] C:\Program Files\Zango\bin\10.3.85.0\OEAddOn.exe
O4 - HKLM\..\Run: [ZangoSA] "C:\Program Files\Zango\bin\10.3.85.0\ZangoSA.exe"
O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe"
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [EPSON SX210 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFDE.EXE /FU "C:\WINDOWS\TEMP\E_SCE.tmp" /EF "HKCU"
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103470 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; DS_gamingharbor; desktopsmiley_2_3_26647822513666373_18_492; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; Zango 10.3.85.0; AskTB5.5)" -"http://data3.superhry.cz/HST_40e1f9z/cz/def/604.html"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Stáhnout FlashGetem - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Stáhnout všechny FlashGetem - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Stáhnout pomocí FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Stáhnout vše pomocí FlashGet - C:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 1872730578
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Služba Google Update (gupdate1c9ec50c4d178c) (gupdate1c9ec50c4d178c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 12276 bytes

Diky.

Reklama

Damned · Příspěvekod **Damned** » 19 bře 2010 13:19

Vítám tě na fóru!
Máš tam toho dost.

Odinstaluj si ShoppingReport, Internet Saving Optimizer, Ask.com (Ask Toolbar), DoubleD (GamingHarbor Toolbar), Zango a Logitech Desktop Messenger

Spusť HJT (HijackThis), vypni prohlížeče, odpoj se od internetu a fixni (spustit HJT, "Do a system scan only",
zatrhnout políčko před hodnotou, zmáčknout "Fix checked" a poté "Ano"):

O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O2 - BHO: NP Helper Class - {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Internet Saving Optimizer\3.6.3.4500\NPIEAddOn.dll
O2 - BHO: Zango - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Program Files\Zango\bin\10.3.85.0\HostIE.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: GamingHarbor Toolbar - {5617ECA9-488D-4BA2-8562-9710B9AB78D2} - C:\Program Files\DoubleD\GamingHarbor Toolbar\4.2.0.21210\stb0.dll
O3 - Toolbar: Zango - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Program Files\Zango\bin\10.3.85.0\HostIE.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ZangoOE] C:\Program Files\Zango\bin\10.3.85.0\OEAddOn.exe
O4 - HKLM\..\Run: [ZangoSA] "C:\Program Files\Zango\bin\10.3.85.0\ZangoSA.exe"
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103470 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; DS_gamingharbor; desktopsmiley_2_3_26647822513666373_18_492; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; Zango 10.3.85.0; AskTB5.5)" -"http://data3.superhry.cz/HST_40e1f9z/cz/def/604.html"
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
*****************************************************************************************************************************************
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Tram1n · Příspěvekod **Tram1n** » 19 bře 2010 14:25

zde je vysledek:

Malwarebytes' Anti-Malware 1.37
Verze databáze: 2229
Windows 5.1.2600 Service Pack 3

19.3.2010 14:24:12
mbam-log-2010-03-19 (14-24-05).txt

Typ skenu: Rychlý sken
Objektu skenováno: 95321
Uplynulý cas: 3 minute(s), 35 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 31
Infikované hodnoty registru: 2
Infikované položky dat registru: 0
Infikované složky: 8
Infikované soubory: 7

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
HKEY_CLASSES_ROOT\shoppingreport.hbax (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.hbax.1 (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband.1 (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.iebutton (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.iebutton.1 (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona.1 (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl.1 (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{8ad9ad05-36be-4e40-ba62-5422eb0d02fb} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{aebf09e2-0c15-43c8-99bf-928c645d98a0} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{d8560ac2-21b5-4c1a-bdd4-bd12bc83b082} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c9ccbb35-d123-4a31-affc-9b2933132116} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{a16ad1e9-f69a-45af-9462-b1c286708842} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{20ea9658-6bc3-4599-a87d-6371fe9295fc} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{cdca70d8-c6a6-49ee-9bed-7429d6c477a2} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{d136987f-e1c4-4ccc-a220-893df03ec5df} (Adware.Shopping.Report) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{e343edfc-1e6c-4cb5-aa29-e9c922641c80} (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\ShoppingReport (Adware.Shopping.Report) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport (Adware.Shopping.Report) -> No action taken.

Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> No action taken.

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
c:\documents and settings\Roman\Data aplikací\ShoppingReport (Adware.Shopping.Report) -> No action taken.
c:\documents and settings\Roman\data aplikací\shoppingreport\cs (Adware.Shopping.Report) -> No action taken.
c:\documents and settings\Roman\data aplikací\shoppingreport\cs\db (Adware.Shopping.Report) -> No action taken.
c:\documents and settings\Roman\data aplikací\shoppingreport\cs\dwld (Adware.Shopping.Report) -> No action taken.
c:\documents and settings\Roman\data aplikací\shoppingreport\cs\report (Adware.Shopping.Report) -> No action taken.
c:\documents and settings\Roman\data aplikací\shoppingreport\cs\res2 (Adware.Shopping.Report) -> No action taken.
c:\documents and settings\Roman\data aplikací\shoppingreport\report (Adware.Shopping.Report) -> No action taken.
c:\documents and settings\Roman\data aplikací\shoppingreport\ShoppingReport (Adware.Shopping.Report) -> No action taken.

Infikované soubory:
c:\documents and settings\Roman\data aplikací\shoppingreport\cs\Config.xml (Adware.Shopping.Report) -> No action taken.
c:\documents and settings\Roman\data aplikací\shoppingreport\cs\db\Aliases.dbs (Adware.Shopping.Report) -> No action taken.
c:\documents and settings\Roman\data aplikací\shoppingreport\cs\db\Sites.dbs (Adware.Shopping.Report) -> No action taken.
c:\documents and settings\Roman\data aplikací\shoppingreport\cs\dwld\WhiteList.xip (Adware.Shopping.Report) -> No action taken.
c:\documents and settings\Roman\data aplikací\shoppingreport\cs\report\aggr_storage.xml (Adware.Shopping.Report) -> No action taken.
c:\documents and settings\Roman\data aplikací\shoppingreport\cs\report\send_storage.xml (Adware.Shopping.Report) -> No action taken.
c:\documents and settings\Roman\data aplikací\shoppingreport\cs\res2\WhiteList.dbs (Adware.Shopping.Report) -> No action taken.

Damned · Příspěvekod **Damned** » 19 bře 2010 14:29

Spusť znovu MbAM a dej Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Konec

Vypni rezidentní štít antiviru (pokud máš tak i antispyware).
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

Tram1n · Příspěvekod **Tram1n** » 19 bře 2010 18:47

z Combo Fixu:

ComboFix 10-03-18.02 - Roman 19.03.2010 18:34:24.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2046.1611 [GMT 1:00]
Spuštěný z: c:\documents and settings\Roman\Plocha\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall Pro *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Media Access Startup
c:\program files\Media Access Startup\1.5.5.900\Data\config.md
c:\program files\Media Access Startup\1.5.5.900\FF\components\HPFFAddOn.dll
c:\program files\Media Access Startup\1.5.5.900\FF\components\HPFFAddOn.xpt
c:\program files\Media Access Startup\1.5.5.900\FF\components\HPFFHelperComponent.js
c:\program files\Media Access Startup\1.5.5.900\FF\chrome.manifest
c:\program files\Media Access Startup\1.5.5.900\FF\chrome\content\HPAddOn.js
c:\program files\Media Access Startup\1.5.5.900\FF\chrome\content\HPAddOn.xul
c:\program files\Media Access Startup\1.5.5.900\FF\chrome\HPAddOn.jar
c:\program files\Media Access Startup\1.5.5.900\FF\install.rdf
c:\program files\Media Access Startup\1.5.5.900\HPCommon.dll
c:\program files\Media Access Startup\1.5.5.900\hppx.exe
c:\program files\Media Access Startup\1.5.5.900\MAHelper.exe
c:\program files\Media Access Startup\1.5.5.900\unins000.dat
c:\program files\Media Access Startup\1.5.5.900\unins000.exe
c:\windows\OPTIONS\CABS\_desktop.ini
D:\install.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-19 do 2010-03-19 )))))))))))))))))))))))))))))))
.

2010-03-18 20:32 . 2010-03-18 20:41 -------- d-----w- c:\program files\Common Files\Nero
2010-03-18 20:30 . 2010-03-18 20:30 -------- d-----w- c:\program files\Common Files\LightScribe
2010-03-17 10:16 . 2010-03-17 10:16 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-03-17 10:14 . 2010-03-18 20:48 -------- d-----w- c:\program files\Spyware Doctor
2010-03-10 10:00 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-19 13:14 . 2007-10-09 15:45 -------- d-----w- c:\program files\FlashGet
2010-03-19 13:07 . 2007-10-08 19:16 -------- d-----w- c:\program files\Logitech
2010-03-18 18:33 . 2008-05-13 15:17 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-03-18 18:33 . 2008-05-13 15:15 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-03-09 11:24 . 2007-10-08 19:37 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-03-09 11:12 . 2007-10-08 19:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-03-09 11:12 . 2008-04-06 10:30 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-03-09 11:09 . 2007-10-08 19:37 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-03-09 11:08 . 2007-10-08 19:37 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-03-09 11:08 . 2007-10-08 19:37 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-03-09 11:08 . 2008-04-06 10:30 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-03-09 11:08 . 2007-10-08 19:37 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-03-07 16:49 . 2007-10-09 15:45 -------- d-----w- c:\program files\Google
2010-02-24 09:16 . 2009-10-03 08:21 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 13:53 . 2007-10-08 15:37 -------- d-----w- c:\program files\Alwil Software
2010-02-11 18:53 . 2007-10-08 19:37 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-01-06 19:19 . 2010-01-06 19:19 17480 ----a-w- c:\windows\system32\drivers\hamachi.sys
2009-12-31 16:50 . 2006-03-02 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:08 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-12-31 19:03 . 2007-10-09 15:45 10372 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-03-09 2769336]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"d:\\Strong\\StrongDC.exe"=
"d:\\Instalace games\\Fifa 08\\FIFA08.exe"=
"d:\\Instalace games\\Codemasters\\Race Driver 3\\RD3.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\Age3.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Instalace games\\Battlefield II\\BF2.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"d:\\Instalace games\\COD World At War\\CALL OF DUTY WORLD AT WAR\\CoDWaW.exe"=
"d:\\Instalace games\\Company of Heroes\\RelicCOH.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"d:\\Instalace games\\Flat Out Carnage\\FlatOut Ultimate Carnage\\Fouc.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [6.4.2008 11:30 162640]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6.4.2008 11:30 19024]
R2 WF23880;WinFast TV2000/DV2000 WDM Video Capture.;c:\windows\system32\drivers\wf88vcap.sys [17.11.2007 13:50 208851]
R2 WF88XBAR;WinFast TV2000/DV2000 WDM Crossbar.;c:\windows\system32\drivers\WF88XBAR.sys [17.11.2007 13:50 10324]
R2 WFTUNE;WinFast TV2000/DV2000 WDM Tuner.;c:\windows\system32\drivers\wf88tune.sys [17.11.2007 13:50 34789]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 18:19 13592]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9.10.2007 16:41 642560]
S2 gupdate1c9ec50c4d178c;Služba Google Update (gupdate1c9ec50c4d178c);c:\program files\Google\Update\GoogleUpdate.exe [13.6.2009 18:54 133104]
S3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFTVFM\WFIOCTL.sys [17.11.2007 13:55 9446]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 12:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'

2010-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-13 17:54]

2010-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-13 17:54]

2010-03-19 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]

2010-03-19 c:\windows\Tasks\User_Feed_Synchronization-{96590F88-7F72-4DA0-B6F5-4C1FBE6B3433}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
FF - ProfilePath - c:\documents and settings\Roman\Data aplikací\Mozilla\Firefox\Profiles\0sdkz6lh.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.theprizeday.com/today.php|ht ... 3170&l=dis
FF - prefs.js: keyword.URL -
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-{16B6279B-9FF5-41fb-8BF9-404324F5DD1F}}_is1 - c:\program files\Media Access Startup\1.5.5.900\unins000.exe
AddRemove-{1B602410-D983-4947-98FE-EE749073D15E} - c:\documents and settings\All Users\Data aplikací\{AAAE891E-DC50-4DD4-A79D-C19DDB94E30E}\Setup.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-19 18:42
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(780)
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
.
Celkový čas: 2010-03-19 18:45:20
ComboFix-quarantined-files.txt 2010-03-19 17:45

Před spuštěním: 1 475 616 768
Po spuštění: 3 696 824 320

- - End Of File - - 5381AD79F145C5F361E156A95881F6D6

z Malvare:

Malwarebytes' Anti-Malware 1.37
Verze databáze: 2229
Windows 5.1.2600 Service Pack 3

19.3.2010 18:20:09
mbam-log-2010-03-19 (18-20-09).txt

Typ skenu: Rychlý sken
Objektu skenováno: 99692
Uplynulý cas: 4 minute(s), 21 second(s)

Infikované procesy pameti: 0
Infikované pametové moduly: 0
Infikované klíce registru: 31
Infikované hodnoty registru: 2
Infikované položky dat registru: 0
Infikované složky: 8
Infikované soubory: 7

Infikované procesy pameti:
(Žádné zákerné položky nebyly zjišteny)

Infikované pametové moduly:
(Žádné zákerné položky nebyly zjišteny)

Infikované klíce registru:
HKEY_CLASSES_ROOT\shoppingreport.hbax (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbax.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.hbinfoband.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebutton (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebutton.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.iebuttona.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\shoppingreport.rprtctrl.1 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8ad9ad05-36be-4e40-ba62-5422eb0d02fb} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{aebf09e2-0c15-43c8-99bf-928c645d98a0} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d8560ac2-21b5-4c1a-bdd4-bd12bc83b082} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c9ccbb35-d123-4a31-affc-9b2933132116} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a16ad1e9-f69a-45af-9462-b1c286708842} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{20ea9658-6bc3-4599-a87d-6371fe9295fc} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{cdca70d8-c6a6-49ee-9bed-7429d6c477a2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d136987f-e1c4-4ccc-a220-893df03ec5df} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e343edfc-1e6c-4cb5-aa29-e9c922641c80} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{100eb1fd-d03e-47fd-81f3-ee91287f9465} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{a7cddcdc-beeb-4685-a062-978f5e07ceee} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.

Infikované hodnoty registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b2} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

Infikované položky dat registru:
(Žádné zákerné položky nebyly zjišteny)

Infikované složky:
c:\documents and settings\Roman\Data aplikací\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.
c:\documents and settings\Roman\data aplikací\shoppingreport\cs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
c:\documents and settings\Roman\data aplikací\shoppingreport\cs\db (Adware.Shopping.Report) -> Quarantined and deleted successfully.
c:\documents and settings\Roman\data aplikací\shoppingreport\cs\dwld (Adware.Shopping.Report) -> Quarantined and deleted successfully.
c:\documents and settings\Roman\data aplikací\shoppingreport\cs\report (Adware.Shopping.Report) -> Quarantined and deleted successfully.
c:\documents and settings\Roman\data aplikací\shoppingreport\cs\res2 (Adware.Shopping.Report) -> Quarantined and deleted successfully.
c:\documents and settings\Roman\data aplikací\shoppingreport\report (Adware.Shopping.Report) -> Quarantined and deleted successfully.
c:\documents and settings\Roman\data aplikací\shoppingreport\ShoppingReport (Adware.Shopping.Report) -> Quarantined and deleted successfully.

Infikované soubory:
c:\documents and settings\Roman\data aplikací\shoppingreport\cs\Config.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
c:\documents and settings\Roman\data aplikací\shoppingreport\cs\db\Aliases.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
c:\documents and settings\Roman\data aplikací\shoppingreport\cs\db\Sites.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.
c:\documents and settings\Roman\data aplikací\shoppingreport\cs\dwld\WhiteList.xip (Adware.Shopping.Report) -> Quarantined and deleted successfully.
c:\documents and settings\Roman\data aplikací\shoppingreport\cs\report\aggr_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
c:\documents and settings\Roman\data aplikací\shoppingreport\cs\report\send_storage.xml (Adware.Shopping.Report) -> Quarantined and deleted successfully.
c:\documents and settings\Roman\data aplikací\shoppingreport\cs\res2\WhiteList.dbs (Adware.Shopping.Report) -> Quarantined and deleted successfully.

Damned · Příspěvekod **Damned** » 19 bře 2010 19:01

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:

File::
c:\windows\system32\KGyGaAvL.sys

Driver::
KGyGaAvL

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\dpvsetup.exe"=-

Rootkit::
c:\windows\system32\KGyGaAvL.sys

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.

- Automaticky se spustí ComboFix, oprava může trvat i déle než 10 minut. ! Nech ComboFix dokončit svou práci !
- Vlož sem log, který vyběhne v závěru čistícího procesu

Tram1n · Příspěvekod **Tram1n** » 20 bře 2010 23:14

Zde je log:

ComboFix 10-03-18.02 - Roman 20.03.2010 23:01:02.5.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.2046.1620 [GMT 1:00]
Spuštěný z: c:\documents and settings\Roman\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Roman\Plocha\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall Pro *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

FILE ::
"c:\windows\system32\KGyGaAvL.sys"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\KGyGaAvL.sys

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-02-20 do 2010-03-20 )))))))))))))))))))))))))))))))
.

2010-03-18 20:32 . 2010-03-18 20:41 -------- d-----w- c:\program files\Common Files\Nero
2010-03-18 20:30 . 2010-03-18 20:30 -------- d-----w- c:\program files\Common Files\LightScribe
2010-03-17 10:16 . 2010-03-17 10:16 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-03-17 10:14 . 2010-03-18 20:48 -------- d-----w- c:\program files\Spyware Doctor
2010-03-10 10:00 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-20 19:20 . 2008-05-13 15:17 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-03-20 19:19 . 2008-05-13 15:15 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-03-19 18:26 . 2009-06-09 16:25 794408 ----a-w- c:\windows\system32\pbsvc.exe
2010-03-19 18:26 . 2008-05-13 15:17 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-03-19 13:14 . 2007-10-09 15:45 -------- d-----w- c:\program files\FlashGet
2010-03-19 13:07 . 2007-10-08 19:16 -------- d-----w- c:\program files\Logitech
2010-03-09 11:24 . 2007-10-08 19:37 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-03-09 11:12 . 2007-10-08 19:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-03-09 11:12 . 2008-04-06 10:30 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-03-09 11:09 . 2007-10-08 19:37 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-03-09 11:08 . 2007-10-08 19:37 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-03-09 11:08 . 2007-10-08 19:37 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-03-09 11:08 . 2008-04-06 10:30 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-03-09 11:08 . 2007-10-08 19:37 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-03-07 16:49 . 2007-10-09 15:45 -------- d-----w- c:\program files\Google
2010-02-24 09:16 . 2009-10-03 08:21 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 13:53 . 2007-10-08 15:37 -------- d-----w- c:\program files\Alwil Software
2010-02-11 18:53 . 2007-10-08 19:37 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-01-06 19:19 . 2010-01-06 19:19 17480 ----a-w- c:\windows\system32\drivers\hamachi.sys
2009-12-31 16:50 . 2006-03-02 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:08 . 2006-03-02 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-03-09 2769336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"d:\\Strong\\StrongDC.exe"=
"d:\\Instalace games\\Fifa 08\\FIFA08.exe"=
"d:\\Instalace games\\Codemasters\\Race Driver 3\\RD3.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires III\\Age3.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Instalace games\\Battlefield II\\BF2.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"d:\\Instalace games\\COD World At War\\CALL OF DUTY WORLD AT WAR\\CoDWaW.exe"=
"d:\\Instalace games\\Company of Heroes\\RelicCOH.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"d:\\Instalace games\\Flat Out Carnage\\FlatOut Ultimate Carnage\\Fouc.exe"=
"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9.10.2007 16:41 642560]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [6.4.2008 11:30 162640]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6.4.2008 11:30 19024]
R2 WF23880;WinFast TV2000/DV2000 WDM Video Capture.;c:\windows\system32\drivers\wf88vcap.sys [17.11.2007 13:50 208851]
R2 WF88XBAR;WinFast TV2000/DV2000 WDM Crossbar.;c:\windows\system32\drivers\WF88XBAR.sys [17.11.2007 13:50 10324]
R2 WFTUNE;WinFast TV2000/DV2000 WDM Tuner.;c:\windows\system32\drivers\wf88tune.sys [17.11.2007 13:50 34789]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 18:19 13592]
S2 gupdate1c9ec50c4d178c;Služba Google Update (gupdate1c9ec50c4d178c);c:\program files\Google\Update\GoogleUpdate.exe [13.6.2009 18:54 133104]
S3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFTVFM\WFIOCTL.sys [17.11.2007 13:55 9446]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 12:24 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'

2010-03-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-13 17:54]

2010-03-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-13 17:54]

2010-03-20 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]

2010-03-20 c:\windows\Tasks\User_Feed_Synchronization-{96590F88-7F72-4DA0-B6F5-4C1FBE6B3433}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
FF - ProfilePath - c:\documents and settings\Roman\Data aplikací\Mozilla\Firefox\Profiles\0sdkz6lh.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://www.theprizeday.com/today.php|ht ... 3170&l=dis
FF - prefs.js: keyword.URL -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-20 23:08
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe >>UNKNOWN [0x8A810B78]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> 0x8a810b78
\Driver\ACPI -> ACPI.sys @ 0xba697cb8
\Driver\atapi -> prosync1.sys @ 0xbadae6c1
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
Warning: possible MBR rootkit infection !
user & kernel MBR OK

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(836)
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(3576)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2010-03-20 23:12:14 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-03-20 22:12
ComboFix2.txt 2010-03-19 17:45

Před spuštěním: 3 015 102 464
Po spuštění: 3 609 866 240

- - End Of File - - 169507EA8F082CE1D99C93D606AB171F

Damned · Příspěvekod **Damned** » 20 bře 2010 23:18

Start -> Spustit... a napiš do okna tento příkaz označený modře:
C:\WINDOWS\MBR.exe -f a dej Ok. mezi mbr.exe a -f je mezera
- pokud by tě bezpečnostní software upozornil na přepsání MBR tak to povol
- počkej až program proběhne a pak restartuj Pc
Po restartu Windows zadej červený příkaz (Start-->>Spustit):
C:\WINDOWS\MBR.exe a dej OK.
Spustí se znovu a log co vytvoří sem vlož (najdeš ho v C:\WINDOWS\MBR.log)

Tram1n · Příspěvekod **Tram1n** » 21 bře 2010 15:02

snad jsem zkopiroval ten spravny log:

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

Damned · Příspěvekod **Damned** » 21 bře 2010 18:39

Vypni antivir a pokud máš i Antispyware a odinstaluj ComboFix ( nutné ) .
ComboFix se odinstaluje takto:
Start -> Spustit a zadej do řádku: Combofix[mezera]/uninstall

Stáhni si T-Cleaner ( nutné - smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš->spustíš)

(pozn.Pokud máš AVG nebo Aviru, před stažením T-Cleaneru a po dobu čištění deaktivuj AVG i Aviru (i rezidenty), následně T-Cleaner smaž a zapni si AVG, Aviru.)
*****************************************************************************************************************************************
Stáhni si OTL na Plochu.
Ujisti se , že máš zavřena všechna ostatní okna a poklepej na ikonu OTL.Nahoře v okně pod Output klikni na minimal Output.Pod Standard Registry změň na All. Zatrhni LOP Check a Purity Check. File age změň na 14 days. Všechny ostatní nastavení ponech jak jsou. Klikni na Run Scan. Sken může trvat dlouho, až skončí otevřou se dva logy:
OTL.Txt
Extras.Txt
Jsou uloženy ve stejném místě jako OTL. Oba logy sem prosím zkopíruj

Tram1n · Příspěvekod **Tram1n** » 21 bře 2010 21:06

OTL:

OTL logfile created on: 21.3.2010 20:59:01 - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\Roman\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 76,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 92,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 7,61 Gb Free Space | 15,59% Space Free | Partition Type: NTFS
Drive D: | 249,26 Gb Total Space | 117,13 Gb Free Space | 46,99% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ROMAN-B8F685043
Current User Name: Roman
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 14 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Roman\Plocha\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Comodo\Firewall\cpf.exe (COMODO)
PRC - C:\Program Files\Comodo\Firewall\cmdagent.exe (COMODO)
PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Roman\Plocha\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msacm32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\AppPatch\acgenral.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (NetTcpPortSharing) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (LBTServ) -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (CmdAgent) -- C:\Program Files\Comodo\Firewall\cmdagent.exe (COMODO)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)

========== Driver Services (SafeList) ==========

DRV - (aswTdi) -- C:\WINDOWS\system32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswSP) -- C:\WINDOWS\system32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswRdr) -- C:\WINDOWS\system32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswMon2) -- C:\WINDOWS\system32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (Aavmker4) -- C:\WINDOWS\system32\drivers\aavmker4.sys (ALWIL Software)
DRV - (hamachi) -- C:\WINDOWS\system32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (L8042Kbd) -- C:\WINDOWS\system32\drivers\L8042Kbd.sys (Logitech, Inc.)
DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys ()
DRV - (dtscsi) -- C:\WINDOWS\System32\Drivers\dtscsi.sys (DT Soft Ltd.)
DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (CmdMon) -- C:\WINDOWS\system32\drivers\cmdmon.sys (Comodo Research Lab., Inc.)
DRV - (Inspect) -- C:\WINDOWS\System32\DRIVERS\inspect.sys (COMODO)
DRV - (gdrv) -- C:\WINDOWS\gdrv.sys (Windows (R) 2000 DDK provider)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (JRAID) -- C:\WINDOWS\system32\DRIVERS\jraid.sys (JMicron Technology Corp.)
DRV - (se27unic) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (WDM) -- C:\WINDOWS\system32\drivers\se27unic.sys (MCCI)
DRV - (SE27obex) -- C:\WINDOWS\system32\drivers\SE27obex.sys (MCCI)
DRV - (se27nd5) Sony Ericsson Device 039 USB Ethernet Emulation SEMC39 (NDIS) -- C:\WINDOWS\system32\drivers\se27nd5.sys (MCCI)
DRV - (SE27mgmt) Sony Ericsson Device 039 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\SE27mgmt.sys (MCCI)
DRV - (SE27mdm) -- C:\WINDOWS\system32\drivers\SE27mdm.sys (MCCI)
DRV - (SE27mdfl) -- C:\WINDOWS\system32\drivers\SE27mdfl.sys (MCCI)
DRV - (SE27bus) Sony Ericsson Device 039 Driver driver (WDM) -- C:\WINDOWS\system32\drivers\SE27bus.sys (MCCI)
DRV - (JGOGO) -- C:\WINDOWS\system32\DRIVERS\JGOGO.sys (JMicron )
DRV - (WFIOCTL) -- C:\Program Files\WinFast\WFTVFM\WFIOCTL.sys (Leadtek Research Inc.)
DRV - (WF88XBAR) -- C:\WINDOWS\system32\drivers\WF88XBAR.sys (Copyright @2000-2006 Leadtek Research Inc.)
DRV - (WF23880) -- C:\WINDOWS\system32\drivers\wf88vcap.sys (Copyright @2000-2006 Leadtek Research Inc.)
DRV - (WFTUNE) -- C:\WINDOWS\system32\drivers\wf88tune.sys (Copyright @2000-2006 Leadtek Research Inc.)
DRV - (prohlp02) -- C:\WINDOWS\System32\drivers\prohlp02.sys (Protection Technology)
DRV - (prodrv06) -- C:\WINDOWS\System32\drivers\prodrv06.sys (Protection Technology)
DRV - (prosync1) -- C:\WINDOWS\System32\drivers\prosync1.sys (Protection Technology)
DRV - (WmXlCore) -- C:\WINDOWS\system32\drivers\WmXlCore.sys (Logitech Inc.)
DRV - (WmFilter) -- C:\WINDOWS\system32\drivers\WmFilter.sys (Logitech Inc.)
DRV - (WmBEnum) -- C:\WINDOWS\system32\drivers\WmBEnum.sys (Logitech Inc.)
DRV - (WmVirHid) -- C:\WINDOWS\system32\drivers\WmVirHid.sys (Logitech Inc.)
DRV - (sfhlp01) -- C:\WINDOWS\System32\drivers\sfhlp01.sys (Protection Technology)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Prev Search Page = http://google.icq.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.theprizeday.com/today.php|http://www.ask.com?o=13170&l=dis"
FF - prefs.js..extensions.enabledItems: {872A1C39-DF0B-4c8b-AD84-12BA24A3B781}:4.2.0.0
FF - prefs.js..extensions.enabledItems: {0BA0192D-94A5-45e3-B2B8-3EC5A1A0B5EC}:1.5.5.900
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {2224E955-00E9-4613-A844-CE69FCCAAE91}:3.6.3.4500
FF - prefs.js..extensions.enabledItems: Zango@Zango.com:10.3.85.0
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.5.1.110
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.14
FF - prefs.js..keyword.URL: ""

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.03.19 14:02:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.14\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.03.19 18:21:57 | 000,000,000 | ---D | M]

[2009.06.04 17:01:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Data aplikací\Mozilla\Extensions
[2009.06.04 17:01:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Roman\Data aplikací\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010.03.19 13:58:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Data aplikací\Mozilla\Firefox\Profiles\0sdkz6lh.default\extensions
[2009.09.04 16:14:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Roman\Data aplikací\Mozilla\Firefox\Profiles\0sdkz6lh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.02.16 20:54:33 | 000,002,257 | ---- | M] () -- C:\Documents and Settings\Roman\Data aplikací\Mozilla\Firefox\Profiles\0sdkz6lh.default\searchplugins\askcom.xml
[2009.06.04 17:01:01 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009.12.11 14:19:21 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009.12.11 14:19:21 | 000,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2009.12.11 14:19:21 | 000,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2009.05.01 22:02:48 | 001,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\Mozilla Firefox\plugins\libdivx.dll
[2009.05.12 19:46:20 | 001,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
[2009.12.11 14:19:24 | 000,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2009.05.01 22:02:48 | 000,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\Mozilla Firefox\plugins\ssldivx.dll
[2009.09.04 16:13:59 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2009.09.04 16:13:59 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2009.09.04 16:13:59 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2009.09.04 16:13:59 | 000,002,343 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2009.09.04 16:13:59 | 000,001,706 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2009.09.04 16:13:59 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2009.09.04 16:13:59 | 000,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2010.03.20 23:08:09 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKCU\..\Toolbar\WebBrowser: (&Adresa) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O3 - HKCU\..\Toolbar\WebBrowser: (&Odkazy) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (GamingHarbor Toolbar) - {5617ECA9-488D-4BA2-8562-9710B9AB78D2} - C:\Program Files\DoubleD\GamingHarbor Toolbar\4.2.0.21210\stb0.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [combofix] C:\ComboFix\CF10120.cfx File not found
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.46.172.36 213.46.172.37
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Proces mezipaměti kategorií součástí - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Roman\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Roman\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010.03.21 20:56:47 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Roman\Plocha\OTL.exe
[2010.03.21 14:43:59 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010.03.20 23:12:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010.03.19 14:43:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\NOS
[2010.03.19 14:29:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Roman\Plocha\Nová složka
[2010.03.18 21:43:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Roman\Data aplikací\Nero
[2010.03.18 21:32:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero
[2010.03.18 21:32:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Nero
[2010.03.18 21:30:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LightScribe
[2010.03.18 21:21:49 | 214,167,816 | ---- | C] (Nero AG) -- C:\Documents and Settings\Roman\Plocha\Nero-9.4.26.0_trial.exe
[2010.03.17 11:15:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Roman\Local Settings\Data aplikací\Threat Expert
[2010.03.17 11:15:27 | 001,640,400 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll.old
[2010.03.17 11:14:12 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010.03.10 11:00:00 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2009.06.14 14:11:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Google
[2009.06.13 18:54:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Google
[2008.10.01 15:19:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\Microsoft
[2008.05.19 15:09:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\PCHealth
[2007.10.05 16:59:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Data aplikací\Microsoft
[2007.10.05 16:57:21 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Data aplikací\Microsoft
[2007.10.05 16:57:21 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Data aplikací\Microsoft
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010.03.21 20:56:55 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Roman\Plocha\OTL.exe
[2010.03.21 20:53:26 | 000,210,432 | ---- | M] () -- C:\Documents and Settings\Roman\Plocha\T-Cleaner.exe
[2010.03.21 20:52:50 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010.03.21 20:49:55 | 000,000,936 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.03.21 20:49:52 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.03.21 20:49:51 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.03.21 20:49:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.03.21 20:48:48 | 008,650,752 | -H-- | M] () -- C:\Documents and Settings\Roman\ntuser.dat
[2010.03.21 20:48:48 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Roman\ntuser.ini
[2010.03.21 20:28:00 | 000,000,940 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.03.21 19:08:54 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{96590F88-7F72-4DA0-B6F5-4C1FBE6B3433}.job
[2010.03.21 16:03:24 | 000,137,464 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010.03.21 16:03:08 | 000,214,520 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.xtr
[2010.03.20 23:08:20 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010.03.20 23:08:09 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010.03.19 19:26:56 | 000,139,152 | ---- | M] () -- C:\Documents and Settings\Roman\Data aplikací\PnkBstrK.sys
[2010.03.19 19:26:32 | 000,794,408 | ---- | M] () -- C:\WINDOWS\System32\pbsvc.exe
[2010.03.19 18:59:47 | 000,033,792 | ---- | M] () -- C:\Documents and Settings\Roman\Plocha\ComboFix 10.doc
[2010.03.18 21:33:19 | 000,001,402 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Nero StartSmart.lnk
[2010.03.18 21:30:46 | 000,001,774 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\LightScribe.lnk
[2010.03.18 21:21:55 | 214,167,816 | ---- | M] (Nero AG) -- C:\Documents and Settings\Roman\Plocha\Nero-9.4.26.0_trial.exe
[2010.03.17 13:03:15 | 000,445,440 | ---- | M] () -- C:\Documents and Settings\Roman\Plocha\doc1.doc
[2010.03.11 19:37:30 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010.03.11 11:12:56 | 000,002,553 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010.03.10 15:38:53 | 019,107,600 | ---- | M] () -- C:\Documents and Settings\Roman\Plocha\Cesta 2.kmz
[2010.03.09 12:24:05 | 000,153,184 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010.03.09 12:12:54 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010.03.09 12:12:33 | 000,162,640 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010.03.09 12:09:08 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010.03.09 12:08:41 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010.03.09 12:08:38 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010.03.09 12:08:30 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010.03.09 12:08:15 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.03.21 20:53:26 | 000,210,432 | ---- | C] () -- C:\Documents and Settings\Roman\Plocha\T-Cleaner.exe
[2010.03.19 18:59:47 | 000,033,792 | ---- | C] () -- C:\Documents and Settings\Roman\Plocha\ComboFix 10.doc
[2010.03.18 21:33:19 | 000,001,402 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Nero StartSmart.lnk
[2010.03.18 21:30:46 | 000,001,774 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\LightScribe.lnk
[2010.03.10 15:38:52 | 019,107,600 | ---- | C] () -- C:\Documents and Settings\Roman\Plocha\Cesta 2.kmz
[2010.01.18 21:37:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2010.01.17 13:13:11 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009.10.28 12:05:06 | 000,000,098 | ---- | C] () -- C:\WINDOWS\h3maped.INI
[2009.06.09 17:25:35 | 000,139,152 | ---- | C] () -- C:\Documents and Settings\Roman\Data aplikací\PnkBstrK.sys
[2009.03.28 13:49:17 | 000,000,125 | ---- | C] () -- C:\Documents and Settings\Roman\Local Settings\Data aplikací\fusioncache.dat
[2008.12.31 17:35:57 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008.11.21 22:47:52 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008.11.21 22:45:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008.11.21 22:45:16 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008.11.21 22:44:16 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008.09.08 17:13:12 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008.05.13 16:17:05 | 000,137,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2007.11.26 21:56:28 | 000,151,415 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2007.10.31 11:48:03 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2007.10.13 23:00:40 | 000,157,696 | ---- | C] () -- C:\Documents and Settings\Roman\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.10.13 17:07:00 | 000,271,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2007.10.13 17:06:59 | 000,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2007.10.10 18:02:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007.10.10 17:01:52 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2007.10.08 17:17:29 | 000,000,494 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007.10.06 09:52:21 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007.10.06 09:22:02 | 000,000,325 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2007.10.06 08:39:58 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2007.06.19 07:59:36 | 000,070,400 | ---- | C] () -- C:\WINDOWS\System32\PhysXLoader.dll
[2007.04.20 06:57:30 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007.04.20 06:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2007.04.20 06:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2007.04.20 06:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007.04.20 06:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2007.04.20 06:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2007.04.20 06:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2007.04.20 06:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2007.04.20 06:57:28 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2004.08.13 23:24:57 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll

========== LOP Check ==========

[2010.02.23 14:51:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Alwil Software
[2009.12.25 13:45:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Electronic Arts
[2010.01.17 13:12:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\EPSON
[2008.09.05 12:24:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\ICQ
[2007.10.27 00:27:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\LightScribe
[2009.02.20 16:23:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\SweetIM
[2009.03.26 19:34:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Teleca
[2010.03.18 21:47:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2010.01.17 13:17:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\UDL
[2007.11.17 13:55:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Ulead Systems
[2010.02.06 12:40:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Data aplikací\{AAAE891E-DC50-4DD4-A79D-C19DDB94E30E}
[2009.05.07 17:40:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Data aplikací\Allstar
[2009.12.13 17:48:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Data aplikací\cs
[2010.01.17 21:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Data aplikací\Desktopicon
[2010.01.18 12:01:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Data aplikací\Epson
[2009.01.15 17:12:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Data aplikací\HLSW
[2010.03.19 18:58:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Data aplikací\ICQ
[2007.10.09 18:35:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Data aplikací\ICQ Toolbar
[2007.10.09 20:38:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Data aplikací\ICQLite
[2007.10.14 15:27:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Data aplikací\Mp3tag
[2009.11.04 19:26:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Data aplikací\Roman
[2008.04.10 18:25:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Data aplikací\Sachy
[2009.06.21 15:32:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Data aplikací\Teleca
[2010.01.08 22:28:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Data aplikací\TS3Client
[2009.12.11 15:00:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Data aplikací\uTorrent
[2009.02.19 17:05:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Roman\Data aplikací\Zoner
[2010.03.21 20:52:50 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2010.03.21 19:08:54 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{96590F88-7F72-4DA0-B6F5-4C1FBE6B3433}.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:A8ADE5D8
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:59756FA4
< End of report >

Tram1n · Příspěvekod **Tram1n** » 21 bře 2010 21:07

EXTRAS:

OTL Extras logfile created on: 21.3.2010 20:59:01 - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Documents and Settings\Roman\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 76,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 92,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48,83 Gb Total Space | 7,61 Gb Free Space | 15,59% Space Free | Partition Type: NTFS
Drive D: | 249,26 Gb Total Space | 117,13 Gb Free Space | 46,99% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ROMAN-B8F685043
Current User Name: Roman
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 14 Days
Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe" = C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe:*:Enabled:Nero Home -- (Nero AG)
"D:\Strong\StrongDC.exe" = D:\Strong\StrongDC.exe:*:Enabled:StrongDC++ -- (Big Muscle, KohlSoft® Corporation ;-)

)
"D:\Instalace games\Fifa 08\FIFA08.exe" = D:\Instalace games\Fifa 08\FIFA08.exe:*:Enabled:FIFA08 -- ()
"D:\Instalace games\Codemasters\Race Driver 3\RD3.exe" = D:\Instalace games\Codemasters\Race Driver 3\RD3.exe:*:Enabled:RaceDriver 3 Application -- (Codemasters)
"C:\Program Files\Microsoft Games\Age of Empires III\Age3.exe" = C:\Program Files\Microsoft Games\Age of Empires III\Age3.exe:*:Enabled:Age of Empires 3 -- (Ensemble Studios)
"C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe" = C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s -- ()
"C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe" = C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe:*:Enabled:Nero ShowTime -- (Nero AG)
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe" = C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) -- ()
"C:\Program Files\FlashGet\flashget.exe" = C:\Program Files\FlashGet\flashget.exe:*:Enabled:Flashget -- (FlashGet.com)
"C:\Program Files\Hamachi\hamachi.exe" = C:\Program Files\Hamachi\hamachi.exe:*:Enabled:Hamachi Client -- (LogMeIn Inc.)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"D:\Instalace games\Battlefield II\BF2.exe" = D:\Instalace games\Battlefield II\BF2.exe:*:Enabled:Battlefield 2 -- ()
"C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA -- ()
"C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB -- ()
"C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe" = C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:*:Enabled:Crysis_32 -- (Crytek GmbH)
"C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe" = C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:*:Enabled:CrysisDedicatedServer_32 -- (Crytek GmbH)
"C:\Program Files\ICQ6.5\ICQ.exe" = C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
"D:\Instalace games\COD World At War\CALL OF DUTY WORLD AT WAR\CoDWaW.exe" = D:\Instalace games\COD World At War\CALL OF DUTY WORLD AT WAR\CoDWaW.exe:*:Enabled:Call of Duty(R): World at War Campaign/Coop -- (Activision Blizzard, Inc.)
"D:\Instalace games\Company of Heroes\RelicCOH.exe" = D:\Instalace games\Company of Heroes\RelicCOH.exe:*:Enabled:RelicCOH -- (THQ Canada Inc.)
"C:\Program Files\Electronic Arts\EADM\Core.exe" = C:\Program Files\Electronic Arts\EADM\Core.exe:*:Disabled:EA Download Manager -- (Electronic Arts)
"D:\Instalace games\Flat Out Carnage\FlatOut Ultimate Carnage\Fouc.exe" = D:\Instalace games\Flat Out Carnage\FlatOut Ultimate Carnage\Fouc.exe:*:Enabled:FlatOut Ultimate Carnage -- (Empire Interactive Ltd.)
"C:\Program Files\Epson Software\Event Manager\EEventManager.exe" = C:\Program Files\Epson Software\Event Manager\EEventManager.exe:*:Disabled:EEventManager Application -- (SEIKO EPSON CORPORATION)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{01521746-02A6-4A72-00BD-A285DF6B80C6}" = The Sims 2 Univerzita
"{0297C87B-CC40-446F-865A-031B4FC0CF22}" = Race Driver 3
"{02B244A2-7F6A-42E8-A36F-8C385D7A1625}" = Gothic III
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{04A6A912-A6DB-4EF2-99FF-6D6199BA3C8C}" = SweetIM for Messenger 2.6
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{0A2A5039-B37F-489D-B1DC-A5258DF9E697}" = FIFA 08
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1998BD34-1AAB-4169-ACFF-67342E2AF9B4}" = Gothic III Release Update
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2C272396-11B1-79BD-2BB3-40B9BEE9BCE5}" = Catalyst Control Center Core Implementation
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode
"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
"{40261D0A-A385-4C1A-A7DE-5F270D9B1029}" = Nero 7 Premium
"{4062364A-1290-43E5-8250-6A0C8C74CABC}" = ccc-core-preinstall
"{4231395F-C55C-FBAD-E4A5-C0E7D67F32E4}" = Catalyst Control Center Graphics Full New
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4ED7D297-58F7-45C3-A9BA-A7CD6FA0D373}_is1" = SureThing CD Labeler Deluxe 5
"{54699D7E-6710-4318-A488-7F8BF82BAB59}" = Testy Autoškola
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{572527DD-05F1-E9EA-5B4F-055ECDD720EB}" = ccc-utility
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{65F1CF63-31E0-450B-96F3-4A88BE7361A6}" = AGEIA PhysX v7.07.09
"{66FF4C48-0083-4E60-8556-B883AB200092}" = Heroes of Might and Magic V - Tribes of the East
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6E7DD182-9FC6-4651-0095-2E666CC6AF35}" = The Sims 2
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{7AFED294-F3EE-40F9-B0C2-0AD9C45DE7D3}" = Pegasus Imaging's PICVideo 3
"{7B4A5C13-069F-4AFE-AE57-C497B4E33C7E}" = Call of Duty(R) 2 Patch 1.3
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"{7E37FE5D-833D-8CEC-68DE-665DDDDA06B5}" = Catalyst Control Center Graphics Light
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{82FC7486-2224-4793-A9B2-E8CC6068FDD7}" = S.T.A.L.K.E.R. SHADOW OF CHERNOBYL
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2
"{8829DAD4-8F07-4A96-B995-15498EBB8045}" = Heroes of Might and Magic V
"{8D2C1E44-7685-4D05-8342-B0DC6422FA47}" = Ulead Straight-to-Disc SDK
"{90110405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0010-0405-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Czech) 12
"{90120000-0015-0405-0000-0000000FF1CE}" = Microsoft Office Access MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0019-0405-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Czech) 2007
"{90120000-001A-0405-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}" = Microsoft Games for Windows - LIVE Redistributable
"{98259fe1-18fb-4400-b899-f59e7a9be442}" = Nero 9 Trial
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A73C3B76-C889-29FF-811E-14AF82CCEBEE}" = ccc-core-static
"{A8B2C826-3627-52AA-D5B5-D89F178F4A8B}" = Catalyst Control Center Graphics Full Existing
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABC0976C-723E-CDA4-7F09-378FAF2C2890}" = Skins
"{AC138218-5F23-DCC0-357D-143EF8451483}" = CCC Help English
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B1166CA2-9264-C562-AEDE-7C1965CBAAF8}" = Catalyst Control Center Graphics Previews Common
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B35A7E74-DEE1-4660-931F-E51B580C85D8}_is1" = CALL OF DUTY WORLD AT WAR v.1.1
"{B69F28DF-CBB1-41B7-008A-210E4D0518FC}" = Harry Potter a Fénixův řád™
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{B9242864-2841-4ADE-86E0-8F90F91B04DD}" = Logitech Gaming Software
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BE4AA694-815A-4045-BD49-C94F2BED7458}" = WinFast Entertainment Center(WDM Driver)
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C084BC61-E537-11DE-8616-005056806466}" = Google Earth
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5096216-7703-409E-B85A-8A6EE7395128}}_is1" = System Search Dispatcher
"{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax
"{C882DE6B-1482-42D6-A7C2-A9F946EDBAF6}" = WinFast PVR
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CA567AD5-33A4-403D-86D1-EE2D38251951}_is1" = VDownloader 1.12
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBC85F2E-1981-4C55-9418-908D08D2C6E8}" = OLYMPUS Master 2
"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{D69A5D3F-3837-4409-8AAD-CB5C7D33F13F}" = Star Stable 1
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{DDDE47E5-C711-4D17-9FA6-E3D7C340192A}" = OLYMPUS muvee theaterPack
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = The Sims™ 2 Roční období
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}" = QuickTime
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FC906D5C-91F9-4DA4-A765-6DCBB669F317}" = Sony Ericsson PC Suite
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{Punské války}" = Punské války
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"avast5" = avast! Free Antivirus
"CCleaner" = CCleaner (remove only)
"COMODO Firewall Pro" = COMODO Firewall Pro
"EADM" = EA Download Manager
"Easy CD-DA Extractor 10" = Easy CD-DA Extractor 10
"eBay Icon" = eBay Icon
"EPSON Scanner" = EPSON Scan
"Epson Stylus SX210_SX410_TX210_TX410 Uživatelská příručka" = Epson Stylus SX210_SX410_TX210_TX410 Manuál
"EPSON SX210 Series" = EPSON SX210 Series Printer Uninstall
"FlashGet" = FlashGet 1.9.6.1073
"FlashGet(JetCar)" = FlashGet(JetCar)
"FlatOut Ultimate Carnage" = FlatOut Ultimate Carnage
"GameParkClient_is1" = GamePark
"Google Chrome" = Google Chrome
"Hamachi" = Hamachi 1.0.1.5
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{7AFED294-F3EE-40F9-B0C2-0AD9C45DE7D3}" = Pegasus Imaging's PICVideo 3
"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"KnightsAndMerchants" = KnightsAndMerchants
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.14)" = Mozilla Firefox (3.0.14)
"Mp3tag" = Mp3tag
"MPEG Video Wizard DVD" = MPEG Video Wizard DVD
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PROHYBRIDR" = 2007 Microsoft Office system
"PunkBusterSvc" = PunkBuster Services
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xfire" = Xfire (remove only)
"Zoner Photo Studio 9_is1" = Zoner Photo Studio 9

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"TeamSpeak 3 Client" = TeamSpeak 3 Client

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 21.1.2009 15:27:04 | Computer Name = ROMAN-B8F685043 | Source = avast! | ID = 33554522
Description =

Error - 21.1.2009 15:27:04 | Computer Name = ROMAN-B8F685043 | Source = avast! | ID = 33554522
Description =

Error - 21.1.2009 15:27:04 | Computer Name = ROMAN-B8F685043 | Source = avast! | ID = 33554522
Description =

Error - 21.1.2009 15:27:04 | Computer Name = ROMAN-B8F685043 | Source = avast! | ID = 33554522
Description =

Error - 21.1.2009 15:27:04 | Computer Name = ROMAN-B8F685043 | Source = avast! | ID = 33554522
Description =

Error - 21.1.2009 15:27:07 | Computer Name = ROMAN-B8F685043 | Source = avast! | ID = 33554522
Description =

Error - 21.1.2009 15:27:07 | Computer Name = ROMAN-B8F685043 | Source = avast! | ID = 33554522
Description =

Error - 13.10.2009 13:03:44 | Computer Name = ROMAN-B8F685043 | Source = avast! | ID = 33554522
Description =

Error - 9.11.2009 12:50:40 | Computer Name = ROMAN-B8F685043 | Source = avast! | ID = 33554522
Description =

Error - 19.11.2009 13:22:36 | Computer Name = ROMAN-B8F685043 | Source = avast! | ID = 33554522
Description =

[ Application Events ]
Error - 7.3.2010 16:26:09 | Computer Name = ROMAN-B8F685043 | Source = Application Error | ID = 1000
Description = Chybující aplikace iexplore.exe, verze 8.0.6001.18702, chybující modul
jccatch_1.dll, verze 1.8.4.1007, adresa chyby 0x00007859.

Error - 8.3.2010 13:10:43 | Computer Name = ROMAN-B8F685043 | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace CoD2MP_s.exe, verze 0.0.0.0, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 8.3.2010 16:25:55 | Computer Name = ROMAN-B8F685043 | Source = Application Error | ID = 1000
Description = Chybující aplikace iexplore.exe, verze 8.0.6001.18702, chybující modul
jccatch_1.dll, verze 1.8.4.1007, adresa chyby 0x00007859.

Error - 9.3.2010 14:38:27 | Computer Name = ROMAN-B8F685043 | Source = Application Error | ID = 1000
Description = Chybující aplikace iexplore.exe, verze 8.0.6001.18702, chybující modul
jccatch_1.dll, verze 1.8.4.1007, adresa chyby 0x00007859.

Error - 11.3.2010 7:16:45 | Computer Name = ROMAN-B8F685043 | Source = Application Error | ID = 1000
Description = Chybující aplikace iexplore.exe, verze 8.0.6001.18702, chybující modul
jccatch_1.dll, verze 1.8.4.1007, adresa chyby 0x00007859.

Error - 16.3.2010 12:25:38 | Computer Name = ROMAN-B8F685043 | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace CoD2MP_s.exe, verze 0.0.0.0, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 17.3.2010 9:34:12 | Computer Name = ROMAN-B8F685043 | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace CoD2MP_s.exe, verze 0.0.0.0, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 18.3.2010 16:33:48 | Computer Name = ROMAN-B8F685043 | Source = pctsSvc.exe | ID = 0
Description =

Error - 19.3.2010 9:33:49 | Computer Name = ROMAN-B8F685043 | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace WINWORD.EXE, verze 11.0.5604.0, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

Error - 19.3.2010 13:59:28 | Computer Name = ROMAN-B8F685043 | Source = Application Hang | ID = 1002
Description = Zablokovaná aplikace WINWORD.EXE, verze 11.0.5604.0, zablokovaný modul
hungapp, verze 0.0.0.0, adresa bloku 0x00000000.

[ System Events ]
Error - 21.3.2010 15:56:18 | Computer Name = ROMAN-B8F685043 | Source = Service Control Manager | ID = 7023
Description = Služba Správce vzdáleného přístupu byla ukončena s následující chybou:
%%126

Error - 21.3.2010 15:56:20 | Computer Name = ROMAN-B8F685043 | Source = Service Control Manager | ID = 7023
Description = Služba Správce vzdáleného přístupu byla ukončena s následující chybou:
%%126

Error - 21.3.2010 15:56:20 | Computer Name = ROMAN-B8F685043 | Source = Service Control Manager | ID = 7023
Description = Služba Správce vzdáleného přístupu byla ukončena s následující chybou:
%%126

Error - 21.3.2010 15:56:21 | Computer Name = ROMAN-B8F685043 | Source = Service Control Manager | ID = 7023
Description = Služba Správce vzdáleného přístupu byla ukončena s následující chybou:
%%126

Error - 21.3.2010 15:56:23 | Computer Name = ROMAN-B8F685043 | Source = Service Control Manager | ID = 7023
Description = Služba Správce vzdáleného přístupu byla ukončena s následující chybou:
%%126

Error - 21.3.2010 15:56:25 | Computer Name = ROMAN-B8F685043 | Source = Service Control Manager | ID = 7023
Description = Služba Správce vzdáleného přístupu byla ukončena s následující chybou:
%%126

Error - 21.3.2010 15:56:28 | Computer Name = ROMAN-B8F685043 | Source = Service Control Manager | ID = 7023
Description = Služba Správce vzdáleného přístupu byla ukončena s následující chybou:
%%126

Error - 21.3.2010 15:56:41 | Computer Name = ROMAN-B8F685043 | Source = Service Control Manager | ID = 7023
Description = Služba Správce vzdáleného přístupu byla ukončena s následující chybou:
%%126

Error - 21.3.2010 15:56:41 | Computer Name = ROMAN-B8F685043 | Source = Service Control Manager | ID = 7023
Description = Služba Správce vzdáleného přístupu byla ukončena s následující chybou:
%%126

Error - 21.3.2010 15:56:42 | Computer Name = ROMAN-B8F685043 | Source = Service Control Manager | ID = 7023
Description = Služba Správce vzdáleného přístupu byla ukončena s následující chybou:
%%126

< End of report >

Prosim o kontrolu logu Vyřešeno

Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Re: Prosim o kontrolu logu

Kdo je online