Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

FakeAlert.BI - Windows XP


  • This topic is locked This topic is locked
15 replies to this topic

#1 pajasas

pajasas

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:11:49 PM

Posted 25 December 2012 - 09:34 PM

Hello,

this will be complicated. As of now I've got two notebooks infected and maybe an android phone too. The notebooks are Fujitsu Siemens Amilo Xi 2528 (Windows Vista, the main notebook, first one infected, from now I'll call it the Vista) and HP Compag nc6120 (Windows XP, used while trying to repair the first one, probably infected by an USB drive, from now I'll call it the XP). I'll try to make a summary of the current status after the description of what I've done. I'm writing this from the XP. Also English isn't my first language so I apologise for my mistakes.

Yesterday (24.) afternoon I ran an AVG 2011 Free test as usually on the Vista. It was clean. After that i've been looking for some way to get unlock an locked bios (old computer) so i've visited some sites found using google. After that i had to go from my computer so i ran another test. That found a FakeAlert.BI trojan horse in the firefox memory. It was Firefox 3.0.19 because I didn't like what they've done in the following versions (Adblock and Noscript were running).

AVG was unable to remove the threat, so I went on google. At first tried ESET online scan, that found nothing. Afterwards my memory is a little bit blurred, because I was in a stress I thought that it would be fine soon (I wish I would've known about forums like this). I've disconnected the Vista from the internet. I remember running TDSSKiller (logs were preserved, yet it removed nothing), DrWeb CureIt, MacAffe stinger and Malwarebytes, which have found some threats in few old programs and removed them. However I was too sloppy (or just stupid :/ ) that I've restored my system using the Windows system restore to a point before the infection. Also i've tried reinstalling firefox, but the infection always appeared after the first run (not when firedox started from the installator).

During that time I've done some research on the XP and used some of my USB drives to copy antimalvare software on the Vista. However I might have connected one of the drives to the XP afterwards it connected to the Vista, thus spreading the infection maybe. Because I've noticed that on the Vista the site www.malwarebytes.org returns some weird binary stream 3,2kB file(from now as the file) instead of a webpage in every browser on the laptop.

When I've tried running firefox at remote school computer over SSH it worked ok. (Also now checked that using local browser and ssh tunnel also brings up the correct webpage instead of the file.) So I've tried to connect to the given site using the XP and got the same result as on the Vista. AVG confirmed the same trojan (FakeAlert.BI) in memory of firefox browser.

At that moment I've noticed my android phone (Sony Ericsson Xperia Pro, 2.3.6, not rooted (3 days old), by my mistake in USB debugging mode:( [i was thinking about getting reversed thetering to work but never got to do it] ) was also connected to the XP for charging. I've disconnected it, tried visiting said website with the same unfourtunate result, both using wifi and data. Is it possible that the same virus infected even my phone? I've also tried using wifi on my old phone (HP 914c, windows mobile 6), that was without battery since I've got new phone, and it also got the file.

At that point another blurr comes in. At some point I've installed SpyHunter on the Vista (not sure about the name now, but afterwards I've found out it's a malware posing as antimalware. I hope I've purged it afterwards. At some points during that I've tried to run the DDS.scr and ComboFix, both of which have frozen after a while and the system did stop responding (the harddrive LED was showing no activity, and i could hear it's only spinning without moving head). Also I used SUPERAntiSpyware whitch have only found some cookies.

On the XP i've only ran Combo-Fix and AVG. Then i went to bed.

Today I've got suggestion that microsoft security essentials might do the trick, so i've started them on the Vista and the "total search" (I don't know the original english name that was translated to czech "Uplne prohledavani") has been running for 9h now (2 250GB drives). But it says that it has found something wrong and will tell me when it's done.

As for the XP today I've only ran DDS which follows below.

As for the infection, I have not yet seen any signs other then AVG scans or the file.


Summary of the events:
The Vista
first detection of the infection - in the firefox memory by AVG Free
tried many methods to fix, DDS and ComboFix stalled the computer
site www.malwarebytes.org returns weird binary file (the file)
now there is a microsoft security essentials total scan running with some threats found //EDIT: it just found some software for revealing stored wireless keys I downloaded a few years ago and a zip with some viruses from 5 years ago in a backup from old school computer, so nothing related to this problem I guess.
can attach logs later on, yet they are mostly empty

The XP
second detection of the infection, first by the file and later by AVG scan
ran combofix by myself Attached File  ComboFix.txt   76.37KB   6 downloads
ran DDS Attached File  attach.txt   7.8KB   0 downloads

Android phone
was recharging from an infected machine with USB debugging on
the file when using both data or local wifi

HP phone
the file when using wifi //EDIT: the file only when using opera mobile browser, internet explorer gets nothing, even after factory reset.

I hope there is still some hope for me left. Even though i've messed it up :/ This should have been taught in school.


Thanks you for Your reply in advance,

Pajasas


DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 10.9.2
Run by CEN26561 at 1:46:33 on 2012-12-26
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1033.18.503.69 [GMT 1:00]
.
AV: ESET NOD32 antivirus system 2.70 *Enabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
============== Running Processes ================
.
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\MSI\Star Key Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\xmesrv.exe
C:\WINDOWS\System32\SMSCompanionClient\SmsCompanionClient.EXE
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\SMSCompanionClient\SmsCompanionHibernate.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
C:\Documents and Settings\cen26561\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\cen26561\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\cen26561\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\cen26561\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.csin.cz/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uProxyServer = socks=127.0.0.1:80808
uProxyOverride = localhost; 127.0.0.1; <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: AcroIEHlprObj Class: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: ForceStartMenuLogOff = dword:1
uPolicies-Explorer: SpecifyDefaultButtons = dword:1
uPolicies-Explorer: Btn_Back = dword:1
uPolicies-Explorer: Btn_Forward = dword:1
uPolicies-Explorer: Btn_Stop = dword:1
uPolicies-Explorer: Btn_Refresh = dword:1
uPolicies-Explorer: Btn_Home = dword:1
uPolicies-Explorer: Btn_Search = dword:2
uPolicies-Explorer: Btn_Favorites = dword:1
uPolicies-Explorer: Btn_History = dword:1
uPolicies-Explorer: Btn_Media = dword:2
uPolicies-Explorer: Btn_Folders = dword:2
uPolicies-Explorer: Btn_Fullscreen = dword:2
uPolicies-Explorer: Btn_Tools = dword:2
uPolicies-Explorer: Btn_MailNews = dword:2
uPolicies-Explorer: Btn_Size = dword:1
uPolicies-Explorer: Btn_Print = dword:1
uPolicies-Explorer: Btn_Edit = dword:2
uPolicies-Explorer: Btn_Discussions = dword:2
uPolicies-Explorer: Btn_Cut = dword:2
uPolicies-Explorer: Btn_Copy = dword:2
uPolicies-Explorer: Btn_Paste = dword:2
uPolicies-Explorer: Btn_Encoding = dword:2
uPolicies-Explorer: NoDFSTab = dword:1
uPolicies-Explorer: NoThumbnailCache = dword:1
uPolicies-Explorer: DisablePersonalDirChange = dword:1
uPolicies-Explorer: NoWelcomeScreen = dword:1
uPolicies-Explorer: NoAutoUpdate = dword:1
uPolicies-Explorer: PreXPSP2ShellProtocolBehavior = dword:0
uPolicies-Explorer: NoPublishingWizard = dword:0
uPolicies-Explorer: NoWebServices = dword:0
uPolicies-Explorer: NoOnlinePrintsWizard = dword:0
uPolicies-Explorer: NoSMBalloonTip = dword:1
uPolicies-Explorer: NoStartMenuPinnedList = dword:1
uPolicies-Explorer: NoRecentDocsNetHood = dword:1
uPolicies-Explorer: NoCloseDragDropBands = dword:1
uPolicies-Explorer: NoSimpleStartMenu = dword:1
uPolicies-Explorer: NoCDBurning = dword:1
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoWelcomeScreen = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: dontdisplaylastusername = dword:1
mPolicies-System: legalnoticecaption = Česká spořitelna
mPolicies-System: legalnoticetext = Zákaz neoprávněného přístupu do tohoto systému! Porušení zákazu může založit trestněprávní a občanskoprávní odpovědnost.
mPolicies-System: LogonType = dword:0
mPolicies-System: HideShutdownScripts = dword:1
mPolicies-Windows\System: RSoPLogging = dword:1
mPolicies-Windows\System: DenyUsersFromMachGP = dword:0
mPolicies-Windows\System: DenyRsopToInteractiveUser = dword:0
mPolicies-Windows\System: CompatibleRUPSecurity = dword:1
mPolicies-Windows\System: SlowLinkDetectEnabled = dword:1
mPolicies-Windows\System: AddAdminGroupToRUP = dword:1
mPolicies-Windows\System: UserProfileMinTransferRate = dword:56
mPolicies-Windows\System: SlowLinkTimeOut = dword:150
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\msi\star key bluetooth software\btsendto_ie_ctx.htm
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\msi\star key bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: c:\program files\microsoft firewall client\wspwsp.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {025FCDE8-CA07-46E1-A03E-543E63ECF506} - hxxp://crmatu.csint.cz/fins_db_csy/19230/applets/SiebelAx_Gantt_Chart.cab
DPF: {1FCEC0C6-D57E-4071-9D0B-B0BF7582DE33} - hxxp://crmtestf.csint.cz/fins_db_csy/19241/applets/SiebelAx_iHelp.cab
DPF: {61630AB9-CFF3-4121-B2CD-22FDE81F876B} - hxxp://crmtestf.csint.cz/fins_db_csy/19241/applets/SiebelAx_Calendar.cab
DPF: {68CDB19A-6305-4589-8C35-41E3502CD451} - hxxp://crm.csin.cz/fins_csy/16279/applets/SiebelOptionPack.cab
DPF: {7F09CDE1-3A8D-47E8-B711-BA6F31F293DC} - hxxp://crm.csin.cz/fins_csy/19230/applets/SiebelAx_HI_Client.cab
DPF: {81A81DD2-A261-442A-B9B1-DF10A2542020} - hxxp://crmdeva.csint.cz/fins_csy/16199/applets/SiebelOptionPack.cab
DPF: {84EDA748-62A3-4967-A947-EAD137772815} - hxxp://crmatu.csint.cz/fins_db_csy/19230/applets/SiebelAx_iHelp.cab
DPF: {85615D08-3D5B-4045-976D-231011156A6D} - hxxp://crmatu.csint.cz/fins_db_csy/19230/applets/SiebelAx_OutBound_mail.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {8C244272-1DC1-4CE7-9C6C-FABCA09EB543} - hxxp://crmtestf.csint.cz/fins_db_csy/19241/applets/SiebelAx_Desktop_Integration.cab
DPF: {8F623BE4-2C55-4095-B1E0-A41B631A49BD} - hxxp://crmtestf.csint.cz/fins_db_csy/19241/applets/SiebelAx_HI_Client.cab
DPF: {A312B321-B071-4EEA-A721-C132BCDDCBEF} - hxxp://crmtestf.csint.cz/fins_db_csy/19241/applets/SiebelAx_Gantt_Chart.cab
DPF: {BF88D489-C9C4-4BDD-9F73-09DE058A3D7D} - hxxp://crmtestf.csint.cz/fins_db_csy/19241/applets/SiebelAx_OutBound_mail.cab
DPF: {C3FB013F-6E58-4B7B-A164-26035E15F5DB} - hxxp://crmatu.csint.cz/fins_db_csy/19230/applets/SiebelAx_Calendar.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {DB9581FB-C302-46DE-A0B6-24CF90C7BE44} - hxxp://crmatu.csint.cz/fins_db_csy/19230/applets/SiebelAx_HI_Client.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{F3811FF8-F923-4953-A954-8DC8F55EE3E2} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{F3811FF8-F923-4953-A954-8DC8F55EE3E2} : DHCPNameServer = 192.168.1.254
Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} -
Handler: qrev - {9DE24BAC-FC3C-42c4-9FC4-76B3FAFDBD90} - c:\program files\toad\RNetPin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} -
WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} -
WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} -
WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} -
WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} -
WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} -
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\cen26561\application data\mozilla\firefox\profiles\febeprof.restore\
FF - plugin: c:\documents and settings\cen26561\local settings\application data\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\npjpi170_09.dll
FF - plugin: c:\program files\java\jre7\bin\npoji610.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Live HTTP Headers: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} - %profile%\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: Firecookie: firecookie@janodvarko.cz - %profile%\extensions\firecookie@janodvarko.cz
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: User Agent Switcher: {e968fc70-8f95-4ab9-9e79-304de2a71ee1} - %profile%\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
FF - Ext: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - %profile%\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
FF - Ext: FEBE: {4BBDD651-70CF-4821-84F8-2B918CF89CA3} - %profile%\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-10-15 55776]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-9-21 177376]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2012-10-5 93536]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-9-14 35552]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2012-10-22 179936]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2012-9-21 19936]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-10-2 159712]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-9-21 164832]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2007-3-1 15424]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2012-11-6 5814392]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2012-10-22 196664]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2012-8-29 1385896]
R2 WolClient;SMS Companion Client;c:\windows\system32\smscompanionclient\SmsCompanionClient.EXE [2009-1-12 348160]
R2 xmengine service;CryptoPlus XME Engine Service;c:\windows\system32\xmesrv.exe [2007-1-18 28672]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2004-5-3 80384]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 NOD32krn;NOD32 Kernel Service;c:\program files\eset\nod\nod32krn.exe [2007-6-21 552064]
S3 CpqDtct;CpqDtct;\??\c:\windows\system32\drivers\cpqdtct.sys --> c:\windows\system32\drivers\Cpqdtct.sys [?]
S3 GKeyUSB;GKeyUSB;c:\windows\system32\drivers\GKeyUSB.sys [2005-10-26 62096]
S3 GTwinUSB;GTwinUSB;c:\windows\system32\drivers\GTwinUSB.sys [2005-10-26 61840]
S3 Sony PC Companion;Sony PC Companion;c:\program files\sony\sony pc companion\PCCService.exe [2012-12-24 155320]
S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [2004-6-24 23552]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile="c:\program files\pspad editor\PSPad.exe" "%1" [UserChoice]
FileExt: .ini: UltraEdit.ini="c:\program files\ultraedit\uedit32.exe" "%1"
FileExt: .js: UltraEdit.js="c:\program files\ultraedit\uedit32.exe" "%1"
FileExt: .vbe: VBEFile=c:\windows\system32\Notepad.exe %1 [default=Edit]
FileExt: .vbs: VBSFile=c:\windows\system32\Notepad.exe %1 [default=Edit]
FileExt: .jse: JSEFile=c:\windows\system32\Notepad.exe %1 [default=Edit]
FileExt: .wsf: WSFFile=c:\windows\system32\Notepad.exe %1 [default=Edit]
.
=============== Created Last 30 ================
.
2012-12-25 21:49:27 -------- d-----w- c:\documents and settings\cen26561\local settings\application data\PCHealth
2012-12-25 21:47:12 -------- d-----w- C:\635d1507f3f9a89ee606e7ac
2012-12-25 04:59:14 -------- d-sha-r- C:\cmdcons
2012-12-25 04:56:07 98816 ----a-w- c:\windows\sed.exe
2012-12-25 04:56:07 256000 ----a-w- c:\windows\PEV.exe
2012-12-25 04:56:07 208896 ----a-w- c:\windows\MBR.exe
2012-12-25 03:25:35 -------- d-----w- c:\documents and settings\cen26561\application data\AVG2013
2012-12-25 03:23:48 -------- d-----w- c:\documents and settings\cen26561\application data\TuneUp Software
2012-12-25 03:21:55 -------- d-----w- c:\documents and settings\all users\application data\AVG2013
2012-12-25 03:21:55 -------- d-----w- C:\$AVG
2012-12-25 03:20:51 -------- d-----w- c:\program files\AVG
2012-12-25 03:15:08 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2012-12-25 03:15:07 -------- d-----w- c:\documents and settings\cen26561\local settings\application data\MFAData
2012-12-25 03:15:07 -------- d-----w- c:\documents and settings\cen26561\local settings\application data\Avg2013
2012-12-25 03:15:07 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2012-12-25 00:32:22 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2012-12-24 21:19:57 581192 ----a-w- c:\windows\system32\WinUSBCoInstaller.dll
2012-12-24 21:19:57 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2012-12-24 21:14:33 -------- d-----w- c:\program files\Sony
2012-12-24 21:07:07 -------- d-----w- c:\windows\system32\LogFiles
2012-12-24 19:20:16 5632 ----a-w- c:\windows\system32\ptpusb.dll
2012-12-24 19:20:15 159232 ----a-w- c:\windows\system32\ptpusd.dll
2012-12-24 19:20:14 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2012-12-24 19:20:14 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2012-12-12 15:35:35 -------- d-----w- c:\documents and settings\cen26561\.freemind
2012-12-12 15:19:08 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-12-12 14:41:07 -------- d-----w- c:\program files\FreeMind
2012-11-27 21:40:18 -------- d-----w- C:\games
.
==================== Find3M ====================
.
2012-12-12 15:18:16 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-12-12 15:18:11 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-12-12 15:18:07 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-11-05 12:33:01 483328 ----a-w- c:\windows\putty.exe
2012-10-22 12:02:46 179936 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2012-10-15 02:48:52 55776 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-10-11 02:04:38 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys
2012-10-02 02:30:38 159712 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2005-04-22 15:24:56 76 ----a-w- c:\program files\~GLH005f.TMP
.
============= FINISH: 1:48:15,81 ===============

Edited by pajasas, 25 December 2012 - 11:34 PM.


BC AdBot (Login to Remove)

 


#2 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:10:49 PM

Posted 29 December 2012 - 02:44 PM

Hello,

I will be helping you with your problems. Please be patient while I assist you.

Some points for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do NOT run, install or uninstall any programs, unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
  • I'm currently a trainee in the Malware Removal Training program and therefore my answers have to be checked by a Teacher before they get posted to you.
    There may be a delay due to this. I apologize in advance if this happens. Hold tight while I get the first set of instructions out to you.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Edited by dev00790, 29 December 2012 - 02:44 PM.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#3 pajasas

pajasas
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:11:49 PM

Posted 29 December 2012 - 06:44 PM

Hello,

thank you for your reply. I'm still here, no changes since last time. Topic is watched, backups were made.

Holding on, have a nice day.

Pajasas

#4 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:10:49 PM

Posted 30 December 2012 - 11:15 AM

Hi

We will be helping you with the XP computer in this topic from now on.

Please post a new topic in this forum for the computer with Vista, and include a link in that topic to this topic.

-----------

Please do the following next:

:step1:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


:step2:

We need to see some information about what is happening in your machine. Please perform the following scan:

Please download DDS by sUBs from one of the following links. Save it to your desktop.
DDS.com
DDS.pif
  • Double click on the DDS icon, allow it to run.
  • Mark the option attach.txt.
  • Click on Start.
  • After the scan has finished, confirm the message with Ok.
  • DDS will automatically open both logfiles.
  • You can find them on your desktop as well.
  • Please post the content of those logfiles with your next answer.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


:step3:

Please give me an update on how the computer is running now.
- Are you experiencing the same problems?

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#5 pajasas

pajasas
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:11:49 PM

Posted 30 December 2012 - 01:00 PM

Hi

OK, will create a topic about the Vista computer.

DeFogger ran - required an administrator account so i switched to it. Didn't require reboot (yet i have rebooted to switch users afterwards). Didn't re-enable the drivers.

DDS follows later.

As of now malwarebytes.org returns good webpage on all devices, but avg still detects FakeAlert.BI in firefox memory. Also I've noticed that more memory is now used on the XP (and Vista, but that belongs to the other topic).

Have a nice day

Pajasas

DDS.txt:

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 10.9.2
Run by CEN26561 at 18:55:12 on 2012-12-30
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1033.18.503.106 [GMT 1:00]
.
AV: ESET NOD32 antivirus system 2.70 *Enabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
============== Running Processes ================
.
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\MSI\Star Key Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod\nod32krn.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\xmesrv.exe
C:\WINDOWS\System32\SMSCompanionClient\SmsCompanionClient.EXE
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinCMD\TOTALCMD.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.csin.cz/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uProxyServer = socks=127.0.0.1:80808
uProxyOverride = localhost; 127.0.0.1; <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: AcroIEHlprObj Class: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: ForceStartMenuLogOff = dword:1
uPolicies-Explorer: SpecifyDefaultButtons = dword:1
uPolicies-Explorer: Btn_Back = dword:1
uPolicies-Explorer: Btn_Forward = dword:1
uPolicies-Explorer: Btn_Stop = dword:1
uPolicies-Explorer: Btn_Refresh = dword:1
uPolicies-Explorer: Btn_Home = dword:1
uPolicies-Explorer: Btn_Search = dword:2
uPolicies-Explorer: Btn_Favorites = dword:1
uPolicies-Explorer: Btn_History = dword:1
uPolicies-Explorer: Btn_Media = dword:2
uPolicies-Explorer: Btn_Folders = dword:2
uPolicies-Explorer: Btn_Fullscreen = dword:2
uPolicies-Explorer: Btn_Tools = dword:2
uPolicies-Explorer: Btn_MailNews = dword:2
uPolicies-Explorer: Btn_Size = dword:1
uPolicies-Explorer: Btn_Print = dword:1
uPolicies-Explorer: Btn_Edit = dword:2
uPolicies-Explorer: Btn_Discussions = dword:2
uPolicies-Explorer: Btn_Cut = dword:2
uPolicies-Explorer: Btn_Copy = dword:2
uPolicies-Explorer: Btn_Paste = dword:2
uPolicies-Explorer: Btn_Encoding = dword:2
uPolicies-Explorer: NoDFSTab = dword:1
uPolicies-Explorer: NoThumbnailCache = dword:1
uPolicies-Explorer: DisablePersonalDirChange = dword:1
uPolicies-Explorer: NoWelcomeScreen = dword:1
uPolicies-Explorer: NoAutoUpdate = dword:1
uPolicies-Explorer: PreXPSP2ShellProtocolBehavior = dword:0
uPolicies-Explorer: NoPublishingWizard = dword:0
uPolicies-Explorer: NoWebServices = dword:0
uPolicies-Explorer: NoOnlinePrintsWizard = dword:0
uPolicies-Explorer: NoSMBalloonTip = dword:1
uPolicies-Explorer: NoStartMenuPinnedList = dword:1
uPolicies-Explorer: NoRecentDocsNetHood = dword:1
uPolicies-Explorer: NoCloseDragDropBands = dword:1
uPolicies-Explorer: NoSimpleStartMenu = dword:1
uPolicies-Explorer: NoCDBurning = dword:1
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoWelcomeScreen = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: dontdisplaylastusername = dword:1
mPolicies-System: legalnoticecaption = Česká spořitelna
mPolicies-System: legalnoticetext = Zákaz neoprávněného přístupu do tohoto systému! Porušení zákazu může založit trestněprávní a občanskoprávní odpovědnost.
mPolicies-System: LogonType = dword:0
mPolicies-System: HideShutdownScripts = dword:1
mPolicies-Windows\System: RSoPLogging = dword:1
mPolicies-Windows\System: DenyUsersFromMachGP = dword:0
mPolicies-Windows\System: DenyRsopToInteractiveUser = dword:0
mPolicies-Windows\System: CompatibleRUPSecurity = dword:1
mPolicies-Windows\System: SlowLinkDetectEnabled = dword:1
mPolicies-Windows\System: AddAdminGroupToRUP = dword:1
mPolicies-Windows\System: UserProfileMinTransferRate = dword:56
mPolicies-Windows\System: SlowLinkTimeOut = dword:150
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\msi\star key bluetooth software\btsendto_ie_ctx.htm
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\msi\star key bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: c:\program files\microsoft firewall client\wspwsp.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {025FCDE8-CA07-46E1-A03E-543E63ECF506} - hxxp://crmatu.csint.cz/fins_db_csy/19230/applets/SiebelAx_Gantt_Chart.cab
DPF: {1FCEC0C6-D57E-4071-9D0B-B0BF7582DE33} - hxxp://crmtestf.csint.cz/fins_db_csy/19241/applets/SiebelAx_iHelp.cab
DPF: {61630AB9-CFF3-4121-B2CD-22FDE81F876B} - hxxp://crmtestf.csint.cz/fins_db_csy/19241/applets/SiebelAx_Calendar.cab
DPF: {68CDB19A-6305-4589-8C35-41E3502CD451} - hxxp://crm.csin.cz/fins_csy/16279/applets/SiebelOptionPack.cab
DPF: {7F09CDE1-3A8D-47E8-B711-BA6F31F293DC} - hxxp://crm.csin.cz/fins_csy/19230/applets/SiebelAx_HI_Client.cab
DPF: {81A81DD2-A261-442A-B9B1-DF10A2542020} - hxxp://crmdeva.csint.cz/fins_csy/16199/applets/SiebelOptionPack.cab
DPF: {84EDA748-62A3-4967-A947-EAD137772815} - hxxp://crmatu.csint.cz/fins_db_csy/19230/applets/SiebelAx_iHelp.cab
DPF: {85615D08-3D5B-4045-976D-231011156A6D} - hxxp://crmatu.csint.cz/fins_db_csy/19230/applets/SiebelAx_OutBound_mail.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {8C244272-1DC1-4CE7-9C6C-FABCA09EB543} - hxxp://crmtestf.csint.cz/fins_db_csy/19241/applets/SiebelAx_Desktop_Integration.cab
DPF: {8F623BE4-2C55-4095-B1E0-A41B631A49BD} - hxxp://crmtestf.csint.cz/fins_db_csy/19241/applets/SiebelAx_HI_Client.cab
DPF: {A312B321-B071-4EEA-A721-C132BCDDCBEF} - hxxp://crmtestf.csint.cz/fins_db_csy/19241/applets/SiebelAx_Gantt_Chart.cab
DPF: {BF88D489-C9C4-4BDD-9F73-09DE058A3D7D} - hxxp://crmtestf.csint.cz/fins_db_csy/19241/applets/SiebelAx_OutBound_mail.cab
DPF: {C3FB013F-6E58-4B7B-A164-26035E15F5DB} - hxxp://crmatu.csint.cz/fins_db_csy/19230/applets/SiebelAx_Calendar.cab
DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {DB9581FB-C302-46DE-A0B6-24CF90C7BE44} - hxxp://crmatu.csint.cz/fins_db_csy/19230/applets/SiebelAx_HI_Client.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{F3811FF8-F923-4953-A954-8DC8F55EE3E2} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{F3811FF8-F923-4953-A954-8DC8F55EE3E2} : DHCPNameServer = 192.168.1.254
Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} -
Handler: qrev - {9DE24BAC-FC3C-42c4-9FC4-76B3FAFDBD90} - c:\program files\toad\RNetPin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} -
WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} -
WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} -
WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} -
WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} -
WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} -
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\cen26561\application data\mozilla\firefox\profiles\febeprof.restore\
FF - plugin: c:\documents and settings\cen26561\local settings\application data\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\npjpi170_09.dll
FF - plugin: c:\program files\java\jre7\bin\npoji610.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Live HTTP Headers: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} - %profile%\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: Firecookie: firecookie@janodvarko.cz - %profile%\extensions\firecookie@janodvarko.cz
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: User Agent Switcher: {e968fc70-8f95-4ab9-9e79-304de2a71ee1} - %profile%\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
FF - Ext: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - %profile%\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
FF - Ext: FEBE: {4BBDD651-70CF-4821-84F8-2B918CF89CA3} - %profile%\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-10-15 55776]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-9-21 177376]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2012-10-5 93536]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-9-14 35552]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2012-10-22 179936]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2012-9-21 19936]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-10-2 159712]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-9-21 164832]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2007-3-1 15424]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2012-11-6 5814392]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2012-10-22 196664]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2012-8-29 1385896]
R2 NOD32krn;NOD32 Kernel Service;c:\program files\eset\nod\nod32krn.exe [2007-6-21 552064]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2004-5-3 80384]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 CpqDtct;CpqDtct;\??\c:\windows\system32\drivers\cpqdtct.sys --> c:\windows\system32\drivers\Cpqdtct.sys [?]
S3 GKeyUSB;GKeyUSB;c:\windows\system32\drivers\GKeyUSB.sys [2005-10-26 62096]
S3 GTwinUSB;GTwinUSB;c:\windows\system32\drivers\GTwinUSB.sys [2005-10-26 61840]
S3 Sony PC Companion;Sony PC Companion;c:\program files\sony\sony pc companion\PCCService.exe [2012-12-24 155320]
S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [2004-6-24 23552]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile="c:\program files\pspad editor\PSPad.exe" "%1" [UserChoice]
FileExt: .ini: UltraEdit.ini="c:\program files\ultraedit\uedit32.exe" "%1"
FileExt: .js: UltraEdit.js="c:\program files\ultraedit\uedit32.exe" "%1"
FileExt: .vbe: VBEFile=c:\windows\system32\Notepad.exe %1 [default=Edit]
FileExt: .vbs: VBSFile=c:\windows\system32\Notepad.exe %1 [default=Edit]
FileExt: .jse: JSEFile=c:\windows\system32\Notepad.exe %1 [default=Edit]
FileExt: .wsf: WSFFile=c:\windows\system32\Notepad.exe %1 [default=Edit]
.
=============== Created Last 30 ================
.
2012-12-25 21:49:27 -------- d-----w- c:\documents and settings\cen26561\local settings\application data\PCHealth
2012-12-25 04:59:14 -------- d-sha-r- C:\cmdcons
2012-12-25 04:56:07 98816 ----a-w- c:\windows\sed.exe
2012-12-25 04:56:07 256000 ----a-w- c:\windows\PEV.exe
2012-12-25 04:56:07 208896 ----a-w- c:\windows\MBR.exe
2012-12-25 03:25:35 -------- d-----w- c:\documents and settings\cen26561\application data\AVG2013
2012-12-25 03:23:48 -------- d-----w- c:\documents and settings\cen26561\application data\TuneUp Software
2012-12-25 03:21:55 -------- d-----w- c:\documents and settings\all users\application data\AVG2013
2012-12-25 03:21:55 -------- d-----w- C:\$AVG
2012-12-25 03:20:51 -------- d-----w- c:\program files\AVG
2012-12-25 03:15:08 -------- d--h--w- c:\documents and settings\all users\application data\Common Files
2012-12-25 03:15:07 -------- d-----w- c:\documents and settings\cen26561\local settings\application data\MFAData
2012-12-25 03:15:07 -------- d-----w- c:\documents and settings\cen26561\local settings\application data\Avg2013
2012-12-25 03:15:07 -------- d-----w- c:\documents and settings\all users\application data\MFAData
2012-12-25 00:32:22 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2012-12-24 21:19:57 581192 ----a-w- c:\windows\system32\WinUSBCoInstaller.dll
2012-12-24 21:19:57 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2012-12-24 21:14:33 -------- d-----w- c:\program files\Sony
2012-12-24 21:07:07 -------- d-----w- c:\windows\system32\LogFiles
2012-12-24 19:20:16 5632 ----a-w- c:\windows\system32\ptpusb.dll
2012-12-24 19:20:15 159232 ----a-w- c:\windows\system32\ptpusd.dll
2012-12-24 19:20:14 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2012-12-24 19:20:14 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2012-12-12 15:35:35 -------- d-----w- c:\documents and settings\cen26561\.freemind
2012-12-12 15:19:08 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-12-12 14:41:07 -------- d-----w- c:\program files\FreeMind
.
==================== Find3M ====================
.
2012-12-12 15:18:16 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-12-12 15:18:11 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-12-12 15:18:07 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-11-05 12:33:01 483328 ----a-w- c:\windows\putty.exe
2012-10-22 12:02:46 179936 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2012-10-15 02:48:52 55776 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-10-11 02:04:38 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys
2012-10-02 02:30:38 159712 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2005-04-22 15:24:56 76 ----a-w- c:\program files\~GLH005f.TMP
.
============= FINISH: 18:57:56,44 ===============

Attach.txt:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Systém Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 26.10.2005 6:42:09
System Uptime: 30.12.2012 17:52:30 (1 hours ago)
.
Motherboard: Hewlett-Packard | | 099C
Processor: Intel® Pentium® M processor 1.86GHz | JP12 | 1861/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 75 GiB total, 4,605 GiB free.
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: TAP-Win32 Adapter V8
Device ID: ROOT\NET\0000
Manufacturer: TAP-Win32 Provider
Name: TAP-Win32 Adapter V8
PNP Device ID: ROOT\NET\0000
Service: tap0801
.
==== System Restore Points ===================
.
RP1: 25.12.2012 6:51:09 - Kontrolní bod systému
.
==== Installed Programs ======================
.
AddTxtToMsgSetup
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Reader 7.0.5
Agere Systems AC'97 Modem
Anglický překladový slovník Lingea pro MS Office 2003
AVG 2013
Balíček ovladače systému Windows - Nokia Modem (02/23/2009 7.01.0.2)
Balíček ovladače systému Windows - Nokia Modem (02/24/2009 4.0)
Balíček ovladače systému Windows - Nokia Modem (03/05/2008 3.7)
Balíček ovladače systému Windows - Nokia Modem (03/13/2008 6.86.0.1)
Balíček ovladače systému Windows - Nokia Modem (05/22/2008 3.8)
Balíček ovladače systému Windows - Nokia Modem (05/22/2008 7.00.0.1)
Balíček ovladače systému Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Bitvise SSH Client 4.51 (remove only)
Borland Delphi 6
Broadcom 802.11 Wireless LAN Adapter
Broadcom NetXtreme Ethernet Controller
BSPlayer
caster Emulator
CMD Prompt Here PowerToy
Combined Community Codec Pack 2010-10-10
Compatibility Pack for the 2007 Office system
Creative Docs .NET
CryptoPlus CS v1.0e
CS CryptoPlus v1.0
DancingGorilla 1.1.4/1.06
Edimax Wireless LAN
eWebEditPro 2 Client
Extended Language Support Fonts Package
FreeMind
Gemplus Smart Card Reader Tools
Google Chrome
Help & Manual 3.31
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB954550-v5)
HP BatteryCheck 1.00 A7
Industry Giant 2
Intel® Graphics Media Accelerator Driver for Mobile
IrfanView (remove only)
IsoBuster 1.8
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 5
Java 7 Update 9
Java Auto Updater
Knights Of Honor
Knowledge Xpert for PLSQL V8.5
LogMeIn Hamachi
mCore
mDriver
mDrWiFi
mHelp
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB928367)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile CSY Language Pack
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Extended CSY Language Pack
Microsoft Baseline Security Analyzer 2.0
Microsoft Firewall Client
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office 2003 Czech User Interface Pack
Microsoft Office Professional Edition 2003
Microsoft Office Visio Professional 2003
Microsoft Project 2000 SR-1
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft WinUsb 1.0
Microsoft XML Parser and SDK
Miranda IM 0.9.52
mIWA
mLogView
mMHouse
Mozilla Firefox (3.0.19)
mPfMgr
mPfWiz
mProSafe
mSCfg
MSVC80_x86
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MSXML 6 Service Pack 2 (KB954459)
mWlsSafe
mZConfig
Nero 6 Ultra Edition
NetBeans IDE 4.1
NetBeans IDE 6.9.1
NOD32 Antivirus System
Nokia Connectivity Cable Driver
Nokia PC Suite
Nokia Software Updater
Německý překladový slovník Lingea pro MS Office 2003
OpenVPN 2.0.5-gui-1.0.3
OutlookSync
PartitionMagic
PC Connectivity Solution
PDFCreator 0.8.0
Počítačové kukačky 1.0 Beta
PowerQuest PartitionMagic 8.0
PSPad editor
Pujčovna 4.62
Quest Software Toad for Oracle Version 8.5.3
Quest SQL Tuning
Quick Launch Buttons 5.10 A2
Raize Components 3.0
S24 Utility
SafeQ Port Enterprise
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Siebel Option Pack 7.5.3
Siebel Option Pack 7.8.2.10
Siebel Option Pack 7.8.2.6
Siebel Option Pack 7.8.2.60
Siebel Sync 7.5.2.217
Skype™ 3.8
SMS Advanced Client
Software Intel® PROSet/Wireless
Sony PC Companion 2.10.115
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515 drivers.
TIxx21/x515
Total Commander (Remove or Repair)
UltraEdit-32
Update for Windows XP (KB955839)
Update for Windows XP (KB978207)
VBA
WebFldrs XP
WIDCOMM Bluetooth Software
Windows 7 USB/DVD Download Tool
Windows Driver Package - Nokia Modem (02/15/2007 3.1)
Windows Media Format 11 runtime
Windows XP Service Pack 3
WinOS Server 1.0
WinRAR
WinSCP 4.2.9
Xming 6.9.0.31
XnView 1.93.6
.
==== End Of File ===========================

#6 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:10:49 PM

Posted 31 December 2012 - 04:43 PM

Hi

Regarding the two phones that may be infected - please post a new topic in the BC Android subforum here asking for advice.

Also please follow the below:

:step1:

:exclame: Company Computers

Since this is a company computer, you may need to obtain permission to carry out the steps I give to you. We will be making system-wide changes to this computer which may be against your company's IT policy. Such action may result in disciplinary action being taken against you. I must stress that I, in no way, accept liability for this or for any unforeseen eventuality as a result of the instructions I give you (including, but not limited to, data loss).

In addition, if your company has an IT support infrastructure I urge you to contact them to resolve your issue - it's what they're paid to do; whereas I volunteer.

In order to continue to receive my help I would like you to confirm that you have the authority to work on the PC and that you accept my conditions.


:step2:

What is the file path listed for the FakeAlert.BI item?
Which AntiVirusV is detecting it?

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#7 pajasas

pajasas
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:11:49 PM

Posted 01 January 2013 - 05:42 PM

Hello,

thanks for the link to the android forum.

The computer has been bought out of the company few years ago (it's already at least 5 year old machine). As a matter of fact, I've planned reinstalling it to purge it from work settings, yet now it might hold a key to curing the other computer (the Vista that cannot run DDS for example). I confirm that i have the authority to work on the PC and accept your conditions.

File path is firefox process memory:
C:\Program Files\Mozilla Firefox\firefox.exe (8028):\C:\Program Files\Mozilla Firefox\firefox.exe:\memory
C:\Program Files\Mozilla Firefox\firefox.exe (8028)

8028 is the pid of the currently running firefox

AVG Free is detecting it.

#8 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:10:49 PM

Posted 03 January 2013 - 11:32 AM

Hi

Please do the following next:

:step1:

I do not recommend that you have more than one anti-virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti-virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:

1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.

2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.

Therefore please go to Control Panel > "Add/Remove Programs" (Windows XP) / or "Programs and Features" (Windows Vista / 7), and remove either AVG or ESET.

:step2:

Important Note: Your version of Internet Explorer is outdated. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.



:step3:

That found a FakeAlert.BI trojan horse in the firefox memory. It was Firefox 3.0.19 because I didn't like what they've done in the following versions (Adblock and Noscript were running).

You can use Adblock plus in the latest version of Firefox.

Important Note: Your version of Firefox is out of date.

Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

Please follow these steps to update Firefox:


:step4:

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.


Please follow these steps to remove older version Java components and update:

  • Download the latest version of Java Runtime Environment (JRE) Version 10 and save it to your desktop.
  • Look for "Java Platform, Standard Edition".
  • Click the "Download JRE" button to the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • From the list, select your OS and Platform (32-bit or 64-bit).
    64-bit OS users, should read: Which Java download should I choose for my 64-bit Windows operating system?
  • If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.

Go to Posted Image > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-7u10-windows-i586.exe (or jre-7u10-windows-x64.exe for 64-bit) to install the newest version.
  • If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered any unwanted software or toolbars during installation, just uncheck the box before continuing unless you want it.
  • The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.

Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
  • Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
  • Click Ok and reboot your computer.


:step5:

We need to create a New FULL OTL Report
  • Double click on the Posted Image icon.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized


:step6:

How is the computer running now?

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#9 pajasas

pajasas
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:11:49 PM

Posted 05 January 2013 - 06:52 PM

Hello, I'm sorry for the delay. I'm out of the reach of the XP notebook for the weekend. I will make another reply during next week after following your steps.

Have a nice day

#10 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:10:49 PM

Posted 05 January 2013 - 07:13 PM

Ok thanks for letting us know :)

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#11 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:10:49 PM

Posted 11 January 2013 - 06:50 AM

Hi

I'm just posting the OTL log you gave me via PM here - makes it easier for us to refer to.

OTL logfile created on: 10.1.2013 19:18:04 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\cen26561\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Czech Republic | Language: CSY | Date Format: d.M.yyyy

503,36 Mb Total Physical Memory | 168,32 Mb Available Physical Memory | 33,44% Memory free
1,20 Gb Paging File | 0,79 Gb Available in Paging File | 65,80% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 2,38 Gb Free Space | 3,19% Space Free | Partition Type: NTFS

Computer Name: BRUNA104 | User Name: CEN26561 | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.01.10 19:14:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\cen26561\Desktop\OTL.exe
PRC - [2012.11.06 19:00:32 | 003,143,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2012.11.06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2012.10.30 04:59:56 | 000,726,648 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2012.10.22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2012.10.22 13:04:32 | 001,116,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2012.10.22 13:03:46 | 000,440,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2012.08.29 11:03:36 | 001,385,896 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
PRC - [2009.01.12 22:33:26 | 000,348,160 | ---- | M] (Novaprise LLC) -- C:\WINDOWS\system32\SMSCompanionClient\SmsCompanionClient.EXE
PRC - [2008.04.14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007.01.18 17:35:32 | 000,028,672 | ---- | M] (Monet+, a.s.) -- C:\WINDOWS\system32\xmesrv.exe
PRC - [2006.02.09 01:50:00 | 000,578,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\CCM\CcmExec.exe
PRC - [2005.09.19 14:56:06 | 000,258,103 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\MSI\Star Key Bluetooth Software\bin\btwdins.exe
PRC - [2004.12.03 12:24:20 | 000,290,816 | ---- | M] (Hewlett-Packard ) -- C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe
PRC - [2004.11.04 20:40:08 | 000,098,394 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe


========== Modules (No Company Name) ==========

MOD - [2008.05.09 09:59:04 | 000,598,016 | ---- | M] () -- C:\WINDOWS\system32\SAFEQE.DLL
MOD - [2007.04.16 10:17:32 | 000,118,784 | ---- | M] () -- C:\Program Files\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2003.02.07 16:24:20 | 000,094,274 | ---- | M] () -- C:\WINDOWS\system32\HPBHEALR.DLL
MOD - [2001.10.28 17:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll


========== Services (SafeList) ==========

SRV - [2012.11.06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012.10.22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012.08.29 11:03:36 | 001,385,896 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012.01.18 13:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2009.03.04 10:25:12 | 000,621,056 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009.01.12 22:33:26 | 000,348,160 | ---- | M] (Novaprise LLC) [Auto | Running] -- C:\WINDOWS\system32\SMSCompanionClient\SmsCompanionClient.EXE -- (WolClient)
SRV - [2007.01.18 17:35:32 | 000,028,672 | ---- | M] (Monet+, a.s.) [Auto | Running] -- C:\WINDOWS\system32\xmesrv.exe -- (xmengine service)
SRV - [2006.02.09 01:50:00 | 000,578,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\CCM\CcmExec.exe -- (CcmExec)
SRV - [2005.09.19 14:56:06 | 000,258,103 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\MSI\Star Key Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2005.08.25 17:55:56 | 000,016,384 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2002.04.26 19:34:38 | 000,242,328 | ---- | M] () [On_Demand | Stopped] -- C:\oracle\ora92\bin\ONRSD.EXE -- (OracleOraHome92ClientCache)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\usbser_lowerflt.sys -- (upperdev)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\Drivers\Cpqdtct.sys -- (CpqDtct)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Combo-Fix\catchme.sys -- (catchme)
DRV - [2012.10.22 13:02:46 | 000,179,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2012.10.15 03:48:52 | 000,055,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012.10.05 03:32:50 | 000,093,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2012.10.02 03:30:38 | 000,159,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012.09.21 03:46:06 | 000,164,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012.09.21 03:46:00 | 000,177,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx)
DRV - [2012.09.21 03:45:54 | 000,019,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2012.09.14 03:05:20 | 000,035,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2009.03.18 15:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.06.20 12:08:27 | 000,225,856 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2008.01.15 20:50:50 | 000,459,520 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2007.04.04 12:46:52 | 002,210,048 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51)
DRV - [2007.03.29 14:19:36 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006.11.02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006.02.27 16:43:36 | 000,030,189 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2006.02.09 01:50:00 | 000,020,704 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\CCM\PrepDrv.sys -- (prepdrvr)
DRV - [2005.09.20 14:26:16 | 001,342,122 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2005.09.20 14:03:36 | 000,401,664 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2005.09.19 14:44:52 | 000,023,271 | ---- | M] (Broadcom Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btserial.sys -- (BTSERIAL)
DRV - [2005.09.19 14:44:46 | 000,222,876 | ---- | M] (Broadcom Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\btslbcsp.sys -- (BTSLBCSP)
DRV - [2005.09.19 14:42:04 | 000,030,363 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2005.09.19 14:41:36 | 000,056,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2005.09.19 14:38:26 | 000,148,040 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2004.11.17 09:30:40 | 000,147,840 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2004.08.24 13:20:08 | 001,268,204 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004.06.28 09:06:00 | 000,061,840 | ---- | M] (Gemplus) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\GTwinUSB.sys -- (GTwinUSB)
DRV - [2004.06.24 03:54:12 | 000,023,552 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tap0801.sys -- (tap0801)
DRV - [2004.06.19 15:30:28 | 000,190,336 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004.05.03 15:26:16 | 000,080,384 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gtipci21.sys -- (GTIPCI21)
DRV - [2004.04.14 06:36:50 | 000,007,432 | ---- | M] (Hewlett-Packard Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2003.06.06 10:46:16 | 000,005,220 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2002.12.12 06:38:50 | 000,062,096 | ---- | M] (Gemplus) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\GKeyUSB.sys -- (GKeyUSB)
DRV - [2002.09.16 16:14:32 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv)
DRV - [2001.08.17 13:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Update_Check_Page = http://www.csin.czeupadte/update.cmd
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1022765151-333211815-1520766640-21912\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-1022765151-333211815-1520766640-21912\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1022765151-333211815-1520766640-21912\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.csin.cz/
IE - HKU\S-1-5-21-1022765151-333211815-1520766640-21912\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1022765151-333211815-1520766640-21912\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1022765151-333211815-1520766640-21912\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost; 127.0.0.1; <local>
IE - HKU\S-1-5-21-1022765151-333211815-1520766640-21912\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = socks=127.0.0.1:80808

IE - HKU\S-1-5-21-1022765151-333211815-1520766640-22947\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.csin.cz
IE - HKU\S-1-5-21-1022765151-333211815-1520766640-22947\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-1022765151-333211815-1520766640-22947\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.2.55.14;125.4.10.30;10.*;*.CSIN.CZ;*.CSINT.CZ;*.CSIND.CZ;test-www.csas.cz;yc0psa048.cen.csin.cz;yc0psa046.cen.csin.cz;*.session.rservices.com;babylon.sscs.cz;<local>
IE - HKU\S-1-5-21-1022765151-333211815-1520766640-22947\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.csin.cz:8080

IE - HKU\S-1-5-21-1547161642-616249376-682003330-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.csin.cz
IE - HKU\S-1-5-21-1547161642-616249376-682003330-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-1547161642-616249376-682003330-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.2.55.14;125.4.10.30;10.*;*.CSIN.CZ;<local>
IE - HKU\S-1-5-21-1547161642-616249376-682003330-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy:8080

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.patria.cz/default.asp"
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.2
FF - prefs.js..extensions.enabledItems: {4BBDD651-70CF-4821-84F8-2B918CF89CA3}:6.3.3.2
FF - prefs.js..extensions.enabledItems: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}:0.16
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.704
FF - prefs.js..extensions.enabledItems: notebook@google.com:1.0.0.22
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@macromedia.com/FlashPlayer8: C:\WINDOWS\SYSTEM32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@macromedia.com/FlashPlayer8: C:\WINDOWS\SYSTEM32\Macromed\Flash\NPSWF32.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\cen26561\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\cen26561\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009.05.28 14:37:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.01.28 21:42:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.12 16:19:08 | 000,000,000 | ---D | M]

[2009.02.11 19:50:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\cen26561\Application Data\Mozilla\Extensions
[2012.12.30 18:06:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\cen26561\Application Data\Mozilla\Firefox\Profiles\febeprof.restore\extensions
[2011.01.28 21:41:23 | 000,000,000 | ---D | M] (FEBE) -- C:\Documents and Settings\cen26561\Application Data\Mozilla\Firefox\Profiles\febeprof.restore\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2011.11.08 12:25:14 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Documents and Settings\cen26561\Application Data\Mozilla\Firefox\Profiles\febeprof.restore\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2011.01.28 21:41:30 | 000,000,000 | ---D | M] (Web Developer) -- C:\Documents and Settings\cen26561\Application Data\Mozilla\Firefox\Profiles\febeprof.restore\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2011.01.28 21:41:23 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\cen26561\Application Data\Mozilla\Firefox\Profiles\febeprof.restore\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011.01.28 21:41:23 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Documents and Settings\cen26561\Application Data\Mozilla\Firefox\Profiles\febeprof.restore\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2011.01.28 21:41:30 | 000,000,000 | ---D | M] (Firebug) -- C:\Documents and Settings\cen26561\Application Data\Mozilla\Firefox\Profiles\febeprof.restore\extensions\firebug@software.joehewitt.com
[2012.02.21 09:05:46 | 000,000,000 | ---D | M] (Firecookie) -- C:\Documents and Settings\cen26561\Application Data\Mozilla\Firefox\Profiles\febeprof.restore\extensions\firecookie@janodvarko.cz
[2011.01.28 21:41:23 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Documents and Settings\cen26561\Application Data\Mozilla\Firefox\Profiles\febeprof.restore\extensions\https-everywhere@eff.org
[2011.01.28 21:41:18 | 000,000,000 | ---D | M] (Google Notebook) -- C:\Documents and Settings\cen26561\Application Data\Mozilla\Firefox\Profiles\febeprof.restore\extensions\notebook@google.com
[2012.10.01 01:08:58 | 000,000,000 | ---D | M] (YSlow) -- C:\Documents and Settings\cen26561\Application Data\Mozilla\Firefox\Profiles\febeprof.restore\extensions\yslow@yahoo-inc.com
[2011.01.28 21:33:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\cen26561\Application Data\Mozilla\Firefox\Profiles\pub5gbyx.default\extensions
[2011.01.28 21:33:14 | 000,000,000 | ---D | M] (FEBE) -- C:\Documents and Settings\cen26561\Application Data\Mozilla\Firefox\Profiles\pub5gbyx.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2011.01.20 17:48:20 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Documents and Settings\cen26561\Application Data\Mozilla\Firefox\Profiles\pub5gbyx.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2011.01.20 17:48:14 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\cen26561\Application Data\Mozilla\Firefox\Profiles\pub5gbyx.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2009.02.18 07:22:23 | 000,000,000 | ---D | M] (Google Notebook) -- C:\Documents and Settings\cen26561\Application Data\Mozilla\Firefox\Profiles\pub5gbyx.default\extensions\notebook@google.com
[2012.12.30 18:06:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2009.05.28 14:37:17 | 000,000,000 | ---D | M] (PC Sync 2 Synchronisation Extension) -- C:\PROGRAM FILES\NOKIA\NOKIA PC SUITE 7\BKMRKSYNC
[2006.11.09 15:20:40 | 002,111,096 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSWF32.dll
[2011.01.26 09:04:34 | 000,000,638 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
[2011.01.26 09:04:34 | 000,001,687 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\mall-cz.xml
[2011.01.26 09:04:34 | 000,001,367 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml
[2011.01.26 09:04:34 | 000,000,654 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml
[2011.01.26 09:04:34 | 000,001,179 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-cz.xml

========== Chrome ==========

CHR - homepage: http://www.patria.cz/default.asp
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.patria.cz/default.asp
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\cen26561\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\cen26561\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\cen26561\Local Settings\Application Data\Google\Chrome\Application\23.0.1271.97\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\cen26561\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U23 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\cen26561\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: Disk Google = C:\Documents and Settings\cen26561\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\cen26561\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Proxy Switchy! = C:\Documents and Settings\cen26561\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\caehdcpeofiiigpdhbabniblemipncjj\1.6.3_0\
CHR - Extension: Vyhled\u00E1v\u00E1n\u00ED Google = C:\Documents and Settings\cen26561\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: AdBlock = C:\Documents and Settings\cen26561\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.54_0\
CHR - Extension: Gmail = C:\Documents and Settings\cen26561\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2012.12.25 06:49:28 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - Startup: C:\Documents and Settings\CEN2610\Start Menu\Programs\Startup\Aplikace.cmd ()
O4 - Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Aplikace.cmd ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonType = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideShutdownScripts = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Download present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Persistence present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Security present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Download present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Persistence present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Security present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Download present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Persistence present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Security present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Download present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Persistence present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Security present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-1022765151-333211815-1520766640-21912\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1022765151-333211815-1520766640-21912\Software\Policies\Microsoft\Internet Explorer\Download present
O7 - HKU\S-1-5-21-1022765151-333211815-1520766640-21912\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-21-1022765151-333211815-1520766640-21912\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-21-1022765151-333211815-1520766640-21912\Software\Policies\Microsoft\Internet Explorer\Persistence present
O7 - HKU\S-1-5-21-1022765151-333211815-1520766640-21912\Software\Policies\Microsoft\Internet Explorer\Security present
O7 - HKU\S-1-5-21-1022765151-333211815-1520766640-21912\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1022765151-333211815-1520766640-21912\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1
O7 - HKU\S-1-5-21-1022765151-333211815-1520766640-21912\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: SpecifyDefaultButtons = 1
O7 - HKU\S-1-5-21-1022765151-333211815-1520766640-21912\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Back = 1
O7 - HKU\S-1-5-21-1022765151-333211815-1520766640-21912\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Forward = 1
O7 - HKU\S-1-5-21-1022765151-333211815-1520766640-21912\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Stop = 1
O7 - HKU\S-1-5-21-1022765151-333211815-1520766640-21912\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Refresh = 1
O7 - HKU\S-1-5-21-1022765151-333211815-1520766640-21912\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Home = 1
O7 - HKU\S-1-5-21-1022765151-333211815-1520766640-21912\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Search = 2
O7 - HKU\S-1-5-21-1022765151-333211815-1520766640-21912\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Favorites = 1
O7 - HKU\S-1-5-21-1022765151-333211815-1520766640-21912\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_History = 1
O7 - HKU\S-1-5-21-1022765151-333211815-1520766640-21912\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Media = 2
O7 - HKU\S-1-5-21-1022765151-333211815-1520766640-21912\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Folders = 2
O7 - HKU\S-1-5-21-1022765151-333211815-1520766640-21912\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Fullscreen = 2
O7 - HKU\S-1-5-21-1022765151-333211815-1520766640-21912\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Tools = 2
O7 - HKU\S-1-5-21-1022765151-333211815-1520766640-21912\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_MailNews = 2
O7 - HKU\S-1-5-21-1022765151-333211815-1520766640-21912\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Size = 1
O7 - HKU\S-1-5-21-1022765151-333211815-1520766640-21912\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Print = 1
O7 - HKU\S-1-5-21-1022765151-333211815-1520766640-21912\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Edit = 2
O7 - HKU\S-1-5-21-1022765151-333211815-1520766640-21912\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Discussions = 2
O7 - HKU\S-1-5-21-1022765151-333211815-1520766640-21912\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Cut = 2
O7 - HKU\S-1-5-21-1022765151-333211815-1520766640-21912\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Copy = 2
O7 - HKU\S-1-5-21-1022765151-333211815-1520766640-21912\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Paste = 2
O7 - HKU\S-1-5-21-1022765151-333211815-1520766640-21912\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Encoding = 2
O7 - HKU\S-1-5-21-1022765151-333211815-1520766640-21912\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-21-1022765151-333211815-1520766640-21912\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 1
O7 - HKU\S-1-5-21-1022765151-333211815-1520766640-21912\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1
O7 - HKU\S-1-5-21-1022765151-333211815-1520766640-21912\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisablePersonalDirChange = 1
O7 - HKU\S-1-5-21-1022765151-333211815-1520766640-21912\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKU\S-1-5-21-1022765151-333211815-1520766640-21912\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoUpdate = 1
O7 - HKU\S-1-5-21-1022765151-333211815-1520766640-21912\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: PreXPSP2ShellProtocolBehavior = 0
O7 - HKU\S-1-5-21-1022765151-333211815-1520766640-21912\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPublishingWizard = 0
O7 - HKU\S-1-5-21-1022765151-333211815-1520766640-21912\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWebServices = 0
O7 - HKU\S-1-5-21-1022765151-333211815-1520766640-21912\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoOnlinePrintsWizard = 0
O7 - HKU\S-1-5-21-1022765151-333211815-1520766640-21912\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 0
O7 - HKU\S-1-5-21-1022765151-333211815-1520766640-21912\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKU\S-1-5-21-1022765151-333211815-1520766640-21912\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuPinnedList = 1
O7 - HKU\S-1-5-21-1022765151-333211815-1520766640-21912\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecentDocsNetHood = 1
O7 - HKU\S-1-5-21-1022765151-333211815-1520766640-21912\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCloseDragDropBands = 1
O7 - HKU\S-1-5-21-1022765151-333211815-1520766640-21912\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-21-1022765151-333211815-1520766640-21912\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 1
O7 - HKU\S-1-5-21-1022765151-333211815-1520766640-21912\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1
O7 - HKU\S-1-5-21-1022765151-333211815-1520766640-21912\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1022765151-333211815-1520766640-21912\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1022765151-333211815-1520766640-22947\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1022765151-333211815-1520766640-22947\Software\Policies\Microsoft\Internet Explorer\Download present
O7 - HKU\S-1-5-21-1022765151-333211815-1520766640-22947\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-21-1022765151-333211815-1520766640-22947\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-21-1022765151-333211815-1520766640-22947\Software\Policies\Microsoft\Internet Explorer\Persistence present
O7 - HKU\S-1-5-21-1022765151-333211815-1520766640-22947\Software\Policies\Microsoft\Internet Explorer\Security present
O7 - HKU\S-1-5-21-1022765151-333211815-1520766640-22947\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1022765151-333211815-1520766640-22947\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1
O7 - HKU\S-1-5-21-1022765151-333211815-1520766640-22947\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: SpecifyDefaultButtons = 1
O7 - HKU\S-1-5-21-1022765151-333211815-1520766640-22947\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Back = 1
O7 - HKU\S-1-5-21-1022765151-333211815-1520766640-22947\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Forward = 1
O7 - HKU\S-1-5-21-1022765151-333211815-1520766640-22947\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Stop = 1
O7 - HKU\S-1-5-21-1022765151-333211815-1520766640-22947\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Refresh = 1
O7 - HKU\S-1-5-21-1022765151-333211815-1520766640-22947\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Home = 1
O7 - HKU\S-1-5-21-1022765151-333211815-1520766640-22947\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Search = 2
O7 - HKU\S-1-5-21-1022765151-333211815-1520766640-22947\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Favorites = 1
O7 - HKU\S-1-5-21-1022765151-333211815-1520766640-22947\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_History = 1
O7 - HKU\S-1-5-21-1022765151-333211815-1520766640-22947\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Media = 2
O7 - HKU\S-1-5-21-1022765151-333211815-1520766640-22947\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Folders = 2
O7 - HKU\S-1-5-21-1022765151-333211815-1520766640-22947\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Fullscreen = 2
O7 - HKU\S-1-5-21-1022765151-333211815-1520766640-22947\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Tools = 2
O7 - HKU\S-1-5-21-1022765151-333211815-1520766640-22947\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_MailNews = 2
O7 - HKU\S-1-5-21-1022765151-333211815-1520766640-22947\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Size = 1
O7 - HKU\S-1-5-21-1022765151-333211815-1520766640-22947\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Print = 1
O7 - HKU\S-1-5-21-1022765151-333211815-1520766640-22947\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Edit = 2
O7 - HKU\S-1-5-21-1022765151-333211815-1520766640-22947\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Discussions = 2
O7 - HKU\S-1-5-21-1022765151-333211815-1520766640-22947\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Cut = 2
O7 - HKU\S-1-5-21-1022765151-333211815-1520766640-22947\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Copy = 2
O7 - HKU\S-1-5-21-1022765151-333211815-1520766640-22947\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Paste = 2
O7 - HKU\S-1-5-21-1022765151-333211815-1520766640-22947\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Encoding = 2
O7 - HKU\S-1-5-21-1022765151-333211815-1520766640-22947\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-21-1022765151-333211815-1520766640-22947\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDFSTab = 1
O7 - HKU\S-1-5-21-1022765151-333211815-1520766640-22947\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1
O7 - HKU\S-1-5-21-1022765151-333211815-1520766640-22947\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1
O7 - HKU\S-1-5-21-1022765151-333211815-1520766640-22947\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisablePersonalDirChange = 1
O7 - HKU\S-1-5-21-1022765151-333211815-1520766640-22947\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O7 - HKU\S-1-5-21-1022765151-333211815-1520766640-22947\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoUpdate = 1
O7 - HKU\S-1-5-21-1022765151-333211815-1520766640-22947\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: PreXPSP2ShellProtocolBehavior = 0
O7 - HKU\S-1-5-21-1022765151-333211815-1520766640-22947\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPublishingWizard = 0
O7 - HKU\S-1-5-21-1022765151-333211815-1520766640-22947\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWebServices = 0
O7 - HKU\S-1-5-21-1022765151-333211815-1520766640-22947\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoOnlinePrintsWizard = 0
O7 - HKU\S-1-5-21-1022765151-333211815-1520766640-22947\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 0
O7 - HKU\S-1-5-21-1022765151-333211815-1520766640-22947\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SetVisualStyle =
O7 - HKU\S-1-5-21-1547161642-616249376-682003330-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1547161642-616249376-682003330-500\Software\Policies\Microsoft\Internet Explorer\Download present
O7 - HKU\S-1-5-21-1547161642-616249376-682003330-500\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O7 - HKU\S-1-5-21-1547161642-616249376-682003330-500\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-21-1547161642-616249376-682003330-500\Software\Policies\Microsoft\Internet Explorer\Persistence present
O7 - HKU\S-1-5-21-1547161642-616249376-682003330-500\Software\Policies\Microsoft\Internet Explorer\Security present
O7 - HKU\S-1-5-21-1547161642-616249376-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1547161642-616249376-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O7 - HKU\S-1-5-21-1547161642-616249376-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\S-1-5-21-1547161642-616249376-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 0
O7 - HKU\S-1-5-21-1547161642-616249376-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 0
O7 - HKU\S-1-5-21-1547161642-616249376-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O7 - HKU\S-1-5-21-1547161642-616249376-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 0
O7 - HKU\S-1-5-21-1547161642-616249376-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\S-1-5-21-1547161642-616249376-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKU\S-1-5-21-1547161642-616249376-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 0
O7 - HKU\S-1-5-21-1547161642-616249376-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\S-1-5-21-1547161642-616249376-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKU\S-1-5-21-1547161642-616249376-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 0
O7 - HKU\S-1-5-21-1547161642-616249376-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\S-1-5-21-1547161642-616249376-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 0
O7 - HKU\S-1-5-21-1547161642-616249376-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileMenu = 0
O7 - HKU\S-1-5-21-1547161642-616249376-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O7 - HKU\S-1-5-21-1547161642-616249376-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnforceShellExtensionSecurity = 0
O7 - HKU\S-1-5-21-1547161642-616249376-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-1547161642-616249376-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1547161642-616249376-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetConnectDisconnect = 0
O7 - HKU\S-1-5-21-1547161642-616249376-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O7 - HKU\S-1-5-21-1547161642-616249376-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAddPrinter = 0
O7 - HKU\S-1-5-21-1547161642-616249376-682003330-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPrinterTabs = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files\Microsoft Firewall Client\WSPWSP.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Microsoft Firewall Client\wspwsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Microsoft Firewall Client\wspwsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Microsoft Firewall Client\wspwsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Microsoft Firewall Client\wspwsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: budsemus ([]https in Local intranet)
O15 - HKLM\..Trusted Domains: cnb.cz ([wsb] https in Trusted sites)
O15 - HKLM\..Trusted Domains: cnb.cz ([wsc] https in Trusted sites)
O15 - HKLM\..Trusted Domains: cnb.cz ([wsd] https in Trusted sites)
O15 - HKLM\..Trusted Domains: csin.cz ([]* in Local intranet)
O15 - HKLM\..Trusted Domains: csin.cz ([brusb009.cen] http in Trusted sites)
O15 - HKLM\..Trusted Domains: csind.cz ([]* in Local intranet)
O15 - HKLM\..Trusted Domains: csint.cz ([]* in Local intranet)
O15 - HKLM\..Trusted Domains: ibm-t ([]http in Local intranet)
O15 - HKLM\..Trusted Domains: xa1pwsap2 ([]http in Local intranet)
O15 - HKLM\..Trusted Domains: xspp007007sp001 ([]http in Local intranet)
O15 - HKLM\..Trusted Domains: yb0PSI109 ([]https in Local intranet)
O15 - HKLM\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: budsemus ([]https in Local intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: cnb.cz ([wsb] https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: cnb.cz ([wsc] https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: cnb.cz ([wsd] https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: csin.cz ([]* in Local intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: csin.cz ([brusb009.cen] http in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: csind.cz ([]* in Local intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: csint.cz ([]* in Local intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: ibm-t ([]http in Local intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: xa1pwsap2 ([]http in Local intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: xspp007007sp001 ([]http in Local intranet)
O15 - HKU\.DEFAULT\..Trusted Domains: yb0PSI109 ([]https in Local intranet)
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: budsemus ([]https in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: cnb.cz ([wsb] https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: cnb.cz ([wsc] https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: cnb.cz ([wsd] https in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: csin.cz ([]* in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: csin.cz ([brusb009.cen] http in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: csind.cz ([]* in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: csint.cz ([]* in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: ibm-t ([]http in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: xa1pwsap2 ([]http in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: xspp007007sp001 ([]http in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: yb0PSI109 ([]https in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-1022765151-333211815-1520766640-21912\..Trusted Domains: budsemus ([]https in Local intranet)
O15 - HKU\S-1-5-21-1022765151-333211815-1520766640-21912\..Trusted Domains: cnb.cz ([wsb] https in Trusted sites)
O15 - HKU\S-1-5-21-1022765151-333211815-1520766640-21912\..Trusted Domains: cnb.cz ([wsc] https in Trusted sites)
O15 - HKU\S-1-5-21-1022765151-333211815-1520766640-21912\..Trusted Domains: cnb.cz ([wsd] https in Trusted sites)
O15 - HKU\S-1-5-21-1022765151-333211815-1520766640-21912\..Trusted Domains: csin.cz ([]* in Local intranet)
O15 - HKU\S-1-5-21-1022765151-333211815-1520766640-21912\..Trusted Domains: csin.cz ([brusb009.cen] http in Trusted sites)
O15 - HKU\S-1-5-21-1022765151-333211815-1520766640-21912\..Trusted Domains: csind.cz ([]* in Local intranet)
O15 - HKU\S-1-5-21-1022765151-333211815-1520766640-21912\..Trusted Domains: csint.cz ([]* in Local intranet)
O15 - HKU\S-1-5-21-1022765151-333211815-1520766640-21912\..Trusted Domains: ibm-t ([]http in Local intranet)
O15 - HKU\S-1-5-21-1022765151-333211815-1520766640-21912\..Trusted Domains: xa1pwsap2 ([]http in Local intranet)
O15 - HKU\S-1-5-21-1022765151-333211815-1520766640-21912\..Trusted Domains: xspp007007sp001 ([]http in Local intranet)
O15 - HKU\S-1-5-21-1022765151-333211815-1520766640-21912\..Trusted Domains: yb0PSI109 ([]https in Local intranet)
O15 - HKU\S-1-5-21-1022765151-333211815-1520766640-21912\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-1022765151-333211815-1520766640-22947\..Trusted Domains: budsemus ([]https in Local intranet)
O15 - HKU\S-1-5-21-1022765151-333211815-1520766640-22947\..Trusted Domains: cnb.cz ([wsb] https in Trusted sites)
O15 - HKU\S-1-5-21-1022765151-333211815-1520766640-22947\..Trusted Domains: cnb.cz ([wsc] https in Trusted sites)
O15 - HKU\S-1-5-21-1022765151-333211815-1520766640-22947\..Trusted Domains: cnb.cz ([wsd] https in Trusted sites)
O15 - HKU\S-1-5-21-1022765151-333211815-1520766640-22947\..Trusted Domains: csin.cz ([]* in Local intranet)
O15 - HKU\S-1-5-21-1022765151-333211815-1520766640-22947\..Trusted Domains: csin.cz ([brusb009.cen] http in Trusted sites)
O15 - HKU\S-1-5-21-1022765151-333211815-1520766640-22947\..Trusted Domains: csind.cz ([]* in Local intranet)
O15 - HKU\S-1-5-21-1022765151-333211815-1520766640-22947\..Trusted Domains: csint.cz ([]* in Local intranet)
O15 - HKU\S-1-5-21-1022765151-333211815-1520766640-22947\..Trusted Domains: ibm-t ([]http in Local intranet)
O15 - HKU\S-1-5-21-1022765151-333211815-1520766640-22947\..Trusted Domains: xa1pwsap2 ([]http in Local intranet)
O15 - HKU\S-1-5-21-1022765151-333211815-1520766640-22947\..Trusted Domains: xspp007007sp001 ([]http in Local intranet)
O15 - HKU\S-1-5-21-1022765151-333211815-1520766640-22947\..Trusted Domains: yb0PSI109 ([]https in Local intranet)
O15 - HKU\S-1-5-21-1022765151-333211815-1520766640-22947\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-1547161642-616249376-682003330-500\..Trusted Domains: budsemus ([]https in Local intranet)
O15 - HKU\S-1-5-21-1547161642-616249376-682003330-500\..Trusted Domains: cnb.cz ([wsb] https in Trusted sites)
O15 - HKU\S-1-5-21-1547161642-616249376-682003330-500\..Trusted Domains: csin.cz ([www] http in Local intranet)
O15 - HKU\S-1-5-21-1547161642-616249376-682003330-500\..Trusted Domains: ibm-t ([]http in Local intranet)
O15 - HKU\S-1-5-21-1547161642-616249376-682003330-500\..Trusted Domains: xa1pwsap2 ([]http in Local intranet)
O15 - HKU\S-1-5-21-1547161642-616249376-682003330-500\..Trusted Domains: xspp007007sp001 ([]http in Local intranet)
O15 - HKU\S-1-5-21-1547161642-616249376-682003330-500\..Trusted Domains: yb0psi109 ([]https in Local intranet)
O15 - HKU\S-1-5-21-1547161642-616249376-682003330-500\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {025FCDE8-CA07-46E1-A03E-543E63ECF506} http://crmatu.csint.cz/fins_db_csy/19230/applets/SiebelAx_Gantt_Chart.cab (Siebel Gantt Chart)
O16 - DPF: {1FCEC0C6-D57E-4071-9D0B-B0BF7582DE33} http://crmtestf.csint.cz/fins_db_csy/19241/applets/SiebelAx_iHelp.cab (Siebel iHelp)
O16 - DPF: {61630AB9-CFF3-4121-B2CD-22FDE81F876B} http://crmtestf.csint.cz/fins_db_csy/19241/applets/SiebelAx_Calendar.cab (Siebel Calendar)
O16 - DPF: {68CDB19A-6305-4589-8C35-41E3502CD451} http://crm.csin.cz/fins_csy/16279/applets/SiebelOptionPack.cab (Siebel Option Pack for IE 7.5.3)
O16 - DPF: {7F09CDE1-3A8D-47E8-B711-BA6F31F293DC} http://crm.csin.cz/fins_csy/19230/applets/SiebelAx_HI_Client.cab (Siebel High Interactivity Framework)
O16 - DPF: {81A81DD2-A261-442A-B9B1-DF10A2542020} http://crmdeva.csint.cz/fins_csy/16199/applets/SiebelOptionPack.cab (Siebel Option Pack for IE 7.5.3)
O16 - DPF: {84EDA748-62A3-4967-A947-EAD137772815} http://crmatu.csint.cz/fins_db_csy/19230/applets/SiebelAx_iHelp.cab (Siebel iHelp)
O16 - DPF: {85615D08-3D5B-4045-976D-231011156A6D} http://crmatu.csint.cz/fins_db_csy/19230/applets/SiebelAx_OutBound_mail.cab (Siebel Email Support for Microsoft Outlook and Lotus Notes)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8C244272-1DC1-4CE7-9C6C-FABCA09EB543} http://crmtestf.csint.cz/fins_db_csy/19241/applets/SiebelAx_Desktop_Integration.cab (Siebel Desktop Integration)
O16 - DPF: {8F623BE4-2C55-4095-B1E0-A41B631A49BD} http://crmtestf.csint.cz/fins_db_csy/19241/applets/SiebelAx_HI_Client.cab (Siebel High Interactivity Framework)
O16 - DPF: {A312B321-B071-4EEA-A721-C132BCDDCBEF} http://crmtestf.csint.cz/fins_db_csy/19241/applets/SiebelAx_Gantt_Chart.cab (Siebel Gantt Chart)
O16 - DPF: {BF88D489-C9C4-4BDD-9F73-09DE058A3D7D} http://crmtestf.csint.cz/fins_db_csy/19241/applets/SiebelAx_OutBound_mail.cab (Siebel Email Support for Microsoft Outlook and Lotus Notes)
O16 - DPF: {C3FB013F-6E58-4B7B-A164-26035E15F5DB} http://crmatu.csint.cz/fins_db_csy/19230/applets/SiebelAx_Calendar.cab (Siebel Calendar)
O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {DB9581FB-C302-46DE-A0B6-24CF90C7BE44} http://crmatu.csint.cz/fins_db_csy/19230/applets/SiebelAx_HI_Client.cab (Siebel High Interactivity Framework)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = cen.csin.cz
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F3811FF8-F923-4953-A954-8DC8F55EE3E2}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Program Files\Microsoft ActiveSync\aatp.dll File not found
O18 - Protocol\Handler\qrev {9DE24BAC-FC3C-42c4-9FC4-76B3FAFDBD90} - C:\Program Files\Toad\RNetPin.dll ()
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.06.21 13:34:43 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com -- "%1" %*
O37 - HKLM\...exe -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013.01.10 19:14:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\cen26561\Desktop\OTL.exe
[2013.01.10 19:07:28 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\cen26561\IETldCache
[2013.01.10 13:17:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2013.01.10 13:16:10 | 000,016,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2013.01.10 13:14:55 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2012.12.30 17:40:07 | 000,000,000 | --SD | C] -- C:\WINDOWS\Temporary Internet Files
[2012.12.25 22:49:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\cen26561\Local Settings\Application Data\PCHealth
[2012.12.25 22:47:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2012.12.25 07:01:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012.12.25 05:59:14 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012.12.25 05:56:07 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012.12.25 05:56:07 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012.12.25 05:56:07 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012.12.25 05:56:07 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012.12.25 05:53:51 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.12.25 05:53:33 | 000,000,000 | R--D | C] -- c:\uziv\cen26561\My Videos
[2012.12.25 05:53:33 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\cen26561\Templates
[2012.12.25 05:53:33 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\cen26561\PrintHood
[2012.12.25 05:53:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
[2012.12.25 05:53:32 | 000,000,000 | R--D | C] -- C:\Documents and Settings\cen26561\Start Menu\Programs\Administrative Tools
[2012.12.25 05:53:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012.12.25 04:51:06 | 005,012,686 | R--- | C] (Swearware) -- C:\Documents and Settings\cen26561\Desktop\Combo-Fix.exe
[2012.12.25 04:25:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\cen26561\Application Data\AVG2013
[2012.12.25 04:23:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG
[2012.12.25 04:23:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\cen26561\Application Data\TuneUp Software
[2012.12.25 04:21:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG2013
[2012.12.25 04:21:55 | 000,000,000 | ---D | C] -- C:\$AVG
[2012.12.25 04:20:51 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2012.12.25 04:15:08 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2012.12.25 04:15:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\cen26561\Local Settings\Application Data\MFAData
[2012.12.25 04:15:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012.12.25 04:15:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\cen26561\Local Settings\Application Data\Avg2013
[2012.12.25 01:32:22 | 000,014,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsgXP_2k3.dll
[2012.12.24 22:19:57 | 001,112,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WdfCoInstaller01007.dll
[2012.12.24 22:19:57 | 000,581,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WinUSBCoInstaller.dll
[2012.12.24 22:14:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Sony
[2012.12.24 22:14:33 | 000,000,000 | ---D | C] -- C:\Program Files\Sony
[2012.12.24 22:14:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sony
[2012.12.24 22:07:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2012.12.24 22:07:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2012.12.24 20:20:16 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusb.dll
[2012.12.24 20:20:15 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ptpusd.dll
[2012.12.24 20:20:14 | 000,015,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbscan.sys
[2012.12.14 13:04:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\cen26561\Desktop\aesop
[2012.12.12 16:35:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\cen26561\.freemind
[2012.12.12 16:19:08 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2012.12.12 15:41:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FreeMind
[2012.12.12 15:41:07 | 000,000,000 | ---D | C] -- C:\Program Files\FreeMind
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013.01.10 19:14:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\cen26561\Desktop\OTL.exe
[2013.01.10 19:13:10 | 000,000,352 | RHS- | M] () -- C:\boot.ini
[2013.01.10 19:07:37 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\cen26561\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013.01.10 18:57:00 | 000,001,044 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1022765151-333211815-1520766640-21912UA.job
[2013.01.10 18:14:06 | 000,000,466 | ---- | M] () -- C:\WINDOWS\SMSCFG.ini
[2013.01.10 18:13:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.01.10 18:13:15 | 527,880,192 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.10 12:44:02 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.01.08 00:42:28 | 000,006,895 | ---- | M] () -- C:\WINDOWS\wincmd.ini
[2013.01.08 00:32:28 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2013.01.04 15:34:45 | 000,003,852 | ---- | M] () -- C:\Documents and Settings\cen26561\.bash_history
[2012.12.30 17:50:34 | 000,008,134 | ---- | M] () -- C:\WINDOWS\uedit32.INI
[2012.12.26 01:31:11 | 000,001,348 | ---- | M] () -- C:\Documents and Settings\cen26561\Desktop\avg.csv
[2012.12.25 22:49:17 | 000,001,919 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012.12.25 06:49:28 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012.12.25 05:15:03 | 000,367,771 | -H-- | M] () -- C:\treeinfo.wc
[2012.12.25 04:51:15 | 005,012,686 | R--- | M] (Swearware) -- C:\Documents and Settings\cen26561\Desktop\Combo-Fix.exe
[2012.12.25 04:23:50 | 000,000,714 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk
[2012.12.25 04:19:41 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\cen26561\Local Settings\Application Data\PUTTY.RND
[2012.12.25 01:34:12 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_WinUSB_01007.Wdf
[2012.12.25 01:34:10 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.12.25 01:32:40 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2012.12.24 22:14:59 | 000,001,739 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Sony PC Companion 2.1.lnk
[2012.12.24 22:07:19 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2012.12.24 21:40:34 | 000,002,275 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012.12.24 19:15:01 | 000,000,191 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2012.12.20 17:22:23 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\cen26561\Application Data\winscp.rnd
[2012.12.16 22:56:54 | 000,001,377 | ---- | M] () -- C:\Documents and Settings\cen26561\Application Data\Microsoft\Internet Explorer\Quick Launch\msysGit.lnk
[2012.12.16 22:56:08 | 000,000,073 | ---- | M] () -- C:\WINDOWS\usercmd.ini
[2012.12.13 16:23:52 | 000,000,939 | -H-- | M] () -- C:\Documents and Settings\cen26561\.gitk
[2012.12.13 10:52:53 | 000,002,309 | ---- | M] () -- C:\Documents and Settings\cen26561\Desktop\Google Chrome.lnk
[2012.12.13 10:52:53 | 000,002,287 | ---- | M] () -- C:\Documents and Settings\cen26561\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012.12.12 16:32:19 | 000,000,236 | ---- | M] () -- C:\Boot.bak
[2012.12.12 16:18:08 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll
[2012.12.12 16:18:07 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2012.12.12 16:18:02 | 000,500,496 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.12.12 16:18:02 | 000,086,868 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.12.12 16:17:55 | 000,309,716 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2012.12.12 16:17:55 | 000,046,016 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2012.12.12 16:13:51 | 000,001,110 | ---- | M] () -- C:\WINDOWS\WDICT32.INI
[2012.12.12 16:13:34 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\cen26561\Application Data\Microsoft\Internet Explorer\Quick Launch\FreeMind.lnk
[2012.12.12 15:41:11 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\cen26561\Desktop\FreeMind.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.01.10 19:07:37 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\cen26561\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012.12.26 01:31:11 | 000,001,348 | ---- | C] () -- C:\Documents and Settings\cen26561\Desktop\avg.csv
[2012.12.25 22:49:17 | 000,001,919 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2012.12.25 05:59:22 | 000,000,236 | ---- | C] () -- C:\Boot.bak
[2012.12.25 05:59:16 | 000,261,312 | RHS- | C] () -- C:\cmldr
[2012.12.25 05:56:07 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012.12.25 05:56:07 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012.12.25 05:56:07 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012.12.25 05:56:07 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012.12.25 05:56:07 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012.12.25 04:23:50 | 000,000,714 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2013.lnk
[2012.12.25 01:34:12 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_WinUSB_01007.Wdf
[2012.12.25 01:32:40 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
[2012.12.24 22:14:59 | 000,001,739 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Sony PC Companion 2.1.lnk
[2012.12.24 22:07:19 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2012.12.16 22:56:53 | 000,001,377 | ---- | C] () -- C:\Documents and Settings\cen26561\Application Data\Microsoft\Internet Explorer\Quick Launch\msysGit.lnk
[2012.12.16 22:56:08 | 000,000,073 | ---- | C] () -- C:\WINDOWS\usercmd.ini
[2012.12.12 16:13:34 | 000,001,548 | ---- | C] () -- C:\Documents and Settings\cen26561\Application Data\Microsoft\Internet Explorer\Quick Launch\FreeMind.lnk
[2012.12.12 15:41:11 | 000,001,548 | ---- | C] () -- C:\Documents and Settings\cen26561\Desktop\FreeMind.lnk
[2012.11.25 20:38:47 | 000,000,059 | ---- | C] () -- C:\Documents and Settings\cen26561\.gitconfig
[2012.11.05 13:37:15 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\cen26561\Local Settings\Application Data\PUTTY.RND
[2012.10.19 17:53:36 | 000,145,416 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012.10.11 03:03:54 | 000,002,048 | ---- | C] () -- C:\WINDOWS\System32\rt73.bin
[2012.10.09 16:02:11 | 000,000,939 | -H-- | C] () -- C:\Documents and Settings\cen26561\.gitk
[2012.10.09 13:35:59 | 000,005,156 | ---- | C] () -- C:\Documents and Settings\cen26561\.bashrc
[2012.10.09 13:27:35 | 000,001,443 | ---- | C] () -- C:\Documents and Settings\cen26561\_viminfo
[2012.10.04 14:06:36 | 000,004,104 | ---- | C] () -- C:\Documents and Settings\cen26561\pripojeni
[2012.10.03 15:26:44 | 000,002,569 | ---- | C] () -- C:\Documents and Settings\cen26561\secedit.INTEG.RAW
[2012.06.30 23:20:28 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011.10.31 18:59:46 | 000,003,852 | ---- | C] () -- C:\Documents and Settings\cen26561\.bash_history
[2011.01.29 13:41:15 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\cen26561\Application Data\winscp.rnd
[2007.06.21 22:59:00 | 000,074,240 | ---- | C] () -- C:\Documents and Settings\cen26561\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.06.21 22:59:00 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\cen26561\Local Settings\Application Data\fusioncache.dat
[2007.06.21 22:58:33 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\cen26561\Application Data\$_hpcst$.hpc
[2007.06.21 22:58:29 | 000,170,740 | RHS- | C] () -- C:\Documents and Settings\cen26561\ntuser.pol
[2007.06.21 22:58:29 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\cen26561\PUTTY.RND
[2007.06.21 22:57:50 | 000,056,692 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol

========== ZeroAccess Check ==========

[2005.10.26 12:53:24 | 000,000,227 | -HS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009.12.22 06:21:02 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 13:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 05:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\cen26561\Desktop\Norton Commander.pif:SummaryInformation
@Alternate Data Stream - 8 bytes -> C:\WINDOWS\accache.vbs:Bookmarks
@Alternate Data Stream - 60 bytes -> C:\WINDOWS\accache.vbs:Undo

< End of report >



OTL Extras logfile created on: 10.1.2013 19:18:05 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\cen26561\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000405 | Country: Czech Republic | Language: CSY | Date Format: d.M.yyyy

503,36 Mb Total Physical Memory | 168,32 Mb Available Physical Memory | 33,44% Memory free
1,20 Gb Paging File | 0,79 Gb Available in Paging File | 65,80% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74,52 Gb Total Space | 2,38 Gb Free Space | 3,19% Space Free | Partition Type: NTFS

Computer Name: BRUNA104 | User Name: CEN26561 | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.ini -- C:\Program Files\UltraEdit\uedit32.exe (IDM Computer Solutions, Inc.)
.js -- C:\Program Files\UltraEdit\uedit32.exe (IDM Computer Solutions, Inc.)
.txt -- C:\Program Files\UltraEdit\uedit32.exe (IDM Computer Solutions, Inc.)

[HKEY_USERS\S-1-5-21-1022765151-333211815-1520766640-21912\SOFTWARE\Classes\<extension>]
.html -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CmdHere] -- C:\WINDOWS\system32\cmd.exe /k cd "%1" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Prozkoumat v XnView] -- "C:\Program Files\XnView\xnview.exe" "%1" (XnView, http://www.xnview.com)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\1E\SMSWakeUp50\SMSWUagent.exe" = C:\Program Files\1E\SMSWakeUp50\SMSWUagent.exe:*:Enabled:SMSWakeUp Agent
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Pavel\dhcp\dhcpsrv.exe" = C:\Pavel\dhcp\dhcpsrv.exe:*:Enabled:DHCP Server for Windows -- (Uwe A. Ruttkamp)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Pavel\dhcp\dhcpsrv.exe" = C:\Pavel\dhcp\dhcpsrv.exe:*:Enabled:DHCP Server for Windows -- (Uwe A. Ruttkamp)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\AVG\AVG2013\avgnsx.exe" = C:\Program Files\AVG\AVG2013\avgnsx.exe:*:Enabled:Webový štít -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2013\avgdiagex.exe" = C:\Program Files\AVG\AVG2013\avgdiagex.exe:*:Enabled:AVG Diagnostika 2013 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG2013\avgmfapx.exe" = C:\Program Files\AVG\AVG2013\avgmfapx.exe:*:Enabled:Instalátor AVG -- (AVG Technologies CZ, s.r.o.)
"C:\Pavel\miranda\miranda32.exe" = C:\Pavel\miranda\miranda32.exe:*:Enabled:Miranda IM -- ( )


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator 0.8.0
"{0202C562-636A-4836-8792-33CFA4984300}" = SafeQ Port Enterprise
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{0ED5B0E2-81FA-4780-B5EF-7AD3AA95CB8A}" = Creative Docs .NET
"{10627FCE-B1C9-4E78-AFCA-5AAE11774442}" = Anglický překladový slovník Lingea pro MS Office 2003
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{2198BBA7-59B5-46C6-B100-F7D868E523D6}_is1" = caster Emulator
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{2DFE1608-BDCA-11D1-B7AE-00C04FB92F3D}" = Microsoft Project 2000 SR-1
"{2E7F57C1-E615-447F-84B5-68FD743B6CDA}" = Siebel Option Pack 7.8.2.6
"{3256C48C-78D0-4FC6-A0F5-81ADF3A9D7D4}" = AVG 2013
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35343FF7-939B-401A-87B3-FF90A5123D88}" = Microsoft XML Parser and SDK
"{38C26500-F287-457F-B086-08758DFA3029}" = Siebel Option Pack 7.8.2.60
"{39FF7897-AB95-43BC-A055-14C4A767C240}" = Siebel Option Pack 7.5.3
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CEAC0C2-A258-4BA5-AEE7-F92360D45EBF}" = AddTxtToMsgSetup
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = WIDCOMM Bluetooth Software
"{40E009E6-B775-4642-A174-71CA2C3A2789}" = CS CryptoPlus v1.0
"{43B6667D-7520-4186-B05B-F5C0494C495D}" = UltraEdit-32
"{447AC5D6-8520-4151-AECA-323C36507EFB}" = Nokia Software Updater
"{581CD187-B878-436B-ADC7-4D70FBE1F43B}" = Siebel Option Pack 7.8.2.10
"{58BAA8D0-404E-4585-9FD3-ED1BB72AC2EE}" = Adobe Flash Player 9 ActiveX
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5D412B61-F3A7-42C6-9C07-29BBD3D442B1}" = AVG 2013
"{69DAC00A-7665-4E9B-B441-093D40736429}" = HP BatteryCheck 1.00 A7
"{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PartitionMagic
"{6C07AC65-E851-4382-A008-A13DA806726D}" = Siebel Sync 7.5.2.217
"{7036A6F4-5DAD-3908-956D-1752CD7F7E5A}" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"{70E42F24-B920-4CDE-BB99-7B9CE881ED6A}" = Německý překladový slovník Lingea pro MS Office 2003
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7694EC32-CB0E-4B35-9088-7B320CB1F4FE}" = Nokia PC Suite
"{7911C404-9AFA-4BB2-B9B7-E47423D87528}" = Knights Of Honor
"{82427977-8776-4087-90CA-9F65174D3C4D}" = Nokia Connectivity Cable Driver
"{829CD169-E692-48E8-9BDE-A3E8D8B65538}" = mSCfg
"{83AD5E71-80C0-4818-B6E4-CA2607B6A141}" = SMS Advanced Client
"{877AAB34-CA5F-40E1-9205-1320279F2136}" = OutlookSync
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver for Mobile
"{8A8F4EF8-160C-4E0F-B32D-92E2313E039B}" = Microsoft Baseline Security Analyzer 2.0
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8C7A59A8-9ABE-459A-9A93-08C281A4A264}" = Microsoft Firewall Client
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{901E0405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Czech User Interface Pack
"{90510405-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A2DE62D8-EF1B-36CB-B461-B1E221ED8608}" = Microsoft .NET Framework 4 Extended CSY Language Pack
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A70500000002}" = Adobe Reader 7.0.5
"{AC76BA86-7AD7-5676-5A64-E98530000001}" = Extended Language Support Fonts Package
"{ADAE6A0F-3038-4F17-8B6F-F29CFBDCFD42}" = eWebEditPro 2 Client
"{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English)
"{B7886D87-ADA4-46A0-8A8D-02AB16B9F95A}" = Borland Delphi 6
"{B7CB0BF3-791E-44D3-9F04-786E36D51C9D}" = PC Connectivity Solution
"{B8ABD8C7-991E-4A70-B5A3-20C6FC680680}" = LogMeIn Hamachi
"{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom NetXtreme Ethernet Controller
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEB326EC-8F40-47B2-BA22-BB092565D66F}" = Quick Launch Buttons 5.10 A2
"{D71AC256-FA83-45EA-9F14-1B20BB5105C9}" = TIxx21/x515
"{E44BD710-B71A-11d3-9F79-006008A88EC8}" = VBA
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{E91E8912-769D-42F0-8408-0E329443BABC}" = Edimax Wireless LAN
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.115
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"0C5EDC3653FED5B121F464339EAC12534D253B25" = Windows Driver Package - Nokia Modem (02/15/2007 3.1)
"274c5407c4fa26908310cb5c1c410000" = NetBeans IDE 4.1
"504244733D18C8F63FF584AEB290E3904E791693" = Balíček ovladače systému Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"9CD348AE9C64C4B939B624E8E24F3903EFDFC82B" = Balíček ovladače systému Windows - Nokia Modem (05/22/2008 7.00.0.1)
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"AVG" = AVG 2013
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"BSPlayer1" = BSPlayer
"BvSshClient" = Bitvise SSH Client 4.51 (remove only)
"C5A76DC11BABDA0A881E7BE8DDEB641365A77FFD" = Balíček ovladače systému Windows - Nokia Modem (05/22/2008 3.8)
"CBF192A85B624E32B8D19ADEEF2DCFC5BC3AA73A" = Balíček ovladače systému Windows - Nokia Modem (03/05/2008 3.7)
"CmdHere" = CMD Prompt Here PowerToy
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2010-10-10
"CryptoPlus CS v1.0e" = CryptoPlus CS v1.0e
"D978F69D5F15B845BD6BC6F8BF9BCD36982A2087" = Balíček ovladače systému Windows - Nokia Modem (02/24/2009 4.0)
"DancingGorilla_is1" = DancingGorilla 1.1.4/1.06
"E092B2EBF2FFE83E896F8F7F829A7B5D7D1B2F9D" = Balíček ovladače systému Windows - Nokia Modem (03/13/2008 6.86.0.1)
"E7F682214B951640C9C539C41FDA1A7F836FF7B6" = Balíček ovladače systému Windows - Nokia Modem (02/23/2009 7.01.0.2)
"Gemplus Smart Card Reader Tools" = Gemplus Smart Card Reader Tools
"Help & Manual 3 Evaluation Version_is1" = Help & Manual 3.31
"ie8" = Windows Internet Explorer 8
"Industry Giant 2" = Industry Giant 2
"InstallShield_{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}" = PowerQuest PartitionMagic 8.0
"InstallShield_{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom NetXtreme Ethernet Controller
"InstallShield_{D71AC256-FA83-45EA-9F14-1B20BB5105C9}" = Texas Instruments PCIxx21/x515 drivers.
"IrfanView" = IrfanView (remove only)
"IsoBuster_is1" = IsoBuster 1.8
"Knowledge Xpert for PLSQL V8.5" = Knowledge Xpert for PLSQL V8.5
"LogMeIn Hamachi" = LogMeIn Hamachi
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile CSY Language Pack" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended CSY Language Pack" = Microsoft .NET Framework 4 Extended CSY Language Pack
"Microsoft .NET Framework Full v1.0.3705 (1033)" = Microsoft .NET Framework (English) v1.0.3705
"Miranda IM" = Miranda IM 0.9.52
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"nbi-nb-base-6.9.1.0.0" = NetBeans IDE 6.9.1
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"Nokia PC Suite" = Nokia PC Suite
"OpenVPN" = OpenVPN 2.0.5-gui-1.0.3
"pckukacky" = Počítačové kukačky 1.0 Beta
"ProInst" = Software Intel® PROSet/Wireless
"PSPad editor_is1" = PSPad editor
"Quest Software Toad for Oracle Version 8.5.3" = Quest Software Toad for Oracle Version 8.5.3
"Quest SQL Tuning" = Quest SQL Tuning
"Raize Components 3.0" = Raize Components 3.0
"S24 Utility_is1" = S24 Utility
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Totalcmd" = Total Commander (Remove or Repair)
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinOS Server_is1" = WinOS Server 1.0
"WinOs_is1" = Pujčovna 4.62
"WinRAR archiver" = WinRAR
"winscp3_is1" = WinSCP 4.2.9
"winusb0100" = Microsoft WinUsb 1.0
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xming_is1" = Xming 6.9.0.31
"XnView_is1" = XnView 1.93.6

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1022765151-333211815-1520766640-21912\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 27.3.2008 9:55:04 | Computer Name = BRUNA104 | Source = UserInit | ID = 1000
Description = Skript gpo_CEN_CS_WS_Startup_Copy.cmd nelze spustit. Systém nemůže
nalézt uvedený soubor. .

Error - 27.3.2008 9:55:25 | Computer Name = BRUNA104 | Source = Userenv | ID = 1054
Description = Systém Windows nemůže získat název řadiče domény vaší sítě. (Zadaná
doména neexistuje nebo není k dispozici. ). Zpracovávání zásad skupin bylo zastaveno.


Error - 27.3.2008 9:55:27 | Computer Name = BRUNA104 | Source = UserInit | ID = 1000
Description = Skript logon.cmd nelze spustit. Systém nemůže nalézt uvedený soubor.
.

Error - 27.3.2008 9:56:03 | Computer Name = BRUNA104 | Source = AutoEnrollment | ID = 15
Description = Automatickému zápisu certifikátu pro Local System se nezdařilo kontaktovat
adresář Active Directory(0x8007054b). Zadaná doména neexistuje nebo není k dispozici.

Zápis nebude proveden.

Error - 31.3.2008 2:39:52 | Computer Name = BRUNA104 | Source = Userenv | ID = 1085
Description = Provedení rozšíření zásad skupiny na straně klienta Security se nezdařilo.
Vyhledejte všechny předchozí chyby hlášené tímto rozšířením.

Error - 31.3.2008 3:18:23 | Computer Name = BRUNA104 | Source = Userenv | ID = 1054
Description = Systém Windows nemůže získat název řadiče domény vaší sítě. (Zadaná
doména neexistuje nebo není k dispozici. ). Zpracovávání zásad skupin bylo zastaveno.


Error - 31.3.2008 3:18:25 | Computer Name = BRUNA104 | Source = UserInit | ID = 1000
Description = Skript setvars.cmd nelze spustit. Systém nemůže nalézt uvedený soubor.
.

Error - 31.3.2008 3:18:25 | Computer Name = BRUNA104 | Source = UserInit | ID = 1000
Description = Skript gpo_CEN_CS_WS_Startup_Copy.cmd nelze spustit. Systém nemůže
nalézt uvedený soubor. .

Error - 31.3.2008 3:18:45 | Computer Name = BRUNA104 | Source = Userenv | ID = 1054
Description = Systém Windows nemůže získat název řadiče domény vaší sítě. (Zadaná
doména neexistuje nebo není k dispozici. ). Zpracovávání zásad skupin bylo zastaveno.


Error - 31.3.2008 3:18:47 | Computer Name = BRUNA104 | Source = UserInit | ID = 1000
Description = Skript logon.cmd nelze spustit. Systém nemůže nalézt uvedený soubor.
.

[ System Events ]
Error - 10.1.2013 13:13:36 | Computer Name = BRUNA104 | Source = W32Time | ID = 39452689
Description = Klient NTP zprostředkovatele časových údajů: Při vyhledávání DNS ručně
nakonfigurovaného partnera time.windows.com,0x1 došlo k chybě. Klient NTP se pokusí
o vyhledání pomocí služby DNS znovu za 15 minut. Chyba: Došlo k pokusu o operaci
se soketem v okamžiku nedosažitelnosti hostitele. (0x80072751)

Error - 10.1.2013 13:13:36 | Computer Name = BRUNA104 | Source = W32Time | ID = 39452701
Description = Klient NTP zprostředkovatele časových údajů je konfigurován pro získávání
časových údajů z jednoho nebo více zdrojů času. Žádný z těchto zdrojů však není
aktuálně k dispozici. Po dobu 14 minut nebude proveden žádný pokus o kontaktování
zdroje. Klient NTP nemá k dispozici žádný zdroj času.

Error - 10.1.2013 13:13:36 | Computer Name = BRUNA104 | Source = W32Time | ID = 39452689
Description = Klient NTP zprostředkovatele časových údajů: Při vyhledávání DNS ručně
nakonfigurovaného partnera time.windows.com,0x1 došlo k chybě. Klient NTP se pokusí
o vyhledání pomocí služby DNS znovu za 15 minut. Chyba: Došlo k pokusu o operaci
se soketem v okamžiku nedosažitelnosti hostitele. (0x80072751)

Error - 10.1.2013 13:13:36 | Computer Name = BRUNA104 | Source = W32Time | ID = 39452701
Description = Klient NTP zprostředkovatele časových údajů je konfigurován pro získávání
časových údajů z jednoho nebo více zdrojů času. Žádný z těchto zdrojů však není
aktuálně k dispozici. Po dobu 14 minut nebude proveden žádný pokus o kontaktování
zdroje. Klient NTP nemá k dispozici žádný zdroj času.

Error - 10.1.2013 13:13:51 | Computer Name = BRUNA104 | Source = Service Control Manager | ID = 7006
Description = Volání ScRegSetValueExW skončilo neúspěšné pro FailureActions s touto
chybou: %%5

Error - 10.1.2013 13:13:51 | Computer Name = BRUNA104 | Source = Service Control Manager | ID = 7006
Description = Volání ScRegSetValueExW skončilo neúspěšné pro FailureActions s touto
chybou: %%5

Error - 10.1.2013 13:28:37 | Computer Name = BRUNA104 | Source = W32Time | ID = 39452689
Description = Klient NTP zprostředkovatele časových údajů: Při vyhledávání DNS ručně
nakonfigurovaného partnera time.windows.com,0x1 došlo k chybě. Klient NTP se pokusí
o vyhledání pomocí služby DNS znovu za 30 minut. Chyba: Došlo k pokusu o operaci
se soketem v okamžiku nedosažitelnosti hostitele. (0x80072751)

Error - 10.1.2013 13:28:37 | Computer Name = BRUNA104 | Source = W32Time | ID = 39452701
Description = Klient NTP zprostředkovatele časových údajů je konfigurován pro získávání
časových údajů z jednoho nebo více zdrojů času. Žádný z těchto zdrojů však není
aktuálně k dispozici. Po dobu 29 minut nebude proveden žádný pokus o kontaktování
zdroje. Klient NTP nemá k dispozici žádný zdroj času.

Error - 10.1.2013 13:58:40 | Computer Name = BRUNA104 | Source = W32Time | ID = 39452689
Description = Klient NTP zprostředkovatele časových údajů: Při vyhledávání DNS ručně
nakonfigurovaného partnera time.windows.com,0x1 došlo k chybě. Klient NTP se pokusí
o vyhledání pomocí služby DNS znovu za 60 minut. Chyba: Došlo k pokusu o operaci
se soketem v okamžiku nedosažitelnosti hostitele. (0x80072751)

Error - 10.1.2013 13:58:40 | Computer Name = BRUNA104 | Source = W32Time | ID = 39452701
Description = Klient NTP zprostředkovatele časových údajů je konfigurován pro získávání
časových údajů z jednoho nebo více zdrojů času. Žádný z těchto zdrojů však není
aktuálně k dispozici. Po dobu 59 minut nebude proveden žádný pokus o kontaktování
zdroje. Klient NTP nemá k dispozici žádný zdroj času.


< End of report >

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#12 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:10:49 PM

Posted 12 January 2013 - 09:08 PM

Hi

right before scan avg detedted trojan horse PSW.Generic.AVBD in C:\System Volume Information\_restore{9e0ca8fc-7EA6-40F3-A5A0-087381D5B99D}\RP1\A0001083.exe . What should I do, let AVG solve it?

This will be removed when we do cleanup steps, so no need to do anything about this at present.

Please do the following next:

:step1:

The Aplikace.cmd file in the startup folders below are suspicious to us:

C:\Documents and Settings\CEN2610\Start Menu\Programs\Startup\Aplikace.cmd
C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Aplikace.cmd
Do you know what this file is for?


:step2:

I notice that you have some Proxies enabled:

IE - HKU\S-1-5-21-1022765151-333211815-1520766640-22947\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-1022765151-333211815-1520766640-22947\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.2.55.14;125.4.10.30;10.*;*.CSIN.CZ;*.CSINT.CZ;*.CSIND.CZ;test-www.csas.cz;yc0psa048.cen.csin.cz;yc0psa046.cen.csin.cz;*.session.rservices.com;babylon.sscs.cz;<local>
IE - HKU\S-1-5-21-1022765151-333211815-1520766640-22947\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.csin.cz:8080

IE - HKU\S-1-5-21-1547161642-616249376-682003330-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-1547161642-616249376-682003330-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.2.55.14;125.4.10.30;10.*;*.CSIN.CZ;<local>
IE - HKU\S-1-5-21-1547161642-616249376-682003330-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy:8080

Are you aware of these?
For more inforation about proxies, please see:
en.wikipedia.org
proxy.org
- If you are not aware of these / or do not wish to have these I intend to include them in a fix in the next post.
Let me know your thoughts.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#13 pajasas

pajasas
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:11:49 PM

Posted 13 January 2013 - 11:04 PM

ok, ignoring that detection for now.

1 - that's just one cmd line that shows up explorer.exe with programs folder at startup. I'm using the other account, so I've newer noticed it was there. I did check it when I was offline (typing this from other notebook, can provide exact code, yet it doesn't get even executed when i log as my usual user).

2 - proxies were setup at workplace, there was no need for me to remove them yet, so they've stayed there

#14 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:10:49 PM

Posted 15 January 2013 - 09:23 AM

Hi

Please do the following next:

:step1:

Please zip the Aplikace.cmd file via:

  • Navigate to the following file:
    C:\Documents and Settings\CEN2610\Start Menu\Programs\Startup\Aplikace.cmd
  • Right click on it > Send To > Compressed (Zipped) Folder
  • There should now be a file: Aplikace.zip in that folder.

:step2:

Please upload the file to BC:

  • Click on link
  • In the Link to topic where this file was requested: enter:
    http://www.bleepingcomputer.com/forums/topic479666.html/page__view__findpost__p__2946888
  • Click the Browse button, and Navigate to
    C:\Documents and Settings\CEN2610\Start Menu\Programs\Startup\Aplikace.zip


:step3:

Let us know once you have done this.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#15 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:10:49 PM

Posted 18 January 2013 - 08:13 AM

Hi

Are you still with us?
- The topic will be closed in 48 hours unless we receive a response from you.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users