Prosím o kontrolu logu

jaruska · Příspěvekod **jaruska** » 27 kvě 2010 18:36

Prosím o kontrolu logu HJT
Počítač se mi spomalil, vyčistila jsem ho CCleanerem, RegCleanerem a udělala jsem defragmentaci.
Rychlost se o poznání zlepšila, ale chtěla bych mít jistotu, že je vše OK.
Děkuji Jarka

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:29:05, on 27.5.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\RegCleaner\RegCleanr.exe
C:\Windows\System32\mobsync.exe
D:\download\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatche ... p=aus&qkw=%s&tbid=60341
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eu.ask.com?o=15788&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre0.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre0.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre0.dll
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" -automount
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Hledání panelu &AOL Toolbar - C:\ProgramData\AOL\ieToolbar\resources\cs-CZ\local\search.html
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést cíl vazby do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést vybrané vazby do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést vybrané vazby do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Převést výběr do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést výběr do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{C03E4588-3E6E-4DF0-A2D2-06E59E2221E6}: NameServer = 77.48.254.254,77.48.100.254
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\aestsrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe

--
End of file - 10586 bytes

Reklama

Damned · Příspěvekod **Damned** » 27 kvě 2010 18:48

Odinstaluj si Ask.com (Ask Toolbar), Crawler Toolbar a free-downloads.net Toolbar. Vypni si natrvalo Spyware Terminatora (ve službách).

Spusť HJT (HijackThis), vypni prohlížeče, odpoj se od internetu a fixni (spustit HJT, "Do a system scan only",
zatrhnout políčko před hodnotou, zmáčknout "Fix checked" a poté "Ano"):

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatche ... p=aus&qkw=%s&tbid=60341
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eu.ask.com?o=15788&l=dis
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre0.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre0.dll
O3 - Toolbar: &Crawler lišta - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfre0.dll
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
*****************************************************************************************************************************************
Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost Uložit protokol a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

jaruska · Příspěvekod **jaruska** » 27 kvě 2010 19:38

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Verze databáze: 4148

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

27.5.2010 19:36:34
mbam-log-2010-05-27 (19-36-34).txt

Typ skenu: Rychlý sken
Skenované objekty: 115262
Uplynulý čas: 7 minuta(y), 17 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

Damned · Příspěvekod **Damned** » 27 kvě 2010 20:32

Vypni rezidentní štít antiviru (pokud máš tak i antispyware).
Stáhni si ComboFix (by sUBs)
nebo ComboFix (subs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

jaruska · Příspěvekod **jaruska** » 27 kvě 2010 21:24

Tady je ten nový log

ComboFix 10-05-26.04 - sora.group 27.05.2010 21:01:00.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2045.1358 [GMT 2:00]
Spuštěný z: c:\users\sora.group\Desktop\ComboFix.exe
SP: Spyware Terminator *disabled* (Updated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\sora.group\AppData\Roaming\inst.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-04-27 do 2010-05-27 )))))))))))))))))))))))))))))))
.

2010-05-27 19:16 . 2010-05-27 19:16 -------- d-----w- c:\users\sora.group\AppData\Local\temp
2010-05-27 17:28 . 2010-05-27 17:28 -------- d-----w- c:\users\sora.group\AppData\Roaming\Malwarebytes
2010-05-27 17:27 . 2010-03-29 13:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-27 17:27 . 2010-05-27 17:27 -------- d-----w- c:\programdata\Malwarebytes
2010-05-27 17:27 . 2010-03-29 13:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-27 17:27 . 2010-05-27 17:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-27 16:59 . 2010-05-27 16:59 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2010-05-27 13:16 . 2010-05-27 13:16 -------- d-----w- c:\users\SORA~1~GRO
2010-05-27 12:35 . 2010-05-27 12:35 -------- d-----w- c:\program files\RegCleaner
2010-05-26 21:02 . 2010-05-26 21:11 -------- d-----w- c:\program files\MP3Gain
2010-05-26 05:43 . 2010-04-23 14:13 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-24 18:07 . 2010-05-24 18:07 -------- d-----w- c:\program files\Alcohol Soft
2010-05-18 12:20 . 2010-05-18 12:20 -------- d-----w- c:\programdata\vsosdk
2010-05-12 14:25 . 2010-05-12 14:25 -------- d-----w- c:\users\sora.group\AppData\Local\Hewlett-Packard
2010-05-12 10:14 . 2010-01-29 15:40 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-06 18:05 . 2010-05-06 18:05 -------- d-----w- c:\users\sora.group\AppData\Roaming\progeSOFT
2010-05-06 18:03 . 2010-05-06 18:03 -------- d-----w- c:\programdata\progeSOFT
2010-05-06 18:01 . 2009-10-07 13:39 2134016 ----a-w- c:\windows\system32\cdintf251.dll
2010-05-06 18:00 . 2009-10-07 13:42 89360 ----a-w- c:\windows\system32\vb5db.dll
2010-05-06 17:59 . 2009-10-07 13:42 61440 ----a-w- c:\windows\system32\wintab32.dll
2010-05-06 17:59 . 2010-05-06 17:59 -------- d-----w- c:\program files\progeSOFT
2010-05-05 20:29 . 2010-05-05 20:49 -------- d-----w- c:\users\sora.group\AppData\Roaming\Template
2010-04-30 16:40 . 2010-04-30 16:40 -------- d-----w- c:\users\sora.group\AppData\Local\Mozilla
2010-04-30 06:28 . 1998-01-23 10:19 304640 ----a-w- c:\windows\IsUn0405.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-27 19:04 . 2008-06-09 12:10 598832 ----a-w- c:\windows\system32\perfh005.dat
2010-05-27 19:04 . 2008-06-09 12:10 114992 ----a-w- c:\windows\system32\perfc005.dat
2010-05-27 18:52 . 2010-03-18 22:19 2604 ----a-w- c:\windows\bthservsdp.dat
2010-05-27 17:00 . 2010-04-25 01:17 -------- d-----w- c:\program files\free-downloads.net
2010-05-27 13:16 . 2008-06-09 02:32 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-27 11:55 . 2010-03-24 07:50 -------- d-----w- c:\programdata\Spyware Terminator
2010-05-26 21:30 . 2010-03-24 07:51 -------- d-----w- c:\users\sora.group\AppData\Roaming\Spyware Terminator
2010-05-26 05:49 . 2010-03-22 16:07 503808 ----a-w- c:\programdata\STORMWARE\POHODA\Data\Pohoda.sys
2010-05-26 05:46 . 2010-03-25 15:41 -------- d-----w- c:\program files\Microsoft
2010-05-25 18:07 . 2010-03-24 07:50 -------- d-----w- c:\program files\Spyware Terminator
2010-05-24 18:02 . 2010-03-21 21:00 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-05-23 09:34 . 2010-04-24 22:49 -------- d-----w- c:\programdata\DVD Shrink
2010-05-23 09:34 . 2010-04-24 22:49 -------- d-----w- c:\program files\DVD Shrink
2010-05-20 18:31 . 2010-03-21 15:00 -------- d-----w- c:\users\sora.group\AppData\Roaming\.RTS
2010-05-18 12:30 . 2010-04-25 06:43 -------- d-----w- c:\users\sora.group\AppData\Roaming\Vso
2010-05-12 17:32 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-05-12 17:31 . 2010-03-19 14:30 -------- d-----w- c:\programdata\Microsoft Help
2010-05-12 09:21 . 2010-03-19 16:30 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-05 20:46 . 2010-05-05 20:29 318 ----a-w- c:\users\sora.group\AppData\Roaming\wklnhst.dat
2010-04-25 06:43 . 2010-04-25 06:43 47360 ----a-w- c:\users\sora.group\AppData\Roaming\pcouffin.sys
2010-04-25 06:43 . 2010-04-25 06:43 47360 ----a-w- c:\users\sora.group\AppData\Roaming\pcouffin.sys
2010-04-25 06:42 . 2010-04-25 06:42 -------- d-----w- c:\program files\VSO
2010-04-24 22:43 . 2010-04-24 22:40 -------- d-----w- c:\program files\AutoGK
2010-04-24 22:43 . 2010-04-24 22:43 -------- d-----w- c:\program files\XviD
2010-04-24 22:42 . 2010-04-24 22:42 -------- d-----w- c:\program files\AviSynth 2.5
2010-04-24 22:41 . 2010-04-24 22:41 -------- d-----w- c:\program files\Gabest
2010-04-20 18:54 . 2010-03-19 05:53 75832 ----a-w- c:\users\sora.group\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-18 10:34 . 2010-04-18 10:34 -------- d-----w- c:\program files\CCleaner
2010-04-13 11:14 . 2010-04-13 11:14 -------- d-----w- c:\program files\Microsoft Office 2003
2010-04-10 22:24 . 2010-04-10 22:24 -------- d-----w- c:\program files\Kocourek
2010-04-10 14:56 . 2010-04-10 14:55 -------- d-----w- c:\program files\Codec Pack - All In 1
2010-04-10 14:54 . 2010-04-10 14:56 737280 ----a-w- c:\windows\iun6002.exe
2010-04-10 14:29 . 2010-04-10 14:29 -------- d-----w- c:\users\sora.group\AppData\Roaming\CyberLink
2010-04-04 10:32 . 2010-03-24 16:31 -------- d-----w- c:\users\sora.group\AppData\Roaming\Nokia
2010-03-29 21:27 . 2010-03-29 21:27 -------- d-----w- c:\program files\FLVPlayer
2010-03-27 10:03 . 2010-03-27 10:03 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-03-25 16:58 . 2010-03-23 01:51 1356 ----a-w- c:\users\sora.group\AppData\Local\d3d9caps.dat
2010-03-24 07:51 . 2010-03-24 07:51 6144 ----a-w- c:\programdata\Spyware Terminator\sp_rsdel.exe
2010-03-24 07:51 . 2010-03-24 07:51 5632 ----a-w- c:\programdata\Spyware Terminator\fileobjinfo.sys
2010-03-24 07:51 . 2010-03-24 07:51 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-03-24 07:44 . 2010-03-24 07:44 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-24 06:26 . 2010-03-24 04:12 131037 ----a-w- c:\windows\hpoins18.dat
2010-03-23 19:27 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-03-19 16:48 . 2010-03-19 16:48 95232 ----a-w- c:\programdata\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\pcswpcsi.exe
2010-03-19 16:48 . 2010-03-19 16:48 8192 ----a-w- c:\programdata\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstCCD.exe
2010-03-19 16:48 . 2010-03-19 16:48 61440 ----a-w- c:\programdata\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2010-03-19 16:48 . 2010-03-19 16:48 10240 ----a-w- c:\programdata\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstPCS.exe
2010-03-18 23:12 . 2010-03-18 23:12 0 ----a-w- c:\windows\ativpsrm.bin
2010-03-18 22:32 . 2010-03-18 22:32 251 ----a-w- c:\windows\xUninstall.bat
2010-03-18 12:06 . 2010-03-19 16:48 34701512 ----a-w- c:\programdata\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Nokia_PC_Suite_cze_web.exe
2010-03-09 09:13 . 2010-03-09 09:13 96896 ----a-w- c:\windows\system32\drivers\epfwwfpr.sys
2010-03-09 09:13 . 2010-03-09 09:13 114984 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2010-03-09 09:11 . 2010-03-09 09:11 133512 ----a-w- c:\windows\system32\drivers\eamonm.sys
2010-03-05 14:01 . 2010-04-14 12:23 420352 ----a-w- c:\windows\system32\vbscript.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" [2009-11-15 33120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-03-09 2140880]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-08-28 1557800]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli DPPWDFLT

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^sora.group^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
path=c:\users\sora.group\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
2004-12-14 10:12 483328 ----a-w- c:\program files\Adobe\Acrobat 7.0\Distillr\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DpAgent]
2008-03-12 18:24 699456 ----a-w- c:\program files\DigitalPersona\Bin\DpAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-04-15 11:42 70912 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-12-10 20:52 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2007-11-20 05:44 488752 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2008-02-26 13:08 2289664 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 15:45 3883840 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OnScreenDisplay]
2007-11-01 16:42 554288 ----a-w- c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-11-11 09:57 1451520 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2008-03-14 06:45 202032 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2008-05-14 20:56 468264 ----a-w- c:\program files\HP\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-01-21 11:17 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-11 14:21 246504 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysTrayApp]
2008-06-27 19:42 442467 ----a-w- c:\program files\IDT\WDM\sttray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2007-12-24 14:55 222504 ------w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):0c,f0,04,23,9a,c9,ca,01

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-05-24 691696]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
S0 Amddfltr;Amd Disk Lower Filter Driver;c:\windows\system32\DRIVERS\Amddfltr.sys [2008-01-07 15416]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-03-09 114984]
S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2010-03-24 142592]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\aestsrv.exe [2008-02-12 73728]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-03-09 133512]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-03-09 810120]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-03-09 96896]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-03-18 19456]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-03-26 341328]
S2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-03-26 595248]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-01-23 52736]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-04-01 81296]
S3 vfs101x;vfs101x;c:\windows\system32\drivers\vfs101x.sys [2008-03-26 40752]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 13:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Doplňkový sken -------
.
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Hledání panelu &AOL Toolbar - c:\programdata\AOL\ieToolbar\resources\cs-CZ\local\search.html
IE: Převést cíl vazby do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést cíl vazby do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést vybrané vazby do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést vybrané vazby do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Převést výběr do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést výběr do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
TCP: {C03E4588-3E6E-4DF0-A2D2-06E59E2221E6} = 77.48.254.254,77.48.100.254
FF - ProfilePath - c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-27 21:16
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(704)
c:\windows\system32\DPPWDFLT.dll
.
Celkový čas: 2010-05-27 21:22:04
ComboFix-quarantined-files.txt 2010-05-27 19:22

Před spuštěním: Volných bajtů: 97 081 659 392
Po spuštění: Volných bajtů: 97 022 504 960

- - End Of File - - 5753797FE747A67F7E88D4DBF77F37BD

Damned · Příspěvekod **Damned** » 27 kvě 2010 21:51

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený zeleně:

File::
c:\users\sora.group\AppData\Roaming\wklnhst.dat
c:\programdata\ezsidmv.dat
c:\users\sora.group\AppData\Local\d3d9caps.dat
c:\windows\hpoins18.dat
c:\windows\inf\drvindex.dat

Folder::
c:\program files\free-downloads.net
C:\Program Files\Ask.com
C:\Program Files\Crawler

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000000
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.

- Automaticky se spustí ComboFix, oprava může trvat i déle než 10 minut. ! Nech ComboFix dokončit svou práci !
- Vlož sem log, který vyběhne v závěru čistícího procesu

jaruska · Příspěvekod **jaruska** » 28 kvě 2010 04:14

Dobré ráno
tady jsou poslední výsledky ComboFixu

ComboFix 10-05-26.04 - sora.group 27.05.2010 22:04:16.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2045.1072 [GMT 2:00]
Spuštěný z: c:\users\sora.group\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\sora.group\Desktop\CFScript.txt
SP: Spyware Terminator *disabled* (Updated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Rezidentní štít AV je zapnutý

FILE ::
"c:\programdata\ezsidmv.dat"
"c:\users\sora.group\AppData\Local\d3d9caps.dat"
"c:\users\sora.group\AppData\Roaming\wklnhst.dat"
"c:\windows\hpoins18.dat"
"c:\windows\inf\drvindex.dat"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\free-downloads.net
c:\programdata\ezsidmv.dat
c:\users\sora.group\AppData\Local\d3d9caps.dat
c:\users\sora.group\AppData\Roaming\wklnhst.dat
c:\windows\hpoins18.dat
c:\windows\inf\drvindex.dat

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-04-27 do 2010-05-27 )))))))))))))))))))))))))))))))
.

2010-05-27 20:15 . 2010-05-27 20:15 -------- d-----w- c:\users\sora.group\AppData\Local\temp
2010-05-27 20:15 . 2010-05-27 20:15 -------- d-----w- c:\users\SORA~1~GRO\AppData\Local\temp
2010-05-27 20:15 . 2010-05-27 20:15 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-05-27 20:15 . 2010-05-27 20:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-27 19:01 . 2010-05-27 19:01 -------- d-----w- c:\users\sora.group\AppData\Local\ESET
2010-05-27 17:28 . 2010-05-27 17:28 -------- d-----w- c:\users\sora.group\AppData\Roaming\Malwarebytes
2010-05-27 17:27 . 2010-03-29 13:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-27 17:27 . 2010-05-27 17:27 -------- d-----w- c:\programdata\Malwarebytes
2010-05-27 17:27 . 2010-03-29 13:24 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-27 17:27 . 2010-05-27 17:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-27 16:59 . 2010-05-27 16:59 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2010-05-27 13:16 . 2010-05-27 13:16 -------- d-----w- c:\users\SORA~1~GRO
2010-05-27 12:35 . 2010-05-27 12:35 -------- d-----w- c:\program files\RegCleaner
2010-05-26 21:02 . 2010-05-26 21:11 -------- d-----w- c:\program files\MP3Gain
2010-05-26 05:43 . 2010-04-23 14:13 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-24 18:07 . 2010-05-24 18:07 -------- d-----w- c:\program files\Alcohol Soft
2010-05-18 12:20 . 2010-05-18 12:20 -------- d-----w- c:\programdata\vsosdk
2010-05-12 14:25 . 2010-05-12 14:25 -------- d-----w- c:\users\sora.group\AppData\Local\Hewlett-Packard
2010-05-12 10:14 . 2010-01-29 15:40 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-06 18:05 . 2010-05-06 18:05 -------- d-----w- c:\users\sora.group\AppData\Roaming\progeSOFT
2010-05-06 18:03 . 2010-05-06 18:03 -------- d-----w- c:\programdata\progeSOFT
2010-05-06 18:01 . 2009-10-07 13:39 2134016 ----a-w- c:\windows\system32\cdintf251.dll
2010-05-06 18:00 . 2009-10-07 13:42 89360 ----a-w- c:\windows\system32\vb5db.dll
2010-05-06 17:59 . 2009-10-07 13:42 61440 ----a-w- c:\windows\system32\wintab32.dll
2010-05-06 17:59 . 2010-05-06 17:59 -------- d-----w- c:\program files\progeSOFT
2010-05-05 20:29 . 2010-05-05 20:49 -------- d-----w- c:\users\sora.group\AppData\Roaming\Template
2010-04-30 16:40 . 2010-04-30 16:40 -------- d-----w- c:\users\sora.group\AppData\Local\Mozilla
2010-04-30 06:28 . 1998-01-23 10:19 304640 ----a-w- c:\windows\IsUn0405.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-27 19:04 . 2008-06-09 12:10 598832 ----a-w- c:\windows\system32\perfh005.dat
2010-05-27 19:04 . 2008-06-09 12:10 114992 ----a-w- c:\windows\system32\perfc005.dat
2010-05-27 18:52 . 2010-03-18 22:19 2604 ----a-w- c:\windows\bthservsdp.dat
2010-05-27 13:16 . 2008-06-09 02:32 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-27 11:55 . 2010-03-24 07:50 -------- d-----w- c:\programdata\Spyware Terminator
2010-05-26 21:30 . 2010-03-24 07:51 -------- d-----w- c:\users\sora.group\AppData\Roaming\Spyware Terminator
2010-05-26 05:49 . 2010-03-22 16:07 503808 ----a-w- c:\programdata\STORMWARE\POHODA\Data\Pohoda.sys
2010-05-26 05:46 . 2010-03-25 15:41 -------- d-----w- c:\program files\Microsoft
2010-05-25 18:07 . 2010-03-24 07:50 -------- d-----w- c:\program files\Spyware Terminator
2010-05-24 18:02 . 2010-03-21 21:00 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-05-23 09:34 . 2010-04-24 22:49 -------- d-----w- c:\programdata\DVD Shrink
2010-05-23 09:34 . 2010-04-24 22:49 -------- d-----w- c:\program files\DVD Shrink
2010-05-20 18:31 . 2010-03-21 15:00 -------- d-----w- c:\users\sora.group\AppData\Roaming\.RTS
2010-05-18 12:30 . 2010-04-25 06:43 -------- d-----w- c:\users\sora.group\AppData\Roaming\Vso
2010-05-12 17:32 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-05-12 17:31 . 2010-03-19 14:30 -------- d-----w- c:\programdata\Microsoft Help
2010-05-12 09:21 . 2010-03-19 16:30 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-04-25 06:43 . 2010-04-25 06:43 47360 ----a-w- c:\users\sora.group\AppData\Roaming\pcouffin.sys
2010-04-25 06:43 . 2010-04-25 06:43 47360 ----a-w- c:\users\sora.group\AppData\Roaming\pcouffin.sys
2010-04-25 06:42 . 2010-04-25 06:42 -------- d-----w- c:\program files\VSO
2010-04-24 22:43 . 2010-04-24 22:40 -------- d-----w- c:\program files\AutoGK
2010-04-24 22:43 . 2010-04-24 22:43 -------- d-----w- c:\program files\XviD
2010-04-24 22:42 . 2010-04-24 22:42 -------- d-----w- c:\program files\AviSynth 2.5
2010-04-24 22:41 . 2010-04-24 22:41 -------- d-----w- c:\program files\Gabest
2010-04-20 18:54 . 2010-03-19 05:53 75832 ----a-w- c:\users\sora.group\AppData\Local\GDIPFONTCACHEV1.DAT
2010-04-18 10:34 . 2010-04-18 10:34 -------- d-----w- c:\program files\CCleaner
2010-04-13 11:14 . 2010-04-13 11:14 -------- d-----w- c:\program files\Microsoft Office 2003
2010-04-10 22:24 . 2010-04-10 22:24 -------- d-----w- c:\program files\Kocourek
2010-04-10 14:56 . 2010-04-10 14:55 -------- d-----w- c:\program files\Codec Pack - All In 1
2010-04-10 14:54 . 2010-04-10 14:56 737280 ----a-w- c:\windows\iun6002.exe
2010-04-10 14:29 . 2010-04-10 14:29 -------- d-----w- c:\users\sora.group\AppData\Roaming\CyberLink
2010-04-04 10:32 . 2010-03-24 16:31 -------- d-----w- c:\users\sora.group\AppData\Roaming\Nokia
2010-03-29 21:27 . 2010-03-29 21:27 -------- d-----w- c:\program files\FLVPlayer
2010-03-24 07:51 . 2010-03-24 07:51 6144 ----a-w- c:\programdata\Spyware Terminator\sp_rsdel.exe
2010-03-24 07:51 . 2010-03-24 07:51 5632 ----a-w- c:\programdata\Spyware Terminator\fileobjinfo.sys
2010-03-24 07:51 . 2010-03-24 07:51 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-03-24 07:44 . 2010-03-24 07:44 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-19 16:48 . 2010-03-19 16:48 95232 ----a-w- c:\programdata\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\pcswpcsi.exe
2010-03-19 16:48 . 2010-03-19 16:48 8192 ----a-w- c:\programdata\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstCCD.exe
2010-03-19 16:48 . 2010-03-19 16:48 61440 ----a-w- c:\programdata\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2010-03-19 16:48 . 2010-03-19 16:48 10240 ----a-w- c:\programdata\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstPCS.exe
2010-03-18 23:12 . 2010-03-18 23:12 0 ----a-w- c:\windows\ativpsrm.bin
2010-03-18 22:32 . 2010-03-18 22:32 251 ----a-w- c:\windows\xUninstall.bat
2010-03-18 12:06 . 2010-03-19 16:48 34701512 ----a-w- c:\programdata\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Nokia_PC_Suite_cze_web.exe
2010-03-09 09:13 . 2010-03-09 09:13 96896 ----a-w- c:\windows\system32\drivers\epfwwfpr.sys
2010-03-09 09:13 . 2010-03-09 09:13 114984 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2010-03-09 09:11 . 2010-03-09 09:11 133512 ----a-w- c:\windows\system32\drivers\eamonm.sys
2010-03-05 14:01 . 2010-04-14 12:23 420352 ----a-w- c:\windows\system32\vbscript.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe" [2009-11-15 33120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-03-09 2140880]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-08-28 1557800]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli DPPWDFLT

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^sora.group^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
path=c:\users\sora.group\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
2004-12-14 10:12 483328 ----a-w- c:\program files\Adobe\Acrobat 7.0\Distillr\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DpAgent]
2008-03-12 18:24 699456 ----a-w- c:\program files\DigitalPersona\Bin\DpAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-04-15 11:42 70912 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-12-10 20:52 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2007-11-20 05:44 488752 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2008-02-26 13:08 2289664 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-26 15:45 3883840 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OnScreenDisplay]
2007-11-01 16:42 554288 ----a-w- c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-11-11 09:57 1451520 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2008-03-14 06:45 202032 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2008-05-14 20:56 468264 ----a-w- c:\program files\HP\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-01-21 11:17 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-11 14:21 246504 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysTrayApp]
2008-06-27 19:42 442467 ----a-w- c:\program files\IDT\WDM\sttray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2007-12-24 14:55 222504 ------w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):0c,f0,04,23,9a,c9,ca,01

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-05-24 691696]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
S0 Amddfltr;Amd Disk Lower Filter Driver;c:\windows\system32\DRIVERS\Amddfltr.sys [2008-01-07 15416]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2010-03-09 114984]
S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2010-03-24 142592]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f691e717\aestsrv.exe [2008-02-12 73728]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2010-03-09 133512]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-03-09 810120]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2010-03-09 96896]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-03-18 19456]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-03-26 341328]
S2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-03-26 595248]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-01-23 52736]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-04-01 81296]
S3 vfs101x;vfs101x;c:\windows\system32\drivers\vfs101x.sys [2008-03-26 40752]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 13:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Doplňkový sken -------
.
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Hledání panelu &AOL Toolbar - c:\programdata\AOL\ieToolbar\resources\cs-CZ\local\search.html
IE: Převést cíl vazby do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést cíl vazby do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést vybrané vazby do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést vybrané vazby do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Převést výběr do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést výběr do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
TCP: {C03E4588-3E6E-4DF0-A2D2-06E59E2221E6} = 77.48.254.254,77.48.100.254
FF - ProfilePath - c:\users\sora.group\AppData\Roaming\Mozilla\Firefox\Profiles\axkkzdf1.default\
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-27 22:15
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'lsass.exe'(704)
c:\windows\system32\DPPWDFLT.dll
.
Celkový čas: 2010-05-27 22:21:07
ComboFix-quarantined-files.txt 2010-05-27 20:21
ComboFix2.txt 2010-05-27 19:22

Před spuštěním: Volných bajtů: 97 041 448 960
Po spuštění: Volných bajtů: 97 014 718 464

- - End Of File - - 32802FA501B93E9F3A52E1AF0A707BCB

Damned · Příspěvekod **Damned** » 28 kvě 2010 06:13

Výborně.

Vypni antivir a pokud máš i Antispyware a odinstaluj ComboFix ( nutné ) .
ComboFix se odinstaluje takto:
Start -> Spustit a zadej do řádku: Combofix[mezera]/uninstall

Stáhni si T-Cleaner ( nutné - smaže vše po Combu,SDFixu,Avengeru,MWAVu atd.-stáhneš->spustíš)

(pozn.Pokud máš AVG nebo Aviru, před stažením T-Cleaneru a po dobu čištění deaktivuj AVG i Aviru (i rezidenty), následně T-Cleaner smaž a zapni si AVG, Aviru.)
*****************************************************************************************************************************************
Stáhni si OTL na Plochu.
Ujisti se , že máš zavřena všechna ostatní okna a poklepej na ikonu OTL.Nahoře v okně pod Výstup klikni na Minimální výstup.Pod Běžné registry změň na Vše. Zatrhni Kontrola na havěť LOP a Kontrola na havěť Purity. Stáří souborů změň na 14 dnů. Všechny ostatní nastavení ponech jak jsou. Klikni na Prohledat. Sken může trvat dlouho, až skončí otevřou se dva logy:
OTL.Txt
Extras.Txt
Jsou uloženy ve stejném místě jako OTL. Oba logy sem prosím zkopíruj

jaruska · Příspěvekod **jaruska** » 28 kvě 2010 13:16

ComboFix jsem se pokusila odinstalovat tak jak jsi napsal, ale znova se spustil a vytvořil log,
v PC zůstal jenom na ploše, v ProgramFiles nebylo nic. Nevím jestli jsem neudělala chybu, ale to co
bylo na ploše jsem dala do koše.
Tady jsou logy z OTL

OTL logfile created on: 28.5.2010 13:04:52 - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Users\sora.group\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 64,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 141,31 Gb Total Space | 89,52 Gb Free Space | 63,35% Space Free | Partition Type: NTFS
Drive D: | 7,74 Gb Total Space | 7,48 Gb Free Space | 96,62% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PAVEL-PC
Current User Name: sora.group
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 14 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\sora.group\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
PRC - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe (StarWind Software)
PRC - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\conime.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\stacsv.exe (IDT, Inc.)
PRC - C:\WINDOWS\System32\vfsFPService.exe (Validity Sensors, Inc.)
PRC - C:\WINDOWS\SMINST\BLService.exe ()
PRC - C:\Program Files\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.)
PRC - C:\Program Files\DigitalPersona\Bin\DpHostW.exe (DigitalPersona, Inc.)
PRC - C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_f691e717\AEstSrv.exe (Andrea Electronics Corporation)

========== Modules (SafeList) ==========

MOD - C:\Users\sora.group\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\System32\msscript.ocx (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (sp_rssrv) -- C:\Program Files\Spyware Terminator\sp_rsser.exe (Crawler.com)
SRV - (EhttpSrv) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET)
SRV - (ekrn) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
SRV - (StarWindServiceAE) -- C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe (StarWind Software)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (FontCache) -- C:\WINDOWS\System32\FntCache.dll (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (NetTcpPortSharing) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (STacSV) -- C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\stacsv.exe (IDT, Inc.)
SRV - (vfsFPService) -- C:\WINDOWS\System32\vfsFPService.exe (Validity Sensors, Inc.)
SRV - (Recovery Service for Windows) -- C:\WINDOWS\SMINST\BLService.exe ()
SRV - (DpHost) -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe (DigitalPersona, Inc.)
SRV - (AESTFilters) -- C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_f691e717\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (sp_rsdrv2) -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys ()
DRV - (epfwwfpr) -- C:\WINDOWS\System32\drivers\epfwwfpr.sys (ESET)
DRV - (ehdrv) -- C:\WINDOWS\System32\drivers\ehdrv.sys (ESET)
DRV - (eamonm) -- C:\WINDOWS\System32\drivers\eamonm.sys (ESET)
DRV - (athr) -- C:\WINDOWS\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (SynTP) -- C:\WINDOWS\System32\drivers\SynTP.sys (Synaptics Incorporated)
DRV - (pccsmcfd) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (STHDA) -- C:\WINDOWS\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (ahcix86s) -- C:\Windows\system32\DRIVERS\ahcix86s.sys (AMD Technologies Inc.)
DRV - (RTL8169) -- C:\WINDOWS\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (JMCR) -- C:\WINDOWS\System32\drivers\jmcr.sys (JMicron Technology Corp.)
DRV - (atikmdag) -- C:\WINDOWS\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (hpdskflt) -- C:\Windows\system32\DRIVERS\hpdskflt.sys (Hewlett-Packard Corporation)
DRV - (Accelerometer) -- C:\WINDOWS\System32\drivers\Accelerometer.sys (Hewlett-Packard Corporation)
DRV - (vfs101x) -- C:\WINDOWS\System32\drivers\vfs101x.sys (Validity Sensors, Inc.)
DRV - (btwavdt) -- C:\WINDOWS\System32\drivers\btwavdt.sys (Broadcom Corporation.)
DRV - (btwaudio) -- C:\WINDOWS\System32\drivers\btwaudio.sys (Broadcom Corporation.)
DRV - (btwrchid) -- C:\WINDOWS\System32\drivers\btwrchid.sys (Broadcom Corporation.)
DRV - (enecir) -- C:\WINDOWS\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\WINDOWS\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (winachsf) -- C:\WINDOWS\System32\drivers\VSTCNXT3.SYS (Conexant Systems, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (HSF_DPV) -- C:\WINDOWS\System32\drivers\VSTDPV3.SYS (Conexant Systems, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (HSFHWAZL) -- C:\WINDOWS\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Amddfltr) -- C:\Windows\system32\DRIVERS\Amddfltr.sys (Advanced Micro Devices)
DRV - (HpqRemHid) -- C:\WINDOWS\System32\drivers\HpqRemHid.sys (Hewlett-Packard Development Company, L.P.)
DRV - (HpqKbFiltr) -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (NVENETFD) -- C:\WINDOWS\System32\drivers\nvm60x32.sys (NVIDIA Corporation)
DRV - (BCM43XV) -- C:\WINDOWS\System32\drivers\BCMWL6.SYS (Broadcom Corporation)
DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... on&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010.03.21 21:59:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.04.30 18:40:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.04.30 18:40:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010.03.23 08:32:43 | 000,000,000 | ---D | M]

[2010.04.30 18:41:11 | 000,000,000 | ---D | M] -- C:\Users\sora.group\AppData\Roaming\mozilla\Extensions
[2010.04.30 18:41:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sora.group\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010.05.18 14:20:48 | 000,000,000 | ---D | M] -- C:\Users\sora.group\AppData\Roaming\mozilla\Firefox\Profiles\axkkzdf1.default\extensions
[2010.05.18 14:20:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\sora.group\AppData\Roaming\mozilla\Firefox\Profiles\axkkzdf1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.04.30 18:40:27 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.04.30 18:40:27 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010.01.16 05:11:42 | 000,023,000 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010.01.16 05:11:42 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2010.01.16 05:11:42 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2010.01.16 02:50:40 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010.01.16 02:50:40 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.01.16 02:50:40 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.01.16 02:50:40 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.01.16 02:50:40 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.01.16 02:50:40 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2010.05.27 22:15:22 | 000,000,027 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Pomocná služba pro přihlášení ke službě Windows Live ID) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll File not found
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Hledání panelu &AOL Toolbar - C:\ProgramData\AOL\ieToolbar\resources\cs-CZ\local\search.html ()
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Převést cíl vazby do existujícího PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Převést do Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Převést do existujícího PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Převést výběr do Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Převést výběr do existujícího PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Převést vybrané vazby do Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Převést vybrané vazby do existujícího PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: Přidat na blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Přidat na blog Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\System32\NapiNSP.dll (Společnost Microsoft)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\System32\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\sora.group\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta galerie Windows Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\sora.group\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta galerie Windows Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010.05.28 13:00:34 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Users\sora.group\Desktop\OTL.exe
[2010.05.28 12:14:21 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010.05.28 12:14:17 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010.05.28 12:14:17 | 000,000,000 | ---D | C] -- C:\Users\sora.group\AppData\Local\temp
[2010.05.28 11:59:47 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010.05.27 21:01:00 | 000,000,000 | ---D | C] -- C:\Users\sora.group\AppData\Local\ESET
[2010.05.27 20:57:57 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010.05.27 20:57:49 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010.05.27 20:57:43 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010.05.27 20:56:55 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010.05.27 20:51:50 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.05.27 19:28:27 | 000,000,000 | ---D | C] -- C:\Users\sora.group\AppData\Roaming\Malwarebytes
[2010.05.27 19:27:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.05.27 19:27:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.05.27 14:35:11 | 000,000,000 | ---D | C] -- C:\Program Files\RegCleaner
[2010.05.26 23:02:24 | 000,000,000 | ---D | C] -- C:\Program Files\MP3Gain
[2010.05.26 07:43:05 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.05.24 20:07:10 | 000,000,000 | ---D | C] -- C:\Program Files\Alcohol Soft
[2010.05.18 14:20:22 | 000,000,000 | ---D | C] -- C:\ProgramData\vsosdk
[2010.05.17 22:10:39 | 000,000,000 | ---D | C] -- C:\Users\sora.group\Documents\ConvertXToDVD

========== Files - Modified Within 14 Days ==========

[2010.05.28 13:04:53 | 003,932,160 | -HS- | M] () -- C:\Users\sora.group\NTUSER.DAT
[2010.05.28 13:01:17 | 000,598,832 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2010.05.28 13:01:17 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.05.28 13:01:17 | 000,114,992 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2010.05.28 13:01:17 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.05.28 13:01:16 | 001,393,902 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.05.28 13:00:51 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\sora.group\Desktop\OTL.exe
[2010.05.28 12:55:10 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.05.28 12:55:09 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.05.28 12:54:28 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.05.28 12:54:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.05.28 12:54:11 | 2143,129,600 | -HS- | M] () -- C:\hiberfil.sys
[2010.05.28 12:53:02 | 000,002,604 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.05.28 12:52:53 | 000,524,288 | -HS- | M] () -- C:\Users\sora.group\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.05.28 12:52:53 | 000,065,536 | -HS- | M] () -- C:\Users\sora.group\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.05.28 12:52:51 | 002,462,711 | -H-- | M] () -- C:\Users\sora.group\AppData\Local\IconCache.db
[2010.05.28 12:09:48 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010.05.28 11:58:25 | 000,042,410 | ---- | M] () -- C:\Users\sora.group\Desktop\Vstupni_schodyBD_Stinadla_1042_3.xlsx
[2010.05.27 22:15:22 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010.05.27 18:59:08 | 000,002,560 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE
[2010.05.27 14:35:14 | 000,000,767 | ---- | M] () -- C:\Users\sora.group\Desktop\RegCleaner.lnk
[2010.05.27 03:24:54 | 000,061,952 | ---- | M] () -- C:\Users\sora.group\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.24 20:18:58 | 000,000,110 | ---- | M] () -- C:\Users\sora.group\Documents\ax_files.xml
[2010.05.24 20:13:28 | 000,000,966 | ---- | M] () -- C:\Users\Public\Desktop\Alcohol 52%.lnk
[2010.05.24 20:02:29 | 000,691,696 | ---- | M] () -- C:\Windows\System32\drivers\sptd.sys
[2010.05.17 22:08:17 | 000,001,057 | ---- | M] () -- C:\Users\sora.group\AppData\Roaming\vso_ts_preview.xml
[2010.05.16 22:58:28 | 000,191,488 | ---- | M] () -- C:\Users\sora.group\Desktop\seznam DVD.xls

========== Files Created - No Company Name ==========

[2010.05.28 11:58:24 | 000,042,410 | ---- | C] () -- C:\Users\sora.group\Desktop\Vstupni_schodyBD_Stinadla_1042_3.xlsx
[2010.05.27 20:57:59 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010.05.27 20:57:51 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010.05.27 20:57:48 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010.05.27 20:57:47 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010.05.27 20:57:46 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010.05.27 18:59:06 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2010.05.27 14:35:14 | 000,000,767 | ---- | C] () -- C:\Users\sora.group\Desktop\RegCleaner.lnk
[2010.05.24 20:18:58 | 000,000,110 | ---- | C] () -- C:\Users\sora.group\Documents\ax_files.xml
[2010.05.24 20:13:28 | 000,000,966 | ---- | C] () -- C:\Users\Public\Desktop\Alcohol 52%.lnk
[2010.05.06 19:59:19 | 000,061,440 | ---- | C] () -- C:\Windows\System32\wintab32.dll
[2010.04.30 08:31:27 | 000,000,047 | ---- | C] () -- C:\Windows\Pohoda.INI
[2010.03.24 09:51:27 | 000,142,592 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2010.03.22 07:35:20 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.03.21 23:00:24 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2010.03.19 18:48:01 | 000,001,211 | ---- | C] () -- C:\Windows\Solitaire.ini
[2009.01.25 23:10:48 | 000,179,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.01.09 01:01:22 | 000,629,760 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008.03.28 11:19:10 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007.11.14 17:17:34 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CogentBioSDK.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005.10.14 11:56:50 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2005.10.14 11:56:50 | 000,921,600 | ---- | C] () -- C:\Windows\System32\VorbisEnc.dll
[2005.10.14 11:56:50 | 000,344,064 | ---- | C] () -- C:\Windows\System32\xvid.dll
[2005.10.14 11:56:50 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll
[2005.10.14 11:56:50 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2005.10.14 11:56:50 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ogg.dll
[2002.10.16 00:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== LOP Check ==========

[2010.05.28 11:54:29 | 000,000,000 | ---D | M] -- C:\Users\sora.group\AppData\Roaming\.RTS
[2010.03.19 07:52:54 | 000,000,000 | ---D | M] -- C:\Users\sora.group\AppData\Roaming\DigitalPersona
[2010.03.24 06:56:23 | 000,000,000 | ---D | M] -- C:\Users\sora.group\AppData\Roaming\Image Zone Express
[2010.03.21 22:18:01 | 000,000,000 | ---D | M] -- C:\Users\sora.group\AppData\Roaming\ImgBurn
[2010.04.04 12:32:45 | 000,000,000 | ---D | M] -- C:\Users\sora.group\AppData\Roaming\Nokia
[2010.03.19 08:06:43 | 000,000,000 | ---D | M] -- C:\Users\sora.group\AppData\Roaming\Opera
[2010.03.24 18:36:55 | 000,000,000 | ---D | M] -- C:\Users\sora.group\AppData\Roaming\PC Suite
[2010.03.24 06:45:20 | 000,000,000 | ---D | M] -- C:\Users\sora.group\AppData\Roaming\Printer Info Cache
[2010.05.06 20:05:32 | 000,000,000 | ---D | M] -- C:\Users\sora.group\AppData\Roaming\progeSOFT
[2010.05.26 23:30:33 | 000,000,000 | ---D | M] -- C:\Users\sora.group\AppData\Roaming\Spyware Terminator
[2010.03.19 18:27:58 | 000,000,000 | ---D | M] -- C:\Users\sora.group\AppData\Roaming\STORMWARE
[2010.05.05 22:49:31 | 000,000,000 | ---D | M] -- C:\Users\sora.group\AppData\Roaming\Template
[2010.05.18 14:30:19 | 000,000,000 | ---D | M] -- C:\Users\sora.group\AppData\Roaming\Vso
[2010.03.19 11:55:38 | 000,000,000 | ---D | M] -- C:\Users\sora.group\AppData\Roaming\Zoner
[2010.05.28 12:53:06 | 000,032,612 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

jaruska · Příspěvekod **jaruska** » 28 kvě 2010 13:17

OTL Extras logfile created on: 28.5.2010 13:04:52 - Run 1
OTL by OldTimer - Version 3.2.5.0 Folder = C:\Users\sora.group\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 64,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 141,31 Gb Total Space | 89,52 Gb Free Space | 63,35% Space Free | Partition Type: NTFS
Drive D: | 7,74 Gb Total Space | 7,48 Gb Free Space | 96,62% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PAVEL-PC
Current User Name: sora.group
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 14 Days
Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Opera\opera.exe" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1A18D039-E626-4C0D-B959-B1D429A2E75A}" = rport=139 | protocol=6 | dir=out | app=system |
"{3E48BC1E-0376-4988-8D66-B279A668C286}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{414CC1A4-14E9-4DA8-A677-21C7AC916EEB}" = rport=445 | protocol=6 | dir=out | app=system |
"{42CCBAB2-8091-4078-82FD-1E4811C111FF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4A27461F-EE69-4745-9F8F-A0E6C3338887}" = lport=139 | protocol=6 | dir=in | app=system |
"{5D9F5A22-53A0-42B5-A48C-B436ADABF5BA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6137E359-DA09-4819-A5D3-CA3A67F770AB}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{7709AEED-A961-4792-AB03-B3CEBA5224D8}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{7A10F52E-6ECA-4D73-9F62-D59BB0357A93}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{8313FB1C-6477-44D1-A168-81D9F9A45D89}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{88F54A0B-DCC0-4489-A013-08049B250B92}" = lport=445 | protocol=6 | dir=in | app=system |
"{89BEDE91-3965-44F8-ACC7-73126D2D4A47}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AABB6D64-32C5-44D3-B52C-671B22BF678E}" = lport=137 | protocol=17 | dir=in | app=system |
"{B16B13A9-3E69-450B-A743-BEF26DFAAD82}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CBCCDBE8-7CEA-42E8-8B18-5F49D34EFC8A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D5B902D1-62F3-488C-AA99-58728D1A1E4F}" = lport=138 | protocol=17 | dir=in | app=system |
"{E3AD663D-1644-42D4-A37C-11458F2E353F}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{ECA7A795-BBA4-4B1C-9EFF-A1B52AF8AB48}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{F3F905F2-9DB6-4282-A819-41B9B242063F}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C08DED-878C-4383-8C98-74EFE9FEEF5E}" = rport=138 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{26041F4F-E7B1-40EF-8318-994123E6C969}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{2CEB423D-A298-4C19-9228-C86D9C498FD8}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{2CFB1F4F-9D76-4E7F-B0CB-DEF5CBAF6C5A}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{2D7BD65E-F6A3-461E-9277-8129084D82DF}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{4792B4ED-82FA-4ACB-B47D-9120087C8BC1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{520E2C70-7950-4F65-8B48-21795C34ABC1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6354C147-F83E-4D68-B4BF-32264D74170C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{6969756E-D5D2-4B0F-8B31-10C6573F00FE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{6D86DBB7-9CA6-4200-B628-E70573BF58DF}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{76D38252-B37B-434D-B3F0-3B33BB9B9FF4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{790FD988-D251-4FC5-88F7-EE21C4293EF9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{79CE53AF-3F05-4C44-B310-091F5FC0B723}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{7DD29F0B-11EE-4640-A301-3BF609CD93CB}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{B1D2639C-DBFF-46BF-A4CC-934B07D38EEB}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{FC1B4C5F-75DB-49FB-BB75-408581F72255}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"TCP Query User{68B89A83-B490-4D69-AC08-6E992141852E}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"UDP Query User{FFEE8ACA-EC89-45B1-806C-DD754DA56B74}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{024D1716-9F42-0039-06E5-F4279D6C4382}" = CCC Help Russian
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.6200
"{04556846-E511-3FE9-E824-3588075C8036}" = Catalyst Control Center Graphics Full Existing
"{05CD72BE-7783-AAB9-0C05-2D8DBD2DD444}" = Catalyst Control Center Localization Dutch
"{0612E132-33FF-4488-9C31-F8D485D6866D}" = Catalyst Control Center Graphics Light
"{068B46A0-8858-4CEB-80BC-A4AE787A05FC}" = Windows Live Sync
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Pomocník pro přihlášení ke službě Windows Live ID
"{0B3DB1B2-404C-AAA8-B32E-E65520EDE74D}" = CCC Help Polish
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0EABFEF6-6D10-4C12-8667-3029C481D355}" = Nokia Photos
"{10504622-2818-C312-55CC-A72D36A31DBC}" = CCC Help Swedish
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{19DC9559-9C20-4A46-A67D-7ECBA52A2788}" = Nokia PC Suite
"{1AE3E621-E0C0-4aa1-B10B-B3E353A8D110}" = c3100_Help
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1D097338-B4FA-4F29-9C43-8D7A970A007E}" = Windows Live Fotogalerie
"{1ED9E04F-DB3D-4B2D-9D18-EAA06CF5D444}" = STORMWARE POHODA CZ Standard
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Nástroj pro odesílání služby Windows Live
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{282E5AB2-8E47-4571-B6FA-6B512555B557}" = HP Photosmart.All-In-One Driver Software 8.0 .A
"{28C3E5E6-5ACA-408D-9A46-089C5334EC97}" = HP Help and Support
"{2A34320A-56F9-9C4F-D325-77AC8A54C8B6}" = Catalyst Control Center Localization Japanese
"{2C9FF444-79C0-C0C4-7B21-0E77C872AF53}" = CCC Help Danish
"{2CA3E0A5-9281-6E67-1843-A6CC0B00BD74}" = Catalyst Control Center Localization French
"{30DAA715-5032-40F9-A0AE-95C9AEBB3E3F}" = HP QuickTouch 1.00 D2
"{31775690-0E29-2AB1-75DE-C406152CBD1D}" = Catalyst Control Center Localization Chinese Standard
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3466C4D1-508A-0E36-EB05-2E53766F27E0}" = CCC Help Italian
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 D3
"{38DCD6F5-C4DC-25E5-C113-0A909558FC2C}" = CCC Help Norwegian
"{3FA160E2-066B-8D77-FCF4-F001F236E8E7}" = CCC Help Spanish
"{3FA93E4C-CB3B-4B25-B091-9DB0FCC56A74}" = Catalyst Control Center - Branding
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{431CED44-A6D3-4E4A-2B76-04D1A861FCCE}" = Catalyst Control Center Localization Swedish
"{44F5A980-8A6B-4aca-8D85-EFCE5D67D379}" = AIO_CDA_ProductContext
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.7
"{475144D0-A4D6-C553-42B5-7BB60FCEF9EC}" = Catalyst Control Center Localization German
"{479A749B-1684-4881-8266-BF8DD22251E7}" = Windows Live Writer
"{49BA6327-744C-3D20-16DB-6E98BF66D0FD}" = Catalyst Control Center Localization Danish
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B4D411D-E363-7E6B-68C3-C8E2EF02B7C6}" = CCC Help Chinese Traditional
"{4BFA6EEB-AAED-4334-8E98-A907DE4DD5CF}" = AMD Driver Support for HP 3D DriverGuard
"{50DB0F17-4180-31F7-F26B-B40CBA8BA6E0}" = CCC Help German
"{51E5C397-0AA0-48DD-9CB6-7259AFFDFB0A}" = HP Easy Setup - Frontend
"{5396C246-53B5-4BBA-62DC-8308C7357EFE}" = Catalyst Control Center Localization Polish
"{54CAEF60-0258-2D8E-F01F-24BC689EA8A9}" = Catalyst Control Center Localization Portuguese
"{560BB29B-41C5-88E4-4847-B4B1DDB47B9B}" = Catalyst Control Center Localization Czech
"{567E8236-C414-4888-8211-3D61608D57AE}" = Validity Sensors software
"{582287DA-0806-4AC0-BF19-C15E3A466034}" = LightScribe System Software 1.12.33.2
"{59748B12-406B-7EA4-355D-3BBD62E97C69}" = Catalyst Control Center Localization Turkish
"{5B4E5823-7265-9A19-A871-36E75824F7BE}" = CCC Help French
"{5EBC76DA-573E-7D96-A6F8-F4B9DE97A15F}" = Catalyst Control Center Localization Greek
"{623AD94E-1621-5AA1-BD6D-0EF08C9D7851}" = Catalyst Control Center Core Implementation
"{64EC5E29-BC78-4D63-9087-4B7E6C9F7998}" = Rybarske reviry CR - Kam na ryby
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6CDC748B-47B0-45EB-B740-681E8429F7F9}" = Opera 10.01
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6DBCFFF6-2A7B-4AE4-8FC8-1216442E2814}" = CCC Help Korean
"{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}" = PC Connectivity Solution
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6FCBD7F7-6A29-089F-E5DB-E33EFCF306CD}" = Catalyst Control Center Localization Spanish
"{71E40B32-5173-4538-8996-5822DD18E8D4}" = Windows Live Messenger
"{762D9F20-593B-436E-CAC3-B3D9F4DA7A90}" = Catalyst Control Center Localization Chinese Traditional
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{80C2AD19-97A2-C829-38DE-5FD5B47F122B}" = ATI Catalyst Install Manager
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8436F8D7-AA62-83DA-3BC5-E04871BF5F61}" = CCC Help Portuguese
"{84F40C39-1E61-B3A7-833A-3A376AB53394}" = CCC Help Japanese
"{85155187-3BEF-47B4-A662-346FEABF67A6}" = ProtectSmart Hard Drive Protection
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0405-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Czech) 2007
"{90120000-0016-0405-0000-0000000FF1CE}_HOMESTUDENTR_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0405-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Czech) 2007
"{90120000-0018-0405-0000-0000000FF1CE}_HOMESTUDENTR_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0405-0000-0000000FF1CE}" = Microsoft Office Word MUI (Czech) 2007
"{90120000-001B-0405-0000-0000000FF1CE}_HOMESTUDENTR_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0405-0000-0000000FF1CE}" = Microsoft Office Proof (Czech) 2007
"{90120000-001F-0405-0000-0000000FF1CE}_HOMESTUDENTR_{294B4278-CF7B-40B9-86A1-2D3FF0C2C524}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-041B-0000-0000000FF1CE}" = Microsoft Office Proof (Slovak) 2007
"{90120000-001F-041B-0000-0000000FF1CE}_HOMESTUDENTR_{10EC59E5-9BCE-4884-BB1A-E28627220232}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0405-0000-0000000FF1CE}" = Microsoft Office Proofing (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Czech) 2007
"{90120000-006E-0405-0000-0000000FF1CE}_HOMESTUDENTR_{E12F9D31-4025-4BC6-B1B2-AB262C5580B0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0405-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Czech) 2007
"{90120000-00A1-0405-0000-0000000FF1CE}_HOMESTUDENTR_{1FC5BC34-0301-40D2-9432-05BA220277B8}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{931FB38C-D5D4-4DBD-3723-50140A67F276}" = CCC Help Turkish
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{96A959C9-51E1-C920-A9FA-269BB462A940}" = CCC Help Czech
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9DFF6811-C498-45E4-94C8-A0B98FCBEC32}" = ESET NOD32 Antivirus
"{9E2CCD5E-1990-4EF2-9B61-32F0BBACC29B}" = HP Active Support Library
"{A102E7E3-2A4E-F509-3EF6-019F45C83196}" = CCC Help Dutch
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A57222BD-51E3-7765-A008-9B6428402A59}" = CCC Help Hungarian
"{A5CE7175-080D-49AC-B5A3-E7E3502428F5}" = HP Wireless Assistant
"{A8ACD338-255C-B53D-7F19-ED7293B291E8}" = Catalyst Control Center Localization Norwegian
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB61E316-F10B-43eb-B47F-42095835F9CC}" = C3100
"{AC76BA86-1033-C740-7760-100000000002}" = Adobe Acrobat 7.0 Professional - Czech, Polish, Greek
"{AE72E414-0935-4AC8-B7D6-12E3039BEC13}" = DigitalPersona Personal 3.0.1
"{AF1C9345-B53D-4110-BFBF-A0DD83AEAB83}" = AIO_CDA_Software
"{B0490CEE-D5ED-431A-88EB-772D9DB70C0C}" = Windows Live Movie Maker
"{B16DA0F8-26BC-4FFC-9363-1D9F3E6C3E21}" = HP Customer Experience Enhancements
"{BD41A0CF-79B4-98D8-B9B9-3DE8BEC8A861}" = Catalyst Control Center Localization Finnish
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C084BC61-E537-11DE-8616-005056806466}" = Google Earth
"{C329A034-EC6B-4670-A97D-BCE6527AAC9B}" = Rybarske reviry CR - Digitalni atlas
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C4B2636B-D76D-7C23-3010-99E96693F0B5}" = Catalyst Control Center Graphics Previews Vista
"{C50EF365-2898-489A-B6C7-30DAA466E9A2}" = Nokia Connectivity Cable Driver
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C73B5B3B-F974-48CA-8B91-3E8A432AEA5B}" = Microsoft Works
"{C9E9386A-7E81-796A-3465-8471A239A8A0}" = CCC Help Chinese Standard
"{CA4498C8-5146-E527-27A7-1B4F81C9BF05}" = CCC Help Thai
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.10.324
"{DD73CA82-EA82-38AA-863D-9A24A018DC96}" = Microsoft .NET Framework 3.5 Language Pack SP1 - csy
"{DEC3A80C-49D3-2885-2A03-3FBA61A5D40F}" = Catalyst Control Center Localization Italian
"{DF76930B-669D-4590-AD05-FC032B87CD14}" = Rybarske reviry CR - Ubytovani
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E0B276B1-97D7-7AD2-548F-248A7745A1ED}" = CCC Help Greek
"{E2ADC6FA-4233-54E6-29EC-E60EAD096A50}" = Catalyst Control Center Localization Hungarian
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3EA025D-29A0-530C-9CA7-DBB5C49BB6DB}" = Skins
"{E3F328E4-EB9F-4ABF-8FF3-5AD0472743D8}" = Windows Live Essentials
"{E5A10EF8-DBF3-4251-A9CA-423311DBBFC8}" = Windows Live Mail
"{E86E5246-AA7E-11D4-88C9-00105ADBE398}" = O&O Defrag 2000 Freeware Edition
"{E96FFA19-E94B-D32B-E103-E78A0877245A}" = Catalyst Control Center Localization Thai
"{EAE4AD65-89F2-3DE8-DF46-CCB34393CAA0}" = Catalyst Control Center Localization Russian
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EE3D717C-D93F-2A2B-F641-F59F48E11895}" = ccc-utility
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F447BD4C-65C3-A6D9-8A5F-5E822E32E1BC}" = Catalyst Control Center Localization Korean
"{F48098CD-2D66-4861-85EC-DC1D4D09D5F9}" = HP User Guides 0102
"{F48FEA7A-2B87-8270-927C-20A0E7E5EBC2}" = CCC Help English
"{FCC92CBC-F520-A906-C002-9A6236308916}" = Catalyst Control Center Graphics Full New
"{FEC99680-66C4-C8C7-084B-2FB1B257777C}" = CCC Help Finnish
"{FEEDAB32-F937-8319-D3F1-FFFC98C2111E}" = ccc-core-static
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"05B59228C7E1C21DFBE89260F879BD95880548D8" = Balíček ovladače systému Windows - Nokia Modem (10/05/2009 4.2)
"504244733D18C8F63FF584AEB290E3904E791693" = Balíček ovladače systému Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Balíček ovladače systému Windows - Nokia Modem (06/01/2009 7.01.0.4)
"Adobe Acrobat 7.0 Professional - Czech, Polish, Greek - V" = Adobe Acrobat 7.0 Professional - Czech, Polish, Greek
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AOL Toolbar" = AOL Toolbar 5.0
"AutoGK" = Auto Gordian Knot 2.55
"AviSynth" = AviSynth 2.5
"CCleaner" = CCleaner
"Cool's_Codec_pack_4.12" = Codec Pack - All In 1 6.0.3.0
"Defraggler" = Defraggler
"DVD Shrink_is1" = DVD Shrink 3.2
"FLVPlayer" = FLV Player 1.3.3
"Free Solitaire_is1" = Free Solitaire
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"ImgBurn" = ImgBurn
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Microsoft .NET Framework 3.5 Language Pack SP1 - csy" = Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"Nokia PC Suite" = Nokia PC Suite
"progeCAD 2009 Smart! ENG" = progeCAD 2009 Smart! ENG
"RTS Stavitel_is1" = RTS Stavitel+ 2007
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
"Spyware Terminator_is1" = Spyware Terminator
"STORMWARE PDF Printer_is1" = STORMWARE PDF Printer 5.0.0.614
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VobSub" = VobSub v2.23 (Remove Only)
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
"ZonerPhotoStudio10_CZ_is1" = Zoner Photo Studio 10

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 27.5.2010 7:45:13 | Computer Name = soragroup-PC | Source = EventSystem | ID = 4621
Description =

Error - 27.5.2010 7:50:18 | Computer Name = soragroup-PC | Source = WinMgmt | ID = 10
Description =

Error - 27.5.2010 8:12:07 | Computer Name = Pavel-PC | Source = WinMgmt | ID = 10
Description =

Error - 27.5.2010 8:41:19 | Computer Name = Pavel-PC | Source = Application Error | ID = 1000
Description = Chybující aplikace RegCleanr.exe, verze 4.3.0.780, časové razítko
0x2a425e19, chybující modul RPCRT4.dll, verze 6.0.6002.18024, časové razítko 0x49f05bcc,
kód výjimky 0xc0000005, posun chyby 0x00046620, ID procesu 0xc00, čas spuštění aplikace
0x01cafd993b66396d.

Error - 27.5.2010 12:58:20 | Computer Name = Pavel-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 27.5.2010 12:59:16 | Computer Name = Pavel-PC | Source = EventSystem | ID = 4621
Description =

Error - 27.5.2010 13:06:07 | Computer Name = Pavel-PC | Source = WinMgmt | ID = 10
Description =

Error - 27.5.2010 13:10:47 | Computer Name = Pavel-PC | Source = EventSystem | ID = 4621
Description =

Error - 27.5.2010 13:13:21 | Computer Name = Pavel-PC | Source = WinMgmt | ID = 10
Description =

Error - 27.5.2010 14:56:50 | Computer Name = Pavel-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 22.3.2010 19:55:20 | Computer Name = soragroup-PC | Source = HTTP | ID = 15016
Description =

Error - 22.3.2010 19:57:17 | Computer Name = soragroup-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 22.3.2010 19:57:17 | Computer Name = soragroup-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 22.3.2010 19:57:17 | Computer Name = soragroup-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 22.3.2010 19:57:34 | Computer Name = soragroup-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =

Error - 22.3.2010 20:02:46 | Computer Name = soragroup-PC | Source = EventLog | ID = 6008
Description = Předchozí vypnutí systému (0:55:15, 23.3.2010) bylo neočekávané.

Error - 22.3.2010 20:02:55 | Computer Name = soragroup-PC | Source = HTTP | ID = 15016
Description =

Error - 22.3.2010 20:03:30 | Computer Name = soragroup-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =

Error - 22.3.2010 20:04:02 | Computer Name = soragroup-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 22.3.2010 20:04:02 | Computer Name = soragroup-PC | Source = Service Control Manager | ID = 7000
Description =

< End of report >

Damned · Příspěvekod **Damned** » 28 kvě 2010 14:16

Pravděpodobně si zapoměla na 2"ll" ve slově "uninstall", to se stává.

Poklepej na ikonu OTL na ploše.Ujisti se , že máš všechny ostatní aplikace a prohlížeče zavřeny.
Pod Vlastní skenování/Opravy do okénka vlož následující text, zobrazený zeleně:

Kód: Vybrat vše

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found

:Files
C:\WINDOWS\*.tmp
C:\WINDOWS\System32\*.tmp
C:\WINDOWS\system32\*.tmp.dll
C:\WINDOWS\system32\SET*.tmp
C:\Recycler
C:\$RECYCLE.BIN
C:\327882R2FWJFW
C:\ComboFix
C:\Qoobox
C:\Combofix.txt
C:\Windows\PEV.exe
C:\Windows\SWXCACLS.exe
C:\Windows\SWREG.exe
C:\Windows\SWSC.exe
C:\Windows\sed.exe
C:\Windows\grep.exe
C:\Windows\MBR.exe
C:\Windows\NIRCMD.exe
C:\ComboFix
C:\Qoobox
C:\Windows\tasks\SA.DAT

:Reg

:Commands
[purity]
[emptytemp]
[emptyflash]
[start explorer]
[Reboot]

Poté klikni nahoře na Opravit. Nech program nerušeně běžet, na konci se provede restart PC.
Po restartu se objeví log , prosím zkopíruj sem celý jeho obsah.

jaruska · Příspěvekod **jaruska** » 29 kvě 2010 02:28

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DE9C389F-3316-41A7-809B-AA305ED9D922} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE9C389F-3316-41A7-809B-AA305ED9D922}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{DE9C389F-3316-41A7-809B-AA305ED9D922} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE9C389F-3316-41A7-809B-AA305ED9D922}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
========== FILES ==========
File\Folder C:\WINDOWS\*.tmp not found.
File\Folder C:\WINDOWS\System32\*.tmp not found.
File\Folder C:\WINDOWS\system32\*.tmp.dll not found.
File\Folder C:\WINDOWS\system32\SET*.tmp not found.
File\Folder C:\Recycler not found.
C:\$RECYCLE.BIN\S-1-5-21-1919270664-4174284504-3082369089-1000 folder moved successfully.
C:\$RECYCLE.BIN folder moved successfully.
File\Folder C:\327882R2FWJFW not found.
File\Folder C:\ComboFix not found.
C:\Qoobox folder moved successfully.
C:\ComboFix.txt moved successfully.
C:\Windows\PEV.exe moved successfully.
C:\Windows\SWXCACLS.exe moved successfully.
C:\Windows\SWREG.exe moved successfully.
C:\Windows\SWSC.exe moved successfully.
C:\Windows\sed.exe moved successfully.
C:\Windows\grep.exe moved successfully.
C:\Windows\MBR.exe moved successfully.
C:\Windows\NIRCMD.exe moved successfully.
File\Folder C:\ComboFix not found.
File\Folder C:\Qoobox not found.
C:\Windows\tasks\SA.DAT moved successfully.
========== REGISTRY ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: sora.group
->Temp folder emptied: 1102466 bytes
->Temporary Internet Files folder emptied: 200681 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 25272542 bytes
->Flash cache emptied: 2068 bytes

User: SORA~1~GRO
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 477341 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 26,00 mb

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: sora.group
->Flash cache emptied: 0 bytes

User: SORA~1~GRO

Total Flash Files Cleaned = 0,00 mb

OTL by OldTimer - Version 3.2.5.0 log created on 05282010_161723

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Prosím o kontrolu logu Vyřešeno

Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Re: Prosím o kontrolu logu

Kdo je online