Virus - nevím co dál

Zpráva

DaweMcHarwy · #1 Příspěvek od **DaweMcHarwy** » 05 srp 2011 13:20

Ahojte,

mám v koplu virus...
nejde mi zapnout Správce úloh...
nejde mi zapnout regedit...
nouzový režim mi hodí modrou obrazovku PAGE_FAULT_IN_NONPAGED_AREA...
start počítače trvá dlouho, občas taky hodí modrou obrazovku...
Malwarebytes najde Trojan.Downloader který je v Temp složce v dokumentech...
Trojan remover ho smaže ale poté se vytvoří nový...
Hijackthis nechce smazat DisableRegedit=1 pokaždé když ho smaže, vytvoří se znovu...
Avira se mi pokaždé když ji zapnu vypne...
Já už fakt nevím co dál...

Prosím pomocte! Děkuji.

Zde je log:

Logfile of random's system information tool 1.09 (written by random/random)
Run by David at 2011-08-05 14:12:29
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 654 MB (4%) free of 15 GB
Total RAM: 998 MB (31% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:12:35, on 5.8.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Hotspot Shield\bin\hsswd.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\David\Data aplikací\QipGuard\QipGuard.exe
C:\Program Files\QIP\qip.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\David\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\David\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\David\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\David\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\David\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\David\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\David\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\Spyware Terminator\Spywareterminator.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Documents and Settings\David\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
D:\Downloads\RSIT.exe
C:\Program Files\trend micro\David.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eu.ask.com/?l=dis&o=102866&gct=hp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: QIPBHO Class - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\David\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O2 - BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: QIPBHO Class - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\David\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll
O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\David\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [QIP Internet Guardian] C:\Documents and Settings\David\Data aplikací\QipGuard\QipGuard.exe
O4 - HKCU\..\Run: [UpdateMyDrivers] C:\Program Files\SmartTweak Software\UpdateMyDrivers\UpdateMyDrivers.exe /ot /as /ss
O4 - HKCU\..\Run: [QIP2005] C:\Program Files\QIP\qip.exe
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Odeslat do zařízení &Bluetooth... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odeslat do zařízení Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: QIP 2005 - {1EF681F7-A04B-4D6D-9012-A307CCA55610} - C:\Program Files\QIP\qip.exe (HKCU)
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Hotspot Shield Service (hshld) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files\Hotspot Shield\bin\hsswd.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PEVSystemStart - Unknown owner - C:\ComboFix\pev.cfxxe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless WiFi Service (S24EventMonitor) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
O23 - Service: Sony Ericsson PCCompanion - Avanquest Software - C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.17\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.5.8\bin\mysqld.exe

--
End of file - 10724 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-1292428093-839522115-1004Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-1292428093-839522115-1004UA.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\David\Data aplikací\Mozilla\Firefox\Profiles\twpgcxo0.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://eu.ask.com/?l=dis&o=102866&gct=hp"
prefs.js - "keyword.URL" - "http://websearch.ask.com/redirect?clien ... YYYYYCZ&q="

"{23fcfd51-4958-4f00-80a3-ae97e717ed8b}"=C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0]
"Description"=DivX Plus Web Player
"Path"=C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0]
"Description"=DivX VOD Helper Plug-in
"Path"=C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

C:\Program Files\Mozilla Firefox\extensions\
afurladvisor@anchorfree.com
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Documents and Settings\David\Data aplikací\Mozilla\Firefox\Profiles\twpgcxo0.default\extensions\
toolbar@ask.com

C:\Documents and Settings\David\Data aplikací\Mozilla\Firefox\Profiles\twpgcxo0.default\searchplugins\
askcom.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2005-08-04 343112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-11-15 62376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
Conduit Engine - C:\Program Files\ConduitEngine\prxConduitEngine.dll [2011-01-17 175912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}]
DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-05-23 115072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955}]
QIPBHO Class - C:\Documents and Settings\David\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll [2010-06-09 138240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-05-16 1164680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
Vuze Remote Toolbar - C:\Program Files\Vuze_Remote\prxtbVuze.dll [2011-01-17 175912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
Hotspot Shield Class - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll [2011-05-25 233288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{ba14329e-9550-4989-b3f2-9732e92d17cc} - Vuze Remote Toolbar - C:\Program Files\Vuze_Remote\prxtbVuze.dll [2011-01-17 175912]
{30F9B915-B755-4826-820B-08FBA6BD249D} - Conduit Engine - C:\Program Files\ConduitEngine\prxConduitEngine.dll [2011-01-17 175912]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2005-08-04 343112]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe []
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe []
"Persistence"=C:\WINDOWS\system32\igfxpers.exe []
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe []
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2007-08-08 905216]
"ACTray"=C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe []
"ACWLIcon"=C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe [2010-11-15 105368]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2010-11-29 421888]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2011-04-14 421160]
""= []
"ApnUpdater"=C:\Program Files\Ask.com\Updater\Updater.exe [2011-05-17 395144]
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe /CHECKNOW []
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 225280]
"TrojanScanner"=C:\Program Files\Trojan Remover\Trjscan.exe [2011-08-04 1233856]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Google Update"=C:\Documents and Settings\David\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2011-04-23 205808]
"QIP Internet Guardian"=C:\Documents and Settings\David\Data aplikací\QipGuard\QipGuard.exe [2010-10-20 188416]
"UpdateMyDrivers"=C:\Program Files\SmartTweak Software\UpdateMyDrivers\UpdateMyDrivers.exe /ot /as /ss []
"QIP2005"=C:\Program Files\QIP\qip.exe [2010-10-29 3330560]
"SpywareTerminatorUpdate"=C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [2011-08-05 3318784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2010-01-13 205824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
ACGina

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=1
"DisableRegistryTools"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\Riot Games\League of Legends\air\LolClient.exe"="D:\Riot Games\League of Legends\air\LolClient.exe:*:Enabled:League of Legends Lobby"
"D:\Riot Games\League of Legends\game\League of Legends.exe"="D:\Riot Games\League of Legends\game\League of Legends.exe:*:Enabled:League of Legends Game Client"
"D:\Hry\League of Legends\air\LolClient.exe"="D:\Hry\League of Legends\air\LolClient.exe:*:Enabled:League of Legends Lobby"
"D:\Hry\League of Legends\game\League of Legends.exe"="D:\Hry\League of Legends\game\League of Legends.exe:*:Enabled:League of Legends Game Client"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Vuze\Azureus.exe"="C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze"
"C:\Program Files\Raptr\raptr.exe"="C:\Program Files\Raptr\raptr.exe:*:Enabled:Raptr Client"
"C:\Program Files\Raptr\raptr_im.exe"="C:\Program Files\Raptr\raptr_im.exe:*:Enabled:Raptr IM"
"C:\Program Files\Winamp\winamp.exe"="C:\Program Files\Winamp\winamp.exe:*:Enabled:Winamp"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"D:\Hry\League of Legends\lol.launcher.exe"="D:\Hry\League of Legends\lol.launcher.exe:*:Enabled:League of Legends Launcher"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:ipsec"
"C:\Program Files\Total Commander\TOTALCMD.EXE"="C:\Program Files\Total Commander\TOTALCMD.EXE:*:Enabled:ipsec"
"C:\Program Files\Garena\Garena.exe"="C:\Program Files\Garena\Garena.exe:*:Enabled:Garena"
"G:\nftu.pif"="G:\nftu.pif:*:Enabled:ipsec"
"C:\DOCUME~1\David\LOCALS~1\Temp\winmdqa.exe"="C:\DOCUME~1\David\LOCALS~1\Temp\winmdqa.exe:*:Enabled:ipsec"
"C:\DOCUME~1\David\LOCALS~1\Temp\winfesvpd.exe"="C:\DOCUME~1\David\LOCALS~1\Temp\winfesvpd.exe:*:Enabled:ipsec"
"C:\DOCUME~1\David\LOCALS~1\Temp\winpaenjw.exe"="C:\DOCUME~1\David\LOCALS~1\Temp\winpaenjw.exe:*:Enabled:ipsec"
"C:\DOCUME~1\David\LOCALS~1\Temp\winnasnv.exe"="C:\DOCUME~1\David\LOCALS~1\Temp\winnasnv.exe:*:Enabled:ipsec"
"C:\DOCUME~1\David\LOCALS~1\Temp\winpejhd.exe"="C:\DOCUME~1\David\LOCALS~1\Temp\winpejhd.exe:*:Enabled:ipsec"
"C:\DOCUME~1\David\LOCALS~1\Temp\iplxs.exe"="C:\DOCUME~1\David\LOCALS~1\Temp\iplxs.exe:*:Enabled:ipsec"
"C:\DOCUME~1\David\LOCALS~1\Temp\winwnpsj.exe"="C:\DOCUME~1\David\LOCALS~1\Temp\winwnpsj.exe:*:Enabled:ipsec"
"C:\DOCUME~1\David\LOCALS~1\Temp\windjxjia.exe"="C:\DOCUME~1\David\LOCALS~1\Temp\windjxjia.exe:*:Enabled:ipsec"
"C:\Documents and Settings\David\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe"="C:\Documents and Settings\David\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe:*:Enabled:ipsec"
"C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"="C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe:*:Enabled:ipsec"
"C:\WINDOWS\Explorer.EXE"="C:\WINDOWS\Explorer.EXE:*:Enabled:ipsec"
"C:\DOCUME~1\David\LOCALS~1\Temp\winxlhkt.exe"="C:\DOCUME~1\David\LOCALS~1\Temp\winxlhkt.exe:*:Enabled:ipsec"
"C:\DOCUME~1\David\LOCALS~1\Temp\yyoyx.exe"="C:\DOCUME~1\David\LOCALS~1\Temp\yyoyx.exe:*:Enabled:ipsec"
"C:\DOCUME~1\David\LOCALS~1\Temp\mvpgmx.exe"="C:\DOCUME~1\David\LOCALS~1\Temp\mvpgmx.exe:*:Enabled:ipsec"
"C:\Program Files\DivX\DivX Update\DivXUpdate.exe"="C:\Program Files\DivX\DivX Update\DivXUpdate.exe:*:Enabled:ipsec"
"C:\DOCUME~1\David\LOCALS~1\Temp\txbiph.exe"="C:\DOCUME~1\David\LOCALS~1\Temp\txbiph.exe:*:Enabled:ipsec"
"C:\DOCUME~1\David\LOCALS~1\Temp\hkkl.exe"="C:\DOCUME~1\David\LOCALS~1\Temp\hkkl.exe:*:Enabled:ipsec"
"C:\DOCUME~1\David\LOCALS~1\Temp\toid.exe"="C:\DOCUME~1\David\LOCALS~1\Temp\toid.exe:*:Enabled:ipsec"
"C:\DOCUME~1\David\LOCALS~1\Temp\winxques.exe"="C:\DOCUME~1\David\LOCALS~1\Temp\winxques.exe:*:Enabled:ipsec"
"C:\DOCUME~1\David\LOCALS~1\Temp\efdbl.exe"="C:\DOCUME~1\David\LOCALS~1\Temp\efdbl.exe:*:Enabled:ipsec"
"C:\DOCUME~1\David\LOCALS~1\Temp\winxdaer.exe"="C:\DOCUME~1\David\LOCALS~1\Temp\winxdaer.exe:*:Enabled:ipsec"
"C:\DOCUME~1\David\LOCALS~1\Temp\winqexjif.exe"="C:\DOCUME~1\David\LOCALS~1\Temp\winqexjif.exe:*:Enabled:ipsec"
"C:\DOCUME~1\David\LOCALS~1\Temp\winloxhmx.exe"="C:\DOCUME~1\David\LOCALS~1\Temp\winloxhmx.exe:*:Enabled:ipsec"
"C:\DOCUME~1\David\LOCALS~1\Temp\winjfgrh.exe"="C:\DOCUME~1\David\LOCALS~1\Temp\winjfgrh.exe:*:Enabled:ipsec"
"C:\DOCUME~1\David\LOCALS~1\Temp\winjgkn.exe"="C:\DOCUME~1\David\LOCALS~1\Temp\winjgkn.exe:*:Enabled:ipsec"
"C:\DOCUME~1\David\LOCALS~1\Temp\yagb.exe"="C:\DOCUME~1\David\LOCALS~1\Temp\yagb.exe:*:Enabled:ipsec"
"C:\DOCUME~1\David\LOCALS~1\Temp\pcgor.exe"="C:\DOCUME~1\David\LOCALS~1\Temp\pcgor.exe:*:Enabled:ipsec"
"C:\DOCUME~1\David\LOCALS~1\Temp\xuwuob.exe"="C:\DOCUME~1\David\LOCALS~1\Temp\xuwuob.exe:*:Enabled:ipsec"
"C:\DOCUME~1\David\LOCALS~1\Temp\lyyl.exe"="C:\DOCUME~1\David\LOCALS~1\Temp\lyyl.exe:*:Enabled:ipsec"
"C:\DOCUME~1\David\LOCALS~1\Temp\yrnq.exe"="C:\DOCUME~1\David\LOCALS~1\Temp\yrnq.exe:*:Enabled:ipsec"
"C:\WINDOWS\system32\wuauclt.exe"="C:\WINDOWS\system32\wuauclt.exe:*:Enabled:ipsec"
"C:\DOCUME~1\David\LOCALS~1\Temp\winsbain.exe"="C:\DOCUME~1\David\LOCALS~1\Temp\winsbain.exe:*:Enabled:ipsec"
"C:\DOCUME~1\David\LOCALS~1\Temp\winsgqpy.exe"="C:\DOCUME~1\David\LOCALS~1\Temp\winsgqpy.exe:*:Enabled:ipsec"
"C:\DOCUME~1\David\LOCALS~1\Temp\windhdldt.exe"="C:\DOCUME~1\David\LOCALS~1\Temp\windhdldt.exe:*:Enabled:ipsec"
"C:\DOCUME~1\David\LOCALS~1\Temp\winmgyop.exe"="C:\DOCUME~1\David\LOCALS~1\Temp\winmgyop.exe:*:Enabled:ipsec"
"C:\DOCUME~1\David\LOCALS~1\Temp\hossvy.exe"="C:\DOCUME~1\David\LOCALS~1\Temp\hossvy.exe:*:Enabled:ipsec"
"C:\DOCUME~1\David\LOCALS~1\Temp\gtuq.exe"="C:\DOCUME~1\David\LOCALS~1\Temp\gtuq.exe:*:Enabled:ipsec"
"C:\DOCUME~1\David\LOCALS~1\Temp\winfshjae.exe"="C:\DOCUME~1\David\LOCALS~1\Temp\winfshjae.exe:*:Enabled:ipsec"
"C:\DOCUME~1\David\LOCALS~1\Temp\bvqwq.exe"="C:\DOCUME~1\David\LOCALS~1\Temp\bvqwq.exe:*:Enabled:ipsec"
"C:\WINDOWS\system32\igfxtray.exe"="C:\WINDOWS\system32\igfxtray.exe:*:Enabled:ipsec"
"C:\DOCUME~1\David\LOCALS~1\Temp\winbohjs.exe"="C:\DOCUME~1\David\LOCALS~1\Temp\winbohjs.exe:*:Enabled:ipsec"
"C:\DOCUME~1\David\LOCALS~1\Temp\winfqitd.exe"="C:\DOCUME~1\David\LOCALS~1\Temp\winfqitd.exe:*:Enabled:ipsec"
"C:\DOCUME~1\David\LOCALS~1\Temp\ctrtmr.exe"="C:\DOCUME~1\David\LOCALS~1\Temp\ctrtmr.exe:*:Enabled:ipsec"
"C:\WINDOWS\system32\hkcmd.exe"="C:\WINDOWS\system32\hkcmd.exe:*:Enabled:ipsec"
"C:\DOCUME~1\David\LOCALS~1\Temp\qohiq.exe"="C:\DOCUME~1\David\LOCALS~1\Temp\qohiq.exe:*:Enabled:ipsec"
"C:\DOCUME~1\David\LOCALS~1\Temp\phle.exe"="C:\DOCUME~1\David\LOCALS~1\Temp\phle.exe:*:Enabled:ipsec"
"C:\DOCUME~1\David\LOCALS~1\Temp\wincwuoki.exe"="C:\DOCUME~1\David\LOCALS~1\Temp\wincwuoki.exe:*:Enabled:ipsec"
"C:\DOCUME~1\David\LOCALS~1\Temp\winoshipl.exe"="C:\DOCUME~1\David\LOCALS~1\Temp\winoshipl.exe:*:Enabled:ipsec"
"C:\DOCUME~1\David\LOCALS~1\Temp\winrpgu.exe"="C:\DOCUME~1\David\LOCALS~1\Temp\winrpgu.exe:*:Enabled:ipsec"
"C:\DOCUME~1\David\LOCALS~1\Temp\wincexc.exe"="C:\DOCUME~1\David\LOCALS~1\Temp\wincexc.exe:*:Enabled:ipsec"
"C:\DOCUME~1\David\LOCALS~1\Temp\winajyipw.exe"="C:\DOCUME~1\David\LOCALS~1\Temp\winajyipw.exe:*:Enabled:ipsec"
"C:\DOCUME~1\David\LOCALS~1\Temp\winxjgqbr.exe"="C:\DOCUME~1\David\LOCALS~1\Temp\winxjgqbr.exe:*:Enabled:ipsec"
"C:\DOCUME~1\David\LOCALS~1\Temp\eybpr.exe"="C:\DOCUME~1\David\LOCALS~1\Temp\eybpr.exe:*:Enabled:ipsec"
"C:\DOCUME~1\David\LOCALS~1\Temp\ymlas.exe"="C:\DOCUME~1\David\LOCALS~1\Temp\ymlas.exe:*:Enabled:ipsec"
"C:\DOCUME~1\David\LOCALS~1\Temp\winheabea.exe"="C:\DOCUME~1\David\LOCALS~1\Temp\winheabea.exe:*:Enabled:ipsec"
"C:\Program Files\QIP\qip.exe"="C:\Program Files\QIP\qip.exe:*:Enabled:ipsec"
"C:\DOCUME~1\David\LOCALS~1\Temp\qpokp.exe"="C:\DOCUME~1\David\LOCALS~1\Temp\qpokp.exe:*:Enabled:ipsec"
"C:\DOCUME~1\David\LOCALS~1\Temp\winbdbvcm.exe"="C:\DOCUME~1\David\LOCALS~1\Temp\winbdbvcm.exe:*:Enabled:ipsec"
"C:\DOCUME~1\David\LOCALS~1\Temp\winrbjlw.exe"="C:\DOCUME~1\David\LOCALS~1\Temp\winrbjlw.exe:*:Enabled:ipsec"
"C:\DOCUME~1\David\LOCALS~1\Temp\winupnjnm.exe"="C:\DOCUME~1\David\LOCALS~1\Temp\winupnjnm.exe:*:Enabled:ipsec"
"C:\DOCUME~1\David\LOCALS~1\Temp\winoduee.exe"="C:\DOCUME~1\David\LOCALS~1\Temp\winoduee.exe:*:Enabled:ipsec"
"C:\DOCUME~1\David\LOCALS~1\Temp\winemvsw.exe"="C:\DOCUME~1\David\LOCALS~1\Temp\winemvsw.exe:*:Enabled:ipsec"
"C:\DOCUME~1\David\LOCALS~1\Temp\biqfv.exe"="C:\DOCUME~1\David\LOCALS~1\Temp\biqfv.exe:*:Enabled:ipsec"
"C:\DOCUME~1\David\LOCALS~1\Temp\winsacch.exe"="C:\DOCUME~1\David\LOCALS~1\Temp\winsacch.exe:*:Enabled:ipsec"
"C:\DOCUME~1\David\LOCALS~1\Temp\winionarp.exe"="C:\DOCUME~1\David\LOCALS~1\Temp\winionarp.exe:*:Enabled:ipsec"
"C:\DOCUME~1\David\LOCALS~1\Temp\vaaxy.exe"="C:\DOCUME~1\David\LOCALS~1\Temp\vaaxy.exe:*:Enabled:ipsec"
"C:\DOCUME~1\David\LOCALS~1\Temp\winetagen.exe"="C:\DOCUME~1\David\LOCALS~1\Temp\winetagen.exe:*:Enabled:ipsec"
"C:\DOCUME~1\David\LOCALS~1\Temp\txgu.exe"="C:\DOCUME~1\David\LOCALS~1\Temp\txgu.exe:*:Enabled:ipsec"
"C:\DOCUME~1\David\LOCALS~1\Temp\winlejp.exe"="C:\DOCUME~1\David\LOCALS~1\Temp\winlejp.exe:*:Enabled:ipsec"
"C:\DOCUME~1\David\LOCALS~1\Temp\winhetpb.exe"="C:\DOCUME~1\David\LOCALS~1\Temp\winhetpb.exe:*:Enabled:ipsec"
"C:\DOCUME~1\David\LOCALS~1\Temp\winyaqh.exe"="C:\DOCUME~1\David\LOCALS~1\Temp\winyaqh.exe:*:Enabled:ipsec"
"C:\DOCUME~1\David\LOCALS~1\Temp\xegtq.exe"="C:\DOCUME~1\David\LOCALS~1\Temp\xegtq.exe:*:Enabled:ipsec"
"C:\DOCUME~1\David\LOCALS~1\Temp\winlyno.exe"="C:\DOCUME~1\David\LOCALS~1\Temp\winlyno.exe:*:Enabled:ipsec"
"C:\DOCUME~1\David\LOCALS~1\Temp\ydfkac.exe"="C:\DOCUME~1\David\LOCALS~1\Temp\ydfkac.exe:*:Enabled:ipsec"
"C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe"="C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe:*:Enabled:ipsec"
"C:\DOCUME~1\David\LOCALS~1\Temp\winhvuqf.exe"="C:\DOCUME~1\David\LOCALS~1\Temp\winhvuqf.exe:*:Enabled:ipsec"
"C:\DOCUME~1\David\LOCALS~1\Temp\winqodln.exe"="C:\DOCUME~1\David\LOCALS~1\Temp\winqodln.exe:*:Enabled:ipsec"
"C:\DOCUME~1\David\LOCALS~1\Temp\winvafmg.exe"="C:\DOCUME~1\David\LOCALS~1\Temp\winvafmg.exe:*:Enabled:ipsec"
"C:\DOCUME~1\David\LOCALS~1\Temp\wincdoacg.exe"="C:\DOCUME~1\David\LOCALS~1\Temp\wincdoacg.exe:*:Enabled:ipsec"
"C:\DOCUME~1\David\LOCALS~1\Temp\odyja.exe"="C:\DOCUME~1\David\LOCALS~1\Temp\odyja.exe:*:Enabled:ipsec"
"C:\DOCUME~1\David\LOCALS~1\Temp\winmtep.exe"="C:\DOCUME~1\David\LOCALS~1\Temp\winmtep.exe:*:Enabled:ipsec"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.l3acm"=C:\WINDOWS\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.divxa32"=msaud32_divx.acm
"msacm.l3fhg"=mp3fhg.acm
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=divx.dll
"msacm.ac3acm"=ac3acm.acm
"VIDC.FFDS"=ff_vfw.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"vidc.DIVX"=DivX.dll

======List of files/folders created in the last 1 month======

2011-08-05 14:12:30 ----D---- C:\Program Files\trend micro
2011-08-05 14:12:29 ----D---- C:\rsit
2011-08-05 14:06:20 ----A---- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2011-08-05 14:06:19 ----D---- C:\Documents and Settings\David\Data aplikací\Spyware Terminator
2011-08-05 14:06:14 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2011-08-05 14:06:13 ----D---- C:\Program Files\Spyware Terminator
2011-08-04 14:22:11 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2011-08-04 14:21:11 ----A---- C:\WINDOWS\system32\ztvunrar36.dll
2011-08-04 14:21:11 ----A---- C:\WINDOWS\system32\ztvunace26.dll
2011-08-04 14:21:11 ----A---- C:\WINDOWS\system32\ztvcabinet.dll
2011-08-04 14:21:11 ----A---- C:\WINDOWS\system32\UNRAR3.dll
2011-08-04 14:21:11 ----A---- C:\WINDOWS\system32\unacev2.dll
2011-08-04 14:21:10 ----D---- C:\Program Files\Trojan Remover
2011-08-04 14:21:10 ----D---- C:\Documents and Settings\David\Data aplikací\Simply Super Software
2011-08-04 14:21:10 ----D---- C:\Documents and Settings\All Users\Data aplikací\Simply Super Software
2011-08-04 12:58:37 ----SD---- C:\ComboFix
2011-08-04 12:57:14 ----A---- C:\WINDOWS\system32\CF3894.exe
2011-08-04 12:56:45 ----A---- C:\WINDOWS\system32\CF3780.exe
2011-08-04 12:47:08 ----A---- C:\Boot.bak
2011-08-04 12:47:01 ----RASHD---- C:\cmdcons
2011-08-04 12:45:32 ----A---- C:\WINDOWS\zip.exe
2011-08-04 12:45:32 ----A---- C:\WINDOWS\SWXCACLS.exe
2011-08-04 12:45:32 ----A---- C:\WINDOWS\SWSC.exe
2011-08-04 12:45:32 ----A---- C:\WINDOWS\SWREG.exe
2011-08-04 12:45:32 ----A---- C:\WINDOWS\sed.exe
2011-08-04 12:45:32 ----A---- C:\WINDOWS\PEV.exe
2011-08-04 12:45:32 ----A---- C:\WINDOWS\NIRCMD.exe
2011-08-04 12:45:32 ----A---- C:\WINDOWS\MBR.exe
2011-08-04 12:45:32 ----A---- C:\WINDOWS\grep.exe
2011-08-04 12:45:25 ----D---- C:\WINDOWS\ERDNT
2011-08-04 12:44:56 ----D---- C:\Qoobox
2011-08-04 12:13:07 ----HD---- C:\WINDOWS\system32\GroupPolicy
2011-08-04 12:12:02 ----A---- C:\WINDOWS\system32\gpedit.msc
2011-08-04 12:12:02 ----A---- C:\WINDOWS\system32\gpedit.dll
2011-08-04 12:12:01 ----A---- C:\WINDOWS\system32\fdeploy.dll
2011-08-04 12:12:01 ----A---- C:\WINDOWS\system32\fde.dll
2011-08-04 12:12:01 ----A---- C:\WINDOWS\system32\appmgr.dll
2011-08-04 12:12:01 ----A---- C:\WINDOWS\system32\appmgmts.dll
2011-08-04 12:12:00 ----A---- C:\WINDOWS\system32\gptext.dll
2011-08-04 10:51:10 ----D---- C:\Documents and Settings\David\Data aplikací\Malwarebytes
2011-08-04 10:50:49 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011-08-04 10:50:48 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2011-08-04 10:50:45 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-08-04 10:50:45 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2011-07-27 17:14:16 ----D---- C:\Program Files\Sony Ericsson
2011-07-27 17:14:16 ----D---- C:\Documents and Settings\All Users\Data aplikací\Sony Ericsson
2011-07-26 10:21:40 ----D---- C:\Documents and Settings\David\Data aplikací\COWON
2011-07-26 10:00:39 ----D---- C:\Program Files\Common Files\COWON
2011-07-26 10:00:35 ----D---- C:\Program Files\JetAudio

======List of files/folders modified in the last 1 month======

2011-08-05 14:12:30 ----D---- C:\Program Files
2011-08-05 14:06:21 ----D---- C:\WINDOWS\system32\drivers
2011-08-05 14:05:43 ----D---- C:\WINDOWS\system32
2011-08-05 14:05:43 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-08-05 14:04:22 ----D---- C:\WINDOWS\Temp
2011-08-04 18:56:53 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-08-04 17:17:59 ----D---- C:\WINDOWS\Prefetch
2011-08-04 14:45:45 ----D---- C:\WINDOWS\system32\CatRoot2
2011-08-04 14:45:12 ----D---- C:\WINDOWS\Minidump
2011-08-04 14:45:12 ----D---- C:\WINDOWS
2011-08-04 12:47:08 ----RASH---- C:\boot.ini
2011-08-04 12:42:27 ----D---- C:\WINDOWS\EHome
2011-08-04 12:03:02 ----RSD---- C:\WINDOWS\assembly
2011-08-04 10:51:05 ----SHD---- C:\WINDOWS\Installer
2011-08-04 10:20:25 ----D---- C:\Documents and Settings\David\Data aplikací\Sony
2011-08-03 23:20:45 ----D---- C:\Documents and Settings\David\Data aplikací\Skype
2011-08-03 11:29:12 ----D---- C:\WINDOWS\system32\Restore
2011-08-02 12:53:47 ----A---- C:\WINDOWS\win.ini
2011-07-30 11:25:56 ----RSD---- C:\WINDOWS\Fonts
2011-07-27 19:26:43 ----HD---- C:\WINDOWS\inf
2011-07-27 17:32:26 ----D---- C:\Program Files\Mozilla Firefox
2011-07-27 17:16:26 ----DC---- C:\WINDOWS\system32\DRVSTORE
2011-07-27 17:14:16 ----HD---- C:\Program Files\InstallShield Installation Information
2011-07-26 10:00:39 ----D---- C:\Program Files\Common Files
2011-07-26 09:54:09 ----D---- C:\WINDOWS\system32\LogFiles
2011-07-22 13:45:33 ----A---- C:\WINDOWS\system.ini
2011-07-21 18:00:24 ----D---- C:\Program Files\Hotspot Shield
2011-07-08 11:18:42 ----D---- C:\WINDOWS\peernet

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI; C:\WINDOWS\System32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2011-03-04 45648]
R1 ANC;ANC; C:\WINDOWS\System32\drivers\ANC.SYS [2011-04-08 11520]
R1 IBMTPCHK;IBMTPCHK; \??\C:\WINDOWS\system32\Drivers\IBMBLDID.sys []
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2010-04-12 59388]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\System32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2010-05-19 13952]
R3 abp470n5;abp470n5; \??\C:\WINDOWS\system32\drivers\goumop.sys []
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\ADIHdAud.sys [2008-04-24 308736]
R3 AEAudio;AE Audio Service; C:\WINDOWS\system32\drivers\AEAudio.sys [2008-04-24 103424]
R3 btaudio;Zvukové zařízení Bluetooth; C:\WINDOWS\system32\drivers\btaudio.sys [2009-09-18 533152]
R3 BTDriver;Ovladač virtuálních komunikací Bluetooth; C:\WINDOWS\system32\DRIVERS\btport.sys [2008-02-04 37160]
R3 BTKRNL;Enumenátor sběrnice Bluetooth; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2010-09-23 993576]
R3 BTWDNDIS;Server pro přístup k síti LAN Bluetooth; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2008-07-24 156816]
R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2010-09-16 51752]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2009-06-18 234496]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HssDrv;Hotspot Shield Helper Miniport; C:\WINDOWS\system32\DRIVERS\HssDrv.sys [2010-09-22 37376]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2010-01-13 1730272]
R3 NETwLx32; Ovladač adaptéru řady Intel(R) Wireless WiFi Link 5000 pro systém Windows XP 32 Bit; C:\WINDOWS\system32\DRIVERS\NETwLx32.sys [2010-10-07 6609920]
R3 sdbus;sdbus; C:\WINDOWS\System32\DRIVERS\sdbus.sys [2008-04-14 79232]
R3 taphss;Anchorfree HSS Adapter; C:\WINDOWS\system32\DRIVERS\taphss.sys [2011-04-15 32768]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-14 60800]
S3 GGSAFERDriver;GGSAFER Driver; \??\C:\Program Files\Garena\safedrv.sys []
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-14 61824]
S3 sffdisk;Ovladač třídy úložiště SFF; C:\WINDOWS\system32\DRIVERS\sffdisk.sys [2008-04-14 11904]
S3 sffp_sd;Ovladač protokolu úložiště SFF pro paměť sběrnici SDBus; C:\WINDOWS\system32\DRIVERS\sffp_sd.sys [2008-04-14 11008]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2011-02-18 41984]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcPrfMgrSvc;Ac Profile Manager Service; C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe [2011-04-14 103784]
R2 AcSvc;Access Connections Main Service; C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe [2011-04-14 243048]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2011-02-18 37664]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-04-06 349472]
R2 btwdins;Bluetooth Service; C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe [2010-09-22 349528]
R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2010-12-17 936208]
R2 hshld;Hotspot Shield Service; C:\Program Files\Hotspot Shield\bin\openvpnas.exe [2011-07-01 298824]
R2 HssSrv;Hotspot Shield Routing Service; C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe [2011-05-25 363336]
R2 HssWd;Hotspot Shield Monitoring Service; C:\Program Files\Hotspot Shield\bin\hsswd.exe [2011-05-25 329544]
R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2010-12-17 477456]
R2 S24EventMonitor;Intel(R) PROSet/Wireless WiFi Service; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [2010-12-23 915728]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2011-08-05 496128]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2011-04-14 820520]
S2 PEVSystemStart;PEVSystemStart; C:\ComboFix\pev.cfxxe [2011-06-26 256000]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2007-10-09 36864]
S3 HssTrayService;Hotspot Shield Tray Service; C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE [2011-07-01 133608]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2007-10-11 864256]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion; C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-06-29 155344]
S3 wampapache;wampapache; c:\wamp\bin\apache\apache2.2.17\bin\httpd.exe [2010-12-31 20549]
S3 wampmysqld;wampmysqld; c:\wamp\bin\mysql\mysql5.5.8\bin\mysqld.exe [2010-12-31 8133120]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2007-10-11 122880]

-----------------EOF-----------------

#2 Příspěvek od **vyosek** » 05 srp 2011 14:12

Zdravim a pekny den preji

Trojan Remover zrovna odinstalujte - neni top moc duveryhodna aplikce

Vy umite aplikovat ComboFix, lusteit jeho log a nasledne jej i docistit pomoci skriptu kdyz jste jej pouzil - vizte nebezpeci nize

Nebezpeci CFka

Je urcen primarne pro radce - jeho svevolnym pouzitim ztracite narok na podporu
Maze stopy po haveti, takze v logu z RSIT neni nic videt
Jeho log je treba dolustit, jelikoz neumi smazat vse - to ovsem tezko zvladnete pokud k tomu nejste vyskolen
CF muze mit bug = sunda Vam system, pokud nevite kam co uklada, jak co obnovit, mate system v kytkam a ceka Vas reinstal
CF taky bohuzel prozatim nekontroluje nektere dulezite knihovny (napr. hal.dll) - ty treba mazou nektere typy haveti (napr. angela) - smaze Vam po restartu hal.dll = nenajede Vam system a jste o radek vyse = reinstal

Stahnete si TDSSKiller http://support.kaspersky.com/downloads/ ... killer.exe

Utilitu spustte a prikazte ji, at skenuje - klik na Start Scan
Pokud utilita najde infikekci, bude ji chtit lecit (Cure), povolte leceni kliknutim na Continue
Pokud utilita najde podezrely soubor (suspicious), bude jej chtit preskocit (Skip), povolte preskoceni kliknutim na Continue
Po dokonceni skenu bude mozna nutny restart PC, povolte jej kliknutim na Reboot now
Po restartu na Vas vyskoci log, pokud se tak nestane, najdete jej primo na disku, kde mate Windows (obvykle c:\) ve tvaru TDSSKiller.nejaka cisilka _log.txt - jeho obsah sem vlozte
Pokud restart nebude vyzadovan, kliknete na Close a nasledne na Report - vytvori se log - jeho obsah sem vlozte

Stahnete OTL (viz muj podpis) a ulozte jej na plochu

Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Pokud pouzivate 64bitovy OS, zkontrolujte, zda-li je zaskrtnuty ctverecek u Pro 64 bitové OS, pokud ne, zaskrtnete jej
Zaskrtnete okenko Pro vsechny uzivatele
Zaskrtnete okenko Kontrola na havet "LOP"
Zaskrtnete okenko Kontrola na havet "Purity"
Stari souboru zmente z 30 dnu na 7 dnu
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

Kód: Vybrat vše

CREATERESTOREPOINT

netsvcs
drivers32
savembr:0

/md5start
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
autochk.exe
cdrom.sys
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
explorer.exe
hal.dll
Changer.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys
JakNDis.sys
KR10N.sys
logevent.dll
lsass.exe
mv61xx.sys
ndis.sys
netlogon.dll
ntelogon.dll
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys
nvrd32.sys
nvstor.sys
nvstor32.sys
scecli.dll
sceclt.dll
smss.exe
svchost.exe
symmpi.sys
tcpip.sys
userinit.exe
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
winlogon.exe
ws2_32.dll
/md5stop

%systemroot%*.* /U /s
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\drivers\*.sys /3
%systemroot%\system32\*.* /3
%SYSTEMDRIVE%\*.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c

type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5

Kliknete na tlacitko Prohledat
Po dokonceni skenu (cca 10 az 15 min) se objevi logy OTL.txt a Extras.txt, oba sem vlozte

DaweMcHarwy · #3 Příspěvek od **DaweMcHarwy** » 05 srp 2011 22:48

Děkuji za odpověď.

ComboFix mi pokaždé sekne počítač během kontroly...

TDSSKILLER nic nenašel...

Tady je log OTL.txt

OTL logfile created on: 5.8.2011 15:38:08 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\David\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

998,22 Mb Total Physical Memory | 521,43 Mb Available Physical Memory | 52,24% Memory free
2,35 Gb Paging File | 1,83 Gb Available in Paging File | 77,95% Paging File free
Paging file location(s): C:\pagefile.sys 1500 3000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 14,65 Gb Total Space | 0,60 Gb Free Space | 4,09% Space Free | Partition Type: NTFS
Drive D: | 41,24 Gb Total Space | 0,90 Gb Free Space | 2,18% Space Free | Partition Type: NTFS
Drive E: | 850,85 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
Drive F: | 3,77 Gb Total Space | 1,66 Gb Free Space | 43,98% Space Free | Partition Type: FAT32

Computer Name: NTB206 | User Name: David | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - [2011.08.05 15:34:28 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David\Plocha\OTL.exe
PRC - [2011.08.05 14:52:06 | 000,011,264 | ---- | M] () -- C:\Documents and Settings\David\Local Settings\Temp\winikcce.exe
PRC - [2011.08.05 14:06:20 | 003,318,784 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
PRC - [2011.08.05 14:06:20 | 000,496,128 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\sp_rsser.exe
PRC - [2011.07.01 20:38:58 | 000,298,824 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe
PRC - [2011.05.25 02:54:54 | 000,329,544 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\hsswd.exe
PRC - [2011.05.25 01:40:12 | 000,363,336 | ---- | M] (AnchorFree Inc.) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2011.04.14 14:48:52 | 000,193,896 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
PRC - [2011.04.14 14:48:42 | 000,243,048 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
PRC - [2011.04.14 14:48:40 | 000,103,784 | ---- | M] (Lenovo ) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2010.12.31 08:40:06 | 001,169,920 | ---- | M] (Aestan Software) -- C:\wamp\wampmanager.exe
PRC - [2010.12.31 08:39:54 | 008,133,120 | ---- | M] () -- c:\wamp\bin\mysql\mysql5.5.8\bin\mysqld.exe
PRC - [2010.12.31 08:39:42 | 000,020,549 | ---- | M] (Apache Software Foundation) -- C:\wamp\bin\apache\Apache2.2.17\bin\httpd.exe
PRC - [2010.12.31 08:39:42 | 000,020,549 | ---- | M] (Apache Software Foundation) -- c:\wamp\bin\apache\Apache2.2.17\bin\httpd.exe
PRC - [2010.12.23 06:24:14 | 000,915,728 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2010.12.17 14:22:40 | 000,936,208 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2010.12.17 14:08:40 | 000,477,456 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2010.12.17 07:56:10 | 003,707,808 | ---- | M] (Ghisler Software GmbH) -- C:\Program Files\Total Commander\TOTALCMD.EXE
PRC - [2010.10.29 17:12:32 | 003,330,560 | ---- | M] (The Author of QIP) -- C:\Program Files\QIP\qip.exe
PRC - [2010.10.20 14:35:20 | 000,188,416 | ---- | M] () -- C:\Documents and Settings\David\Data aplikací\QipGuard\QipGuard.exe
PRC - [2010.09.22 14:18:46 | 000,349,528 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
PRC - [2008.04.14 08:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2011.08.05 15:34:28 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David\Plocha\OTL.exe
MOD - [2008.04.14 08:37:06 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (wuauserv)
SRV - File not found [Auto | Stopped] -- -- (PEVSystemStart)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011.08.05 14:06:20 | 000,496,128 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files\Spyware Terminator\sp_rsser.exe -- (sp_rssrv)
SRV - [2011.07.01 20:40:36 | 000,133,608 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService)
SRV - [2011.07.01 20:38:58 | 000,298,824 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe -- (hshld)
SRV - [2011.06.29 15:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
SRV - [2011.05.25 02:54:54 | 000,329,544 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2011.05.25 01:40:12 | 000,363,336 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2011.04.14 14:48:42 | 000,243,048 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2011.04.14 14:48:40 | 000,103,784 | ---- | M] (Lenovo ) [Auto | Running] -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2010.12.31 08:39:54 | 008,133,120 | ---- | M] () [On_Demand | Running] -- c:\wamp\bin\mysql\mysql5.5.8\bin\mysqld.exe -- (wampmysqld)
SRV - [2010.12.31 08:39:42 | 000,020,549 | ---- | M] (Apache Software Foundation) [On_Demand | Running] -- c:\wamp\bin\apache\apache2.2.17\bin\httpd.exe -- (wampapache)
SRV - [2010.12.23 06:24:14 | 000,915,728 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor) Intel(R)
SRV - [2010.12.17 14:22:40 | 000,936,208 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2010.12.17 14:08:40 | 000,477,456 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2010.09.22 14:18:46 | 000,349,528 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (abp470n5)
DRV - [2011.08.05 14:06:20 | 000,142,592 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2)
DRV - [2011.04.15 01:18:08 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2011.04.08 17:24:24 | 000,004,224 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)
DRV - [2011.04.08 17:23:02 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
DRV - [2010.10.07 04:11:38 | 006,609,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETwLx32.sys -- (NETwLx32) Ovladač adaptéru řady Intel(R)
DRV - [2010.09.23 09:14:30 | 000,993,576 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2010.09.22 21:19:02 | 000,037,376 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HssDrv.sys -- (HssDrv)
DRV - [2010.09.16 19:00:00 | 000,051,752 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2010.05.19 21:15:04 | 000,013,952 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2010.04.12 10:44:34 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009.09.18 13:54:38 | 000,533,152 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2008.07.24 17:37:10 | 000,156,816 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2008.02.04 17:57:44 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1757981266-1292428093-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
IE - HKU\S-1-5-21-1757981266-1292428093-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://eu.ask.com/?l=dis&o=102866&gct=hp
IE - HKU\S-1-5-21-1757981266-1292428093-839522115-1004\..\URLSearchHook: {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\David\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
IE - HKU\S-1-5-21-1757981266-1292428093-839522115-1004\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1757981266-1292428093-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1757981266-1292428093-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://eu.ask.com/?l=dis&o=102866&gct=hp"
FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?clien ... YYYYYCZ&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\David\Local Settings\Data aplikací\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\David\Local Settings\Data aplikací\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.06.19 18:27:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.02 13:01:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.19 18:27:20 | 000,000,000 | ---D | M]

[2011.04.26 10:47:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David\Data aplikací\Mozilla\Extensions
[2011.05.30 16:10:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\David\Data aplikací\Mozilla\Firefox\Profiles\twpgcxo0.default\extensions
[2011.08.04 14:14:37 | 000,000,000 | ---D | M] ("Ask Toolbar") -- C:\Documents and Settings\David\Data aplikací\Mozilla\Firefox\Profiles\twpgcxo0.default\extensions\toolbar@ask.com
[2011.08.05 15:32:29 | 000,002,397 | ---- | M] () -- C:\Documents and Settings\David\Data aplikací\Mozilla\Firefox\Profiles\twpgcxo0.default\searchplugins\askcom.xml
[2011.04.26 22:26:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011.04.26 22:26:25 | 000,000,000 | ---D | M] (afurladvisor) -- C:\Program Files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
File not found (No name found) --
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\DAVID\DATA APLIKACĂ\MOZILLA\FIREFOX\PROFILES\TWPGCXO0.DEFAULT\EXTENSIONS\TOOLBAR@ASK.COM
[2011.06.19 18:27:21 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2011.05.02 13:01:20 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.01.01 10:00:00 | 000,002,208 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\heureka-cz.xml
[2010.01.01 10:00:00 | 000,000,638 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
[2010.01.01 10:00:00 | 000,001,367 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml
[2010.01.01 10:00:00 | 000,000,654 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml
[2010.01.01 10:00:00 | 000,001,179 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2011.05.12 12:08:05 | 000,000,762 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (QIPBHO Class) - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\David\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1757981266-1292428093-839522115-1004\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1757981266-1292428093-839522115-1004\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKU\S-1-5-21-1757981266-1292428093-839522115-1004..\Run: [QIP Internet Guardian] C:\Documents and Settings\David\Data aplikací\QipGuard\QipGuard.exe ()
O4 - HKU\S-1-5-21-1757981266-1292428093-839522115-1004..\Run: [QIP2005] C:\Program Files\QIP\qip.exe (The Author of QIP)
O4 - HKU\S-1-5-21-1757981266-1292428093-839522115-1004..\Run: [SpywareTerminatorUpdate] C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1757981266-1292428093-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1757981266-1292428093-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1757981266-1292428093-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\S-1-5-21-1757981266-1292428093-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O8 - Extra context menu item: Odeslat do zařízení &Bluetooth... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Odeslat do zařízení Bluetooth - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.46.172.36 192.168.0.1
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\David\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\David\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.04.22 23:57:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003.04.16 14:00:00 | 000,000,257 | RHS- | M] () - F:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{c05cf46a-7e41-11e0-99d2-001b778f204c}\Shell\AuToplAy\CommAnD - "" = G:\sldvku.exe
O33 - MountPoints2\{c05cf46a-7e41-11e0-99d2-001b778f204c}\Shell\AutoRun\command - "" = G:\sldvku.exe
O33 - MountPoints2\{c05cf46a-7e41-11e0-99d2-001b778f204c}\Shell\ExPlOrE\COmMAnD - "" = G:\sldvku.exe
O33 - MountPoints2\{c05cf46a-7e41-11e0-99d2-001b778f204c}\Shell\OpEn\COMmaND - "" = G:\sldvku.exe
O33 - MountPoints2\{d5adf710-b456-11e0-9a4e-001c26fa4f76}\Shell\AutoplAy\COmmand - "" = G:\nftu.pif
O33 - MountPoints2\{d5adf710-b456-11e0-9a4e-001c26fa4f76}\Shell\AutoRun\command - "" = G:\nftu.pif
O33 - MountPoints2\{d5adf710-b456-11e0-9a4e-001c26fa4f76}\Shell\ExpLORe\coMmANd - "" = G:\nftu.pif
O33 - MountPoints2\{d5adf710-b456-11e0-9a4e-001c26fa4f76}\Shell\oPen\ComMaND - "" = G:\nftu.pif
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: wuauserv - File not found

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.divxa32 - C:\WINDOWS\System32\msaud32_divx.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3fhg - C:\WINDOWS\System32\mp3fhg.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: VIDC.XVID - xvidvfw.dll File not found
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 7 Days ==========

[2011.08.05 15:36:07 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\David\Plocha\OTL.exe
[2011.08.05 15:35:11 | 001,404,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\David\Plocha\tdsskiller.exe
[2011.08.05 15:33:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Yahoo! Companion
[2011.08.05 14:36:23 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011.08.05 14:36:10 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2011.08.05 14:12:30 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011.08.05 14:12:29 | 000,000,000 | ---D | C] -- C:\rsit
[2011.08.05 14:06:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Data aplikací\Spyware Terminator
[2011.08.05 14:06:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Spyware Terminator
[2011.08.05 14:06:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
[2011.08.05 14:06:13 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Terminator
[2011.08.04 14:22:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2011.08.04 14:21:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Trojan Remover
[2011.08.04 14:21:11 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ztvcabinet.dll
[2011.08.04 14:21:10 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2011.08.04 14:21:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Dokumenty\Simply Super Software
[2011.08.04 14:21:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Data aplikací\Simply Super Software
[2011.08.04 14:21:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Simply Super Software
[2011.08.04 12:57:14 | 000,463,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF3894.exe
[2011.08.04 12:56:45 | 000,390,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF3780.exe
[2011.08.04 12:47:01 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011.08.04 12:45:32 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011.08.04 12:45:32 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011.08.04 12:45:32 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011.08.04 12:45:32 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011.08.04 12:45:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011.08.04 12:44:56 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.08.04 12:44:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\David\Nabídka Start\Programy\Nástroje pro správu
[2011.08.04 12:13:07 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2011.08.04 12:12:02 | 000,566,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\gpedit.dll
[2011.08.04 12:12:01 | 000,295,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\appmgr.dll
[2011.08.04 12:12:01 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fde.dll
[2011.08.04 12:12:01 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\fdeploy.dll
[2011.08.04 12:12:00 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\gptext.dll
[2011.08.04 11:54:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Plocha\FixPolicies
[2011.08.04 10:51:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\David\Data aplikací\Malwarebytes
[2011.08.04 10:50:49 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011.08.04 10:50:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Nabídka Start\Programy\Malwarebytes' Anti-Malware
[2011.08.04 10:50:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
[2011.08.04 10:50:45 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.08.04 10:50:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 7 Days ==========

[2011.08.05 15:39:02 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2011.08.05 15:34:28 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\David\Plocha\OTL.exe
[2011.08.05 15:33:34 | 001,404,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\David\Plocha\tdsskiller.exe
[2011.08.05 15:29:00 | 000,001,026 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-1292428093-839522115-1004UA.job
[2011.08.05 15:20:30 | 000,047,616 | ---- | M] () -- C:\Documents and Settings\David\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.08.05 14:50:21 | 000,433,190 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.08.05 14:50:21 | 000,429,712 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2011.08.05 14:50:21 | 000,078,512 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2011.08.05 14:50:21 | 000,067,894 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.08.05 14:46:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.08.05 14:06:36 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Spyware Terminator.lnk
[2011.08.05 14:06:20 | 000,142,592 | ---- | M] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2011.08.04 18:01:00 | 000,000,234 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011.08.04 12:57:08 | 000,463,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF3894.exe
[2011.08.04 12:56:33 | 000,390,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF3780.exe
[2011.08.04 12:47:08 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011.08.04 10:50:49 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2011.08.04 10:29:03 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-1292428093-839522115-1004Core.job
[2011.08.03 23:13:22 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Plocha\Skype.lnk
[2011.08.03 11:29:34 | 000,008,398 | ---- | M] () -- C:\Documents and Settings\David\Plocha\button.pfi
[2011.07.30 14:53:41 | 000,127,704 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.07.29 18:52:52 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.08.05 15:39:02 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2011.08.05 14:06:36 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Spyware Terminator.lnk
[2011.08.05 14:06:20 | 000,142,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2011.08.04 14:21:11 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2011.08.04 14:21:11 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2011.08.04 14:21:11 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2011.08.04 14:21:11 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2011.08.04 12:47:08 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011.08.04 12:47:03 | 000,261,312 | RHS- | C] () -- C:\cmldr
[2011.08.04 12:45:32 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011.08.04 12:45:32 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011.08.04 12:45:32 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011.08.04 12:45:32 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011.08.04 12:45:32 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011.08.04 12:12:02 | 000,034,871 | ---- | C] () -- C:\WINDOWS\System32\gpedit.msc
[2011.08.04 10:50:49 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Plocha\Malwarebytes' Anti-Malware.lnk
[2011.08.03 11:29:33 | 000,008,398 | ---- | C] () -- C:\Documents and Settings\David\Plocha\button.pfi
[2011.07.05 15:59:51 | 000,045,202 | ---- | C] () -- C:\Documents and Settings\David\Data aplikací\room_v3.dat
[2011.06.30 20:24:10 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2011.06.20 12:07:14 | 000,000,549 | ---- | C] () -- C:\Documents and Settings\David\Data aplikací\AutoGK.ini
[2011.05.07 16:26:08 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\SysDVDtoAVI.dat
[2011.05.05 09:01:48 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2011.04.30 10:43:43 | 000,047,616 | ---- | C] () -- C:\Documents and Settings\David\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.28 15:09:02 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2011.04.28 15:08:59 | 000,080,896 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011.04.26 22:26:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\cd.dat
[2011.04.26 10:47:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011.04.26 08:31:42 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
[2011.04.24 11:41:21 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011.04.23 13:30:57 | 000,341,696 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\FontCache3.0.0.0.dat
[2011.04.23 01:38:00 | 000,004,265 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011.04.23 01:36:52 | 000,127,704 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.04.23 01:11:29 | 001,498,560 | ---- | C] () -- C:\WINDOWS\System32\igkrng400.bin
[2011.04.23 01:10:30 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011.04.23 00:08:45 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011.04.22 23:59:03 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011.04.22 23:54:49 | 000,021,812 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010.09.22 14:18:56 | 002,860,384 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2004.08.02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003.04.16 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003.04.16 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003.04.16 14:00:00 | 000,433,190 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003.04.16 14:00:00 | 000,429,712 | ---- | C] () -- C:\WINDOWS\System32\perfh005.dat
[2003.04.16 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003.04.16 14:00:00 | 000,269,162 | ---- | C] () -- C:\WINDOWS\System32\perfi005.dat
[2003.04.16 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003.04.16 14:00:00 | 000,078,512 | ---- | C] () -- C:\WINDOWS\System32\perfc005.dat
[2003.04.16 14:00:00 | 000,067,894 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003.04.16 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003.04.16 14:00:00 | 000,032,072 | ---- | C] () -- C:\WINDOWS\System32\perfd005.dat
[2003.04.16 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003.04.16 14:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003.04.16 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003.04.16 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002.10.16 00:54:04 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

[2011.04.26 22:27:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\hssff
[2011.08.04 14:21:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Simply Super Software
[2011.06.10 18:05:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Sony
[2011.08.05 14:33:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
[2011.08.04 14:30:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\TEMP
[2011.04.27 18:45:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011.04.26 08:37:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Data aplikací\Avaya
[2011.06.30 20:49:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Data aplikací\Azureus
[2011.07.26 10:21:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Data aplikací\COWON
[2011.06.19 18:28:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Data aplikací\DDMSettings
[2011.06.23 10:38:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Data aplikací\GHISLER
[2011.04.23 01:27:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Data aplikací\LolClient
[2011.04.25 13:18:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Data aplikací\OpenOffice.org
[2011.04.29 16:08:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Data aplikací\PhotoFiltre Studio X
[2011.06.10 18:11:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Data aplikací\Publish Providers
[2011.04.24 19:12:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Data aplikací\QipGuard
[2011.08.04 14:21:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Data aplikací\Simply Super Software
[2011.08.04 10:20:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Data aplikací\Sony
[2011.08.05 14:07:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Data aplikací\Spyware Terminator
[2011.06.13 18:30:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Data aplikací\TS3Client
[2011.08.04 18:01:00 | 000,000,234 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========

========== Custom Scans ==========

< >

< >

< MD5 for: AGP440.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.14 00:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004.08.03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2003.04.16 14:00:00 | 010,174,968 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2008.04.14 08:52:12 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\cmdcons\autochk.exe
[2008.04.14 08:52:12 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\ServicePackFiles\i386\autochk.exe
[2008.04.14 08:52:12 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=C7A9FF12C63E2E448722B02C71A8C431 -- C:\WINDOWS\system32\autochk.exe
[2004.08.17 15:49:22 | 000,601,088 | ---- | M] (Microsoft Corporation) MD5=CEA8636EC12F062C1ED8A7CB4E75324F -- C:\WINDOWS\$NtServicePackUninstall$\autochk.exe

< MD5 for: CDROM.SYS >
[2003.04.16 14:00:00 | 010,174,968 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:cdrom.sys
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:cdrom.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:cdrom.sys
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:cdrom.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:cdrom.sys
[2008.04.14 00:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\ServicePackFiles\i386\cdrom.sys
[2008.04.14 00:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\system32\drivers\cdrom.sys
[2004.08.03 22:59:54 | 000,049,536 | ---- | M] (Microsoft Corporation) MD5=AF9C19B3100FE010496B1A27181FBF72 -- C:\WINDOWS\$NtServicePackUninstall$\cdrom.sys

< MD5 for: CRYPTSVC.DLL >
[2004.08.17 15:49:04 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll
[2008.04.14 08:51:40 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[2008.04.14 08:51:40 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\cryptsvc.dll

< MD5 for: EVENTLOG.DLL >
[2008.04.14 08:51:42 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 08:51:42 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll
[2004.08.17 15:49:08 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2008.04.14 08:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\explorer.exe
[2008.04.14 08:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004.08.17 15:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: HAL.DLL >
[2003.04.16 14:00:00 | 010,174,968 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:hal.dll
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:hal.dll
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll
[2008.04.14 00:01:30 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=4329EE7D502C9113EBA0F9570392F5EE -- C:\WINDOWS\system32\HAL.DLL
[2008.04.14 00:01:34 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll
[2004.08.03 22:59:14 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=DFCE51FD96909D1B97D4A1A72D060D77 -- C:\WINDOWS\$NtServicePackUninstall$\hal.dll

< MD5 for: CHANGER.SYS >
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
[2004.08.17 15:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:Changer.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Changer.sys
[2008.04.14 00:11:00 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\ServicePackFiles\i386\changer.sys
[2004.08.03 23:00:14 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=DAF1A8193B6CAF0FB858CADCC5C4AF4A -- C:\WINDOWS\$NtServicePackUninstall$\changer.sys

< MD5 for: ISAPNP.SYS >
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2008.04.14 09:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:isapnp.sys
[2003.04.16 14:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\$NtServicePackUninstall$\isapnp.sys
[2008.04.14 07:57:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\ServicePackFiles\i386\isapnp.sys
[2008.04.14 07:57:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\drivers\isapnp.sys

< MD5 for: LSASS.EXE >
[2004.08.17 15:49:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
[2008.04.14 08:52:30 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[2008.04.14 08:52:30 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\lsass.exe

< MD5 for: NDIS.SYS >
[2008.04.14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008.04.14 00:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2004.08.03 23:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

< MD5 for: NETLOGON.DLL >
[2004.08.17 15:49:14 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008.04.14 08:51:52 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 08:51:52 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004.08.17 15:49:18 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008.04.14 08:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 08:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll

< MD5 for: SMSS.EXE >
[2004.08.17 15:49:28 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\$NtServicePackUninstall$\smss.exe
[2004.08.17 15:49:28 | 000,164,864 | ---- | M] (Microsoft Corporation) MD5=3C100B7FDB179B63829103DF6541337F -- C:\cmdcons\SYSTEM32\SMSS.EXE
[2008.04.14 08:52:48 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\ServicePackFiles\i386\smss.exe
[2008.04.14 08:52:48 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\smss.exe

< MD5 for: SVCHOST.EXE >
[2008.04.14 08:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008.04.14 08:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe
[2004.08.17 15:49:28 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: TCPIP.SYS >
[2008.04.14 00:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008.04.14 00:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\system32\drivers\tcpip.sys
[2004.08.03 23:14:42 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys

< MD5 for: USERINIT.EXE >
[2008.04.14 08:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 08:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe
[2004.08.17 15:49:28 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004.08.17 15:49:28 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008.04.14 08:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 08:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WS2_32.DLL >
[2004.08.17 15:49:22 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
[2008.04.14 08:52:08 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008.04.14 08:52:08 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\ws2_32.dll

< >

< %systemroot%*.* /U /s >
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[6 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
[16 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2011.04.26 12:44:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Data aplikací\Adobe
[2011.06.04 17:40:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Data aplikací\Apple Computer
[2011.04.26 08:37:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Data aplikací\Avaya
[2011.06.30 20:49:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Data aplikací\Azureus
[2011.07.26 10:21:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Data aplikací\COWON
[2011.06.19 18:28:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Data aplikací\DDMSettings
[2011.06.10 18:21:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Data aplikací\DivX
[2011.06.23 10:38:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Data aplikací\GHISLER
[2011.04.28 15:02:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Data aplikací\GRETECH
[2011.04.29 15:53:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Data aplikací\Identities
[2011.04.23 01:05:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Data aplikací\Intel
[2011.04.23 01:27:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Data aplikací\LolClient
[2011.04.23 01:08:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Data aplikací\Macromedia
[2011.08.04 10:51:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Data aplikací\Malwarebytes
[2011.05.02 17:22:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Data aplikací\Media Player Classic
[2011.06.28 09:18:50 | 000,000,000 | --SD | M] -- C:\Documents and Settings\David\Data aplikací\Microsoft
[2011.04.26 10:47:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Data aplikací\Mozilla
[2011.04.25 13:18:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Data aplikací\OpenOffice.org
[2011.04.29 16:08:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Data aplikací\PhotoFiltre Studio X
[2011.05.23 19:18:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Data aplikací\PSpad
[2011.06.10 18:11:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Data aplikací\Publish Providers
[2011.04.24 19:12:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Data aplikací\QipGuard
[2011.08.04 14:21:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Data aplikací\Simply Super Software
[2011.08.03 23:20:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Data aplikací\Skype
[2011.06.19 17:30:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Data aplikací\skypePM
[2011.08.04 10:20:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Data aplikací\Sony
[2011.08.05 14:07:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Data aplikací\Spyware Terminator
[2011.06.13 18:30:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Data aplikací\TS3Client
[2011.05.02 15:22:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\David\Data aplikací\Winamp

< %APPDATA%\*.exe /s >
[2011.04.25 12:54:10 | 000,310,208 | ---- | M] (Georgia Institute of Technology) -- C:\Documents and Settings\David\Data aplikací\Azureus\plugins\mlab\ShaperProbeC.exe
[2010.10.20 14:35:20 | 000,188,416 | ---- | M] () -- C:\Documents and Settings\David\Data aplikací\QipGuard\QipGuard.exe
[2010.12.27 16:02:28 | 003,761,072 | ---- | M] (Simply Super Software) -- C:\Documents and Settings\David\Data aplikací\Simply Super Software\Trojan Remover\dkl5.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[6 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2011.04.23 01:36:07 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2011.04.23 01:36:07 | 000,606,208 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2011.04.23 01:36:07 | 000,430,080 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %systemroot%\system32\*.dll /lockedfiles >
[6 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\drivers\*.sys /3 >
[2011.08.05 14:06:20 | 000,142,592 | ---- | M] () -- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys

< %systemroot%\system32\*.* /3 >
[2011.08.04 12:56:33 | 000,390,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\CF3780.exe
[2011.08.04 12:57:08 | 000,463,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\CF3894.exe
[2011.08.05 14:50:21 | 000,078,512 | ---- | M] () -- C:\WINDOWS\system32\perfc005.dat
[2011.08.05 14:50:21 | 000,067,894 | ---- | M] () -- C:\WINDOWS\system32\perfc009.dat
[2011.08.05 14:50:21 | 000,429,712 | ---- | M] () -- C:\WINDOWS\system32\perfh005.dat
[2011.08.05 14:50:21 | 000,433,190 | ---- | M] () -- C:\WINDOWS\system32\perfh009.dat
[2011.08.05 14:50:20 | 001,021,816 | ---- | M] () -- C:\WINDOWS\system32\PerfStringBackup.INI
[6 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %SYSTEMDRIVE%\*.exe >

< >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"CTFMON.EXE" = C:\WINDOWS\system32\ctfmon.exe -- [2008.04.14 08:52:18 | 000,015,360 | ---- | M] (Microsoft Corporation)
"Google Update" = "C:\Documents and Settings\David\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c -- [2011.04.23 01:07:12 | 000,205,808 | ---- | M] (Google Inc.)
"QIP Internet Guardian" = C:\Documents and Settings\David\Data aplikací\QipGuard\QipGuard.exe -- [2010.10.20 14:35:20 | 000,188,416 | ---- | M] ()
"QIP2005" = C:\Program Files\QIP\qip.exe -- [2010.10.29 17:12:32 | 003,330,560 | ---- | M] (The Author of QIP)
"SpywareTerminatorUpdate" = "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe" -- [2011.08.05 14:06:20 | 003,318,784 | ---- | M] (Crawler.com)

< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WUAUSERV
IMAGEPATH REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs

< reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c >
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS
IMAGEPATH REG_EXPAND_SZ %SystemRoot%\system32\svchost.exe -k netsvcs

< >

< type c:\boot.ini >> test.txt /c >
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

< %SystemDrive%\PhysicalMBR.bin /md5 >
[2011.08.05 15:39:02 | 000,000,512 | ---- | M] () MD5=EE18915AD5F92C79A169E67D2298E3BD -- C:\PhysicalMBR.bin

========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:CB0AACC9

< End of report >

Pořád nevím co dál.

Extras.txt v dalším příspěvku, nevejde se mi to do jedné zprávy.

DaweMcHarwy · #4 Příspěvek od **DaweMcHarwy** » 05 srp 2011 22:48

Tady je Extras.txt

OTL Extras logfile created on: 5.8.2011 15:38:08 - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\David\Plocha
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

998,22 Mb Total Physical Memory | 521,43 Mb Available Physical Memory | 52,24% Memory free
2,35 Gb Paging File | 1,83 Gb Available in Paging File | 77,95% Paging File free
Paging file location(s): C:\pagefile.sys 1500 3000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 14,65 Gb Total Space | 0,60 Gb Free Space | 4,09% Space Free | Partition Type: NTFS
Drive D: | 41,24 Gb Total Space | 0,90 Gb Free Space | 2,18% Space Free | Partition Type: NTFS
Drive E: | 850,85 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
Drive F: | 3,77 Gb Total Space | 1,66 Gb Free Space | 43,98% Space Free | Partition Type: FAT32

Computer Name: NTB206 | User Name: David | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1757981266-1292428093-839522115-1004\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"UacDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"FirewallOverride" = 1
"UpdatesDisableNotify" = 1
"UacDisableNotify" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"8397:TCP" = 8397:TCP:*:Enabled:League of Legends Launcher
"8397:UDP" = 8397:UDP:*:Enabled:League of Legends Launcher
"8396:TCP" = 8396:TCP:*:Enabled:League of Legends Launcher
"8396:UDP" = 8396:UDP:*:Enabled:League of Legends Launcher
"6894:TCP" = 6894:TCP:*:Enabled:League of Legends Launcher
"6894:UDP" = 6894:UDP:*:Enabled:League of Legends Launcher
"6913:TCP" = 6913:TCP:*:Enabled:League of Legends Launcher
"6913:UDP" = 6913:UDP:*:Enabled:League of Legends Launcher
"6934:TCP" = 6934:TCP:*:Enabled:League of Legends Launcher
"6934:UDP" = 6934:UDP:*:Enabled:League of Legends Launcher
"6967:TCP" = 6967:TCP:*:Enabled:League of Legends Launcher
"6967:UDP" = 6967:UDP:*:Enabled:League of Legends Launcher
"6985:TCP" = 6985:TCP:*:Enabled:League of Legends Launcher
"6985:UDP" = 6985:UDP:*:Enabled:League of Legends Launcher
"6965:TCP" = 6965:TCP:*:Enabled:League of Legends Launcher
"6965:UDP" = 6965:UDP:*:Enabled:League of Legends Launcher
"6991:TCP" = 6991:TCP:*:Enabled:League of Legends Launcher
"6991:UDP" = 6991:UDP:*:Enabled:League of Legends Launcher
"8398:TCP" = 8398:TCP:*:Enabled:League of Legends Launcher
"8398:UDP" = 8398:UDP:*:Enabled:League of Legends Launcher
"8393:TCP" = 8393:TCP:*:Enabled:League of Legends Lobby
"8393:UDP" = 8393:UDP:*:Enabled:League of Legends Lobby
"8390:TCP" = 8390:TCP:*:Enabled:League of Legends Game Client
"8390:UDP" = 8390:UDP:*:Enabled:League of Legends Game Client

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Riot Games\League of Legends\air\LolClient.exe" = D:\Riot Games\League of Legends\air\LolClient.exe:*:Enabled:League of Legends Lobby
"D:\Riot Games\League of Legends\game\League of Legends.exe" = D:\Riot Games\League of Legends\game\League of Legends.exe:*:Enabled:League of Legends Game Client
"D:\Hry\League of Legends\air\LolClient.exe" = D:\Hry\League of Legends\air\LolClient.exe:*:Enabled:League of Legends Lobby
"D:\Hry\League of Legends\game\League of Legends.exe" = D:\Hry\League of Legends\game\League of Legends.exe:*:Enabled:League of Legends Game Client
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze -- (Vuze Inc.)
"C:\Program Files\Raptr\raptr.exe" = C:\Program Files\Raptr\raptr.exe:*:Enabled:Raptr Client
"C:\Program Files\Raptr\raptr_im.exe" = C:\Program Files\Raptr\raptr_im.exe:*:Enabled:Raptr IM
"C:\Program Files\Winamp\winamp.exe" = C:\Program Files\Winamp\winamp.exe:*:Enabled:Winamp -- (Nullsoft, Inc.)
"D:\Hry\League of Legends\lol.launcher.exe" = D:\Hry\League of Legends\lol.launcher.exe:*:Enabled:League of Legends Launcher
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Total Commander\TOTALCMD.EXE" = C:\Program Files\Total Commander\TOTALCMD.EXE:*:Enabled:ipsec -- (Ghisler Software GmbH)
"C:\Program Files\Garena\Garena.exe" = C:\Program Files\Garena\Garena.exe:*:Enabled:Garena -- (Garena Online PTE LTD)
"G:\nftu.pif" = G:\nftu.pif:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\winmdqa.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\winmdqa.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\winfesvpd.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\winfesvpd.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\winpaenjw.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\winpaenjw.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\winnasnv.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\winnasnv.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\winpejhd.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\winpejhd.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\iplxs.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\iplxs.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\winwnpsj.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\winwnpsj.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\windjxjia.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\windjxjia.exe:*:Enabled:ipsec
"C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe" = C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe:*:Enabled:ipsec -- (Adobe Systems Incorporated)
"C:\WINDOWS\Explorer.EXE" = C:\WINDOWS\Explorer.EXE:*:Enabled:ipsec -- (Microsoft Corporation)
"C:\DOCUME~1\David\LOCALS~1\Temp\winxlhkt.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\winxlhkt.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\yyoyx.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\yyoyx.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\mvpgmx.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\mvpgmx.exe:*:Enabled:ipsec
"C:\Program Files\DivX\DivX Update\DivXUpdate.exe" = C:\Program Files\DivX\DivX Update\DivXUpdate.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\txbiph.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\txbiph.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\hkkl.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\hkkl.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\toid.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\toid.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\winxques.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\winxques.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\efdbl.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\efdbl.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\winxdaer.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\winxdaer.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\winqexjif.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\winqexjif.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\winloxhmx.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\winloxhmx.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\winjfgrh.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\winjfgrh.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\winjgkn.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\winjgkn.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\yagb.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\yagb.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\pcgor.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\pcgor.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\xuwuob.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\xuwuob.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\lyyl.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\lyyl.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\yrnq.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\yrnq.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\winsbain.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\winsbain.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\winsgqpy.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\winsgqpy.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\windhdldt.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\windhdldt.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\winmgyop.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\winmgyop.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\hossvy.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\hossvy.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\gtuq.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\gtuq.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\winfshjae.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\winfshjae.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\bvqwq.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\bvqwq.exe:*:Enabled:ipsec
"C:\WINDOWS\system32\igfxtray.exe" = C:\WINDOWS\system32\igfxtray.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\winbohjs.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\winbohjs.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\winfqitd.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\winfqitd.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\ctrtmr.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\ctrtmr.exe:*:Enabled:ipsec
"C:\WINDOWS\system32\hkcmd.exe" = C:\WINDOWS\system32\hkcmd.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\qohiq.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\qohiq.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\phle.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\phle.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\wincwuoki.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\wincwuoki.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\winoshipl.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\winoshipl.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\winrpgu.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\winrpgu.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\wincexc.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\wincexc.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\winajyipw.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\winajyipw.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\winxjgqbr.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\winxjgqbr.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\eybpr.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\eybpr.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\ymlas.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\ymlas.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\winheabea.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\winheabea.exe:*:Enabled:ipsec
"C:\Program Files\QIP\qip.exe" = C:\Program Files\QIP\qip.exe:*:Enabled:ipsec -- (The Author of QIP)
"C:\DOCUME~1\David\LOCALS~1\Temp\qpokp.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\qpokp.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\winbdbvcm.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\winbdbvcm.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\winrbjlw.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\winrbjlw.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\winupnjnm.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\winupnjnm.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\winoduee.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\winoduee.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\winemvsw.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\winemvsw.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\biqfv.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\biqfv.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\winsacch.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\winsacch.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\winionarp.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\winionarp.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\vaaxy.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\vaaxy.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\winetagen.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\winetagen.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\txgu.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\txgu.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\winlejp.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\winlejp.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\winhetpb.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\winhetpb.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\winyaqh.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\winyaqh.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\xegtq.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\xegtq.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\winlyno.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\winlyno.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\ydfkac.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\ydfkac.exe:*:Enabled:ipsec
"C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe" = C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\winhvuqf.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\winhvuqf.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\winqodln.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\winqodln.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\winvafmg.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\winvafmg.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\wincdoacg.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\wincdoacg.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\odyja.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\odyja.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\winmtep.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\winmtep.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\winvdxfqt.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\winvdxfqt.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\winooyd.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\winooyd.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\wintvptbm.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\wintvptbm.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\rwlrvx.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\rwlrvx.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\ghcv.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\ghcv.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\winkpou.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\winkpou.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\winyabj.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\winyabj.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\piay.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\piay.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\winrtwif.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\winrtwif.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\winnsigm.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\winnsigm.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\gdwns.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\gdwns.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\winwncv.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\winwncv.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\winhpec.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\winhpec.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\cixi.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\cixi.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\winpglm.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\winpglm.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\rrla.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\rrla.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\winudgvck.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\winudgvck.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\winhlgwhc.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\winhlgwhc.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\winqqfljk.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\winqqfljk.exe:*:Enabled:ipsec
"C:\Program Files\Hotspot Shield\bin\openvpntray.exe" = C:\Program Files\Hotspot Shield\bin\openvpntray.exe:*:Enabled:ipsec -- ()
"C:\DOCUME~1\David\LOCALS~1\Temp\winrkxkak.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\winrkxkak.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\winrplb.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\winrplb.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\winnguo.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\winnguo.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\winlfhfg.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\winlfhfg.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\nowre.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\nowre.exe:*:Enabled:ipsec
"C:\wamp\wampmanager.exe" = C:\wamp\wampmanager.exe:*:Enabled:ipsec -- (Aestan Software)
"C:\Program Files\Hotspot Shield\bin\HssTrayService.exe" = C:\Program Files\Hotspot Shield\bin\HssTrayService.exe:*:Enabled:ipsec -- ()
"C:\DOCUME~1\David\LOCALS~1\Temp\winresc.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\winresc.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\winyecmjf.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\winyecmjf.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\winacev.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\winacev.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\winscdouk.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\winscdouk.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\heprvc.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\heprvc.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\winlyoawg.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\winlyoawg.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\qmmhqc.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\qmmhqc.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\winbyvbj.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\winbyvbj.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\jxvnk.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\jxvnk.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\wonr.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\wonr.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\winorct.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\winorct.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\winelfg.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\winelfg.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\atome.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\atome.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\vcqvq.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\vcqvq.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\eamk.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\eamk.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\wincqfir.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\wincqfir.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\xums.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\xums.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\winoahie.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\winoahie.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\winlkay.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\winlkay.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\avvnq.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\avvnq.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\winvhnwt.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\winvhnwt.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\winmmutet.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\winmmutet.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\xkok.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\xkok.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\ogpb.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\ogpb.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\vnpyr.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\vnpyr.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\dvnlcl.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\dvnlcl.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\pbdc.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\pbdc.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\rroi.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\rroi.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\hsbilj.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\hsbilj.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\winbkitto.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\winbkitto.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\winnauyy.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\winnauyy.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\winmcuirx.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\winmcuirx.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\winofvkh.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\winofvkh.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\xdom.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\xdom.exe:*:Enabled:ipsec
"C:\Program Files\PowerISO\PWRISOVM.EXE" = C:\Program Files\PowerISO\PWRISOVM.EXE:*:Enabled:ipsec -- (PowerISO Computing, Inc.)
"C:\DOCUME~1\David\LOCALS~1\Temp\winokaoyy.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\winokaoyy.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\winnpvn.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\winnpvn.exe:*:Enabled:ipsec
"C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" = C:\Program Files\Avira\AntiVir Desktop\avgnt.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\winnsodia.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\winnsodia.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\frvjqn.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\frvjqn.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\winvlny.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\winvlny.exe:*:Enabled:ipsec
"C:\WINDOWS\system32\netsh.exe" = C:\WINDOWS\system32\netsh.exe:*:Enabled:ipsec -- (Microsoft Corporation)
"C:\DOCUME~1\David\LOCALS~1\Temp\winhahu.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\winhahu.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\winucvbgh.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\winucvbgh.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\winjvpw.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\winjvpw.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\bejut.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\bejut.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\winynyrfw.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\winynyrfw.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\dkuu.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\dkuu.exe:*:Enabled:ipsec
"C:\DOCUME~1\David\LOCALS~1\Temp\winikcce.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\winikcce.exe:*:Enabled:ipsec -- ()
"C:\DOCUME~1\David\LOCALS~1\Temp\jdowj.exe" = C:\DOCUME~1\David\LOCALS~1\Temp\jdowj.exe:*:Enabled:ipsec

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{129DDEC1-A6A3-3D60-AABE-76E6E5334922}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - CSY
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2BA00471-0328-3743-93BD-FA813353A783}" = Microsoft .NET Framework 3.0 Service Pack 1
"{2FC099BD-AC9B-33EB-809C-D332E1B27C40}" = Microsoft .NET Framework 3.5
"{350C9405-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6FE8B722-4D7E-3CD7-BB3A-3AD1684B1295}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - CSY
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74DCC43B-33C9-3389-BD0D-33EB37973657}" = Microsoft .NET Framework 3.5 Language Pack - csy
"{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = ThinkPad Bluetooth with Enhanced Data Rate Software
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{AC76BA86-7AD7-1029-7B44-AA0000000001}" = Adobe Reader X - Czech
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{D5B94160-4A07-4956-9C73-8C5EEFEF180F}" = OpenOffice.org 3.3
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{DC785DB7-D389-48C3-B146-96FE99BF4E2B}" = Vegas Pro 9.0
"{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = jetAudio Basic VX
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 2.01.210
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5F97313-4454-4B49-A602-285447A55B86}" = Software Intel(R) PROSet/Wireless WiFi
"8461-7759-5462-8226" = Vuze
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AutoGK" = Auto Gordian Knot 2.55
"AviSynth" = AviSynth 2.5
"conduitEngine" = Conduit Engine
"DivX Setup.divx.com" = DivX Setup
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Garena" = Garena 2010
"GOM Player" = GOM Player
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HotspotShield" = Hotspot Shield 2.06
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 7.1.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware verze 1.51.1.1800
"Microsoft .NET Framework 3.5" = Microsoft .NET Framework 3.5
"Microsoft .NET Framework 3.5 Language Pack - csy" = Microsoft .NET Framework 3.5 Language Pack - CSY
"Mozilla Firefox 4.0.1 (x86 cs)" = Mozilla Firefox 4.0.1 (x86 cs)
"MPEG2 Codec(libmpeg2/mad)" = MPEG2 Codec(libmpeg2/mad)
"Nero - Burning Rom!UninstallKey" = Nero 6 Demo
"PowerISO" = PowerISO
"ProInst" = Intel PROSet Wireless
"PROSet" = Intel(R) Network Connections Drivers
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Spyware Terminator_is1" = Spyware Terminator
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Totalcmd" = Total Commander (Remove or Repair)
"Trojan Remover_is1" = Trojan Remover 6.8.2
"VobSub" = VobSub v2.23 (Remove Only)
"Vuze_Remote Toolbar" = Vuze Remote Toolbar
"WampServer 2_is1" = WampServer 2.1
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1757981266-1292428093-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"PhotoFiltre Studio X" = PhotoFiltre Studio X
"QIP 2005" = QIP 2005 8097
"QipGuard" = QIP Internet Guardian
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 24.6.2011 4:04:56 | Computer Name = NTB206 | Source = Application Error | ID = 1000
Description = Chybující aplikace winamp.exe, verze 5.6.1.3133, chybující modul unknown,
verze 0.0.0.0, adresa chyby 0x0000008c.

Error - 27.6.2011 5:42:22 | Computer Name = NTB206 | Source = Application Error | ID = 1000
Description = Chybující aplikace ddmservice.exe, verze 1.2.0.135, chybující modul
divxdownloadmanager.dll, verze 1.2.0.135, adresa chyby 0x0002614a.

Error - 5.7.2011 7:36:14 | Computer Name = NTB206 | Source = Application Error | ID = 1000
Description = Chybující aplikace winamp.exe, verze 5.6.1.3133, chybující modul d3dx9_42.dll,
verze 9.27.952.3001, adresa chyby 0x0001c6c8.

Error - 22.7.2011 7:38:44 | Computer Name = NTB206 | Source = Application Error | ID = 1000
Description = Chybující aplikace winamp.exe, verze 5.6.1.3133, chybující modul ntdll.dll,
verze 5.1.2600.5512, adresa chyby 0x0001b1fa.

Error - 30.7.2011 5:04:35 | Computer Name = NTB206 | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> (OS 10048)Normálně
je povoleno pouze jedno použití každé adresy (protokolu, síťové adresy, portu)
soketu. : make_sock: could not bind to address 0.0.0.0:80 .

Error - 30.7.2011 5:04:35 | Computer Name = NTB206 | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> no listening
sockets available, shutting down .

Error - 30.7.2011 5:04:35 | Computer Name = NTB206 | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> Unable
to open logs .

Error - 30.7.2011 5:04:41 | Computer Name = NTB206 | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> (OS 10048)Normálně
je povoleno pouze jedno použití každé adresy (protokolu, síťové adresy, portu)
soketu. : make_sock: could not bind to address 0.0.0.0:80 .

Error - 30.7.2011 5:04:41 | Computer Name = NTB206 | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> no listening
sockets available, shutting down .

Error - 30.7.2011 5:04:41 | Computer Name = NTB206 | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> Unable
to open logs .

[ System Events ]
Error - 4.8.2011 8:45:30 | Computer Name = NTB206 | Source = Service Control Manager | ID = 7023
Description = Služba Automatic Updates byla ukončena s následující chybou: %%126

Error - 4.8.2011 8:46:01 | Computer Name = NTB206 | Source = Service Control Manager | ID = 7031
Description = Služba Avira AntiVir Guard byla nečekaně ukončena. Stalo se to 1 krát.
Následující opravná akce bude spuštěna za 0 milisekund: Restartovat službu.

Error - 4.8.2011 8:46:09 | Computer Name = NTB206 | Source = Service Control Manager | ID = 7031
Description = Služba Avira AntiVir Guard byla nečekaně ukončena. Stalo se to 2 krát.
Následující opravná akce bude spuštěna za 0 milisekund: Restartovat službu.

Error - 4.8.2011 8:46:09 | Computer Name = NTB206 | Source = System Error | ID = 1003
Description = Kód chyby 10000050, parametr1 fffffff0, parametr2 00000000, parametr3
80526431, parametr4 00000000.

Error - 4.8.2011 8:46:19 | Computer Name = NTB206 | Source = Service Control Manager | ID = 7034
Description = Služba Avira AntiVir Guard byla neočekávaně ukončena. Tento stav nastal
již 3krát.

Error - 4.8.2011 11:12:08 | Computer Name = NTB206 | Source = Service Control Manager | ID = 7023
Description = Služba Automatic Updates byla ukončena s následující chybou: %%126

Error - 5.8.2011 7:54:15 | Computer Name = NTB206 | Source = Service Control Manager | ID = 7023
Description = Služba Automatic Updates byla ukončena s následující chybou: %%126

Error - 5.8.2011 7:57:28 | Computer Name = NTB206 | Source = Dhcp | ID = 1002
Description = Zapůjčení adresy IP 10.0.0.1 pro síťovou kartu s adresou 001A6B3A4933
byla serverem DHCP 192.168.0.1 odmítnuta. (Server DHCP odeslal zprávu DHCPNACK).

Error - 5.8.2011 8:01:22 | Computer Name = NTB206 | Source = Service Control Manager | ID = 7023
Description = Služba Automatic Updates byla ukončena s následující chybou: %%126

Error - 5.8.2011 8:46:18 | Computer Name = NTB206 | Source = Service Control Manager | ID = 7023
Description = Služba Automatic Updates byla ukončena s následující chybou: %%126

< End of report >

#5 Příspěvek od **vyosek** » 06 srp 2011 08:34

Ja se ptal na ten ComboFix jestli jej umite pouzivat, ze neprobehl korektne vidim z logu

Zapojte do PC vsechny USB klice (flashky, ext. disky apod.)

Stahne a ulozte na plochu UsbFix http://www.viry.cz/forum/viewtopic.php?f=24&t=102308
Spustte a kliknete na Deletion
Po dokonceni sem vlozte log, pokud na Vas nevyskoci, najdete jej zde C:\UsbFix.txt

Aplikujte exeHelper by Raktor

Linky ke stazeni
- COM soubor http://vyosek.ic.cz/BE/exeHelper.com
- SCR soubor http://vyosek.ic.cz/BE/exeHelper.scr
Utilitu staci spustit jako Spravce (klik pravym mysidlem), probehne oprava a vznikne log exehelperlog.txt

Nechte USB klicenky stale zapojene

Spustte znovu OTL

Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

Kód: Vybrat vše

:otl
SRV - File not found [Auto | Stopped] -- -- (wuauserv)
SRV - File not found [Auto | Stopped] -- -- (PEVSystemStart)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
DRV - File not found [Kernel | On_Demand | Running] -- -- (abp470n5)
IE - HKU\S-1-5-21-1757981266-1292428093-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
IE - HKU\S-1-5-21-1757981266-1292428093-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://eu.ask.com/?l=dis&o=102866&gct=hp
IE - HKU\S-1-5-21-1757981266-1292428093-839522115-1004\..\URLSearchHook: {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\David\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
IE - HKU\S-1-5-21-1757981266-1292428093-839522115-1004\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.startup.homepage: "http://eu.ask.com/?l=dis&o=102866&gct=hp"
FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=STT&o=102866&locale=en_EU&apn_uid=175483d0-15be-4710-b831-86b9af6493b3&apn_ptnrs=5N&apn_sauid=AE1A66E7-C5A7-4BC8-ADD2-B10F5D7117E6&apn_dtid=YYYYYYYYCZ&q="
[2011.08.04 14:14:37 | 000,000,000 | ---D | M] ("Ask Toolbar") -- C:\Documents and Settings\David\Data aplikací\Mozilla\Firefox\Profiles\twpgcxo0.default\extensions\toolbar@ask.com
[2011.08.05 15:32:29 | 000,002,397 | ---- | M] () -- C:\Documents and Settings\David\Data aplikací\Mozilla\Firefox\Profiles\twpgcxo0.default\searchplugins\askcom.xml
[2011.04.26 22:26:25 | 000,000,000 | ---D | M] (afurladvisor) -- C:\Program Files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
File not found (No name found) --
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\DAVID\DATA APLIKACĂ\MOZILLA\FIREFOX\PROFILES\TWPGCXO0.DEFAULT\EXTENSIONS\TOOLBAR@ASK.COM
O2 - BHO: (QIPBHO Class) - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\David\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1757981266-1292428093-839522115-1004\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1757981266-1292428093-839522115-1004\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O33 - MountPoints2\{c05cf46a-7e41-11e0-99d2-001b778f204c}\Shell\AuToplAy\CommAnD - "" = G:\sldvku.exe
O33 - MountPoints2\{c05cf46a-7e41-11e0-99d2-001b778f204c}\Shell\AutoRun\command - "" = G:\sldvku.exe
O33 - MountPoints2\{c05cf46a-7e41-11e0-99d2-001b778f204c}\Shell\ExPlOrE\COmMAnD - "" = G:\sldvku.exe
O33 - MountPoints2\{c05cf46a-7e41-11e0-99d2-001b778f204c}\Shell\OpEn\COMmaND - "" = G:\sldvku.exe
O33 - MountPoints2\{d5adf710-b456-11e0-9a4e-001c26fa4f76}\Shell\AutoplAy\COmmand - "" = G:\nftu.pif
O33 - MountPoints2\{d5adf710-b456-11e0-9a4e-001c26fa4f76}\Shell\AutoRun\command - "" = G:\nftu.pif
O33 - MountPoints2\{d5adf710-b456-11e0-9a4e-001c26fa4f76}\Shell\ExpLORe\coMmANd - "" = G:\nftu.pif
O33 - MountPoints2\{d5adf710-b456-11e0-9a4e-001c26fa4f76}\Shell\oPen\ComMaND - "" = G:\nftu.pif
[2011.08.04 14:21:10 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2011.04.26 22:27:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Data aplikací\hssff
[2011.08.04 18:01:00 | 000,000,234 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
[16 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> ]
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Data aplikací\TEMP:CB0AACC9

:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=-
"HotKeysCmds"=-
"Persistence"=-
"Adobe Reader Speed Launcher"=-
"Adobe ARM"=-
"QuickTime Task"=-
"iTunesHelper"=-
""=-
"ApnUpdater"=-
"DivXUpdate"=-
"NeroFilterCheck"=-
"TrojanScanner"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=-
"QIP Internet Guardian"=-
"UpdateMyDrivers"=-
"QIP2005"=-
"SpywareTerminatorUpdate"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=-
"DisableRegistryTools"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"G:\nftu.pif"=-
"C:\DOCUME~1\David\LOCALS~1\Temp\winmdqa.exe"=-
"C:\DOCUME~1\David\LOCALS~1\Temp\winfesvpd.exe"=-
"C:\DOCUME~1\David\LOCALS~1\Temp\winpaenjw.exe"=-
"C:\DOCUME~1\David\LOCALS~1\Temp\winnasnv.exe"=-
"C:\DOCUME~1\David\LOCALS~1\Temp\winpejhd.exe"=-
"C:\DOCUME~1\David\LOCALS~1\Temp\iplxs.exe"=-
"C:\DOCUME~1\David\LOCALS~1\Temp\winwnpsj.exe"=-
"C:\DOCUME~1\David\LOCALS~1\Temp\windjxjia.exe"=-
"C:\Documents and Settings\David\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe"=-
"C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"=-
"C:\WINDOWS\Explorer.EXE"=-
"C:\DOCUME~1\David\LOCALS~1\Temp\winxlhkt.exe"=-
"C:\DOCUME~1\David\LOCALS~1\Temp\yyoyx.exe"=-
"C:\DOCUME~1\David\LOCALS~1\Temp\mvpgmx.exe"=-
"C:\Program Files\DivX\DivX Update\DivXUpdate.exe"=-
"C:\DOCUME~1\David\LOCALS~1\Temp\txbiph.exe"=-
"C:\DOCUME~1\David\LOCALS~1\Temp\hkkl.exe"=-
"C:\DOCUME~1\David\LOCALS~1\Temp\toid.exe"=-
"C:\DOCUME~1\David\LOCALS~1\Temp\winxques.exe"=-
"C:\DOCUME~1\David\LOCALS~1\Temp\efdbl.exe"=-
"C:\DOCUME~1\David\LOCALS~1\Temp\winxdaer.exe"=-
"C:\Program Files\Total Commander\TOTALCMD.EXE"=-
"C:\Program Files\Skype\Phone\Skype.exe"=-
"C:\DOCUME~1\David\LOCALS~1\Temp\winqexjif.exe"=-
"C:\DOCUME~1\David\LOCALS~1\Temp\winloxhmx.exe"=-
"C:\DOCUME~1\David\LOCALS~1\Temp\winjfgrh.exe"=-
"C:\DOCUME~1\David\LOCALS~1\Temp\winjgkn.exe"=-
"C:\DOCUME~1\David\LOCALS~1\Temp\yagb.exe"=-
"C:\DOCUME~1\David\LOCALS~1\Temp\pcgor.exe"=-
"C:\DOCUME~1\David\LOCALS~1\Temp\xuwuob.exe"=-
"C:\DOCUME~1\David\LOCALS~1\Temp\lyyl.exe"=-
"C:\DOCUME~1\David\LOCALS~1\Temp\yrnq.exe"=-
"C:\WINDOWS\system32\wuauclt.exe"=-
"C:\DOCUME~1\David\LOCALS~1\Temp\winsbain.exe"=-
"C:\DOCUME~1\David\LOCALS~1\Temp\winsgqpy.exe"=-
"C:\DOCUME~1\David\LOCALS~1\Temp\windhdldt.exe"=-
"C:\DOCUME~1\David\LOCALS~1\Temp\winmgyop.exe"=-
"C:\DOCUME~1\David\LOCALS~1\Temp\hossvy.exe"=-
"C:\DOCUME~1\David\LOCALS~1\Temp\gtuq.exe"=-
"C:\DOCUME~1\David\LOCALS~1\Temp\winfshjae.exe"=-
"C:\DOCUME~1\David\LOCALS~1\Temp\bvqwq.exe"=-
"C:\WINDOWS\system32\igfxtray.exe"=-
"C:\DOCUME~1\David\LOCALS~1\Temp\winbohjs.exe"=-
"C:\DOCUME~1\David\LOCALS~1\Temp\winfqitd.exe"=-
"C:\DOCUME~1\David\LOCALS~1\Temp\ctrtmr.exe"=-
"C:\WINDOWS\system32\hkcmd.exe"=-
"C:\DOCUME~1\David\LOCALS~1\Temp\qohiq.exe"=-
"C:\DOCUME~1\David\LOCALS~1\Temp\phle.exe"=-
"C:\DOCUME~1\David\LOCALS~1\Temp\wincwuoki.exe"=-
"C:\DOCUME~1\David\LOCALS~1\Temp\winoshipl.exe"=-
"C:\DOCUME~1\David\LOCALS~1\Temp\winrpgu.exe"=-
"C:\DOCUME~1\David\LOCALS~1\Temp\wincexc.exe"=-
"C:\DOCUME~1\David\LOCALS~1\Temp\winajyipw.exe"=-
"C:\DOCUME~1\David\LOCALS~1\Temp\winxjgqbr.exe"=-
"C:\DOCUME~1\David\LOCALS~1\Temp\eybpr.exe"=-
"C:\DOCUME~1\David\LOCALS~1\Temp\ymlas.exe"=-
"C:\DOCUME~1\David\LOCALS~1\Temp\winheabea.exe"=-
"C:\DOCUME~1\David\LOCALS~1\Temp\qpokp.exe"=-
"C:\DOCUME~1\David\LOCALS~1\Temp\winbdbvcm.exe"=-
"C:\DOCUME~1\David\LOCALS~1\Temp\winrbjlw.exe"=-
"C:\DOCUME~1\David\LOCALS~1\Temp\winupnjnm.exe"=-
"C:\DOCUME~1\David\LOCALS~1\Temp\winoduee.exe"=-
"C:\DOCUME~1\David\LOCALS~1\Temp\winemvsw.exe"=-
"C:\DOCUME~1\David\LOCALS~1\Temp\biqfv.exe"=-
"C:\DOCUME~1\David\LOCALS~1\Temp\winsacch.exe"=-
"C:\DOCUME~1\David\LOCALS~1\Temp\winionarp.exe"=-
"C:\DOCUME~1\David\LOCALS~1\Temp\vaaxy.exe"=-
"C:\DOCUME~1\David\LOCALS~1\Temp\winetagen.exe"=-
"C:\DOCUME~1\David\LOCALS~1\Temp\txgu.exe"=-
"C:\DOCUME~1\David\LOCALS~1\Temp\winlejp.exe"=-
"C:\DOCUME~1\David\LOCALS~1\Temp\winhetpb.exe"=-
"C:\DOCUME~1\David\LOCALS~1\Temp\winyaqh.exe"=-
"C:\DOCUME~1\David\LOCALS~1\Temp\xegtq.exe"=-
"C:\DOCUME~1\David\LOCALS~1\Temp\winlyno.exe"=-
"C:\DOCUME~1\David\LOCALS~1\Temp\ydfkac.exe"=-
"C:\DOCUME~1\David\LOCALS~1\Temp\winhvuqf.exe"=-
"C:\DOCUME~1\David\LOCALS~1\Temp\winqodln.exe"=-
"C:\DOCUME~1\David\LOCALS~1\Temp\winvafmg.exe"=-
"C:\DOCUME~1\David\LOCALS~1\Temp\wincdoacg.exe"=-
"C:\DOCUME~1\David\LOCALS~1\Temp\odyja.exe"=-
"C:\DOCUME~1\David\LOCALS~1\Temp\winmtep.exe"=-
 
:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]

Nasledne kliknete na Opravit
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

DaweMcHarwy · #6 Příspěvek od **DaweMcHarwy** » 06 srp 2011 16:34

Děkuji za odpověď.

USBFix log:

############################## | UsbFix 7.014 | [Deletion]

User: David (Administrator) # NTB206 [ ]
Updated 24/06/10 by El Desaparecido / C_XX
Started at 17:24:42 | 06/08/2011
Website: http://pagesperso-orange.fr/NosTools/index.html
Contact: FindyKill.Contact@gmail.com

CPU: Intel(R) Core(TM)2 Duo CPU T7100 @ 1.80GHz
CPU 2: Intel(R) Core(TM)2 Duo CPU T7100 @ 1.80GHz
Microsoft Windows XP Home Edition (5.1.2600 32-Bit) # Service Pack 3
Internet Explorer 6.0.2900.5512

Windows Firewall: Disabled /!\
RAM -> 998 Mb
C:\ (%systemdrive%) -> Fixed drive # 15 Gb (352 Mb free - 2%) [] # NTFS
D:\ -> Fixed drive # 41 Gb (867 Mb free - 2%) [Pracovni] # NTFS
E:\ -> CD-ROM
F:\ -> Fixed drive # 298 Gb (16 Mb free - 5%) [LG_EXT_HDD] # NTFS
G:\ -> Removable drive # 4 Gb (488 Mb free - 13%) [KINGSTON] # FAT32

################## | Files # Infected Folders |

Deleted ! G:\vtceic.pif
Not deleted ! G:\Autorun.inf
Deleted ! G:\lretsu.pif
Deleted ! G:\ehly.pif
Deleted ! G:\jdxev.pif

################## | Registry |

Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools
Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr

################## | Mountpoints2 |

Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{c05cf46a-7e41-11e0-99d2-001b778f204c}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{d5adf710-b456-11e0-9a4e-001c26fa4f76}

################## | Listing |

[05/08/2011 - 14:36:24 | SD ] C:\32788R22FWJFW
[22/04/2011 - 23:57:28 | A | 0] C:\AUTOEXEC.BAT
[23/04/2011 - 00:56:04 | A | 211] C:\Boot.bak
[04/08/2011 - 12:47:08 | RASH | 327] C:\boot.ini
[16/04/2003 - 14:00:00 | RASH | 4952] C:\Bootfont.bin
[04/08/2011 - 12:47:08 | RASHD ] C:\cmdcons
[03/08/2004 - 23:00:04 | RASH | 261312] C:\cmldr
[06/08/2011 - 00:22:13 | SD ] C:\ComboFix
[22/04/2011 - 23:57:28 | A | 0] C:\CONFIG.SYS
[23/05/2011 - 14:54:38 | D ] C:\Documents and Settings
[22/05/2011 - 09:21:47 | D ] C:\DRIVERS
[26/04/2011 - 22:26:41 | D ] C:\Hotspot Shield
[22/04/2011 - 23:57:28 | RASH | 0] C:\IO.SYS
[22/04/2011 - 23:57:28 | RASH | 0] C:\MSDOS.SYS
[23/04/2011 - 00:51:53 | RASH | 47564] C:\NTDETECT.COM
[23/04/2011 - 02:10:50 | RASH | 250576] C:\ntldr
[06/08/2011 - 17:13:28 | ASH | 1572864000] C:\pagefile.sys
[05/08/2011 - 15:39:02 | A | 512] C:\PhysicalMBR.bin
[05/08/2011 - 14:12:30 | D ] C:\Program Files
[04/08/2011 - 12:45:25 | D ] C:\Qoobox
[06/08/2011 - 17:26:28 | SHD ] C:\RECYCLER
[05/08/2011 - 14:12:37 | D ] C:\rsit
[23/04/2011 - 01:02:24 | SHD ] C:\System Volume Information
[05/08/2011 - 15:37:10 | A | 39164] C:\TDSSKiller.2.5.14.0_05.08.2011_15.36.21_log.txt
[06/08/2011 - 17:26:28 | D ] C:\UsbFix
[06/08/2011 - 17:26:32 | A | 1224] C:\UsbFix.txt
[12/05/2011 - 12:08:21 | D ] C:\wamp
[05/08/2011 - 14:37:23 | D ] C:\WINDOWS
[06/08/2011 - 17:25:19 | SHD ] D:\$RECYCLE.BIN
[24/02/2011 - 16:00:21 | SHD ] D:\Config.Msi
[05/08/2011 - 17:52:05 | D ] D:\Downloads
[04/08/2011 - 18:41:25 | D ] D:\fotky svatba
[27/06/2011 - 22:21:17 | D ] D:\Hry
[30/05/2011 - 14:49:04 | D ] D:\Hudba
[03/07/2011 - 22:55:27 | D ] D:\Mapa
[31/07/2008 - 11:23:02 | A | 61144684] D:\Mizerove 2.wmv
[16/10/2009 - 20:45:58 | A | 99376692] D:\Mizerove 3.wmv
[01/12/2007 - 20:17:52 | A | 72157974] D:\Mizerové.wmv
[23/04/2011 - 00:19:25 | D ] D:\Program
[29/04/2011 - 15:52:32 | D ] D:\Programs
[06/08/2011 - 17:26:28 | SHD ] D:\RECYCLER
[03/08/2011 - 11:03:03 | D ] D:\SW I
[23/04/2011 - 00:00:50 | SHD ] D:\System Volume Information
[21/12/2006 - 13:05:08 | A | 119016842] D:\ubytovna 1.dil.wmv
[02/08/2011 - 12:52:53 | D ] D:\Vuze Downloads
[04/08/2011 - 10:28:56 | D ] D:\ZTRACENICZ
[15/03/2008 - 16:47:43 | RD ] E:\CDI
[15/03/2008 - 16:47:43 | RD ] E:\EXT
[15/03/2008 - 16:47:43 | RD ] E:\MPEGAV
[15/03/2008 - 17:25:36 | RD ] E:\PICTURES
[15/03/2008 - 16:47:43 | RD ] E:\SEGMENT
[15/03/2008 - 16:47:43 | RD ] E:\VCD
[06/08/2011 - 17:25:22 | SHD ] F:\$RECYCLE.BIN
[23/03/2010 - 00:20:57 | D ] F:\Assassin's Creed 2
[14/05/2011 - 23:26:29 | D ] F:\Assassin's Creed Brotherhood
[13/09/2009 - 21:37:36 | D ] F:\Batman Arkham Asylum
[24/11/2009 - 22:53:47 | D ] F:\Call of Duty - Modern Warfare 2
[24/12/2009 - 22:59:41 | D ] F:\Colin McRae DiRT 2
[12/07/2011 - 17:20:07 | D ] F:\Colin McRae DiRT 3
[06/04/2011 - 19:47:02 | D ] F:\Crysis 2
[09/01/2011 - 13:31:05 | D ] F:\FIFA 11
[09/07/2010 - 20:20:09 | D ] F:\Flash Forward
[01/10/2010 - 21:29:32 | SHD ] F:\found.000
[09/01/2011 - 13:45:42 | D ] F:\Half-Life 2 Complete
[14/05/2011 - 23:25:26 | D ] F:\How I Met Your Mother
[13/11/2009 - 15:38:06 | D ] F:\Jericho
[13/11/2009 - 15:45:37 | D ] F:\Knight Rider
[22/04/2011 - 19:34:21 | D ] F:\League of Legends
[06/08/2011 - 12:55:10 | D ] F:\Mafia 2
[08/02/2010 - 12:01:59 | D ] F:\Mass Effect 2
[26/03/2010 - 16:43:58 | D ] F:\Metro 2033
[10/02/2011 - 19:08:32 | D ] F:\Mirrors Edge
[04/08/2010 - 15:26:26 | HD ] F:\msdownld.tmp
[30/12/2009 - 22:21:31 | D ] F:\NHL 08
[23/09/2010 - 19:59:02 | D ] F:\Prototype
[09/07/2010 - 20:20:57 | D ] F:\Race Driver Grid
[06/08/2011 - 17:26:28 | SHD ] F:\RECYCLER
[09/04/2011 - 21:59:10 | RD ] F:\Risen
[30/08/2010 - 19:07:52 | D ] F:\Split Second
[10/02/2011 - 19:11:03 | D ] F:\Star Wars Empire at War
[09/05/2011 - 20:03:41 | D ] F:\Star Wars Knights of the Old Republic II The Sith Lords
[01/11/2009 - 16:54:10 | D ] F:\Star Wars The Force Unleashed
[01/11/2010 - 20:00:06 | D ] F:\Star Wars The Force Unleashed 2
[31/03/2011 - 16:14:41 | SHD ] F:\System Volume Information
[14/05/2011 - 23:23:58 | D ] F:\The Big Bang Theory
[30/12/2009 - 23:21:26 | D ] F:\The Saboteur
[12/07/2011 - 17:25:07 | D ] F:\The Witcher 2
[13/06/2009 - 17:07:01 | D ] F:\Timeshift
[01/07/2011 - 19:04:37 | RD ] F:\Warcraft III
[12/09/2009 - 11:08:23 | D ] F:\Wolfenstein
[27/05/2011 - 00:02:23 | RD ] F:\World of Warcraft FREE
[26/06/2010 - 19:55:53 | RD ] F:\World of Warcraft TBC
[06/08/2011 - 17:22:50 | A | 9385] G:\script.TXT
[06/08/2011 - 17:26:28 | A | 172031] G:\vtceic.pif
[12/07/2011 - 17:06:02 | SHD ] G:\FOUND.000
[04/08/2011 - 18:45:32 | D ] G:\Freddy Got Fingered.avi [XVID]
[04/08/2011 - 19:29:58 | D ] G:\Road.Trip[2000]DvDrip.AC3[Eng][Multi-Sub]-Vex
[06/08/2011 - 17:20:38 | RSH | 172031] G:\bacmc.cmd
[06/08/2011 - 17:20:50 | A | 1294103] G:\UsbFix.exe
[05/08/2011 - 15:26:06 | D ] G:\The.Bourne.Ultimatum[2007]DvDrip[Eng]-aXXo
[05/08/2011 - 15:38:44 | D ] G:\The Bourne Supremacy[2004]DvDrip AC3[Eng]-FXG
[06/08/2011 - 17:21:36 | A | 294400] G:\exeHelper.scr.txt
[06/08/2011 - 17:21:16 | A | 294400] G:\exeHelper.com
[14/04/2008 - 08:52:40 | N | 343] G:\autorun.inf

################## | Vaccin |

C:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
D:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)
F:\Autorun.inf -> Folder created by UsbFix (El Desaparecido & C_XX)

################## | Upload |

Please send the file: C:\UsbFix_Upload_Me_NTB206.zip
http://chiquitine.changelog.fr/Sample/Upload.php
Thank you for your contribution.

################## | E.O.F |

OTL Log:

All processes killed
========== OTL ==========
Service wuauserv stopped successfully!
Service wuauserv deleted successfully!
Service PEVSystemStart stopped successfully!
Service PEVSystemStart deleted successfully!
Service HidServ stopped successfully!
Service HidServ deleted successfully!
Error: Unable to stop service abp470n5!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\abp470n5 deleted successfully.
HKU\S-1-5-21-1757981266-1292428093-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKU\S-1-5-21-1757981266-1292428093-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-1757981266-1292428093-839522115-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\\{95289393-33EA-4F8D-B952-483415B9C955} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95289393-33EA-4F8D-B952-483415B9C955}\ deleted successfully.
C:\Documents and Settings\David\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-1757981266-1292428093-839522115-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ deleted successfully.
C:\Program Files\Vuze_Remote\prxtbVuze.dll moved successfully.
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "Ask.com" removed from browser.search.selectedEngine
Prefs.js: "http://eu.ask.com/?l=dis&o=102866&gct=hp" removed from browser.startup.homepage
Prefs.js: "http://websearch.ask.com/redirect?clien ... YYYYYCZ&q=" removed from keyword.URL
C:\Documents and Settings\David\Data aplikací\Mozilla\Firefox\Profiles\twpgcxo0.default\extensions\toolbar@ask.com\searchplugins folder moved successfully.
C:\Documents and Settings\David\Data aplikací\Mozilla\Firefox\Profiles\twpgcxo0.default\extensions\toolbar@ask.com\logs folder moved successfully.
C:\Documents and Settings\David\Data aplikací\Mozilla\Firefox\Profiles\twpgcxo0.default\extensions\toolbar@ask.com\defaults\preferences folder moved successfully.
C:\Documents and Settings\David\Data aplikací\Mozilla\Firefox\Profiles\twpgcxo0.default\extensions\toolbar@ask.com\defaults folder moved successfully.
C:\Documents and Settings\David\Data aplikací\Mozilla\Firefox\Profiles\twpgcxo0.default\extensions\toolbar@ask.com\datastore folder moved successfully.
C:\Documents and Settings\David\Data aplikací\Mozilla\Firefox\Profiles\twpgcxo0.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Wed-03-Aug-2011-21-16-56-GMT folder moved successfully.
C:\Documents and Settings\David\Data aplikací\Mozilla\Firefox\Profiles\twpgcxo0.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Mon-30-May-2011-14-13-13-GMT folder moved successfully.
C:\Documents and Settings\David\Data aplikací\Mozilla\Firefox\Profiles\twpgcxo0.default\extensions\toolbar@ask.com\chrome\temp folder moved successfully.
C:\Documents and Settings\David\Data aplikací\Mozilla\Firefox\Profiles\twpgcxo0.default\extensions\toolbar@ask.com\chrome\skin folder moved successfully.
C:\Documents and Settings\David\Data aplikací\Mozilla\Firefox\Profiles\twpgcxo0.default\extensions\toolbar@ask.com\chrome\content folder moved successfully.
C:\Documents and Settings\David\Data aplikací\Mozilla\Firefox\Profiles\twpgcxo0.default\extensions\toolbar@ask.com\chrome folder moved successfully.
C:\Documents and Settings\David\Data aplikací\Mozilla\Firefox\Profiles\twpgcxo0.default\extensions\toolbar@ask.com folder moved successfully.
C:\Documents and Settings\David\Data aplikací\Mozilla\Firefox\Profiles\twpgcxo0.default\searchplugins\askcom.xml moved successfully.
C:\Program Files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\skin folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\defaults\preferences folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\defaults folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\components folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95289393-33EA-4F8D-B952-483415B9C955}\ not found.
File C:\Documents and Settings\David\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.
File C:\Program Files\Vuze_Remote\prxtbVuze.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-1757981266-1292428093-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BA14329E-9550-4989-B3F2-9732E92D17CC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC}\ not found.
File C:\Program Files\Vuze_Remote\prxtbVuze.dll not found.
Registry value HKEY_USERS\S-1-5-21-1757981266-1292428093-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
File C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
C:\Program Files\Ask.com\Updater\Updater.exe moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c05cf46a-7e41-11e0-99d2-001b778f204c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c05cf46a-7e41-11e0-99d2-001b778f204c}\ not found.
File G:\sldvku.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c05cf46a-7e41-11e0-99d2-001b778f204c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c05cf46a-7e41-11e0-99d2-001b778f204c}\ not found.
File G:\sldvku.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c05cf46a-7e41-11e0-99d2-001b778f204c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c05cf46a-7e41-11e0-99d2-001b778f204c}\ not found.
File G:\sldvku.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c05cf46a-7e41-11e0-99d2-001b778f204c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c05cf46a-7e41-11e0-99d2-001b778f204c}\ not found.
File G:\sldvku.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d5adf710-b456-11e0-9a4e-001c26fa4f76}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d5adf710-b456-11e0-9a4e-001c26fa4f76}\ not found.
File G:\nftu.pif not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d5adf710-b456-11e0-9a4e-001c26fa4f76}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d5adf710-b456-11e0-9a4e-001c26fa4f76}\ not found.
File G:\nftu.pif not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d5adf710-b456-11e0-9a4e-001c26fa4f76}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d5adf710-b456-11e0-9a4e-001c26fa4f76}\ not found.
File G:\nftu.pif not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d5adf710-b456-11e0-9a4e-001c26fa4f76}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d5adf710-b456-11e0-9a4e-001c26fa4f76}\ not found.
File G:\nftu.pif not found.
C:\Program Files\Trojan Remover folder moved successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\System32\SET151.tmp deleted successfully.
C:\WINDOWS\System32\SET15D.tmp deleted successfully.
C:\WINDOWS\System32\SET166.tmp deleted successfully.
C:\WINDOWS\System32\SET167.tmp deleted successfully.
C:\WINDOWS\System32\SET16B.tmp deleted successfully.
C:\WINDOWS\002019_.tmp deleted successfully.
C:\WINDOWS\004969_.tmp deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET7.tmp deleted successfully.
C:\Documents and Settings\All Users\Data aplikací\hssff folder moved successfully.
C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job moved successfully.
C:\WINDOWS\Temp\1038429291792031.tmp deleted successfully.
C:\WINDOWS\Temp\15331625792187.tmp deleted successfully.
C:\WINDOWS\Temp\168257611782656.tmp deleted successfully.
C:\WINDOWS\Temp\3136462116783015.tmp deleted successfully.
C:\WINDOWS\Temp\4153031819787484.tmp deleted successfully.
C:\WINDOWS\Temp\460194082782593.tmp deleted successfully.
C:\WINDOWS\Temp\ib92.tmp deleted successfully.
C:\WINDOWS\Temp\ib93.tmp deleted successfully.
C:\WINDOWS\Temp\ib94.tmp deleted successfully.
C:\WINDOWS\Temp\ib95.tmp deleted successfully.
C:\WINDOWS\Temp\ib96.tmp deleted successfully.
ADS C:\Documents and Settings\All Users\Data aplikací\TEMP:CB0AACC9 deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\IgfxTray not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HotKeysCmds not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Persistence not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\iTunesHelper deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DivXUpdate not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NeroFilterCheck deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\TrojanScanner deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\QIP Internet Guardian deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\UpdateMyDrivers not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\QIP2005 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SpywareTerminatorUpdate deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\\DisableTaskMgr deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\\DisableRegistryTools deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\G:\nftu.pif deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\David\LOCALS~1\Temp\winmdqa.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\David\LOCALS~1\Temp\winfesvpd.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\David\LOCALS~1\Temp\winpaenjw.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\David\LOCALS~1\Temp\winnasnv.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\David\LOCALS~1\Temp\winpejhd.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\David\LOCALS~1\Temp\iplxs.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\David\LOCALS~1\Temp\winwnpsj.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\David\LOCALS~1\Temp\windjxjia.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\David\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\Explorer.EXE deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\David\LOCALS~1\Temp\winxlhkt.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\David\LOCALS~1\Temp\yyoyx.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\David\LOCALS~1\Temp\mvpgmx.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\DivX\DivX Update\DivXUpdate.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\David\LOCALS~1\Temp\txbiph.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\David\LOCALS~1\Temp\hkkl.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\David\LOCALS~1\Temp\toid.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\David\LOCALS~1\Temp\winxques.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\David\LOCALS~1\Temp\efdbl.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\David\LOCALS~1\Temp\winxdaer.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Total Commander\TOTALCMD.EXE deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Skype\Phone\Skype.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\David\LOCALS~1\Temp\winqexjif.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\David\LOCALS~1\Temp\winloxhmx.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\David\LOCALS~1\Temp\winjfgrh.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\David\LOCALS~1\Temp\winjgkn.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\David\LOCALS~1\Temp\yagb.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\David\LOCALS~1\Temp\pcgor.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\David\LOCALS~1\Temp\xuwuob.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\David\LOCALS~1\Temp\lyyl.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\David\LOCALS~1\Temp\yrnq.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\wuauclt.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\David\LOCALS~1\Temp\winsbain.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\David\LOCALS~1\Temp\winsgqpy.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\David\LOCALS~1\Temp\windhdldt.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\David\LOCALS~1\Temp\winmgyop.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\David\LOCALS~1\Temp\hossvy.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\David\LOCALS~1\Temp\gtuq.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\David\LOCALS~1\Temp\winfshjae.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\David\LOCALS~1\Temp\bvqwq.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\igfxtray.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\David\LOCALS~1\Temp\winbohjs.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\David\LOCALS~1\Temp\winfqitd.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\David\LOCALS~1\Temp\ctrtmr.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\system32\hkcmd.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\David\LOCALS~1\Temp\qohiq.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\David\LOCALS~1\Temp\phle.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\David\LOCALS~1\Temp\wincwuoki.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\David\LOCALS~1\Temp\winoshipl.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\David\LOCALS~1\Temp\winrpgu.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\David\LOCALS~1\Temp\wincexc.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\David\LOCALS~1\Temp\winajyipw.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\David\LOCALS~1\Temp\winxjgqbr.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\David\LOCALS~1\Temp\eybpr.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\David\LOCALS~1\Temp\ymlas.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\David\LOCALS~1\Temp\winheabea.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\David\LOCALS~1\Temp\qpokp.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\David\LOCALS~1\Temp\winbdbvcm.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\David\LOCALS~1\Temp\winrbjlw.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\David\LOCALS~1\Temp\winupnjnm.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\David\LOCALS~1\Temp\winoduee.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\David\LOCALS~1\Temp\winemvsw.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\David\LOCALS~1\Temp\biqfv.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\David\LOCALS~1\Temp\winsacch.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\David\LOCALS~1\Temp\winionarp.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\David\LOCALS~1\Temp\vaaxy.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\David\LOCALS~1\Temp\winetagen.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\David\LOCALS~1\Temp\txgu.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\David\LOCALS~1\Temp\winlejp.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\David\LOCALS~1\Temp\winhetpb.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\David\LOCALS~1\Temp\winyaqh.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\David\LOCALS~1\Temp\xegtq.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\David\LOCALS~1\Temp\winlyno.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\David\LOCALS~1\Temp\ydfkac.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\David\LOCALS~1\Temp\winhvuqf.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\David\LOCALS~1\Temp\winqodln.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\David\LOCALS~1\Temp\winvafmg.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\David\LOCALS~1\Temp\wincdoacg.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\David\LOCALS~1\Temp\odyja.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\DOCUME~1\David\LOCALS~1\Temp\winmtep.exe deleted successfully.
========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
File/Folder C:\WINDOWS\*.tmp not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: David
->Temp folder emptied: 4550809684 bytes
->Temporary Internet Files folder emptied: 1558202 bytes
->FireFox cache emptied: 77983569 bytes
->Google Chrome cache emptied: 103992910 bytes
->Flash cache emptied: 1008 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Harwy
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4560648 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 4 520,00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: David
->Flash cache emptied: 0 bytes

User: Default User

User: Harwy

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0,00 mb

OTL by OldTimer - Version 3.2.26.1 log created on 08062011_172827

Files\Folders moved on Reboot...
C:\Documents and Settings\David\Local Settings\Temp\CR_ECCD0.tmp\setup.exe moved successfully.
File\Folder C:\Documents and Settings\David\Local Settings\Temp\1A.tmp not found!
C:\Documents and Settings\David\Local Settings\Temp\chrome_installer.log moved successfully.
C:\WINDOWS\temp\Perflib_Perfdata_1050.dat moved successfully.

Registry entries deleted on Reboot...

#7 Příspěvek od **vyosek** » 07 srp 2011 08:23

Zkuste nyni v nouzovem rezimu (restart PC, mackat F8, zvolit Stav nouze s praci v siti) spustit ComboFix

DaweMcHarwy · #8 Příspěvek od **DaweMcHarwy** » 07 srp 2011 15:31

Nouzový režim opět hodil modrou smrt...

#9 Příspěvek od **vyosek** » 08 srp 2011 00:24

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

Stahnete Malwarebytes' Anti-Malware (zkracene MBAM) (viz muj podpis)

Provedte aktualizaci - treti zalozka
Provedte uplny sken - nic nemazte
MBAM miva obcas falesne detekce, proto vlozte log do prispevku a pockejte na posouzeni

DaweMcHarwy · #10 Příspěvek od **DaweMcHarwy** » 16 srp 2011 21:47

Omlouvám se že jsem dlouho neodpověděl, byl jsem na dovolené takže jsem neměl přístup k PC.

Zde je log z Malwarebytes'

Malwarebytes' Anti-Malware
www.malwarebytes.org

Database version:

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

16.8.2011 22:47:20
mbam-log-2011-08-16 (22-47-17).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 218715
Time elapsed: 25 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 5
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (PUM.Hijack.Regedit) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\David\local settings\Temp\vpor.exe (Trojan.Downloader) -> No action taken.
c:\UsbFix\quarantine\G\ehly.pif.vir (Trojan.Agent) -> No action taken.
c:\UsbFix\quarantine\G\jdxev.pif.vir (Trojan.Agent) -> No action taken.
c:\UsbFix\quarantine\G\lretsu.pif.vir (Trojan.Agent) -> No action taken.

#11 Příspěvek od **vyosek** » 17 srp 2011 07:55

Nalezy mazat nemusite

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

v nouzovem rezimu spustte ComboFix

DaweMcHarwy · #12 Příspěvek od **DaweMcHarwy** » 19 srp 2011 10:54

Nouzový režím opět hodil modrou smrt.

#13 Příspěvek od **vyosek** » 19 srp 2011 11:06

Zkuste prejmenovat Combofix na cokoliv.com a spustit

DaweMcHarwy · #14 Příspěvek od **DaweMcHarwy** » 21 srp 2011 17:57

Ja se ale do toho nouzového režimu vůbec nedostanu. Jak se načítá, tak to hodí modrou smrt.

A v normálním režimu když spustím combofix, tak se mi sekne Pc.

#15 Příspěvek od **vyosek** » 21 srp 2011 18:21

Pustte tam AVPTool http://viry.cz/forum/viewtopic.php?f=29&t=58179

VIRY.CZ

Virus - nevím co dál

Virus - nevím co dál

Re: Virus - nevím co dál

Re: Virus - nevím co dál

Re: Virus - nevím co dál

Re: Virus - nevím co dál

Re: Virus - nevím co dál

Re: Virus - nevím co dál

Re: Virus - nevím co dál

Re: Virus - nevím co dál

Re: Virus - nevím co dál

Re: Virus - nevím co dál

Re: Virus - nevím co dál

Re: Virus - nevím co dál

Re: Virus - nevím co dál

Re: Virus - nevím co dál